{"meta":{"status":200,"terms-of-use":"All data returned by this API is confidential and proprietary information of Tidal Cyber Inc. ('Tidal Cyber'). Use of the data returned by this API is governed by the Tidal Cyber Terms of Use, available at https://www.tidalcyber.com/terms-of-use, or, if applicable, the agreement between Tidal Cyber and the organization on behalf of which you are using this API and the information returned by this API."},"data":[{"id":"c59a6425-30da-5370-9a21-271c3aa73bb4","name":"Talos-WolfRAT","description":"W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19). The wolf is back.. . Retrieved July","url":"https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html","source":"Mobile","title":"","authors":"W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19)","date_accessed":"1978-07-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"741ac36b-e971-5958-a0b9-d7ff80eff120","created":"2026-01-28T13:08:10.041974Z","modified":"2026-01-28T13:08:10.041979Z"},{"id":"cfee4bb6-0356-5faf-ae6d-f8d60b0c8fb3","name":"ArsTechnica-HummingBad","description":"Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January","url":"http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/","source":"Mobile","title":"10 million Android phones infected by all-powerful auto-rooting apps","authors":"Dan Goodin","date_accessed":"1978-01-01T00:00:00Z","date_published":"2016-07-07T00:00:00Z","owner_name":null,"tidal_id":"05e68724-e082-5ffc-9803-7fa44269b2ed","created":"2026-01-28T13:08:10.041746Z","modified":"2026-01-28T13:08:10.041749Z"},{"id":"088f2cbd-cce1-477f-9ffb-319477d74b69","name":"D3Secutrity CTI Feeds","description":"Banerd, W. (2019, April 30). 10 of the Best Open Source Threat Intelligence Feeds. Retrieved October 20, 2020.","url":"https://d3security.com/blog/10-of-the-best-open-source-threat-intelligence-feeds/","source":"MITRE","title":"10 of the Best Open Source Threat Intelligence Feeds","authors":"Banerd, W","date_accessed":"2020-10-20T00:00:00Z","date_published":"2019-04-30T00:00:00Z","owner_name":null,"tidal_id":"251f778e-7228-5db2-8f8e-6c29263253a9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429500Z"},{"id":"aa25e385-802c-4f04-81bb-bb7d1a7599ec","name":"Linux Logs","description":"Marcel. (2018, April 19). 12 Critical Linux Log Files You Must be Monitoring. Retrieved March 29, 2020.","url":"https://www.eurovps.com/blog/important-linux-log-files-you-must-be-monitoring/","source":"MITRE","title":"12 Critical Linux Log Files You Must be Monitoring","authors":"Marcel","date_accessed":"2020-03-29T00:00:00Z","date_published":"2018-04-19T00:00:00Z","owner_name":null,"tidal_id":"e619c54b-f195-57bb-bd49-93d639d6b387","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426784Z"},{"id":"0ee90db4-f21c-4c68-bd35-aa6c5edd3b4e","name":"Netspi PowerShell Execution Policy Bypass","description":"Sutherland, S. (2014, September 9). 15 Ways to Bypass the PowerShell Execution Policy. Retrieved July 23, 2015.","url":"https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/","source":"MITRE","title":"15 Ways to Bypass the PowerShell Execution Policy","authors":"Sutherland, S","date_accessed":"2015-07-23T00:00:00Z","date_published":"2014-09-09T00:00:00Z","owner_name":null,"tidal_id":"b0fde509-93be-5f5d-88ec-6c1a5654ee5e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416312Z"},{"id":"aecc3ffb-c524-5ad9-b621-7228f53e27c3","name":"Mandiant-leaks","description":"DANIEL KAPELLMANN ZAFRA, COREY HIDELBRANDT, NATHAN BRUBAKER, KEITH LUNDEN. (2022, January 31). 1 in 7 OT Ransomware Extortion Attacks Leak Critical Operational Technology Information. Retrieved August 18, 2023.","url":"https://www.mandiant.com/resources/blog/ransomware-extortion-ot-docs","source":"MITRE","title":"1 in 7 OT Ransomware Extortion Attacks Leak Critical Operational Technology Information","authors":"DANIEL KAPELLMANN ZAFRA, COREY HIDELBRANDT, NATHAN BRUBAKER, KEITH LUNDEN","date_accessed":"2023-08-18T00:00:00Z","date_published":"2022-01-31T00:00:00Z","owner_name":null,"tidal_id":"eb33278b-8452-5c64-928c-f4a9bded59e1","created":"2023-11-07T00:36:05.488819Z","modified":"2025-12-17T15:08:36.432152Z"},{"id":"ab94e4f7-7976-5ef8-acf9-99beb6182fa9","name":"Trustwave BlackByte 2021","description":"Rodel Mendrez & Lloyd Macrohon. (2021, October 15). BlackByte Ransomware – Pt. 1 In-depth Analysis. Retrieved December 16, 2024.","url":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/","source":"MITRE","title":"1 In-depth Analysis","authors":"Rodel Mendrez & Lloyd Macrohon. (2021, October 15)","date_accessed":"2024-12-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"daa9c530-1e5b-5a17-853a-d9b129f83407","created":"2025-04-22T20:47:27.941706Z","modified":"2025-12-17T15:08:36.420490Z"},{"id":"2ddae0c9-910c-4c1a-b524-de3a58dbba13","name":"Tilbury Windows Credentials","description":"Chad Tilbury. (2017, August 8). 1Windows Credentials: Attack, Mitigation, Defense. Retrieved February 21, 2020.","url":"https://www.first.org/resources/papers/conf2017/Windows-Credentials-Attacks-and-Mitigation-Techniques.pdf","source":"MITRE","title":"1Windows Credentials: Attack, Mitigation, Defense","authors":"Chad Tilbury","date_accessed":"2020-02-21T00:00:00Z","date_published":"2017-08-08T00:00:00Z","owner_name":null,"tidal_id":"e0c5480b-a587-5215-9262-09429d8978a4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426015Z"},{"id":"d8ee8b1f-c18d-48f3-9758-6860cd31c3e3","name":"CWE top 25","description":"Christey, S., Brown, M., Kirby, D., Martin, B., Paller, A.. (2011, September 13). 2011 CWE/SANS Top 25 Most Dangerous Software Errors. Retrieved April 10, 2019.","url":"https://cwe.mitre.org/top25/index.html","source":"MITRE","title":"2011 CWE/SANS Top 25 Most Dangerous Software Errors","authors":"Christey, S., Brown, M., Kirby, D., Martin, B., Paller, A.","date_accessed":"2019-04-10T00:00:00Z","date_published":"2011-09-13T00:00:00Z","owner_name":null,"tidal_id":"7ceebcae-6a08-53a0-814e-9fa3d9eccd74","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428316Z"},{"id":"50d467da-286b-45f3-8d5a-e9d8632f7bf1","name":"CrowdStrike 2015 Global Threat Report","description":"CrowdStrike Intelligence. (2016). 2015 Global Threat Report. Retrieved April 11, 2018.","url":"https://go.crowdstrike.com/rs/281-OBQ-266/images/15GlobalThreatReport.pdf","source":"MITRE","title":"2015 Global Threat Report","authors":"CrowdStrike Intelligence","date_accessed":"2018-04-11T00:00:00Z","date_published":"2016-01-01T00:00:00Z","owner_name":null,"tidal_id":"d67e8a7e-4e42-54af-acfd-962f5ac456e3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428393Z"},{"id":"74b0f1a9-5822-4dcf-9a92-9a6df0b4db1e","name":"Prolific OSX Malware History","description":"Bit9 + Carbon Black Threat Research Team. (2015). 2015: The Most Prolific Year in History for OS X Malware. Retrieved July 8, 2017.","url":"https://assets.documentcloud.org/documents/2459197/bit9-carbon-black-threat-research-report-2015.pdf","source":"MITRE","title":"2015: The Most Prolific Year in History for OS X Malware","authors":"Bit9 + Carbon Black Threat Research Team","date_accessed":"2017-07-08T00:00:00Z","date_published":"2015-01-01T00:00:00Z","owner_name":null,"tidal_id":"c0347839-37fb-5414-af8f-0432a82781d2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433049Z"},{"id":"b2328dab-6963-5254-8d76-6975469b44c9","name":"Candell, R., Hany, M., Lee, K. B., Liu,Y., Quimby, J., Remley, K. April 2018","description":"Candell, R., Hany, M., Lee, K. B., Liu,Y., Quimby, J., Remley, K. 2018, April Guide to Industrial Wireless Systems Deployments. Retrieved 2020/12/01","url":"https://nvlpubs.nist.gov/nistpubs/ams/NIST.AMS.300-4.pdf","source":"ICS","title":"2018, April Guide to Industrial Wireless Systems Deployments","authors":"Candell, R., Hany, M., Lee, K","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"df271574-524b-5e8b-8d9a-860fbbb7e50f","created":"2026-01-28T13:08:18.176321Z","modified":"2026-01-28T13:08:18.176325Z"},{"id":"e9f1289f-a32e-441c-8787-cb32a26216d1","name":"CERN Windigo June 2019","description":"CERN. (2019, June 4). 2019/06/04 Advisory: Windigo attacks. Retrieved February 10, 2021.","url":"https://security.web.cern.ch/advisories/windigo/windigo.shtml","source":"MITRE","title":"2019/06/04 Advisory: Windigo attacks","authors":"CERN","date_accessed":"2021-02-10T00:00:00Z","date_published":"2019-06-04T00:00:00Z","owner_name":null,"tidal_id":"debbaf5a-2cf8-5dd6-bea3-53d0e5263051","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438961Z"},{"id":"d6aa917e-baee-4379-8e69-a04b9aa5192a","name":"CrowdStrike GTR 2019","description":"CrowdStrike. (2019, January). 2019 Global Threat Report. Retrieved June 10, 2020.","url":"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2019GlobalThreatReport.pdf","source":"MITRE","title":"2019 Global Threat Report","authors":"CrowdStrike","date_accessed":"2020-06-10T00:00:00Z","date_published":"2019-01-01T00:00:00Z","owner_name":null,"tidal_id":"c50437e5-4670-5cbf-b013-fbd9309d3308","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442912Z"},{"id":"a2325ace-e5a1-458d-80c1-5037bd7fa727","name":"Crowdstrike GTR2020 Mar 2020","description":"Crowdstrike. (2020, March 2). 2020 Global Threat Report. Retrieved December 11, 2020.","url":"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf","source":"MITRE","title":"2020 Global Threat Report","authors":"Crowdstrike","date_accessed":"2020-12-11T00:00:00Z","date_published":"2020-03-02T00:00:00Z","owner_name":null,"tidal_id":"51a9c7cd-6f19-580d-844d-276e9a5f3ed8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421485Z"},{"id":"d509e6f2-c317-4483-a51e-ad15a78a12c0","name":"RecordedFuture 2021 Ad Infra","description":"Insikt Group. (2022, January 18). 2021 Adversary Infrastructure Report. Retrieved March 25, 2022.","url":"https://go.recordedfuture.com/hubfs/reports/cta-2022-0118.pdf","source":"MITRE","title":"2021 Adversary Infrastructure Report","authors":"Insikt Group","date_accessed":"2022-03-25T00:00:00Z","date_published":"2022-01-18T00:00:00Z","owner_name":null,"tidal_id":"71f1831c-8da9-511b-8a71-bad11778a8fd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423407Z"},{"id":"9a9a85b5-756e-5767-a134-021158bd3876","name":"Dragos YIR 2021","description":"Dragos. (2022). 2021 ICS Cybersecurity Year in Review. Retrieved November 21, 2024.","url":"https://hub.dragos.com/hubfs/333%20Year%20in%20Review/2021/2021%20ICS%20OT%20Cybersecurity%20Year%20In%20Review%20-%20Dragos%202021.pdf?hsLang=en","source":"MITRE","title":"2021 ICS Cybersecurity Year in Review","authors":"Dragos","date_accessed":"2024-11-21T00:00:00Z","date_published":"2022-01-01T00:00:00Z","owner_name":null,"tidal_id":"c6c79004-bda7-51d6-9639-84726d153136","created":"2025-04-22T20:47:31.742259Z","modified":"2025-12-17T15:08:36.441910Z"},{"id":"83b906fc-ac2a-4f49-b87e-31f046e95fb7","name":"Red Canary 2021 Threat Detection Report March 2021","description":"Red Canary. (2021, March 31). 2021 Threat Detection Report. Retrieved August 31, 2021.","url":"https://resource.redcanary.com/rs/003-YRU-314/images/2021-Threat-Detection-Report.pdf?mkt_tok=MDAzLVlSVS0zMTQAAAF_PIlmhNTaG2McG4X_foM-cIr20UfyB12MIQ10W0HbtMRwxGOJaD0Xj6CRTNg_S-8KniRxtf9xzhz_ACvm_TpbJAIgWCV8yIsFgbhb8cuaZA","source":"MITRE","title":"2021 Threat Detection Report","authors":"Red Canary","date_accessed":"2021-08-31T00:00:00Z","date_published":"2021-03-31T00:00:00Z","owner_name":null,"tidal_id":"23e19adc-14e1-5b72-bcc0-181374ded64d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442808Z"},{"id":"3b85eaeb-6bf5-529b-80a4-439ceb6c5d6d","name":"ACSC BlackCat Apr 2022","description":"Australian Cyber Security Centre. (2022, April 14). 2022-004: ACSC Ransomware Profile - ALPHV (aka BlackCat). Retrieved December 20, 2022.","url":"https://www.cyber.gov.au/about-us/advisories/2022-004-acsc-ransomware-profile-alphv-aka-blackcat","source":"MITRE","title":"2022-004: ACSC Ransomware Profile - ALPHV (aka BlackCat)","authors":"Australian Cyber Security Centre","date_accessed":"2022-12-20T00:00:00Z","date_published":"2022-04-14T00:00:00Z","owner_name":null,"tidal_id":"4da874b3-873a-5cdc-8427-b24f789d1122","created":"2023-05-26T01:21:15.898239Z","modified":"2025-12-17T15:08:36.418540Z"},{"id":"cae1043a-2473-5b7e-b9ed-27d4f9c5b9b0","name":"Crowdstrike HuntReport 2022","description":"CrowdStrike. (2023). 2022 Falcon OverWatch Threat Hunting Report. Retrieved May 20, 2024.","url":"https://go.crowdstrike.com/rs/281-OBQ-266/images/2022OverWatchThreatHuntingReport.pdf","source":"MITRE","title":"2022 Falcon OverWatch Threat Hunting Report","authors":"CrowdStrike","date_accessed":"2024-05-20T00:00:00Z","date_published":"2023-01-01T00:00:00Z","owner_name":null,"tidal_id":"71e249b1-5c2b-5c3a-bce4-e10dc92e5351","created":"2024-10-31T16:28:35.239238Z","modified":"2025-12-17T15:08:36.439765Z"},{"id":"ef30c4eb-3da3-5c7b-a304-188acd2f7ebc","name":"Internet crime report 2022","description":"IC3. (2022). 2022 Internet Crime Report. Retrieved August 18, 2023.","url":"https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf","source":"MITRE","title":"2022 Internet Crime Report","authors":"IC3","date_accessed":"2023-08-18T00:00:00Z","date_published":"2022-01-01T00:00:00Z","owner_name":null,"tidal_id":"477f4186-d628-58cf-94b0-db198941c9e1","created":"2023-11-07T00:36:05.521662Z","modified":"2025-12-17T15:08:36.432184Z"},{"id":"0f154aa6-8c9d-5bfc-a3c4-5f3e1420f55f","name":"RC PowerShell","description":"Red Canary. (n.d.). 2022 Threat Detection Report: PowerShell. Retrieved March 17, 2023.","url":"https://redcanary.com/threat-detection-report/techniques/powershell/","source":"MITRE","title":"2022 Threat Detection Report: PowerShell","authors":"Red Canary","date_accessed":"2023-03-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"428b51f3-20fa-5060-bbde-b7d369ebcd6e","created":"2023-05-26T01:21:10.197584Z","modified":"2025-12-17T15:08:36.435270Z"},{"id":"514b704c-8668-4b61-8411-5b682e3b8471","name":"ASD Royal Ransomware January 24 2023","description":"Australian Signals Directorate. (2023, January 24). 2023-01: ASD's ACSC Ransomware Profile - Royal. Retrieved June 28, 2024.","url":"https://www.cyber.gov.au/about-us/advisories/2023-01-asdacsc-ransomware-profile-royal","source":"Tidal Cyber","title":"2023-01: ASD's ACSC Ransomware Profile - Royal","authors":"Australian Signals Directorate","date_accessed":"2024-06-28T00:00:00Z","date_published":"2023-01-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9fb8eada-4ca6-5dd6-9a53-7df19b2f8983","created":"2024-06-28T17:22:19.389862Z","modified":"2024-06-28T17:22:19.552344Z"},{"id":"00f32246-e19b-5b20-b5c1-27b75c6667ca","name":"Palo Alto Latrodectus Activity June 2024","description":"Unit 42. (2024, June 25). 2024-06-25-IOCs-from-Latrodectus-activity. Retrieved September 13, 2024.","url":"https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-06-25-IOCs-from-Latrodectus-activity.txt","source":"MITRE","title":"2024-06-25-IOCs-from-Latrodectus-activity","authors":"Unit 42","date_accessed":"2024-09-13T00:00:00Z","date_published":"2024-06-25T00:00:00Z","owner_name":null,"tidal_id":"671ac11c-919f-5750-b8c5-b5fcb44d7a9b","created":"2024-10-31T16:28:35.379597Z","modified":"2025-12-17T15:08:36.439913Z"},{"id":"2d144298-ee08-5fe3-9d66-113edf03bc40","name":"Bitsight 7777 Botnet","description":"Batista, João. Gi7w0rm. (2024, August 27). Retrieved June 5, 2025.","url":"https://www.bitsight.com/blog/7777-botnet-insights-multi-target-botnet","source":"MITRE","title":"(2024, August 27)","authors":"Batista, João","date_accessed":"2025-06-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f923788f-9fae-5a11-9f7c-6f1f82ffd708","created":"2025-10-29T21:08:48.165341Z","modified":"2025-12-17T15:08:36.423831Z"},{"id":"38a6e0a0-315d-468a-bc5e-c390a314f294","name":"Trustwave SpiderLabs 2024 Professional Services Threat Landscape","description":"Trustwave SpiderLabs. (2024, June 1). 2024 Professional Services Threat Landscape. Retrieved July 30, 2025.","url":"https://www.trustwave.com/hubfs/Web/Library/Documents_pdf/2024_Trustwave_Professional_Services_Sector_Threat_Landscape.pdf","source":"Tidal Cyber","title":"2024 Professional Services Threat Landscape","authors":"Trustwave SpiderLabs","date_accessed":"2025-07-30T12:00:00Z","date_published":"2024-06-01T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"26221750-f365-5646-be30-f008a6055092","created":"2025-08-06T14:56:42.421229Z","modified":"2025-08-06T14:56:42.579433Z"},{"id":"f22b8c2c-6307-420d-9aac-7da4f054bd1f","name":"CYJAX 2024 Year in Review January 29 2025","description":"Jovana Macakanja. (2025, January 29). 2024 Year in Review: ransomware groups, hacktivists, and IABs targeting the Middle East. Retrieved April 9, 2025.","url":"https://www.cyjax.com/resources/blog/2024-year-in-review-ransomware-groups-hacktivists-and-iabs-targeting-the-middle-east/","source":"Tidal Cyber","title":"2024 Year in Review: ransomware groups, hacktivists, and IABs targeting the Middle East","authors":"Jovana Macakanja","date_accessed":"2025-04-09T00:00:00Z","date_published":"2025-01-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f0366be0-a5dd-5c7b-a310-ea3c2bf6a52e","created":"2025-04-11T15:33:22.672158Z","modified":"2025-04-11T15:33:22.866298Z"},{"id":"1dc96f81-b1d5-51e0-9ff0-80c962a092c0","name":"SentinelLabs macOS Malware 2021","description":"Phil Stokes. (2021, February 16). 20 Common Tools & Techniques Used by macOS Threat Actors & Malware. Retrieved May 22, 2025.","url":"https://www.sentinelone.com/labs/20-common-tools-techniques-used-by-macos-threat-actors-malware/","source":"MITRE","title":"20 Common Tools & Techniques Used by macOS Threat Actors & Malware","authors":"Phil Stokes","date_accessed":"2025-05-22T00:00:00Z","date_published":"2021-02-16T00:00:00Z","owner_name":null,"tidal_id":"0450fe64-5659-5512-9c70-0033f5a34b2b","created":"2025-10-29T21:08:48.165834Z","modified":"2025-12-17T15:08:36.427335Z"},{"id":"3ee99ff4-daf4-4776-9d94-f7cf193c2b0c","name":"20 macOS Common Tools and Techniques","description":"Phil Stokes. (2021, February 16). 20 Common Tools & Techniques Used by macOS Threat Actors & Malware. Retrieved August 23, 2021.","url":"https://labs.sentinelone.com/20-common-tools-techniques-used-by-macos-threat-actors-malware/","source":"MITRE","title":"20 Common Tools & Techniques Used by macOS Threat Actors & Malware","authors":"Phil Stokes","date_accessed":"2021-08-23T00:00:00Z","date_published":"2021-02-16T00:00:00Z","owner_name":null,"tidal_id":"afcfdb80-6b7c-5ee6-ac40-52bf43a8e503","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424325Z"},{"id":"24d8847b-d5de-4513-a55f-62c805dfa1dc","name":"Microsoft GPP Key","description":"Microsoft. (n.d.). 2.2.1.1.4 Password Encryption. Retrieved April 11, 2018.","url":"https://msdn.microsoft.com/library/cc422924.aspx","source":"MITRE","title":"2.2.1.1.4 Password Encryption","authors":"Microsoft","date_accessed":"2018-04-11T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"bfa2520c-0a12-5af7-9ab0-5b0a845aee9b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432508Z"},{"id":"70c75ee4-4ba4-4124-8001-0fadb49a5ac6","name":"Microsoft _VBA_PROJECT Stream","description":"Microsoft. (2020, February 19). 2.3.4.1 _VBA_PROJECT Stream: Version Dependent Project Information. Retrieved September 18, 2020.","url":"https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-ovba/ef7087ac-3974-4452-aab2-7dba2214d239","source":"MITRE","title":"2.3.4.1 _VBA_PROJECT Stream: Version Dependent Project Information","authors":"Microsoft","date_accessed":"2020-09-18T00:00:00Z","date_published":"2020-02-19T00:00:00Z","owner_name":null,"tidal_id":"d5fadb05-febb-58f4-8fb4-9e84280b7b3d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434589Z"},{"id":"edb0f0f6-1639-5a1a-a01f-d57802683d0c","name":"DOJ Affidavit Search and Seizure PlugX December 2024","description":"DOJ. (2024, December 20). Mag. No. 24-mj-1387 AFFIDAVIT IN SUPPORT OF AN APPLICATION FOR A NINTH SEARCH AND SEIZURE WARRANT- IN THE MATTER OF THE SEARCH AND SEIZURE OF COMPUTERS IN THE UNITED STATES INFECTED WITH PLUGX MALWARE . Retrieved September 9, 2025.","url":"https://www.justice.gov/archives/opa/media/1384136/dl","source":"MITRE","title":"24-mj-1387 AFFIDAVIT IN SUPPORT OF AN APPLICATION FOR A NINTH SEARCH AND SEIZURE WARRANT- IN THE MATTER OF THE SEARCH AND SEIZURE OF COMPUTERS IN THE UNITED STATES INFECTED WITH PLUGX MALWARE","authors":"DOJ. (2024, December 20). Mag","date_accessed":"2025-09-09T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3da68bb0-fcb7-534a-af36-1b746651af63","created":"2025-10-29T21:08:48.166837Z","modified":"2025-12-17T15:08:36.438549Z"},{"id":"73ba4e07-cfbd-4b23-b52a-1ebbd7cc0fe4","name":"Microsoft Learn","description":"Microsoft. (2021, April 6). 2.5 ExtraData. Retrieved September 30, 2022.","url":"https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-shllink/c41e062d-f764-4f13-bd4f-ea812ab9a4d1","source":"MITRE","title":"2.5 ExtraData","authors":"Microsoft","date_accessed":"2022-09-30T00:00:00Z","date_published":"2021-04-06T00:00:00Z","owner_name":null,"tidal_id":"9f08428d-f0ac-5ebf-9829-3fef4a9e471e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424194Z"},{"id":"5d33fcb4-0f01-4b88-b1ee-dad6dcc867f4","name":"Hybrid Analysis Icacls2 May 2018","description":"Hybrid Analysis. (2018, May 30). 2a8efbfadd798f6111340f7c1c956bee.dll. Retrieved August 19, 2018.","url":"https://www.hybrid-analysis.com/sample/22dab012c3e20e3d9291bce14a2bfc448036d3b966c6e78167f4626f5f9e38d6?environmentId=110","source":"MITRE","title":"2a8efbfadd798f6111340f7c1c956bee.dll","authors":"Hybrid Analysis","date_accessed":"2018-08-19T00:00:00Z","date_published":"2018-05-30T00:00:00Z","owner_name":null,"tidal_id":"2215587c-e4ac-55cd-a590-049e64483ea8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424318Z"},{"id":"23ebd169-3ac6-5074-a238-a8e7d96f48ab","name":"Bleeping Computer 2easy 2021","description":"Bill Toulas. (2021, December 21). 2easy now a significant dark web marketplace for stolen data. Retrieved October 7, 2024.","url":"https://www.bleepingcomputer.com/news/security/2easy-now-a-significant-dark-web-marketplace-for-stolen-data/","source":"MITRE","title":"2easy now a significant dark web marketplace for stolen data","authors":"Bill Toulas","date_accessed":"2024-10-07T00:00:00Z","date_published":"2021-12-21T00:00:00Z","owner_name":null,"tidal_id":"c0149d75-039f-5f8c-9676-70ada2838f09","created":"2024-10-31T16:28:25.158420Z","modified":"2025-12-17T15:08:36.434063Z"},{"id":"cbc14af8-f0d9-46c9-ae2c-d93d706ac84e","name":"Microsoft Wow6432Node 2018","description":"Microsoft. (2018, May 31). 32-bit and 64-bit Application Data in the Registry. Retrieved August 3, 2020.","url":"https://docs.microsoft.com/en-us/windows/win32/sysinfo/32-bit-and-64-bit-application-data-in-the-registry","source":"MITRE","title":"32-bit and 64-bit Application Data in the Registry","authors":"Microsoft","date_accessed":"2020-08-03T00:00:00Z","date_published":"2018-05-31T00:00:00Z","owner_name":null,"tidal_id":"c6c96f2d-c299-5d29-9f73-525fb06e786b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432987Z"},{"id":"73746010-11b7-5c8a-8ec6-10680266e0c6","name":"Krebs 3cx overview 2023","description":"Brian Krebs. (2023, April 20). 3CX Breach Was a Double Supply Chain Compromise. Retrieved May 22, 2025.","url":"https://krebsonsecurity.com/2023/04/3cx-breach-was-a-double-supply-chain-compromise/","source":"MITRE","title":"3CX Breach Was a Double Supply Chain Compromise","authors":"Brian Krebs","date_accessed":"2025-05-22T00:00:00Z","date_published":"2023-04-20T00:00:00Z","owner_name":null,"tidal_id":"23fc5939-fb47-5ab7-92d0-caa0ba46cb52","created":"2025-10-29T21:08:48.165926Z","modified":"2025-12-17T15:08:36.428292Z"},{"id":"40761128-2550-56fe-8960-2c6f6e5944b0","name":"Mandiant 3cx UNC4736 2023","description":"Jeff Johnson, Fred Plan, Adrian Sanchez, Renato Fontana, Jake Nicastro, Dimiter Andonov, Marius Fodoreanu, Daniel Scott. (2023, April 20). 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible. Retrieved August 25, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/3cx-software-supply-chain-compromise/","source":"MITRE","title":"3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible","authors":"Jeff Johnson, Fred Plan, Adrian Sanchez, Renato Fontana, Jake Nicastro, Dimiter Andonov, Marius Fodoreanu, Daniel Scott","date_accessed":"2025-08-25T00:00:00Z","date_published":"2023-04-20T00:00:00Z","owner_name":null,"tidal_id":"0ed5d8bd-ad30-577a-82d0-4d77eb4b7ffe","created":"2025-10-29T21:08:48.167311Z","modified":"2025-12-17T15:08:36.439469Z"},{"id":"21619fc0-8c37-528b-a6fe-ad22c61b56b2","name":"Volexity 3CX Supply Chain Compromise AppleJeus IconicStealer March 2023","description":"Ankur Saini, Callum Roxan, Charlie Gardner, Paul Rascagneres, Steven Adair, Tom Lancaster. (2023, March 30). 3CX Supply Chain Compromise Leads to ICONIC Incident. Retrieved October 21, 2025.","url":"https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/","source":"MITRE","title":"3CX Supply Chain Compromise Leads to ICONIC Incident","authors":"Ankur Saini, Callum Roxan, Charlie Gardner, Paul Rascagneres, Steven Adair, Tom Lancaster","date_accessed":"2025-10-21T00:00:00Z","date_published":"2023-03-30T00:00:00Z","owner_name":null,"tidal_id":"053be428-3030-58d6-81a0-c2425fcbc49a","created":"2025-10-29T21:08:48.167523Z","modified":"2025-12-17T15:08:36.440766Z"},{"id":"c50d2a5b-1d44-5f18-aaff-4be9f6d3f3ac","name":"DOJ-DPRK Heist","description":"Department of Justice. (2021). 3 North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyber-attacks and Financial Crimes Across the Globe. Retrieved August 18, 2023.","url":"https://www.justice.gov/usao-cdca/pr/3-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyber-attacks-and","source":"MITRE","title":"3 North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyber-attacks and Financial Crimes Across the Globe","authors":"Department of Justice","date_accessed":"2023-08-18T00:00:00Z","date_published":"2021-01-01T00:00:00Z","owner_name":null,"tidal_id":"bd9f2d17-ce59-533e-97b8-a38e17089b41","created":"2023-11-07T00:36:05.494945Z","modified":"2025-12-17T15:08:36.432159Z"},{"id":"38e71252-c026-5411-8662-145a0b35aa80","name":"Samsung Keyboards","description":"Samsung. (2019, August 16). 3rd party keyboards must be whitelisted.. Retrieved November","url":"https://web.archive.org/web/20201112021547/https://support.samsungknox.com/hc/en-us/articles/360001485027-3rd-party-keyboards-must-be-whitelisted-","source":"Mobile","title":"3rd party keyboards must be whitelisted.","authors":"Samsung","date_accessed":"1978-11-01T00:00:00Z","date_published":"2019-08-16T00:00:00Z","owner_name":null,"tidal_id":"d12b4f84-ca5b-5adc-ac5d-c6d9222310ed","created":"2026-01-28T13:08:10.046968Z","modified":"2026-01-28T13:08:10.046971Z"},{"id":"e48fab76-7e38-420e-b69b-709f37bde847","name":"ITWorld Hard Disk Health Dec 2014","description":"Pinola, M. (2014, December 14). 3 tools to check your hard drive's health and make sure it's not already dying on you. Retrieved October 2, 2018.","url":"https://www.itworld.com/article/2853992/3-tools-to-check-your-hard-drives-health-and-make-sure-its-not-already-dying-on-you.html","source":"MITRE","title":"3 tools to check your hard drive's health and make sure it's not already dying on you","authors":"Pinola, M","date_accessed":"2018-10-02T00:00:00Z","date_published":"2014-12-14T00:00:00Z","owner_name":null,"tidal_id":"3278d7c1-47f4-55da-9eeb-300d03aa481a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425095Z"},{"id":"ee681893-edd6-46c7-bb11-38fc24eef899","name":"Microsoft 4657 APR 2017","description":"Miroshnikov, A. & Hall, J. (2017, April 18). 4657(S): A registry value was modified. Retrieved August 9, 2018.","url":"https://docs.microsoft.com/windows/security/threat-protection/auditing/event-4657","source":"MITRE","title":"4657(S): A registry value was modified","authors":"Miroshnikov, A. & Hall, J","date_accessed":"2018-08-09T00:00:00Z","date_published":"2017-04-18T00:00:00Z","owner_name":null,"tidal_id":"5d8a5381-af0d-5fc2-99f3-85274a1b529c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429954Z"},{"id":"17473dc7-39cd-4c90-85cb-05d4c1364fff","name":"Microsoft 4697 APR 2017","description":"Miroshnikov, A. & Hall, J. (2017, April 18). 4697(S): A service was installed in the system. Retrieved August 7, 2018.","url":"https://docs.microsoft.com/windows/security/threat-protection/auditing/event-4697","source":"MITRE","title":"4697(S): A service was installed in the system","authors":"Miroshnikov, A. & Hall, J","date_accessed":"2018-08-07T00:00:00Z","date_published":"2017-04-18T00:00:00Z","owner_name":null,"tidal_id":"f21ac346-18fb-57ac-a640-a618926f1ed1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426665Z"},{"id":"01e2068b-83bc-4479-8fc9-dfaafdbf272b","name":"Microsoft User Creation Event","description":"Lich, B., Miroshnikov, A. (2017, April 5). 4720(S): A user account was created. Retrieved June 30, 2017.","url":"https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4720","source":"MITRE","title":"4720(S): A user account was created","authors":"Lich, B., Miroshnikov, A","date_accessed":"2017-06-30T00:00:00Z","date_published":"2017-04-05T00:00:00Z","owner_name":null,"tidal_id":"a8b12bb3-e2dc-57e9-a886-e9da0c0533f5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430402Z"},{"id":"fb4164f9-1e03-43f1-8143-179c9f08dff2","name":"Microsoft User Modified Event","description":"Lich, B., Miroshnikov, A. (2017, April 5). 4738(S): A user account was changed. Retrieved June 30, 2017.","url":"https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4738","source":"MITRE","title":"4738(S): A user account was changed","authors":"Lich, B., Miroshnikov, A","date_accessed":"2017-06-30T00:00:00Z","date_published":"2017-04-05T00:00:00Z","owner_name":null,"tidal_id":"fe964954-4c5c-526c-afee-119cca0d0fbb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433080Z"},{"id":"19237af4-e535-4059-a8a9-63280cdf4722","name":"Microsoft 4768 TGT 2017","description":"Microsoft. (2017, April 19). 4768(S, F): A Kerberos authentication ticket (TGT) was requested. Retrieved August 24, 2020.","url":"https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4768","source":"MITRE","title":"4768(S, F): A Kerberos authentication ticket (TGT) was requested","authors":"Microsoft","date_accessed":"2020-08-24T00:00:00Z","date_published":"2017-04-19T00:00:00Z","owner_name":null,"tidal_id":"e0f8f526-f15e-5af7-b17c-9e0265317bfd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427967Z"},{"id":"b0fbf593-4aeb-4167-814b-ed3d4479ded0","name":"HIPAA Journal S3 Breach, 2017","description":"HIPAA Journal. (2017, October 11). 47GB of Medical Records and Test Results Found in Unsecured Amazon S3 Bucket. Retrieved October 4, 2019.","url":"https://www.hipaajournal.com/47gb-medical-records-unsecured-amazon-s3-bucket/","source":"MITRE","title":"47GB of Medical Records and Test Results Found in Unsecured Amazon S3 Bucket","authors":"HIPAA Journal","date_accessed":"2019-10-04T00:00:00Z","date_published":"2017-10-11T00:00:00Z","owner_name":null,"tidal_id":"6163b50c-6ecc-55c8-92f5-d8ac35e0ec62","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427421Z"},{"id":"4332430a-0dec-5942-88ce-21f6d02cc9a9","name":"Slack Security Risks","description":"Michael Osakwe. (2020, November 18). 4 SaaS and Slack Security Risks to Consider. Retrieved March 17, 2023.","url":"https://www.nightfall.ai/blog/saas-slack-security-risks-2020","source":"MITRE","title":"4 SaaS and Slack Security Risks to Consider","authors":"Michael Osakwe","date_accessed":"2023-03-17T00:00:00Z","date_published":"2020-11-18T00:00:00Z","owner_name":null,"tidal_id":"d73a34cf-7b0f-5ec1-9a41-8a8f9b9721d9","created":"2023-05-26T01:21:08.329012Z","modified":"2025-12-17T15:08:36.432801Z"},{"id":"a8032fa1-4034-5c4d-84fc-3d068d2ee10f","name":"Hijack DLLs CrowdStrike","description":"falcon.overwatch.team. (2022, December 30). 4 Ways Adversaries Hijack DLLs — and How CrowdStrike Falcon OverWatch Fights Back. Retrieved January 30, 2025.","url":"https://www.crowdstrike.com/en-us/blog/4-ways-adversaries-hijack-dlls/","source":"MITRE","title":"4 Ways Adversaries Hijack DLLs — and How CrowdStrike Falcon OverWatch Fights Back","authors":"falcon.overwatch.team","date_accessed":"2025-01-30T00:00:00Z","date_published":"2022-12-30T00:00:00Z","owner_name":null,"tidal_id":"3a622988-85ea-5592-a3b5-26c54ae64af2","created":"2025-04-22T20:47:11.720060Z","modified":"2025-12-17T15:08:36.427033Z"},{"id":"85b4c47a-bbc0-5865-aff3-a8d93efaa19f","name":"Lookout-EnterpriseApps","description":"Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December","url":"https://blog.lookout.com/blog/2016/05/25/spoofed-apps/","source":"Mobile","title":"5 active mobile threats spoofing enterprise apps","authors":"Lookout","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-05-25T00:00:00Z","owner_name":null,"tidal_id":"2224f9d2-1f68-50cd-a804-0e34e286ac34","created":"2026-01-28T13:08:10.041372Z","modified":"2026-01-28T13:08:10.041375Z"},{"id":"b7d786db-c50e-4d1f-947e-205e8eefa2da","name":"PurpleSec Data Loss Prevention","description":"Michael Swanagan. (2020, October 24). 7 Data Loss Prevention Best Practices & Strategies. Retrieved August 30, 2021.","url":"https://purplesec.us/data-loss-prevention/","source":"MITRE","title":"7 Data Loss Prevention Best Practices & Strategies","authors":"Michael Swanagan","date_accessed":"2021-08-30T00:00:00Z","date_published":"2020-10-24T00:00:00Z","owner_name":null,"tidal_id":"db6d298b-9844-5c7e-902f-0247aaed402c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415811Z"},{"id":"fc1396d2-1ffd-4fd9-ba60-3f6e0a9dfffb","name":"7zip Homepage","description":"I. Pavlov. (2019). 7-Zip. Retrieved February 20, 2020.","url":"https://www.7-zip.org/","source":"MITRE","title":"7-Zip","authors":"I. Pavlov","date_accessed":"2020-02-20T00:00:00Z","date_published":"2019-01-01T00:00:00Z","owner_name":null,"tidal_id":"fa332cf4-2ea2-5a86-a26c-41d1bb2be1da","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423675Z"},{"id":"573e9520-6181-4535-9ed3-2338688a8e9f","name":"VMWare 8Base June 28 2023","description":"Deborah Snyder, Fae Carlisle, Dana Behling, Bria Beathley. (2023, June 28). 8Base Ransomware: A Heavy Hitting Player. Retrieved August 4, 2023.","url":"https://blogs.vmware.com/security/2023/06/8base-ransomware-a-heavy-hitting-player.html","source":"Tidal Cyber","title":"8Base Ransomware: A Heavy Hitting Player","authors":"Deborah Snyder, Fae Carlisle, Dana Behling, Bria Beathley","date_accessed":"2023-08-04T00:00:00Z","date_published":"2023-06-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1b74147c-6dc8-5c75-a292-a7e7954b0afa","created":"2024-06-13T20:10:36.829852Z","modified":"2024-06-13T20:10:37.028606Z"},{"id":"c9822477-1578-4068-9882-41e4d6eaee3f","name":"Acronis 8Base July 17 2023","description":"Acronis Security Team. (2023, July 17). 8Base ransomware stays unseen for a year. Retrieved August 4, 2023.","url":"https://www.acronis.com/en-sg/cyber-protection-center/posts/8base-ransomware-stays-unseen-for-a-year/","source":"Tidal Cyber","title":"8Base ransomware stays unseen for a year","authors":"Acronis Security Team","date_accessed":"2023-08-04T00:00:00Z","date_published":"2023-07-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bae3eb02-aded-5464-a355-55f824cf5306","created":"2024-06-13T20:10:37.214267Z","modified":"2024-06-13T20:10:37.395981Z"},{"id":"a4d6bdd1-e70c-491b-a569-72708095c809","name":"MicroFocus 9002 Aug 2016","description":"Petrovsky, O. (2016, August 30). “9002 RAT” -- a second building on the left. Retrieved February 20, 2018.","url":"https://community.softwaregrp.com/t5/Security-Research/9002-RAT-a-second-building-on-the-left/ba-p/228686#.WosBVKjwZPZ","source":"MITRE","title":"“9002 RAT” -- a second building on the left","authors":"Petrovsky, O","date_accessed":"2018-02-20T00:00:00Z","date_published":"2016-08-30T00:00:00Z","owner_name":null,"tidal_id":"39d7219f-0d13-5fc4-ac2c-4157bfd2564a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419593Z"},{"id":"3a2dbd8b-54e3-406a-b77c-b6fae5541b6d","name":"CISA AA21-200A APT40 July 2021","description":"CISA. (2021, July 19). (AA21-200A) Joint Cybersecurity Advisory – Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department. Retrieved August 12, 2021.","url":"https://us-cert.cisa.gov/ncas/alerts/aa21-200a","source":"MITRE, Tidal Cyber","title":"(AA21-200A) Joint Cybersecurity Advisory – Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department","authors":"CISA","date_accessed":"2021-08-12T00:00:00Z","date_published":"2021-07-19T00:00:00Z","owner_name":null,"tidal_id":"46251505-9e42-5f94-a17c-6b580142393e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.259187Z"},{"id":"c5d37bde-52bc-525a-b25a-e097f77a924a","name":"CISA Iran Albanian Attacks September 2022","description":"CISA. (2022, September 23). AA22-264A Iranian State Actors Conduct Cyber Operations Against the Government of Albania. Retrieved August 6, 2024.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-264a","source":"MITRE","title":"AA22-264A Iranian State Actors Conduct Cyber Operations Against the Government of Albania","authors":"CISA","date_accessed":"2024-08-06T00:00:00Z","date_published":"2022-09-23T00:00:00Z","owner_name":null,"tidal_id":"27395752-a208-5adb-9d9c-444ef26010ac","created":"2024-10-31T16:28:27.891254Z","modified":"2025-12-17T15:08:36.420310Z"},{"id":"fe6f032e-11f3-5d6d-9a65-e5fc54cb2779","name":"CISA Medusa Group Medusa Ransomware March 2025","description":"Cybersecurity and Infrastructure Security Agency. (2025, March 12). AA25-071A #StopRansomware: Medusa Ransomware. Retrieved October 15, 2025.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a","source":"MITRE","title":"AA25-071A #StopRansomware: Medusa Ransomware","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2025-10-15T00:00:00Z","date_published":"2025-03-12T00:00:00Z","owner_name":null,"tidal_id":"5aeff08f-1fee-5584-8150-2806583fc13b","created":"2025-10-29T21:08:48.164909Z","modified":"2025-12-17T15:08:36.417464Z"},{"id":"d6faadde-690d-44d1-b1aa-0991a5374604","name":"AADInternals","description":"Dr. Nestori Syynimaa. (2018, October 25). AADInternals. Retrieved February 1, 2022.","url":"https://o365blog.com/aadinternals/","source":"MITRE","title":"AADInternals","authors":"Dr. Nestori Syynimaa","date_accessed":"2022-02-01T00:00:00Z","date_published":"2018-10-25T00:00:00Z","owner_name":null,"tidal_id":"d2777bb8-a93d-52ff-bdab-3521690f1a0c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422824Z"},{"id":"320231a1-4dbe-4eaa-b14d-48de738ba697","name":"AADInternals Documentation","description":"Dr. Nestori Syynimaa. (2018, October 25). AADInternals. Retrieved February 18, 2022.","url":"https://o365blog.com/aadinternals","source":"MITRE","title":"AADInternals Documentation","authors":"Dr. Nestori Syynimaa","date_accessed":"2022-02-18T00:00:00Z","date_published":"2018-10-25T00:00:00Z","owner_name":null,"tidal_id":"d1189e63-cb31-59ab-806f-f4526216f497","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422830Z"},{"id":"643d3947-c0ec-47c4-bb58-5e546084433c","name":"AADInternals Github","description":"Dr. Nestori Syynimaa. (2021, December 13). AADInternals. Retrieved February 1, 2022.","url":"https://github.com/Gerenios/AADInternals","source":"MITRE","title":"AADInternals Github","authors":"Dr. Nestori Syynimaa","date_accessed":"2022-02-01T00:00:00Z","date_published":"2021-12-13T00:00:00Z","owner_name":null,"tidal_id":"dcd3308f-dec9-5b26-9f3e-c005ebdddda5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422836Z"},{"id":"69a45479-e982-58ee-9e2d-caaf825f0ad4","name":"Gigamon BADHATCH Jul 2019","description":"Savelesky, K., et al. (2019, July 23). ABADBABE 8BADFOOD: Discovering BADHATCH and a Detailed Look at FIN8's Tooling. Retrieved September 8, 2021.","url":"https://blog.gigamon.com/2019/07/23/abadbabe-8badf00d-discovering-badhatch-and-a-detailed-look-at-fin8s-tooling/","source":"MITRE","title":"ABADBABE 8BADFOOD: Discovering BADHATCH and a Detailed Look at FIN8's Tooling","authors":"Savelesky, K., et al","date_accessed":"2021-09-08T00:00:00Z","date_published":"2019-07-23T00:00:00Z","owner_name":null,"tidal_id":"c9d61f14-f462-5ee7-b5fb-45f578df5255","created":"2023-11-07T00:36:15.313363Z","modified":"2025-12-17T15:08:36.417798Z"},{"id":"0d1e9635-b7b6-454b-9482-b1fc7d33bfff","name":"bad_luck_blackcat","description":"Kaspersky Global Research & Analysis Team (GReAT). (2022). A Bad Luck BlackCat. Retrieved May 5, 2022.","url":"https://go.kaspersky.com/rs/802-IJN-240/images/TR_BlackCat_Report.pdf","source":"MITRE","title":"A Bad Luck BlackCat","authors":"Kaspersky Global Research & Analysis Team (GReAT)","date_accessed":"2022-05-05T00:00:00Z","date_published":"2022-01-01T00:00:00Z","owner_name":null,"tidal_id":"2999bdb0-8b57-5c58-b754-21776547f73c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430466Z"},{"id":"8819875a-5139-4dae-94c8-e7cc9f847580","name":"Cybereason Bazar July 2020","description":"Cybereason Nocturnus. (2020, July 16). A BAZAR OF TRICKS: FOLLOWING TEAM9’S DEVELOPMENT CYCLES. Retrieved November 18, 2020.","url":"https://www.cybereason.com/blog/a-bazar-of-tricks-following-team9s-development-cycles","source":"MITRE","title":"A BAZAR OF TRICKS: FOLLOWING TEAM9’S DEVELOPMENT CYCLES","authors":"Cybereason Nocturnus","date_accessed":"2020-11-18T00:00:00Z","date_published":"2020-07-16T00:00:00Z","owner_name":null,"tidal_id":"44e364bf-af01-5f0b-8812-d80be4197b54","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420636Z"},{"id":"ae5d4c47-54c9-4f7b-9357-88036c524217","name":"Red Canary Hospital Thwarted Ryuk October 2020","description":"Brian Donohue, Katie Nickels, Paul Michaud, Adina Bodkins, Taylor Chapman, Tony Lambert, Jeff Felling, Kyle Rainey, Mike Haag, Matt Graeber, Aaron Didier.. (2020, October 29). A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak. Retrieved October 30, 2020.","url":"https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/","source":"MITRE","title":"A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak","authors":"Brian Donohue, Katie Nickels, Paul Michaud, Adina Bodkins, Taylor Chapman, Tony Lambert, Jeff Felling, Kyle Rainey, Mike Haag, Matt Graeber, Aaron Didier.","date_accessed":"2020-10-30T00:00:00Z","date_published":"2020-10-29T00:00:00Z","owner_name":null,"tidal_id":"c27627b1-b568-5c8b-949b-8c2cd0aef433","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423483Z"},{"id":"68ded9b7-3042-44e0-8bf7-cdba2174a3d8","name":"CyberCX Anonymous Sudan June 19 2023","description":"CyberCX Intelligence. (2023, June 19). A bear in wolf’s clothing: Insights into the infrastructure used by Anonymous Sudan to attack Australian organisations. Retrieved October 10, 2023.","url":"https://cybercx.com.au/blog/a-bear-in-wolfs-clothing/","source":"Tidal Cyber","title":"A bear in wolf’s clothing: Insights into the infrastructure used by Anonymous Sudan to attack Australian organisations","authors":"CyberCX Intelligence","date_accessed":"2023-10-10T00:00:00Z","date_published":"2023-06-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f243a61a-4a69-5238-aa05-0bbdd8e24537","created":"2023-10-10T20:48:42.001758Z","modified":"2023-10-10T20:48:42.352698Z"},{"id":"25d46bc1-4c05-48d3-95f0-aa3ee1100bf9","name":"Netskope Cloud Phishing","description":"Ashwin Vamshi. (2020, August 12). A Big Catch: Cloud Phishing from Google App Engine and Azure App Service. Retrieved August 18, 2022.","url":"https://www.netskope.com/blog/a-big-catch-cloud-phishing-from-google-app-engine-and-azure-app-service","source":"MITRE","title":"A Big Catch: Cloud Phishing from Google App Engine and Azure App Service","authors":"Ashwin Vamshi","date_accessed":"2022-08-18T00:00:00Z","date_published":"2020-08-12T00:00:00Z","owner_name":null,"tidal_id":"f915ba2e-5f29-5f16-a712-83565814540d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432096Z"},{"id":"99091ea0-35b3-590d-bd6c-0cc20b6be8f9","name":"Elastic Abnormal Process ID or Lock File Created","description":"Elastic. (n.d.). Abnormal Process ID or Lock File Created. Retrieved September 19, 2024.","url":"https://www.elastic.co/guide/en/security/current/abnormal-process-id-or-lock-file-created.html","source":"MITRE","title":"Abnormal Process ID or Lock File Created","authors":"Elastic","date_accessed":"2024-09-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f97790d6-1bb6-5167-bc37-6fa2e7d40ea3","created":"2024-10-31T16:28:37.677921Z","modified":"2025-04-22T20:47:31.993960Z"},{"id":"8014a0cc-f793-4d9a-a2cc-ef9e9c5a826a","name":"Microsoft O365 Admin Roles","description":"Ako-Adjei, K., Dickhaus, M., Baumgartner, P., Faigel, D., et. al.. (2019, October 8). About admin roles. Retrieved October 18, 2019.","url":"https://docs.microsoft.com/en-us/office365/admin/add-users/about-admin-roles?view=o365-worldwide","source":"MITRE","title":"About admin roles","authors":"Ako-Adjei, K., Dickhaus, M., Baumgartner, P., Faigel, D., et. al.","date_accessed":"2019-10-18T00:00:00Z","date_published":"2019-10-08T00:00:00Z","owner_name":null,"tidal_id":"82ca6f31-a846-5206-ba2e-a478cc325673","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426933Z"},{"id":"a22636c8-8e39-4583-93ef-f0b7f0a218d8","name":"Microsoft Atom Table","description":"Microsoft. (n.d.). About Atom Tables. Retrieved December 8, 2017.","url":"https://msdn.microsoft.com/library/windows/desktop/ms649053.aspx","source":"MITRE","title":"About Atom Tables","authors":"Microsoft","date_accessed":"2017-12-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d20e4253-e37b-55a5-83f2-2e1f8acaf6c2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431543Z"},{"id":"8d6d47d1-a6ea-4673-8ade-ba61bfeef084","name":"Microsoft About BITS","description":"Microsoft. (2019, July 12). About BITS. Retrieved March 16, 2020.","url":"https://docs.microsoft.com/en-us/windows/win32/bits/about-bits","source":"MITRE","title":"About BITS","authors":"Microsoft","date_accessed":"2020-03-16T00:00:00Z","date_published":"2019-07-12T00:00:00Z","owner_name":null,"tidal_id":"3eac3221-0847-5b45-81d9-a868f7e70851","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441263Z"},{"id":"689d944f-ad66-4908-91fb-bb1ecdafe8d9","name":"Microsoft About Event Tracing 2018","description":"Microsoft. (2018, May 30). About Event Tracing. Retrieved June 7, 2019.","url":"https://docs.microsoft.com/en-us/windows/desktop/etw/consuming-events","source":"MITRE","title":"About Event Tracing","authors":"Microsoft","date_accessed":"2019-06-07T00:00:00Z","date_published":"2018-05-30T00:00:00Z","owner_name":null,"tidal_id":"60f65eef-7ca8-5ab7-9bde-61c1b9e4facd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430814Z"},{"id":"2092c22d-41b7-5560-823f-fca444598edd","name":"Microsoft about_History","description":"Microsoft. (2024, January 19). about_History. Retrieved June 13, 2025.","url":"https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_history?view=powershell-7.5","source":"MITRE","title":"about_History","authors":"Microsoft","date_accessed":"2025-06-13T00:00:00Z","date_published":"2024-01-19T00:00:00Z","owner_name":null,"tidal_id":"a90e4c99-aef7-5888-ab03-7ea32ece02db","created":"2025-10-29T21:08:48.166109Z","modified":"2025-12-17T15:08:36.431859Z"},{"id":"6c873fb4-db43-4bad-b5e4-a7d45cbe796f","name":"Microsoft PowerShell Command History","description":"Microsoft. (2020, May 13). About History. Retrieved September 4, 2020.","url":"https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_history?view=powershell-7","source":"MITRE","title":"About History","authors":"Microsoft","date_accessed":"2020-09-04T00:00:00Z","date_published":"2020-05-13T00:00:00Z","owner_name":null,"tidal_id":"1ea10fac-d1b1-53b4-bd69-9ef8975835f4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428044Z"},{"id":"7d6c6ba6-cda6-4f27-bfc8-af5b759305ed","name":"Microsoft List View Controls","description":"Microsoft. (2021, May 25). About List-View Controls. Retrieved January 4, 2022.","url":"https://docs.microsoft.com/windows/win32/controls/list-view-controls-overview","source":"MITRE","title":"About List-View Controls","authors":"Microsoft","date_accessed":"2022-01-04T00:00:00Z","date_published":"2021-05-25T00:00:00Z","owner_name":null,"tidal_id":"a3e91da5-e306-521e-976d-31d4bd6363c5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436102Z"},{"id":"81c94686-741d-45d7-90f3-0c7979374e87","name":"Microsoft PowerShell Logging","description":"Microsoft. (2020, March 30). about_Logging_Windows. Retrieved September 28, 2021.","url":"https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_logging_windows?view=powershell-7","source":"MITRE","title":"about_Logging_Windows","authors":"Microsoft","date_accessed":"2021-09-28T00:00:00Z","date_published":"2020-03-30T00:00:00Z","owner_name":null,"tidal_id":"31bff98b-df7c-5d89-978a-a5844c4552f5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437042Z"},{"id":"d2f32ac1-9b5b-408d-a7ab-d92dd9efe0ed","name":"Apple About Mac Scripting 2016","description":"Apple. (2016, June 13). About Mac Scripting. Retrieved April 14, 2021.","url":"https://developer.apple.com/library/archive/documentation/LanguagesUtilities/Conceptual/MacAutomationScriptingGuide/index.html","source":"MITRE","title":"About Mac Scripting","authors":"Apple","date_accessed":"2021-04-14T00:00:00Z","date_published":"2016-06-13T00:00:00Z","owner_name":null,"tidal_id":"b9a1951f-2957-5d94-812d-f1d68f187d17","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424845Z"},{"id":"2c504602-4f5d-47fc-9780-e1e5041a0b3a","name":"PowerShell About 2019","description":"Wheeler, S. et al.. (2019, May 1). About PowerShell.exe. Retrieved October 11, 2019.","url":"https://docs.microsoft.com/en-us/powershell/module/Microsoft.PowerShell.Core/About/about_PowerShell_exe?view=powershell-5.1","source":"MITRE","title":"About PowerShell.exe","authors":"Wheeler, S. et al.","date_accessed":"2019-10-11T00:00:00Z","date_published":"2019-05-01T00:00:00Z","owner_name":null,"tidal_id":"dc8ee721-1f08-59db-88e9-b582b527659f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424132Z"},{"id":"7e50721c-c6d5-5449-8326-529da4cf5465","name":"Microsoft PowerShellB64","description":"Microsoft. (2023, February 8). about_PowerShell_exe: EncodedCommand. Retrieved March 17, 2023.","url":"https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_powershell_exe?view=powershell-5.1#-encodedcommand-base64encodedcommand","source":"MITRE","title":"about_PowerShell_exe: EncodedCommand","authors":"Microsoft","date_accessed":"2023-03-17T00:00:00Z","date_published":"2023-02-08T00:00:00Z","owner_name":null,"tidal_id":"022fa337-b6f3-58b5-9efc-6aed3a14b6eb","created":"2023-05-26T01:21:10.192863Z","modified":"2025-12-17T15:08:36.435264Z"},{"id":"b25ab0bf-c28b-4747-b075-30bcdfbc0e35","name":"Microsoft Profiles","description":"Microsoft. (2021, September 27). about_Profiles. Retrieved February 4, 2022.","url":"https://docs.microsoft.com/powershell/module/microsoft.powershell.core/about/about_profiles","source":"MITRE","title":"about_Profiles","authors":"Microsoft","date_accessed":"2022-02-04T00:00:00Z","date_published":"2021-09-27T00:00:00Z","owner_name":null,"tidal_id":"cfed4c56-9a7b-58e9-b434-db8ebb3baadf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424838Z"},{"id":"1da63665-7a96-4bc3-9606-a3575b913819","name":"Microsoft About Profiles","description":"Microsoft. (2017, November 29). About Profiles. Retrieved June 14, 2019.","url":"https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_profiles?view=powershell-6","source":"MITRE","title":"About Profiles","authors":"Microsoft","date_accessed":"2019-06-14T00:00:00Z","date_published":"2017-11-29T00:00:00Z","owner_name":null,"tidal_id":"370e4563-ed7c-5e94-bf41-ba45a6a417b4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424831Z"},{"id":"a981e013-f839-46e9-9c8a-128c4897f77a","name":"Microsoft Remote Desktop Services","description":"Microsoft. (2019, August 23). About Remote Desktop Services. Retrieved March 28, 2022.","url":"https://docs.microsoft.com/windows/win32/termserv/about-terminal-services","source":"MITRE","title":"About Remote Desktop Services","authors":"Microsoft","date_accessed":"2022-03-28T00:00:00Z","date_published":"2019-08-23T00:00:00Z","owner_name":null,"tidal_id":"c750ff02-db73-59c1-99e8-217d0768dad7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427730Z"},{"id":"a85bd111-a2ca-5e66-b90e-f52ff780fc5c","name":"systemsetup mac time","description":"Apple Support. (n.d.). About systemsetup in Remote Desktop. Retrieved March 27, 2024.","url":"https://support.apple.com/en-gb/guide/remote-desktop/apd95406b8d/mac","source":"MITRE","title":"About systemsetup in Remote Desktop","authors":"Apple Support","date_accessed":"2024-03-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"bd9a4f06-bd9a-5a7e-af00-4e807808674c","created":"2024-04-25T13:28:41.448945Z","modified":"2025-12-17T15:08:36.436462Z"},{"id":"2c1b2d58-a5dc-4aee-8bdb-129a81c10408","name":"MSDN Clipboard","description":"Microsoft. (n.d.). About the Clipboard. Retrieved March 29, 2016.","url":"https://msdn.microsoft.com/en-us/library/ms649012","source":"MITRE","title":"About the Clipboard","authors":"Microsoft","date_accessed":"2016-03-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"99ca4910-afda-5890-bd08-a44a6ba61d63","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427136Z"},{"id":"1af226cc-bb93-43c8-972e-367482c5d487","name":"Microsoft HTML Help Executable Program","description":"Microsoft. (n.d.). About the HTML Help Executable Program. Retrieved October 3, 2018.","url":"https://msdn.microsoft.com/windows/desktop/ms524405","source":"MITRE","title":"About the HTML Help Executable Program","authors":"Microsoft","date_accessed":"2018-10-03T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"edf990f5-1da9-58c1-ad2b-5d962ed9747a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433292Z"},{"id":"ed06c5db-b7b7-4004-ba9d-9051acf80d2c","name":"OffSec November 2 2019","description":"OffSec Team. (2019, November 2). About the Metasploit Meterpreter - Metasploit Unleashed. Retrieved June 9, 2025.","url":"https://www.offsec.com/metasploit-unleashed/about-meterpreter/","source":"Tidal Cyber","title":"About the Metasploit Meterpreter - Metasploit Unleashed","authors":"OffSec Team","date_accessed":"2025-06-09T00:00:00Z","date_published":"2019-11-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b2f38c40-9307-5eb1-843e-04f3802001c6","created":"2025-06-10T15:50:19.387583Z","modified":"2025-06-10T15:50:19.627151Z"},{"id":"2e6fe82c-d90f-42b6-8247-397ab8823c7c","name":"About UEFI","description":"UEFI Forum. (n.d.). About UEFI Forum. Retrieved January 5, 2016.","url":"http://www.uefi.org/about","source":"MITRE","title":"About UEFI Forum","authors":"UEFI Forum","date_accessed":"2016-01-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f8e24d68-63d5-518b-985e-1c1ef5e337d8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425432Z"},{"id":"cc620fcd-1f4a-4670-84b5-3f12c9b85053","name":"Microsoft Window Classes","description":"Microsoft. (n.d.). About Window Classes. Retrieved December 16, 2017.","url":"https://msdn.microsoft.com/library/windows/desktop/ms633574.aspx","source":"MITRE","title":"About Window Classes","authors":"Microsoft","date_accessed":"2017-12-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b70d3335-0a89-5ea4-b24f-b5bb4943d75c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423533Z"},{"id":"2e9c2206-a04e-4278-9492-830cc9347ff9","name":"Picus Sodinokibi January 2020","description":"Ozarslan, S. (2020, January 15). A Brief History of Sodinokibi. Retrieved August 5, 2020.","url":"https://www.picussecurity.com/blog/a-brief-history-and-further-technical-analysis-of-sodinokibi-ransomware","source":"MITRE","title":"A Brief History of Sodinokibi","authors":"Ozarslan, S","date_accessed":"2020-08-05T00:00:00Z","date_published":"2020-01-15T00:00:00Z","owner_name":null,"tidal_id":"31995f19-6a9d-5352-8ffe-065fe64e3f91","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421060Z"},{"id":"2a8fd573-6ab0-403b-b813-88d9d3edab36","name":"Application Bundle Manipulation Brandon Dalton","description":"Brandon Dalton. (2022, August 9). A bundle of nerves: Tweaking macOS security controls to thwart application bundle manipulation. Retrieved September 27, 2022.","url":"https://redcanary.com/blog/mac-application-bundles/","source":"MITRE","title":"A bundle of nerves: Tweaking macOS security controls to thwart application bundle manipulation","authors":"Brandon Dalton","date_accessed":"2022-09-27T00:00:00Z","date_published":"2022-08-09T00:00:00Z","owner_name":null,"tidal_id":"ea1ff08f-90e7-5605-b111-17c555059c7f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427261Z"},{"id":"e72192d5-eed6-57f5-8dfc-49c57da04bd6","name":"Halcyon AWS Ransomware 2025","description":"Halcyon RISE Team. (2025, January 13). Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C. Retrieved March 18, 2025.","url":"https://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-c","source":"MITRE","title":"Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C","authors":"Halcyon RISE Team","date_accessed":"2025-03-18T00:00:00Z","date_published":"2025-01-13T00:00:00Z","owner_name":null,"tidal_id":"4ee89072-5e18-5381-ba5e-c9e21348185d","created":"2025-04-22T20:47:09.869024Z","modified":"2025-12-17T15:08:36.424986Z"},{"id":"70c217c3-83a2-40f2-8f47-b68d8bd4cdf0","name":"NCC Group Chimera January 2021","description":"Jansen, W . (2021, January 12). Abusing cloud services to fly under the radar. Retrieved September 12, 2024.","url":"https://web.archive.org/web/20230218064220/https://research.nccgroup.com/2021/01/12/abusing-cloud-services-to-fly-under-the-radar/","source":"MITRE","title":"Abusing cloud services to fly under the radar","authors":"Jansen, W","date_accessed":"2024-09-12T00:00:00Z","date_published":"2021-01-12T00:00:00Z","owner_name":null,"tidal_id":"152f1c63-3541-59d3-bb22-03d14aee1e68","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438662Z"},{"id":"0be977fd-7b7e-5ddb-aa0c-def81b97b2a5","name":"Electron 2","description":"Trend Micro. (2023, June 6). Abusing Electronbased applications in targeted attacks. Retrieved March 7, 2024.","url":"https://www.first.org/resources/papers/conf2023/FIRSTCON23-TLP-CLEAR-Horejsi-Abusing-Electron-Based-Applications-in-Targeted-Attacks.pdf","source":"MITRE","title":"Abusing Electronbased applications in targeted attacks","authors":"Trend Micro","date_accessed":"2024-03-07T00:00:00Z","date_published":"2023-06-06T00:00:00Z","owner_name":null,"tidal_id":"90baef9c-8766-53c3-a63b-793913d4d646","created":"2024-04-25T13:28:34.841864Z","modified":"2025-12-17T15:08:36.429783Z"},{"id":"18cc9426-9b51-46fa-9106-99688385ebe4","name":"Harmj0y Abusing GPO Permissions","description":"Schroeder, W. (2016, March 17). Abusing GPO Permissions. Retrieved September 23, 2024.","url":"https://blog.harmj0y.net/redteaming/abusing-gpo-permissions/","source":"MITRE","title":"Abusing GPO Permissions","authors":"Schroeder, W","date_accessed":"2024-09-23T00:00:00Z","date_published":"2016-03-17T00:00:00Z","owner_name":null,"tidal_id":"ca3973fa-ab9c-5fc8-a38a-e899e2c3de29","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430154Z"},{"id":"7d0870a0-db94-5213-a1b7-fc3c6557dcc0","name":"on security kerberos linux","description":"Boal, Calum. (2020, January 28). Abusing Kerberos From Linux - An Overview of Available Tools. Retrieved September 17, 2024.","url":"https://www.onsecurity.io/blog/abusing-kerberos-from-linux/","source":"MITRE","title":"Abusing Kerberos From Linux - An Overview of Available Tools","authors":"Boal, Calum","date_accessed":"2024-09-17T00:00:00Z","date_published":"2020-01-28T00:00:00Z","owner_name":null,"tidal_id":"f82f9fcb-0ee6-5c66-bd58-7834a65a56ee","created":"2024-10-31T16:28:37.434907Z","modified":"2025-12-17T15:08:36.441915Z"},{"id":"027c5274-6b61-447a-9058-edb844f112dd","name":"Retwin Directory Share Pivot","description":"Routin, D. (2017, November 13). Abusing network shares for efficient lateral movements and privesc (DirSharePivot). Retrieved April 12, 2018.","url":"https://rewtin.blogspot.ch/2017/11/abusing-user-shares-for-efficient.html","source":"MITRE","title":"Abusing network shares for efficient lateral movements and privesc (DirSharePivot)","authors":"Routin, D","date_accessed":"2018-04-12T00:00:00Z","date_published":"2017-11-13T00:00:00Z","owner_name":null,"tidal_id":"b8603ec7-b3f9-50fc-9280-858fc3b60953","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426351Z"},{"id":"3b5c0e62-7ac9-42e1-b2dd-8f2e0739b9d7","name":"BOHOPS Abusing the COM Registry","description":"BOHOPS. (2018, August 18). Abusing the COM Registry Structure (Part 2): Hijacking & Loading Techniques. Retrieved August 10, 2020.","url":"https://bohops.com/2018/08/18/abusing-the-com-registry-structure-part-2-loading-techniques-for-evasion-and-persistence/","source":"MITRE","title":"Abusing the COM Registry Structure (Part 2): Hijacking & Loading Techniques","authors":"BOHOPS","date_accessed":"2020-08-10T00:00:00Z","date_published":"2018-08-18T00:00:00Z","owner_name":null,"tidal_id":"c4d123bb-4173-59bd-93ca-9c82d09bca60","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431816Z"},{"id":"7f0f223f-09b1-4f8f-b6f1-1044e2ac7066","name":"abusing_com_reg","description":"bohops. (2018, August 18). ABUSING THE COM REGISTRY STRUCTURE (PART 2): HIJACKING & LOADING TECHNIQUES. Retrieved September 20, 2021.","url":"https://bohops.com/2018/08/18/abusing-the-com-registry-structure-part-2-loading-techniques-for-evasion-and-persistence/","source":"MITRE","title":"ABUSING THE COM REGISTRY STRUCTURE (PART 2): HIJACKING & LOADING TECHNIQUES","authors":"bohops","date_accessed":"2021-09-20T00:00:00Z","date_published":"2018-08-18T00:00:00Z","owner_name":null,"tidal_id":"54ded8b8-4821-5eb5-8f45-700307e8cd29","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436893Z"},{"id":"09cac813-862c-47c8-a47f-154c5436afbb","name":"Rhino Security Labs AWS VPC Traffic Mirroring","description":"Spencer Gietzen. (2019, September 17). Abusing VPC Traffic Mirroring in AWS. Retrieved March 17, 2022.","url":"https://rhinosecuritylabs.com/aws/abusing-vpc-traffic-mirroring-in-aws/","source":"MITRE","title":"Abusing VPC Traffic Mirroring in AWS","authors":"Spencer Gietzen","date_accessed":"2022-03-17T00:00:00Z","date_published":"2019-09-17T00:00:00Z","owner_name":null,"tidal_id":"d8b12807-12bd-56bf-9b2b-ad0182dc9ec9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427382Z"},{"id":"fc889ba3-79a5-445a-81ea-dfe81c1cc542","name":"Narrator Accessibility Abuse","description":"Comi, G. (2019, October 19). Abusing Windows 10 Narrator's 'Feedback-Hub' URI for Fileless Persistence. Retrieved April 28, 2020.","url":"https://giuliocomi.blogspot.com/2019/10/abusing-windows-10-narrators-feedback.html","source":"MITRE","title":"Abusing Windows 10 Narrator's 'Feedback-Hub' URI for Fileless Persistence","authors":"Comi, G","date_accessed":"2020-04-28T00:00:00Z","date_published":"2019-10-19T00:00:00Z","owner_name":null,"tidal_id":"8da18a56-cabd-59b8-aad1-e0aaa28d4152","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431209Z"},{"id":"dd017959-e390-563f-8ed0-ae6cd958946f","name":"ESET","description":"ESET. (n.d.). ACAD/Medre.A: 10000s of AutoCAD Designs Leaked in Suspected Industrial Espionage. Retrieved April","url":"https://www.welivesecurity.com/wp-content/uploads/200x/white-papers/ESET_ACAD_Medre_A_whitepaper.pdf","source":"ICS","title":"ACAD/Medre.A: 10000s of AutoCAD Designs Leaked in Suspected Industrial Espionage","authors":"ESET","date_accessed":"1978-04-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"98acf4da-55b0-5a51-acdf-2063c3c32c02","created":"2026-01-28T13:08:18.176073Z","modified":"2026-01-28T13:08:18.176076Z"},{"id":"e6cb833f-cf18-498b-a233-848853423412","name":"Intezer ACBackdoor","description":"Sanmillan, I. (2019, November 18). ACBackdoor: Analysis of a New Multiplatform Backdoor. Retrieved October 4, 2021.","url":"https://www.intezer.com/blog/research/acbackdoor-analysis-of-a-new-multiplatform-backdoor/","source":"MITRE","title":"ACBackdoor: Analysis of a New Multiplatform Backdoor","authors":"Sanmillan, I","date_accessed":"2021-10-04T00:00:00Z","date_published":"2019-11-18T00:00:00Z","owner_name":null,"tidal_id":"5830cd13-4b07-5664-9505-e1d43fa00b6c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428948Z"},{"id":"de5523bd-e735-4751-84e9-a1be1d2980ec","name":"AccCheckConsole.exe - LOLBAS Project","description":"LOLBAS. (2022, January 2). AccCheckConsole.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/AccCheckConsole/","source":"Tidal Cyber","title":"AccCheckConsole.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-01-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b9b458cd-33d3-502c-b0c3-dfd0e899d93c","created":"2024-01-12T14:47:16.747059Z","modified":"2024-01-12T14:47:16.921450Z"},{"id":"ef8f0990-b2da-4538-8b02-7401dc5a4120","name":"CyberScoop APT28 Nov 2018","description":"Shoorbajee, Z. (2018, November 29). Accenture: Russian hackers using Brexit talks to disguise phishing lures. Retrieved July 16, 2019.","url":"https://www.cyberscoop.com/apt28-brexit-phishing-accenture/","source":"MITRE","title":"Accenture: Russian hackers using Brexit talks to disguise phishing lures","authors":"Shoorbajee, Z","date_accessed":"2019-07-16T00:00:00Z","date_published":"2018-11-29T00:00:00Z","owner_name":null,"tidal_id":"24308219-f8b3-5bbd-b0f2-7d93cde4863a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420921Z"},{"id":"bf374b41-b2a3-5c07-bf84-9ea0e1a9e6c5","name":"Microsoft Azure Kubernetes Service Service Accounts","description":"Microsoft Azure. (2023, April 28). Access and identity options for Azure Kubernetes Service (AKS). Retrieved July 14, 2023.","url":"https://learn.microsoft.com/en-us/azure/aks/concepts-identity","source":"MITRE","title":"Access and identity options for Azure Kubernetes Service (AKS)","authors":"Microsoft Azure","date_accessed":"2023-07-14T00:00:00Z","date_published":"2023-04-28T00:00:00Z","owner_name":null,"tidal_id":"affbcc3e-bb2d-5540-82b7-f6813d235879","created":"2023-11-07T00:36:00.452012Z","modified":"2025-12-17T15:08:36.427627Z"},{"id":"0f772693-e09d-5c82-85c2-77f5fee39ef0","name":"CrowdStrike Access Brokers","description":"CrowdStrike Intelligence Team. (2022, February 23). Access Brokers: Who Are the Targets, and What Are They Worth?. Retrieved March 10, 2023.","url":"https://www.crowdstrike.com/blog/access-brokers-targets-and-worth/","source":"MITRE","title":"Access Brokers: Who Are the Targets, and What Are They Worth?","authors":"CrowdStrike Intelligence Team","date_accessed":"2023-03-10T00:00:00Z","date_published":"2022-02-23T00:00:00Z","owner_name":null,"tidal_id":"07695f03-843e-5107-924c-ca2a06846cb0","created":"2023-05-26T01:21:09.918731Z","modified":"2025-12-17T15:08:36.434946Z"},{"id":"2aeda95a-7741-4a74-a5a4-29a9e7a89451","name":"Microsoft Access Control Lists May 2018","description":"M. Satran, M. Jacobs. (2018, May 30). Access Control Lists. Retrieved February 4, 2020.","url":"https://docs.microsoft.com/en-us/windows/win32/secauthz/access-control-lists","source":"MITRE","title":"Access Control Lists","authors":"M. Satran, M. Jacobs","date_accessed":"2020-02-04T00:00:00Z","date_published":"2018-05-30T00:00:00Z","owner_name":null,"tidal_id":"24a671dc-0210-572c-85d1-b7fe68143ead","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427481Z"},{"id":"1f13a583-dbb1-462e-9a88-31fc8ef184c9","name":"Proofpoint December 16 2025","description":"None Identified. (2025, December 16). Access granted: phishing with device code authorization for account takeover | Proofpoint US. Retrieved December 24, 2025.","url":"https://www.proofpoint.com/us/blog/threat-insight/access-granted-phishing-device-code-authorization-account-takeover","source":"Tidal Cyber","title":"Access granted: phishing with device code authorization for account takeover | Proofpoint US","authors":"None Identified","date_accessed":"2025-12-24T12:00:00Z","date_published":"2025-12-16T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6f415714-1873-52df-a490-687bd91cce7f","created":"2025-12-29T17:39:48.577171Z","modified":"2025-12-29T17:39:48.726128Z"},{"id":"148aeb80-6ed4-54c2-8ef6-c87bb56892ce","name":"Skycure-Accessibility","description":"Yair Amit. (2016, March 3). “Accessibility Clickjacking” – The Next Evolution in Android Malware that Impacts More Than 500 Million Devices. Retrieved December","url":"https://www.skycure.com/blog/accessibility-clickjacking/","source":"Mobile","title":"“Accessibility Clickjacking” – The Next Evolution in Android Malware that Impacts More Than 500 Million Devices","authors":"Yair Amit","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-03-03T00:00:00Z","owner_name":null,"tidal_id":"26070fbb-5fd0-5634-90d9-f48d63650200","created":"2026-01-28T13:08:10.043847Z","modified":"2026-01-28T13:08:10.043850Z"},{"id":"43e8e178-a0da-44d8-be1b-853307e0d4ae","name":"Auth0 Access Tokens","description":"Auth0. (n.d.). Access Tokens. Retrieved September 29, 2021.","url":"https://auth0.com/docs/tokens/access-tokens","source":"MITRE","title":"Access Tokens","authors":"Auth0","date_accessed":"2021-09-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"fe744dbc-f290-55e8-9827-d83b4b9095db","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437067Z"},{"id":"8c6ec125-8da1-5e1f-94c7-c8aa728a4407","name":"Android_AccountManager_Feb2025","description":"Android. (2025, February 13). AccountManager. Retrieved September","url":"https://developer.android.com/reference/android/accounts/AccountManager","source":"Mobile","title":"AccountManager","authors":"Android","date_accessed":"1978-09-01T00:00:00Z","date_published":"2025-02-13T00:00:00Z","owner_name":null,"tidal_id":"a5700708-4ffc-5a47-a22c-b78b23c03dab","created":"2026-01-28T13:08:10.043418Z","modified":"2026-01-28T13:08:10.043421Z"},{"id":"4c2ede51-33f6-4d09-9186-43b023b079c0","name":"BSidesSLC 2020 - LNK Elastic","description":"French, D., Filar, B.. (2020, March 21). A Chain Is No Stronger Than Its Weakest LNK. Retrieved November 30, 2020.","url":"https://www.youtube.com/watch?v=nJ0UsyiUEqQ","source":"MITRE","title":"A Chain Is No Stronger Than Its Weakest LNK","authors":"French, D., Filar, B.","date_accessed":"2020-11-30T00:00:00Z","date_published":"2020-03-21T00:00:00Z","owner_name":null,"tidal_id":"86188efd-2eb6-5040-bcb9-ad3193d5f04c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429107Z"},{"id":"98d4453e-2e80-422a-ac8c-47f650f46e3c","name":"Mythic SpecterOps","description":"Thomas, C. (2020, August 13). A Change of Mythic Proportions. Retrieved March 25, 2022.","url":"https://posts.specterops.io/a-change-of-mythic-proportions-21debeb03617","source":"MITRE","title":"A Change of Mythic Proportions","authors":"Thomas, C","date_accessed":"2022-03-25T00:00:00Z","date_published":"2020-08-13T00:00:00Z","owner_name":null,"tidal_id":"edc1e200-d703-5796-aefb-f22c94b547d6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423422Z"},{"id":"d37c069c-7fb8-44e1-8377-da97e8bbcf67","name":"FireEye Chinese Espionage October 2019","description":"Nalani Fraser, Kelli Vanderlee. (2019, October 10). Achievement Unlocked - Chinese Cyber Espionage Evolves to Support Higher Level Missions. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20210308054208/https://www.fireeye.com/content/dam/fireeye-www/summit/cds-2019/presentations/cds19-executive-s08-achievement-unlocked.pdf","source":"MITRE, Tidal Cyber","title":"Achievement Unlocked - Chinese Cyber Espionage Evolves to Support Higher Level Missions","authors":"Nalani Fraser, Kelli Vanderlee","date_accessed":"2024-11-17T00:00:00Z","date_published":"2019-10-10T00:00:00Z","owner_name":null,"tidal_id":"e7de2964-422c-550e-a7b6-d0329ae57d7e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279745Z"},{"id":"f3f2eca0-fda3-451e-bf13-aacb14668e48","name":"Unit42 AcidBox June 2020","description":"Reichel, D. and Idrizovic, E. (2020, June 17). AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations. Retrieved March 16, 2021.","url":"https://unit42.paloaltonetworks.com/acidbox-rare-malware/","source":"MITRE","title":"AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations","authors":"Reichel, D. and Idrizovic, E","date_accessed":"2021-03-16T00:00:00Z","date_published":"2020-06-17T00:00:00Z","owner_name":null,"tidal_id":"82692b34-8991-5650-9f75-1c03f7e7385d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426678Z"},{"id":"f6009712-7c94-5daf-82b4-c269454d6b1e","name":"SentinelOne AcidPour 2024","description":"Juan Andrés Guerrero-Saade & Tom Hegel. (2024, March 21). AcidPour | New Embedded Wiper Variant of AcidRain Appears in Ukraine. Retrieved November 25, 2024.","url":"https://www.sentinelone.com/labs/acidpour-new-embedded-wiper-variant-of-acidrain-appears-in-ukraine/","source":"MITRE","title":"AcidPour | New Embedded Wiper Variant of AcidRain Appears in Ukraine","authors":"Juan Andrés Guerrero-Saade & Tom Hegel","date_accessed":"2024-11-25T00:00:00Z","date_published":"2024-03-21T00:00:00Z","owner_name":null,"tidal_id":"c36a08ce-c74d-5184-9ae2-40e5c631aeec","created":"2025-04-22T20:47:26.803938Z","modified":"2025-12-17T15:08:36.418283Z"},{"id":"bd4a7b2e-a387-5e1b-9d9e-52464a8e25c9","name":"AcidRain JAGS 2022","description":"Juan Andres Guerrero-Saade and Max van Amerongen, SentinelOne. (2022, March 31). AcidRain | A Modem Wiper Rains Down on Europe. Retrieved March 25, 2024.","url":"https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/","source":"MITRE","title":"AcidRain | A Modem Wiper Rains Down on Europe","authors":"Juan Andres Guerrero-Saade and Max van Amerongen, SentinelOne","date_accessed":"2024-03-25T00:00:00Z","date_published":"2022-03-31T00:00:00Z","owner_name":null,"tidal_id":"1005b19d-1c69-561d-80f2-b42f6ac458d9","created":"2024-04-25T13:28:46.806458Z","modified":"2025-12-17T15:08:36.416640Z"},{"id":"da08c02c-c668-5d3e-a219-43774bff1539","name":"Krebs LAPUSS Mar2022","description":"Krebs, B. (2022, March 23). A Closer Look at the LAPSUS$ Data Extortion Group. Retrieved January","url":"https://krebsonsecurity.com/2022/03/a-closer-look-at-the-lapsus-data-extortion-group/","source":"Mobile","title":"A Closer Look at the LAPSUS$ Data Extortion Group","authors":"Krebs, B","date_accessed":"1978-01-01T00:00:00Z","date_published":"2022-03-23T00:00:00Z","owner_name":null,"tidal_id":"5a30e62f-6295-558a-a862-19b320fcd5ed","created":"2026-01-28T13:08:10.047867Z","modified":"2026-01-28T13:08:10.047870Z"},{"id":"99245022-2130-404d-bf7a-095d84a515cd","name":"acroread package compromised Arch Linux Mail 8JUL2018","description":"Eli Schwartz. (2018, June 8). acroread package compromised. Retrieved April 23, 2019.","url":"https://lists.archlinux.org/pipermail/aur-general/2018-July/034153.html","source":"MITRE","title":"acroread package compromised","authors":"Eli Schwartz","date_accessed":"2019-04-23T00:00:00Z","date_published":"2018-06-08T00:00:00Z","owner_name":null,"tidal_id":"c357d7a1-7d1a-5765-9860-90bbdce0f915","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424959Z"},{"id":"5ab658db-7f71-4213-8146-e22da54160b3","name":"Microsoft Actinium February 2022","description":"Microsoft Threat Intelligence Center. (2022, February 4). ACTINIUM targets Ukrainian organizations. Retrieved February 18, 2022.","url":"https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/","source":"MITRE","title":"ACTINIUM targets Ukrainian organizations","authors":"Microsoft Threat Intelligence Center","date_accessed":"2022-02-18T00:00:00Z","date_published":"2022-02-04T00:00:00Z","owner_name":null,"tidal_id":"207e754e-c559-5cb2-93fc-9b5440ca2d89","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416572Z"},{"id":"924e1186-57e5-43db-94ab-29afa3fdaa7b","name":"Wikipedia Active Directory","description":"Wikipedia. (2018, March 10). Active Directory. Retrieved April 11, 2018.","url":"https://en.wikipedia.org/wiki/Active_Directory","source":"MITRE","title":"Active Directory","authors":"Wikipedia","date_accessed":"2018-04-11T00:00:00Z","date_published":"2018-03-10T00:00:00Z","owner_name":null,"tidal_id":"d83836e1-b12d-5a6d-a89a-578f285224ba","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436265Z"},{"id":"df734659-2441-487a-991d-59064c61b771","name":"Microsoft AD Accounts","description":"Microsoft. (2019, August 23). Active Directory Accounts. Retrieved March 13, 2020.","url":"https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-accounts","source":"MITRE","title":"Active Directory Accounts","authors":"Microsoft","date_accessed":"2020-03-13T00:00:00Z","date_published":"2019-08-23T00:00:00Z","owner_name":null,"tidal_id":"9a81ccb6-7728-5bc3-a420-b7844a2374b9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434379Z"},{"id":"3afba81a-3b1d-41ec-938e-24f055698d52","name":"Microsoft AD Admin Tier Model","description":"Microsoft. (2019, February 14). Active Directory administrative tier model. Retrieved February 21, 2020.","url":"https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material?redirectedfrom=MSDN","source":"MITRE","title":"Active Directory administrative tier model","authors":"Microsoft","date_accessed":"2020-02-21T00:00:00Z","date_published":"2019-02-14T00:00:00Z","owner_name":null,"tidal_id":"3956553a-a896-56a6-b025-7c481b35e71d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426029Z"},{"id":"f1b2526a-1bf6-4954-a9b3-a5e008761ceb","name":"Microsoft AD CS Overview","description":"Microsoft. (2016, August 31). Active Directory Certificate Services Overview. Retrieved August 2, 2022.","url":"https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831740(v=ws.11)","source":"MITRE","title":"Active Directory Certificate Services Overview","authors":"Microsoft","date_accessed":"2022-08-02T00:00:00Z","date_published":"2016-08-31T00:00:00Z","owner_name":null,"tidal_id":"df627b23-f76d-5ffa-8d7f-3ca198469bc5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431608Z"},{"id":"b68ac85e-a007-4a72-9185-2877e9184fad","name":"Microsoft Get-ADUser","description":"Microsoft. (n.d.). Active Directory Cmdlets - Get-ADUser. Retrieved November 30, 2017.","url":"https://technet.microsoft.com/library/ee617241.aspx","source":"MITRE","title":"Active Directory Cmdlets - Get-ADUser","authors":"Microsoft","date_accessed":"2017-11-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7a10ebcb-143d-503a-97f4-346e27a7ef88","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425923Z"},{"id":"51e6623a-4448-4244-8c81-4eab102e5926","name":"Active Directory Enumeration with LDIFDE","description":"Microsoft. (2023, June 26). Active Directory Enumeration with LDIFDE. Retrieved July 11, 2023.","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1069.002/T1069.002.md#atomic-test-14---active-directory-enumeration-with-ldifde","source":"Tidal Cyber","title":"Active Directory Enumeration with LDIFDE","authors":"Microsoft","date_accessed":"2023-07-11T00:00:00Z","date_published":"2023-06-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2a3bd3bd-950a-5118-aed3-5825821c3d07","created":"2023-07-14T12:56:33.807580Z","modified":"2023-07-14T12:56:33.910221Z"},{"id":"32150673-5593-4a2c-9872-aaa96a21aa5c","name":"Microsoft SID-History Attribute","description":"Microsoft. (n.d.). Active Directory Schema - SID-History attribute. Retrieved November 30, 2017.","url":"https://msdn.microsoft.com/library/ms679833.aspx","source":"MITRE","title":"Active Directory Schema - SID-History attribute","authors":"Microsoft","date_accessed":"2017-11-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"95793f76-5f15-56c7-acb0-29520ab443fe","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425910Z"},{"id":"990fe0c2-253d-467c-a16f-0f006cdeb618","name":"Huntress December 18 2025","description":"None Identified. (2025, December 18). Active Exploitation of Gladinet CentreStack/Triofox Insecure Cryptography Vulnerability | Huntress. Retrieved December 19, 2025.","url":"https://www.huntress.com/blog/active-exploitation-gladinet-centrestack-triofox-insecure-cryptography-vulnerability","source":"Tidal Cyber","title":"Active Exploitation of Gladinet CentreStack/Triofox Insecure Cryptography Vulnerability | Huntress","authors":"None Identified","date_accessed":"2025-12-19T12:00:00Z","date_published":"2025-12-18T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"33f54bc0-5a40-55db-9201-d0176729ffd0","created":"2025-12-24T14:56:05.098296Z","modified":"2025-12-24T14:56:05.234890Z"},{"id":"851f885b-299b-4c44-bbcc-28294c14df68","name":"Huntress Gladinet December 18 2025","description":"None Identified. (2025, December 18). Active Exploitation of Gladinet CentreStack/Triofox Insecure Cryptography Vulnerability | Huntress. Retrieved December 19, 2025.","url":"https://www.huntress.com/blog/active-exploitation-gladinet-centrestack-triofox-insecure-cryptography-vulnerability","source":"Tidal Cyber","title":"Active Exploitation of Gladinet CentreStack/Triofox Insecure Cryptography Vulnerability | Huntress","authors":"None Identified","date_accessed":"2025-12-19T12:00:00Z","date_published":"2025-12-18T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"28d1bb2b-72da-56a7-afcc-3658b74855bd","created":"2026-01-14T13:29:37.425100Z","modified":"2026-01-14T13:29:37.593518Z"},{"id":"5249d609-2eed-5910-858a-3a5355049fee","name":"Palo Alto SharePoint Vulnerabilities JUL 2025","description":"Unit 42. (2025, July 31). Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief (Updated). Retrieved October 15, 2025.","url":"https://unit42.paloaltonetworks.com/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770/","source":"MITRE","title":"Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief (Updated)","authors":"Unit 42","date_accessed":"2025-10-15T00:00:00Z","date_published":"2025-07-31T00:00:00Z","owner_name":null,"tidal_id":"9e27646c-9418-5aa6-88d5-1a38d0961625","created":"2025-10-29T21:08:48.167268Z","modified":"2025-12-17T15:08:36.439323Z"},{"id":"4d88aa79-a912-4aa6-ba5e-fdb4c2718a7b","name":"huntress.com August 4 2025","description":"Undefined Undefined. (2025, August 4). Active Exploitation of SonicWall VPNs . Retrieved August 5, 2025.","url":"https://www.huntress.com/blog/exploitation-of-sonicwall-vpn","source":"Tidal Cyber","title":"Active Exploitation of SonicWall VPNs","authors":"Undefined Undefined","date_accessed":"2025-08-05T12:00:00Z","date_published":"2025-08-04T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4b843d46-48c3-5bda-a8a3-8e08d998967d","created":"2025-08-06T14:56:43.787474Z","modified":"2025-08-06T14:56:43.920077Z"},{"id":"93eda380-ea21-59e0-97e8-5bec1f9a0e71","name":"Volexity Ivanti Zero-Day Exploitation January 2024","description":"Meltzer, M. et al. (2024, January 10). Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN. Retrieved February 27, 2024.","url":"https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/","source":"MITRE","title":"Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN","authors":"Meltzer, M. et al","date_accessed":"2024-02-27T00:00:00Z","date_published":"2024-01-10T00:00:00Z","owner_name":null,"tidal_id":"738e75e4-afbe-5a43-a2f5-9f02ddf1e092","created":"2024-04-25T13:28:42.318406Z","modified":"2025-12-17T15:08:36.418700Z"},{"id":"f2ef73c6-5d4c-423e-a3f5-194cba121eb1","name":"ActiveMalwareEnergy","description":"Dan Goodin. (2014, June 30). Active malware operation let attackers sabotage US energy industry. Retrieved March 9, 2017.","url":"https://arstechnica.com/information-technology/2014/06/active-malware-operation-let-attackers-sabotage-us-energy-industry/","source":"MITRE","title":"Active malware operation let attackers sabotage US energy industry","authors":"Dan Goodin","date_accessed":"2017-03-09T00:00:00Z","date_published":"2014-06-30T00:00:00Z","owner_name":null,"tidal_id":"6ea6870b-46b4-5a23-a522-c2892f60dacb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426132Z"},{"id":"cbdd6290-1dda-48af-a101-fb3db6581276","name":"Klein Active Setup 2010","description":"Klein, H. (2010, April 22). Active Setup Explained. Retrieved December 18, 2020.","url":"https://helgeklein.com/blog/2010/04/active-setup-explained/","source":"MITRE","title":"Active Setup Explained","authors":"Klein, H","date_accessed":"2020-12-18T00:00:00Z","date_published":"2010-04-22T00:00:00Z","owner_name":null,"tidal_id":"d499b07e-11ba-542d-baa5-f87182e97222","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426240Z"},{"id":"6e15655f-760f-549b-ba36-3ecf1859b8b7","name":"Android-getRunningTasks","description":"Android. (n.d.). ActivityManager getRunningTasks documentation. Retrieved January","url":"https://developer.android.com/reference/android/app/ActivityManager.html#getRunningTasks%28int%29","source":"Mobile","title":"ActivityManager getRunningTasks documentation","authors":"Android","date_accessed":"1978-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a1027a79-7718-50a4-8339-e8174505b4ed","created":"2026-01-28T13:08:10.043623Z","modified":"2026-01-28T13:08:10.043626Z"},{"id":"47992cb5-df11-56c2-b266-6f58d75f8315","name":"Dark Vortex Brute Ratel C4","description":"Dark Vortex. (n.d.). A Customized Command and Control Center for Red Team and Adversary Simulation. Retrieved February 7, 2023.","url":"https://bruteratel.com/","source":"MITRE","title":"A Customized Command and Control Center for Red Team and Adversary Simulation","authors":"Dark Vortex","date_accessed":"2023-02-07T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"eb58fdaf-2879-58cb-8665-b9f9ca9b717b","created":"2023-05-26T01:21:20.287112Z","modified":"2025-12-17T15:08:36.423042Z"},{"id":"cb45718e-4cbb-5595-a406-f56def24325e","name":"Juniper Networks ESXi Backdoor 2022","description":"Asher Langton. (2022, December 9). A Custom Python Backdoor for VMWare ESXi Servers. Retrieved March 26, 2025.","url":"https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers","source":"MITRE","title":"A Custom Python Backdoor for VMWare ESXi Servers","authors":"Asher Langton","date_accessed":"2025-03-26T00:00:00Z","date_published":"2022-12-09T00:00:00Z","owner_name":null,"tidal_id":"7798bc99-e72e-5450-9082-045ba377cc76","created":"2025-04-22T20:47:13.397088Z","modified":"2025-12-17T15:08:36.428847Z"},{"id":"9374c0c2-b80a-4722-b396-c9d886a45a0c","name":"Unit 42 September 10 2025","description":"Ofek Lahiani, Itay Cohen. (2025, September 10). AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks. Retrieved October 22, 2025.","url":"https://unit42.paloaltonetworks.com/adaptixc2-post-exploitation-framework/","source":"Tidal Cyber","title":"AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks","authors":"Ofek Lahiani, Itay Cohen","date_accessed":"2025-10-22T12:00:00Z","date_published":"2025-09-10T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"284279ec-fde2-5c81-911f-4bcd10ea060c","created":"2025-10-24T16:13:06.708871Z","modified":"2025-10-24T16:13:06.841690Z"},{"id":"4e566a4b-8b17-5624-9e5f-09f5c75a9814","name":"adb_commands","description":"Pulimet. (2017, September 11). AdbCommands. Retrieved December","url":"https://gist.github.com/Pulimet/5013acf2cd5b28e55036c82c91bd56d8","source":"Mobile","title":"AdbCommands","authors":"Pulimet","date_accessed":"1978-12-01T00:00:00Z","date_published":"2017-09-11T00:00:00Z","owner_name":null,"tidal_id":"0a5791a1-445c-59d7-aeaa-3382c29b5c2f","created":"2026-01-28T13:08:10.043872Z","modified":"2026-01-28T13:08:10.043877Z"},{"id":"8e30f71e-80b8-4662-bc95-bf3cf7cfcf40","name":"ad_blocker_with_miner","description":"Kuzmenko, A.. (2021, March 10). Ad blocker with miner included. Retrieved October 28, 2021.","url":"https://securelist.com/ad-blocker-with-miner-included/101105/","source":"MITRE","title":"Ad blocker with miner included","authors":"Kuzmenko, A.","date_accessed":"2021-10-28T00:00:00Z","date_published":"2021-03-10T00:00:00Z","owner_name":null,"tidal_id":"16fbcf21-4b52-50c2-9110-e5fc0f69d8c5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423921Z"},{"id":"1c4b7af4-36a2-54da-b7b0-d16292368568","name":"Broadcom ESXi Firewall","description":"Broadcom. (2025, March 24). Add Allowed IP Addresses for an ESXi Host by Using the VMware Host Client. Retrieved March 26, 2025.","url":"https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/add-allowed-ip-addresses-for-an-esxi-host-by-using-the-vmware-host-client.html","source":"MITRE","title":"Add Allowed IP Addresses for an ESXi Host by Using the VMware Host Client","authors":"Broadcom","date_accessed":"2025-03-26T00:00:00Z","date_published":"2025-03-24T00:00:00Z","owner_name":null,"tidal_id":"181fc3e5-bcff-5597-b91b-d6fb46fb2c21","created":"2025-04-22T20:47:14.129135Z","modified":"2025-12-17T15:08:36.429574Z"},{"id":"c31cfc48-289e-42aa-8046-b41261fdeb96","name":"Microsoft Support O365 Add Another Admin, October 2019","description":"Microsoft. (n.d.). Add Another Admin. Retrieved October 18, 2019.","url":"https://support.office.com/en-us/article/add-another-admin-f693489f-9f55-4bd0-a637-a81ce93de22d","source":"MITRE","title":"Add Another Admin","authors":"Microsoft","date_accessed":"2019-10-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"87efae5f-b07a-559e-9d66-74d1178f120d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426960Z"},{"id":"f252eb18-86e9-4ed0-b9da-2c81f12a6e13","name":"Amazon AWS IMDS V2","description":"MacCarthaigh, C. (2019, November 19). Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service. Retrieved October 14, 2020.","url":"https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/","source":"MITRE","title":"Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service","authors":"MacCarthaigh, C","date_accessed":"2020-10-14T00:00:00Z","date_published":"2019-11-19T00:00:00Z","owner_name":null,"tidal_id":"05d54365-8181-591e-a6fd-33b7a7163897","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442547Z"},{"id":"5ab3e243-37a6-46f1-b28f-6846ecdef0ae","name":"Adding Login Items","description":"Apple. (2016, September 13). Adding Login Items. Retrieved July 11, 2017.","url":"https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLoginItems.html","source":"MITRE","title":"Adding Login Items","authors":"Apple","date_accessed":"2017-07-11T00:00:00Z","date_published":"2016-09-13T00:00:00Z","owner_name":null,"tidal_id":"697c7847-6b17-55fa-a0af-1a6a404981d1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427665Z"},{"id":"a5b6ab63-0e6f-4789-a017-ceab1719ed85","name":"MRWLabs Office Persistence Add-ins","description":"Knowles, W. (2017, April 21). Add-In Opportunities for Office Persistence. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20190526112859/https://labs.mwrinfosecurity.com/blog/add-in-opportunities-for-office-persistence/","source":"MITRE","title":"Add-In Opportunities for Office Persistence","authors":"Knowles, W","date_accessed":"2024-11-17T00:00:00Z","date_published":"2017-04-21T00:00:00Z","owner_name":null,"tidal_id":"206e3eba-b98b-5730-8916-e02648096818","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427507Z"},{"id":"91af546d-0a56-4c17-b292-6257943a8aba","name":"AddinUtil.exe - LOLBAS Project","description":"LOLBAS. (2023, October 5). AddinUtil.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Addinutil/","source":"Tidal Cyber","title":"AddinUtil.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2023-10-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6e809ea8-e045-5b33-bec0-5c5b01dbbc98","created":"2024-01-12T14:46:29.947659Z","modified":"2024-01-12T14:46:30.390769Z"},{"id":"e42d25ec-c31d-41e4-8d86-d46a7bccd0c8","name":"NTT Security Holdings May 8 2025","description":"NTT Security Holdings. (2025, May 8). Additional Features of OtterCookie Malware Used by WaterPlum . Retrieved May 23, 2025.","url":"https://jp.security.ntt/tech_blog/en-waterplum-ottercookie","source":"Tidal Cyber","title":"Additional Features of OtterCookie Malware Used by WaterPlum","authors":"NTT Security Holdings","date_accessed":"2025-05-23T00:00:00Z","date_published":"2025-05-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"15dc6aa3-af55-5eec-bc0c-1ad29d331119","created":"2025-06-03T14:14:05.670272Z","modified":"2025-06-03T14:14:06.126171Z"},{"id":"b8d40efb-c78d-47dd-9d83-e5a31af73691","name":"Microsoft - Add-MailboxPermission","description":"Microsoft. (n.d.). Add-Mailbox Permission. Retrieved September 13, 2019.","url":"https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/add-mailboxpermission?view=exchange-ps","source":"MITRE","title":"Add-Mailbox Permission","authors":"Microsoft","date_accessed":"2019-09-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4e02dc3a-2f4e-544e-972b-f8bc38409fe7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435929Z"},{"id":"8c1a719e-6ca1-4b41-966d-ddb87c849fe0","name":"AddMonitor","description":"Microsoft. (n.d.). AddMonitor function. Retrieved November 12, 2014.","url":"http://msdn.microsoft.com/en-us/library/dd183341","source":"MITRE","title":"AddMonitor function","authors":"Microsoft","date_accessed":"2014-11-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"00f9c237-3e25-595a-abf6-ba94aaa136a9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426042Z"},{"id":"b69468a2-693e-4bd0-8dc1-ccfd7d5630c0","name":"Microsoft Azure AD Users","description":"Microsoft. (2019, November 11). Add or delete users using Azure Active Directory. Retrieved January 30, 2020.","url":"https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory","source":"MITRE","title":"Add or delete users using Azure Active Directory","authors":"Microsoft","date_accessed":"2020-01-30T00:00:00Z","date_published":"2019-11-11T00:00:00Z","owner_name":null,"tidal_id":"43f67dcc-a94c-53f3-961b-983dd6946283","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433036Z"},{"id":"99b20e30-76a8-4108-84ae-daf92058b44b","name":"Microsoft Office Add-ins","description":"Microsoft. (n.d.). Add or remove add-ins. Retrieved July 3, 2017.","url":"https://support.office.com/article/Add-or-remove-add-ins-0af570c4-5cf3-4fa9-9b88-403625a0b460","source":"MITRE","title":"Add or remove add-ins","authors":"Microsoft","date_accessed":"2017-07-03T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"42d937fd-a13a-5afe-88a7-fe3ebeedcfae","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427513Z"},{"id":"12c7160b-c93c-44cd-b108-68d4823aec8c","name":"Microsoft AddPrintProcessor May 2018","description":"Microsoft. (2018, May 31). AddPrintProcessor function. Retrieved October 5, 2020.","url":"https://docs.microsoft.com/en-us/windows/win32/printdocs/addprintprocessor","source":"MITRE","title":"AddPrintProcessor function","authors":"Microsoft","date_accessed":"2020-10-05T00:00:00Z","date_published":"2018-05-31T00:00:00Z","owner_name":null,"tidal_id":"9c037fa6-e153-5061-a501-d6992ecbcdb0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426974Z"},{"id":"f2cdf62e-cb9b-4a48-99a2-d46e7d9e7a9e","name":"RFC1918","description":"IETF Network Working Group. (1996, February). Address Allocation for Private Internets. Retrieved October 20, 2020.","url":"https://tools.ietf.org/html/rfc1918","source":"MITRE","title":"Address Allocation for Private Internets","authors":"IETF Network Working Group","date_accessed":"2020-10-20T00:00:00Z","date_published":"1996-02-01T00:00:00Z","owner_name":null,"tidal_id":"34777efa-a34f-541b-a99c-07abd49fce35","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429410Z"},{"id":"138ec24a-4361-4ce0-b78e-508c11db397c","name":"Microsoft Exchange Address Lists","description":"Microsoft. (2020, February 7). Address lists in Exchange Server. Retrieved March 26, 2020.","url":"https://docs.microsoft.com/en-us/exchange/email-addresses-and-address-books/address-lists/address-lists?view=exchserver-2019","source":"MITRE","title":"Address lists in Exchange Server","authors":"Microsoft","date_accessed":"2020-03-26T00:00:00Z","date_published":"2020-02-07T00:00:00Z","owner_name":null,"tidal_id":"24374a55-68c3-55f3-9b5d-ca99b20ce14e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429134Z"},{"id":"82d01c77-571b-4f33-a286-878f325462ae","name":"Microsoft AD DS Getting Started","description":"Foulds, I. et al. (2018, August 7). AD DS Getting Started. Retrieved September 23, 2021.","url":"https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/ad-ds-getting-started","source":"MITRE","title":"AD DS Getting Started","authors":"Foulds, I. et al","date_accessed":"2021-09-23T00:00:00Z","date_published":"2018-08-07T00:00:00Z","owner_name":null,"tidal_id":"239ea1e4-c726-5207-8b08-d85222be4074","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437243Z"},{"id":"5b14cdf6-261a-4d7e-acb4-74e7fafa9467","name":"Akamai DGA Mitigation","description":"Liu, H. and Yuzifovich, Y. (2018, January 9). A Death Match of Domain Generation Algorithms. Retrieved February 18, 2019.","url":"https://blogs.akamai.com/2018/01/a-death-match-of-domain-generation-algorithms.html","source":"MITRE","title":"A Death Match of Domain Generation Algorithms","authors":"Liu, H. and Yuzifovich, Y","date_accessed":"2019-02-18T00:00:00Z","date_published":"2018-01-09T00:00:00Z","owner_name":null,"tidal_id":"87be481d-ac55-5c36-8f70-d68b6366506f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415642Z"},{"id":"6a426ab4-5b0b-46d4-9dfe-e2587f69e111","name":"Keychain Decryption Passware","description":"Yana Gourenko. (n.d.). A Deep Dive into Apple Keychain Decryption. Retrieved April 13, 2022.","url":"https://support.passware.com/hc/en-us/articles/4573379868567-A-Deep-Dive-into-Apple-Keychain-Decryption","source":"MITRE","title":"A Deep Dive into Apple Keychain Decryption","authors":"Yana Gourenko","date_accessed":"2022-04-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9b55fbd3-1501-5642-b611-9b3de0f45e25","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425975Z"},{"id":"4886418b-3a2e-4f12-b91e-3bb2a8134112","name":"Trend Micro Deep Dive Into Defacement","description":"Marco Balduzzi, Ryan Flores, Lion Gu, Federico Maggi, Vincenzo Ciancaglini, Roel Reyes, Akira Urano. (n.d.). A Deep Dive into Defacement: How Geopolitical Events Trigger Web Attacks. Retrieved April 19, 2019.","url":"https://documents.trendmicro.com/assets/white_papers/wp-a-deep-dive-into-defacement.pdf","source":"MITRE","title":"A Deep Dive into Defacement: How Geopolitical Events Trigger Web Attacks","authors":"Marco Balduzzi, Ryan Flores, Lion Gu, Federico Maggi, Vincenzo Ciancaglini, Roel Reyes, Akira Urano","date_accessed":"2019-04-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"69ebd511-2dfa-58e0-9186-4900bbcac208","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424687Z"},{"id":"3baba4e6-0cf5-45eb-8abb-6c389743af89","name":"Talos Lokibot Jan 2021","description":"Muhammad, I., Unterbrink, H.. (2021, January 6). A Deep Dive into Lokibot Infection Chain. Retrieved August 31, 2021.","url":"https://blog.talosintelligence.com/2021/01/a-deep-dive-into-lokibot-infection-chain.html","source":"MITRE","title":"A Deep Dive into Lokibot Infection Chain","authors":"Muhammad, I., Unterbrink, H.","date_accessed":"2021-08-31T00:00:00Z","date_published":"2021-01-06T00:00:00Z","owner_name":null,"tidal_id":"2e9052cc-0429-5702-9e3c-2120608e1626","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421609Z"},{"id":"9bb3d126-ccfe-5790-9588-324cf30899d0","name":"Security Scorecard Medusa Ransomware January 2024","description":"Vlad Pasca. (2024, January 1). A Deep Dive into Medusa Ransomware. Retrieved October 15, 2025.","url":"https://securityscorecard.com/wp-content/uploads/2024/01/deep-dive-into-medusa-ransomware.pdf","source":"MITRE","title":"A Deep Dive into Medusa Ransomware","authors":"Vlad Pasca","date_accessed":"2025-10-15T00:00:00Z","date_published":"2024-01-01T00:00:00Z","owner_name":null,"tidal_id":"312ac43c-6435-51ab-82b8-501a3dd85e5e","created":"2025-10-29T21:08:48.164945Z","modified":"2025-12-17T15:08:36.417479Z"},{"id":"3a1faa47-7bd3-453f-9b7a-bb17efb8bb3c","name":"Malwarebytes Saint Bot April 2021","description":"Hasherezade. (2021, April 6). A deep dive into Saint Bot, a new downloader. Retrieved June 9, 2022.","url":"https://blog.malwarebytes.com/threat-intelligence/2021/04/a-deep-dive-into-saint-bot-downloader/","source":"MITRE","title":"A deep dive into Saint Bot, a new downloader","authors":"Hasherezade","date_accessed":"2022-06-09T00:00:00Z","date_published":"2021-04-06T00:00:00Z","owner_name":null,"tidal_id":"f80689ec-0a01-5507-9397-7a9f6a1144cf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419737Z"},{"id":"3e683efc-4712-4397-8d55-4354ff7ad9f0","name":"SecurityScorecard CredoMap September 2022","description":"Vlad Pasca. (2022, September 27). A Deep Dive Into the APT28’s stealer called CredoMap. Retrieved December 5, 2023.","url":"https://securityscorecard.com/research/apt28s-stealer-called-credomap/","source":"Tidal Cyber","title":"A Deep Dive Into the APT28’s stealer called CredoMap","authors":"Vlad Pasca","date_accessed":"2023-12-05T00:00:00Z","date_published":"2022-09-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"898d18c5-573e-54f1-9b47-f7cf2eb8a597","created":"2023-12-06T16:45:14.893046Z","modified":"2023-12-06T16:45:14.996161Z"},{"id":"feaae1f3-fccc-491a-bd07-7ecaea2cb813","name":"Trend Micro Water Gamayun March 28 2025","description":"Aliakbar Zahravi, Ahmed Mohamed Ibrahim. (2025, March 28). A Deep Dive into Water Gamayun's Arsenal and Infrastructure | Trend Micro (US). Retrieved December 1, 2025.","url":"https://www.trendmicro.com/en_us/research/25/c/deep-dive-into-water-gamayun.html","source":"Tidal Cyber","title":"A Deep Dive into Water Gamayun's Arsenal and Infrastructure | Trend Micro (US)","authors":"Aliakbar Zahravi, Ahmed Mohamed Ibrahim","date_accessed":"2025-12-01T12:00:00Z","date_published":"2025-03-28T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8b4ffac9-af3e-5993-80dd-fd9f8ee53e7e","created":"2025-12-10T14:13:44.397670Z","modified":"2025-12-10T14:13:44.554053Z"},{"id":"9bdc618d-ff55-4ac8-8967-6039c6c24cb1","name":"Krebs DNS Hijack 2019","description":"Brian Krebs. (2019, February 18). A Deep Dive on the Recent Widespread DNS Hijacking Attacks. Retrieved February 14, 2022.","url":"https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/","source":"MITRE","title":"A Deep Dive on the Recent Widespread DNS Hijacking Attacks","authors":"Brian Krebs","date_accessed":"2022-02-14T00:00:00Z","date_published":"2019-02-18T00:00:00Z","owner_name":null,"tidal_id":"ca716020-d2e6-5c52-ac4d-6fd2e978eaed","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436668Z"},{"id":"68c34cf4-0279-5426-869c-93894d5b32ff","name":"Jos Wetzels, Marina Krotofil 2019","description":"Jos Wetzels, Marina Krotofil. (2019). A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded Devices. Retrieved 2019/11/01","url":"https://troopers.de/downloads/troopers19/TROOPERS19_NGI_IoT_diet_poisoned_fruit.pdf","source":"ICS","title":"A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded Devices","authors":"Jos Wetzels, Marina Krotofil","date_accessed":"2019-01-01T00:00:00Z","date_published":"2019-01-01T00:00:00Z","owner_name":null,"tidal_id":"43d84ac1-74d0-5a85-bc2d-178f6ad52eb2","created":"2026-01-28T13:08:18.176883Z","modified":"2026-01-28T13:08:18.176886Z"},{"id":"24d2fe7a-c519-5e4f-b169-72ed99d98bed","name":"Aditya K Sood July 2019","description":"Aditya K Sood 2019, July Discovering and fingerprinting BACnet devices. Retrieved 2020/09/25","url":"https://www.helpnetsecurity.com/2019/07/10/bacnet-devices/","source":"ICS","title":"Aditya K Sood July 2019","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3c24ccb4-1c14-5102-afc9-5d14ed292ec8","created":"2026-01-28T13:08:18.180160Z","modified":"2026-01-28T13:08:18.180163Z"},{"id":"fad563ac-c7b2-4611-8924-e56c65aee309","name":"Trend Micro Earth Baku August 9 2024","description":"Ted Lee, Theo Chen. (2024, August 9). A Dive into Earth Baku’s Latest Campaign. Retrieved January 31, 2025.","url":"https://www.trendmicro.com/en_us/research/24/h/earth-baku-latest-campaign.html","source":"Tidal Cyber","title":"A Dive into Earth Baku’s Latest Campaign","authors":"Ted Lee, Theo Chen","date_accessed":"2025-01-31T00:00:00Z","date_published":"2024-08-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a8a2914f-bd8e-523e-99a7-5a837090e9c0","created":"2025-02-03T21:08:23.657774Z","modified":"2025-02-03T21:08:23.948343Z"},{"id":"ecd28ccf-edb6-478d-a8f1-da630df42127","name":"Reaqta MuddyWater November 2017","description":"Reaqta. (2017, November 22). A dive into MuddyWater APT targeting Middle-East. Retrieved May 18, 2020.","url":"https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/","source":"MITRE","title":"A dive into MuddyWater APT targeting Middle-East","authors":"Reaqta","date_accessed":"2020-05-18T00:00:00Z","date_published":"2017-11-22T00:00:00Z","owner_name":null,"tidal_id":"db5c41c2-9eeb-52f9-8613-6037e9dd66e2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438274Z"},{"id":"68c0f34b-691a-4847-8d49-f18b7f4e5188","name":"ESET Turla PowerShell May 2019","description":"Faou, M. and Dumont R.. (2019, May 29). A dive into Turla PowerShell usage. Retrieved June 14, 2019.","url":"https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/","source":"MITRE","title":"A dive into Turla PowerShell usage","authors":"Faou, M. and Dumont R.","date_accessed":"2019-06-14T00:00:00Z","date_published":"2019-05-29T00:00:00Z","owner_name":null,"tidal_id":"71859788-112a-5f90-94d7-1053b222dac2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421914Z"},{"id":"ea035e41-159b-5f12-96fc-0638eace9fd2","name":"Kubernetes Admission Controllers","description":"Kubernetes. (n.d.). Admission Controllers Reference. Retrieved March 8, 2023.","url":"https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers","source":"MITRE","title":"Admission Controllers Reference","authors":"Kubernetes","date_accessed":"2023-03-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"eb15d3cf-50a3-59be-ad2e-f7f928590877","created":"2023-05-26T01:21:20.625813Z","modified":"2025-12-17T15:08:36.442451Z"},{"id":"bc2b0b89-e00d-4beb-bf27-fe81d8c826a4","name":"Krebs Adobe","description":"Brian Krebs. (2013, October 3). Adobe To Announce Source Code, Customer Data Breach. Retrieved May 17, 2021.","url":"https://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/","source":"MITRE","title":"Adobe To Announce Source Code, Customer Data Breach","authors":"Brian Krebs","date_accessed":"2021-05-17T00:00:00Z","date_published":"2013-10-03T00:00:00Z","owner_name":null,"tidal_id":"1c8b248d-7404-5fcf-8d5c-4f8451d8741b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434890Z"},{"id":"88247731-e557-50db-918b-6b87f8032f9a","name":"Sophos","description":"Gabor Szappanos. (2023, May 3). A doubled “Dragon Breath” adds new air to DLL sideloading attacks. Retrieved October 3, 2025.","url":"https://news.sophos.com/en-us/2023/05/03/doubled-dll-sideloading-dragon-breath/","source":"MITRE","title":"A doubled “Dragon Breath” adds new air to DLL sideloading attacks","authors":"Gabor Szappanos","date_accessed":"2025-10-03T00:00:00Z","date_published":"2023-05-03T00:00:00Z","owner_name":null,"tidal_id":"6335b9c8-946d-58e1-bd63-30c6d926d144","created":"2025-10-29T21:08:48.165774Z","modified":"2025-12-17T15:08:36.427048Z"},{"id":"45a5f6c2-b52e-4518-a10e-19797e6fdcc3","name":"Github AD-Pentest-Script","description":"Twi1ight. (2015, July 11). AD-Pentest-Script - wmiexec.vbs. Retrieved June 29, 2017.","url":"https://github.com/Twi1ight/AD-Pentest-Script/blob/master/wmiexec.vbs","source":"MITRE","title":"AD-Pentest-Script - wmiexec.vbs","authors":"Twi1ight","date_accessed":"2017-06-29T00:00:00Z","date_published":"2015-07-11T00:00:00Z","owner_name":null,"tidal_id":"f3141238-0023-5134-9ac1-2a8bd10034da","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439901Z"},{"id":"d407ca0a-7ace-4dc5-947d-69a1e5a1d459","name":"adplus.exe - LOLBAS Project","description":"LOLBAS. (2021, September 1). adplus.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Adplus/","source":"Tidal Cyber","title":"adplus.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-09-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"083c9a83-fb4a-5714-aa29-81eeca0baa20","created":"2024-01-12T14:47:17.107424Z","modified":"2024-01-12T14:47:17.294997Z"},{"id":"ce960e76-848f-440d-9843-54773f7b11cf","name":"Microsoft ADV170021 Dec 2017","description":"Microsoft. (2017, December 12). ADV170021 - Microsoft Office Defense in Depth Update. Retrieved February 3, 2018.","url":"https://portal.msrc.microsoft.com/security-guidance/advisory/ADV170021","source":"MITRE","title":"ADV170021 - Microsoft Office Defense in Depth Update","authors":"Microsoft","date_accessed":"2018-02-03T00:00:00Z","date_published":"2017-12-12T00:00:00Z","owner_name":null,"tidal_id":"c32a9637-8ac3-559f-abd9-cb685a7b7b93","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415922Z"},{"id":"b010792b-811c-5596-8653-02021b5964af","name":"Talos-MDM","description":"Warren Mercer, Paul Rascagneres, Andrew Williams. (2018, July 12). Advanced Mobile Malware Campaign in India uses Malicious MDM. Retrieved September","url":"https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html","source":"Mobile","title":"Advanced Mobile Malware Campaign in India uses Malicious MDM","authors":"Warren Mercer, Paul Rascagneres, Andrew Williams","date_accessed":"1978-09-01T00:00:00Z","date_published":"2018-07-12T00:00:00Z","owner_name":null,"tidal_id":"c21e65b6-ff85-531c-bea0-523f708274ae","created":"2026-01-28T13:08:10.045771Z","modified":"2026-01-28T13:08:10.045774Z"},{"id":"1e68b9ef-0aee-5d69-be72-3bc4d5cfa6b9","name":"CISA AA20-352A 2021","description":"CISA. (2021, April 15). Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations. Retrieved August 30, 2024.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-352a","source":"MITRE","title":"Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations","authors":"CISA","date_accessed":"2024-08-30T00:00:00Z","date_published":"2021-04-15T00:00:00Z","owner_name":null,"tidal_id":"9b26c758-f62c-574b-8871-38450c70329b","created":"2024-10-31T16:28:17.136076Z","modified":"2025-12-17T15:08:36.425382Z"},{"id":"5b6b909d-870a-4d14-85ec-6aa14e598740","name":"FireEye APT Groups","description":"FireEye. (n.d.). Advanced Persistent Threat Groups. Retrieved August 3, 2018.","url":"https://www.fireeye.com/current-threats/apt-groups.html#apt19","source":"MITRE, Tidal Cyber","title":"Advanced Persistent Threat Groups","authors":"FireEye","date_accessed":"2018-08-03T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"74f25043-5b28-5188-833f-444b48d25f30","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279365Z"},{"id":"2d16615b-09fc-5925-8f59-6d20f334d236","name":"Mandiant Advanced Persistent Threats","description":"Mandiant. (n.d.). Advanced Persistent Threats (APTs). Retrieved February 14, 2024.","url":"https://www.mandiant.com/resources/insights/apt-groups","source":"MITRE","title":"Advanced Persistent Threats (APTs)","authors":"Mandiant","date_accessed":"2024-02-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"476bedc8-af54-5080-a080-f1f96bf1d79b","created":"2024-04-25T13:28:45.792722Z","modified":"2025-12-17T15:08:36.438355Z"},{"id":"c984fcfc-1bfd-4b1e-9034-a6ff3e6ebf97","name":"Mandiant APT Groups List","description":"Mandiant. (n.d.). Advanced Persistent Threats (APTs). Retrieved September 14, 2023.","url":"https://www.mandiant.com/resources/insights/apt-groups","source":"Tidal Cyber","title":"Advanced Persistent Threats (APTs)","authors":"Mandiant","date_accessed":"2023-09-14T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"cffad8f3-3093-5882-a157-b4c1e342106e","created":"2023-09-14T20:17:59.250625Z","modified":"2023-09-14T20:17:59.346801Z"},{"id":"9aef57b1-1a2e-4833-815e-887616cc0570","name":"Advanced_sec_audit_policy_settings","description":"Simpson, D. et al. (2017, April 19). Advanced security audit policy settings. Retrieved September 14, 2021.","url":"https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings","source":"MITRE","title":"Advanced security audit policy settings","authors":"Simpson, D. et al","date_accessed":"2021-09-14T00:00:00Z","date_published":"2017-04-19T00:00:00Z","owner_name":null,"tidal_id":"b844e162-0dff-5d23-87a0-959a241e0a25","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429302Z"},{"id":"768a5aeb-858f-51db-bda4-371eea17552f","name":"Percoco-Bouncer","description":"Nicholas J. Percoco and Sean Schulte. (2012). Adventures in BouncerLand. Retrieved December","url":"https://media.blackhat.com/bh-us-12/Briefings/Percoco/BH_US_12_Percoco_Adventures_in_Bouncerland_WP.pdf","source":"Mobile","title":"Adventures in BouncerLand","authors":"Nicholas J. Percoco and Sean Schulte","date_accessed":"1978-12-01T00:00:00Z","date_published":"2012-01-01T00:00:00Z","owner_name":null,"tidal_id":"cc06c8af-a513-5b9c-b21c-030008ae2934","created":"2026-01-28T13:08:10.046123Z","modified":"2026-01-28T13:08:10.046126Z"},{"id":"896f8600-6b56-5fab-8076-2e8e5dccbc18","name":"Meta Adversarial Threat Report 2022","description":"Agranovich, D., et al. (2022, April). Adversarial Threat Report. Retrieved April","url":"https://about.fb.com/wp-content/uploads/2022/04/Meta-Quarterly-Adversarial-Threat-Report_Q1-2022.pdf","source":"Mobile","title":"Adversarial Threat Report","authors":"Agranovich, D., et al","date_accessed":"1978-04-01T00:00:00Z","date_published":"2022-04-01T00:00:00Z","owner_name":null,"tidal_id":"8c7a4abb-9366-5e1a-b72c-685283709eb5","created":"2026-01-28T13:08:10.040545Z","modified":"2026-01-28T13:08:10.040548Z"},{"id":"01836e53-4316-51a7-852c-01e585212276","name":"Adversaries Hijack DLLs","description":"CrowdStrike, Falcon OverWatch Team. (2022, December 30). Retrieved October 19, 2023.","url":"https://www.crowdstrike.com/blog/4-ways-adversaries-hijack-dlls/","source":"MITRE","title":"Adversaries Hijack DLLs","authors":"","date_accessed":"2023-10-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2a68ce45-ff59-5296-a448-35ed0c120a12","created":"2024-04-25T13:28:32.119192Z","modified":"2024-10-31T16:28:18.543298Z"},{"id":"69a23467-c55c-43a3-951d-c208e6ead6f7","name":"CrowdStrike Richochet Chollima September 2021","description":"CrowdStrike. (2021, September 30). Adversary Profile - Ricochet Chollima. Retrieved September 30, 2021.","url":"https://www.crowdstrike.com/adversaries/ricochet-chollima/","source":"MITRE","title":"Adversary Profile - Ricochet Chollima","authors":"CrowdStrike","date_accessed":"2021-09-30T00:00:00Z","date_published":"2021-09-30T00:00:00Z","owner_name":null,"tidal_id":"2972aec5-400a-5deb-9216-e54fc50a7dad","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438814Z"},{"id":"bd9406d3-c3e3-4737-97a1-a4bc997c88cd","name":"Elastic - Hunting for Persistence Part 1","description":"French, D., Murphy, B. (2020, March 24). Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 1). Retrieved December 21, 2020.","url":"https://www.elastic.co/blog/hunting-for-persistence-using-elastic-security-part-1","source":"MITRE","title":"Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 1)","authors":"French, D., Murphy, B","date_accessed":"2020-12-21T00:00:00Z","date_published":"2020-03-24T00:00:00Z","owner_name":null,"tidal_id":"52922669-3b0a-53cc-9e0e-884b30fe8849","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432585Z"},{"id":"28da86a6-4ca1-4bb4-a401-d4aa469c0034","name":"NCSC APT29 July 2020","description":"National Cyber Security Centre. (2020, July 16). Advisory: APT29 targets COVID-19 vaccine development. Retrieved September 29, 2020.","url":"https://www.ncsc.gov.uk/files/Advisory-APT29-targets-COVID-19-vaccine-development-V1-1.pdf","source":"MITRE","title":"Advisory: APT29 targets COVID-19 vaccine development","authors":"National Cyber Security Centre","date_accessed":"2020-09-29T00:00:00Z","date_published":"2020-07-16T00:00:00Z","owner_name":null,"tidal_id":"fefa5e27-1bba-5660-ba4d-9b83358673ee","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417899Z"},{"id":"bb6113ea-7cef-5294-8ad8-6ab07d236416","name":"Mnemonic misuse visual studio","description":"Mnemonic. (n.d.). Advisory: Misuse of Visual Studio Code for traffic tunnelling. Retrieved March 30, 2025.","url":"https://www.mnemonic.io/resources/blog/misuse-of-visual-studio-code-for-traffic-tunnelling/","source":"MITRE","title":"Advisory: Misuse of Visual Studio Code for traffic tunnelling","authors":"Mnemonic","date_accessed":"2025-03-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1e9161b5-c909-5f3e-a505-874c33c4e5e2","created":"2025-04-22T20:47:15.194953Z","modified":"2025-12-17T15:08:36.430537Z"},{"id":"837ccb3c-316d-4d96-8a33-b5df40870aba","name":"Advpack.dll - LOLBAS Project","description":"LOLBAS. (2018, May 25). Advpack.dll. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Libraries/Advpack/","source":"Tidal Cyber","title":"Advpack.dll","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6c84b6c8-b2d7-55f3-b920-5f112bb3f467","created":"2024-01-12T14:47:10.655483Z","modified":"2024-01-12T14:47:10.837574Z"},{"id":"69fd8de4-81bc-4165-b77d-c5fc72cfa699","name":"Kaspersky Adwind Feb 2016","description":"Kamluk, V. & Gostev, A. (2016, February). Adwind - A Cross-Platform RAT. Retrieved April 23, 2019.","url":"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07195002/KL_AdwindPublicReport_2016.pdf","source":"MITRE","title":"Adwind - A Cross-Platform RAT","authors":"Kamluk, V. & Gostev, A","date_accessed":"2019-04-23T00:00:00Z","date_published":"2016-02-01T00:00:00Z","owner_name":null,"tidal_id":"43d173db-c38c-50da-a641-1c2c1efbf8bf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422272Z"},{"id":"652dba37-f030-48ef-ade2-308780a63445","name":"BroadcomSW August 12 2021","description":"Threat Hunter Team Symantec. (2021, August 12). Affiliates Unlocked Gangs Switch Between Different Ransomware Families. Retrieved December 19, 2024.","url":"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ransomware-trends-lockbit-sodinokibi","source":"Tidal Cyber","title":"Affiliates Unlocked Gangs Switch Between Different Ransomware Families","authors":"Threat Hunter Team Symantec","date_accessed":"2024-12-19T00:00:00Z","date_published":"2021-08-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"432d0444-2f05-505c-a7d6-68ec79f58f0a","created":"2025-04-11T15:06:22.181089Z","modified":"2025-04-11T15:06:22.348905Z"},{"id":"ee2709d7-2b33-48ac-8e90-a2770d469d80","name":"Bitdefender Trickbot VNC module Whitepaper 2021","description":"Radu Tudorica. (2021, July 12). A Fresh Look at Trickbot’s Ever-Improving VNC Module. Retrieved September 28, 2021.","url":"https://www.bitdefender.com/files/News/CaseStudies/study/399/Bitdefender-PR-Whitepaper-Trickbot-creat5515-en-EN.pdf","source":"MITRE","title":"A Fresh Look at Trickbot’s Ever-Improving VNC Module","authors":"Radu Tudorica","date_accessed":"2021-09-28T00:00:00Z","date_published":"2021-07-12T00:00:00Z","owner_name":null,"tidal_id":"4b0cc23f-6630-5550-b3d2-8017d2bfa713","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441356Z"},{"id":"c37f00dc-ee53-4be1-9046-0a28bdc5649a","name":"Mac Backdoors are back","description":"Dan Goodin. (2016, July 6). After hiatus, in-the-wild Mac backdoors are suddenly back. Retrieved July 8, 2017.","url":"https://arstechnica.com/security/2016/07/after-hiatus-in-the-wild-mac-backdoors-are-suddenly-back/","source":"MITRE","title":"After hiatus, in-the-wild Mac backdoors are suddenly back","authors":"Dan Goodin","date_accessed":"2017-07-08T00:00:00Z","date_published":"2016-07-06T00:00:00Z","owner_name":null,"tidal_id":"7e7b0718-3805-5b1c-900d-2bafa0dfb6fe","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435709Z"},{"id":"aab0fd09-9752-5522-a7b9-4a6a4b553de6","name":"TheRegister-SS7","description":"Iain Thomson. (2017, May 3). After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts. Retrieved November","url":"https://www.theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw/","source":"Mobile","title":"After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts","authors":"Iain Thomson","date_accessed":"1978-11-01T00:00:00Z","date_published":"2017-05-03T00:00:00Z","owner_name":null,"tidal_id":"f06c1fac-add4-5ea1-96b4-540466f70860","created":"2026-01-28T13:08:10.046663Z","modified":"2026-01-28T13:08:10.046666Z"},{"id":"290e84bc-7dae-46ec-81de-78c94b98e45b","name":"SentinelOne January 30 2023","description":"SentinelOne. (2023, January 30). Agenda (Qilin). Retrieved June 7, 2024.","url":"https://www.sentinelone.com/anthology/agenda-qilin/","source":"Tidal Cyber","title":"Agenda (Qilin)","authors":"SentinelOne","date_accessed":"2024-06-07T00:00:00Z","date_published":"2023-01-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"529586f2-1448-5a29-9bdf-90f8ad7d888d","created":"2024-06-13T20:11:05.717126Z","modified":"2024-06-13T20:11:05.901345Z"},{"id":"f23673bf-7f8c-53a8-98c1-a6217d8685da","name":"SentinelOne Qilin NOV 2022","description":"SentinelOne. (2022, November 30). Agenda (Qilin). Retrieved September 26, 2025.","url":"https://www.sentinelone.com/anthology/agenda-qilin/","source":"MITRE","title":"Agenda (Qilin)","authors":"SentinelOne","date_accessed":"2025-09-26T00:00:00Z","date_published":"2022-11-30T00:00:00Z","owner_name":null,"tidal_id":"e711a9d2-dad6-5ec1-bca4-a34f9917dc56","created":"2025-10-29T21:08:48.165290Z","modified":"2025-12-17T15:08:36.422044Z"},{"id":"d5634b8e-420a-4721-a3d2-19d9f36697f4","name":"Trend Micro March 26 2024","description":"Arianne Dela Cruz; Raymart Yambot; Raighen Sanchez; Darrel Tristan Virtusio Read time. (2024, March 26). Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script. Retrieved April 5, 2024.","url":"https://www.trendmicro.com/en_us/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html","source":"Tidal Cyber","title":"Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script","authors":"Arianne Dela Cruz; Raymart Yambot; Raighen Sanchez; Darrel Tristan Virtusio Read time","date_accessed":"2024-04-05T00:00:00Z","date_published":"2024-03-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"231378f7-1be5-563d-81f8-b9ee2a5d8ea1","created":"2024-06-13T20:11:06.085002Z","modified":"2024-06-13T20:11:06.278342Z"},{"id":"fc5ba544-f061-4077-bd23-69e22c8b749c","name":"Trend Micro - Thailand (TH) December 16 2022","description":"Authors. (2022, December 16). Agenda Ransomware Uses Rust to Target More Vital Industries. Retrieved September 12, 2025.","url":"https://www.trendmicro.com/en_th/research/22/l/agenda-ransomware-uses-rust-to-target-more-vital-industries.html","source":"Tidal Cyber","title":"Agenda Ransomware Uses Rust to Target More Vital Industries","authors":"Authors","date_accessed":"2025-09-12T12:00:00Z","date_published":"2022-12-16T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"188189bb-650a-5ad1-a585-d222af772162","created":"2025-09-15T19:13:23.298177Z","modified":"2025-09-15T19:13:23.488210Z"},{"id":"f2f36bc4-6d90-4eef-950d-793f86ae7f1a","name":"Trend Micro December 16 2022","description":"Authors. (2022, December 16). Agenda Ransomware Uses Rust to Target More Vital Industries. Retrieved September 12, 2025.","url":"https://www.trendmicro.com/en_th/research/22/l/agenda-ransomware-uses-rust-to-target-more-vital-industries.html","source":"Tidal Cyber","title":"Agenda Ransomware Uses Rust to Target More Vital Industries","authors":"Authors","date_accessed":"2025-09-12T12:00:00Z","date_published":"2022-12-16T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9d25dfb2-4307-5afa-965c-349f0582f62c","created":"2025-09-19T19:47:42.230426Z","modified":"2025-09-19T19:47:42.398866Z"},{"id":"569a6be3-7a10-4aa4-be26-a62ed562a4ce","name":"Kaspersky MSSQL Aug 2019","description":"Plakhov, A., Sitchikhin, D. (2019, August 22). Agent 1433: remote attack on Microsoft SQL Server. Retrieved September 4, 2019.","url":"https://securelist.com/malicious-tasks-in-ms-sql-server/92167/","source":"MITRE","title":"Agent 1433: remote attack on Microsoft SQL Server","authors":"Plakhov, A., Sitchikhin, D","date_accessed":"2019-09-04T00:00:00Z","date_published":"2019-08-22T00:00:00Z","owner_name":null,"tidal_id":"06ca0786-9ff8-59d8-8bda-d84659960e29","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436701Z"},{"id":"3b876c56-1d18-49e3-9a96-5cee4af7ab72","name":"Securelist Agent.btz","description":"Gostev, A.. (2014, March 12). Agent.btz: a Source of Inspiration?. Retrieved April 8, 2016.","url":"https://securelist.com/agent-btz-a-source-of-inspiration/58551/","source":"MITRE","title":"Agent.btz: a Source of Inspiration?","authors":"Gostev, A.","date_accessed":"2016-04-08T00:00:00Z","date_published":"2014-03-12T00:00:00Z","owner_name":null,"tidal_id":"d905555f-10ed-5c56-85d1-d4040b260102","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418000Z"},{"id":"b710c404-b02e-444c-9388-9a5e751971d2","name":"ThreatExpert Agent.btz","description":"Shevchenko, S.. (2008, November 30). Agent.btz - A Threat That Hit Pentagon. Retrieved April 8, 2016.","url":"http://blog.threatexpert.com/2008/11/agentbtz-threat-that-hit-pentagon.html","source":"MITRE","title":"Agent.btz - A Threat That Hit Pentagon","authors":"Shevchenko, S.","date_accessed":"2016-04-08T00:00:00Z","date_published":"2008-11-30T00:00:00Z","owner_name":null,"tidal_id":"14dafed1-0cf7-5649-8b3b-055393498585","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442028Z"},{"id":"633d7f25-df9d-4619-9aa9-92d1d9d225d7","name":"AgentExecutor.exe - LOLBAS Project","description":"LOLBAS. (2020, July 23). AgentExecutor.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Agentexecutor/","source":"Tidal Cyber","title":"AgentExecutor.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-07-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"eeaa24ba-ac57-5dec-869c-48f5d52e1388","created":"2024-01-12T14:47:17.470403Z","modified":"2024-01-12T14:47:17.643244Z"},{"id":"c865842e-67e8-50e4-8e64-47f484fa2e38","name":"CheckPoint Agent Smith","description":"A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May","url":"https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/","source":"Mobile","title":"Agent Smith: A New Species of Mobile Malware","authors":"A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko","date_accessed":"1978-05-01T00:00:00Z","date_published":"2019-07-10T00:00:00Z","owner_name":null,"tidal_id":"769ecc93-0be9-5c24-bf9e-00b0bffd0982","created":"2026-01-28T13:08:10.041423Z","modified":"2026-01-28T13:08:10.041426Z"},{"id":"5f712e3f-5a9d-4af3-b846-a61dc1d59b3a","name":"SentinelLabs Agent Tesla Aug 2020","description":"Walter, J. (2020, August 10). Agent Tesla | Old RAT Uses New Tricks to Stay on Top. Retrieved December 11, 2020.","url":"https://labs.sentinelone.com/agent-tesla-old-rat-uses-new-tricks-to-stay-on-top/","source":"MITRE","title":"Agent Tesla | Old RAT Uses New Tricks to Stay on Top","authors":"Walter, J","date_accessed":"2020-12-11T00:00:00Z","date_published":"2020-08-10T00:00:00Z","owner_name":null,"tidal_id":"6d8f3f02-b581-585d-a46a-6c24c111f759","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439907Z"},{"id":"28bfb97b-4b58-408a-bef9-9081f6ddedb8","name":"LogPoint Agent Tesla March 23 2023","description":"Anish Bogati. (2023, March 23). AgentTesla's Capabilities: A Review and Detection Strategies. Retrieved May 7, 2023.","url":"https://www.logpoint.com/wp-content/uploads/2023/03/et-agenttesla.pdf","source":"Tidal Cyber","title":"AgentTesla's Capabilities: A Review and Detection Strategies","authors":"Anish Bogati","date_accessed":"2023-05-07T00:00:00Z","date_published":"2023-03-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7f5d08f4-d874-5ff3-a86c-aa90afd7c030","created":"2024-06-13T20:10:13.453727Z","modified":"2024-06-13T20:10:13.649853Z"},{"id":"eb4a1888-3b04-449b-9738-d96ae26adfee","name":"Sekoia.io Blog September 9 2024","description":"Sekoia TDR; Felix Aimé; Pierre-Antoine D; Charles M. (2024, September 9). A glimpse into the Quad7 operators' next moves and associated botnets. Retrieved September 11, 2024.","url":"https://blog.sekoia.io/a-glimpse-into-the-quad7-operators-next-moves-and-associated-botnets/","source":"Tidal Cyber","title":"A glimpse into the Quad7 operators' next moves and associated botnets","authors":"Sekoia TDR; Felix Aimé; Pierre-Antoine D; Charles M","date_accessed":"2024-09-11T00:00:00Z","date_published":"2024-09-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"315a9eb5-d6c7-53ff-ae62-bb118360d8de","created":"2024-09-13T19:19:49.557062Z","modified":"2024-09-13T19:19:49.919568Z"},{"id":"d6644f88-d727-4f62-897a-bfa18f86380d","name":"ATT Sidewinder January 2021","description":"Hegel, T. (2021, January 13). A Global Perspective of the SideWinder APT. Retrieved January 27, 2021.","url":"https://cdn-cybersecurity.att.com/docs/global-perspective-of-the-sidewinder-apt.pdf","source":"MITRE, Tidal Cyber","title":"A Global Perspective of the SideWinder APT","authors":"Hegel, T","date_accessed":"2021-01-27T00:00:00Z","date_published":"2021-01-13T00:00:00Z","owner_name":null,"tidal_id":"d632b4b8-aba9-54bf-823f-9ebdcb50256c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279652Z"},{"id":"70fb43bd-f8e1-56a5-a0e9-884e85f16b10","name":"Unit42 Agrius 2023","description":"Or Chechik, Tom Fakterman, Daniel Frank & Assaf Dahan. (2023, November 6). Agonizing Serpens (Aka Agrius) Targeting the Israeli Higher Education and Tech Sectors. Retrieved May 22, 2024.","url":"https://unit42.paloaltonetworks.com/agonizing-serpens-targets-israeli-tech-higher-ed-sectors/","source":"MITRE","title":"Agonizing Serpens (Aka Agrius) Targeting the Israeli Higher Education and Tech Sectors","authors":"Or Chechik, Tom Fakterman, Daniel Frank & Assaf Dahan","date_accessed":"2024-05-22T00:00:00Z","date_published":"2023-11-06T00:00:00Z","owner_name":null,"tidal_id":"cffc7ea9-e8d6-5c0b-9964-ddcc45790e49","created":"2024-10-31T16:28:31.060928Z","modified":"2025-12-17T15:08:36.419278Z"},{"id":"b3034b5d-1fe5-5677-a2e8-9329141875d4","name":"CheckPoint Agrius 2023","description":"Marc Salinas Fernandez & Jiri Vinopal. (2023, May 23). AGRIUS DEPLOYS MONEYBIRD IN TARGETED ATTACKS AGAINST ISRAELI ORGANIZATIONS. Retrieved May 21, 2024.","url":"https://research.checkpoint.com/2023/agrius-deploys-moneybird-in-targeted-attacks-against-israeli-organizations/","source":"MITRE","title":"AGRIUS DEPLOYS MONEYBIRD IN TARGETED ATTACKS AGAINST ISRAELI ORGANIZATIONS","authors":"Marc Salinas Fernandez & Jiri Vinopal","date_accessed":"2024-05-21T00:00:00Z","date_published":"2023-05-23T00:00:00Z","owner_name":null,"tidal_id":"d3c1f839-811c-5c5b-adad-277b6a9b7e40","created":"2024-10-31T16:28:31.046928Z","modified":"2025-12-17T15:08:36.418150Z"},{"id":"a134e92b-0847-576d-bbea-fb3d77e954b2","name":"3GPP-Security","description":"3GPP. (2000, January). A Guide to 3rd Generation Security. Retrieved December","url":"http://www.3gpp.org/ftp/tsg_sa/wg3_security/_specs/33900-120.pdf","source":"Mobile","title":"A Guide to 3rd Generation Security","authors":"3GPP","date_accessed":"1978-12-01T00:00:00Z","date_published":"2000-01-01T00:00:00Z","owner_name":null,"tidal_id":"d3983298-5e83-5045-b95a-84a53c636a48","created":"2026-01-28T13:08:10.042942Z","modified":"2026-01-28T13:08:10.042945Z"},{"id":"23a9ef6c-9f71-47bb-929f-9a92f24553eb","name":"Harmj0y Domain Trusts","description":"Schroeder, W. (2017, October 30). A Guide to Attacking Domain Trusts. Retrieved February 14, 2019.","url":"http://www.harmj0y.net/blog/redteaming/a-guide-to-attacking-domain-trusts/","source":"MITRE","title":"A Guide to Attacking Domain Trusts","authors":"Schroeder, W","date_accessed":"2019-02-14T00:00:00Z","date_published":"2017-10-30T00:00:00Z","owner_name":null,"tidal_id":"15badeec-c2a7-5ae5-9f86-5e76d48b859c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415538Z"},{"id":"3f3bca4a-68fa-5d4a-b86f-36f82345ff36","name":"airwalk backdoor unix systems","description":"airwalk. (2023, January 1). A guide to backdooring Unix systems. Retrieved May 31, 2023.","url":"http://www.ouah.org/backdoors.html","source":"MITRE","title":"A guide to backdooring Unix systems","authors":"airwalk","date_accessed":"2023-05-31T00:00:00Z","date_published":"2023-01-01T00:00:00Z","owner_name":null,"tidal_id":"0df6ff0d-a0bc-55d0-9008-42ebcc104469","created":"2023-11-07T00:36:08.625755Z","modified":"2025-12-17T15:08:36.435516Z"},{"id":"de12f263-f76d-4b63-beb8-b210f7a8310d","name":"Wired Lockergoga 2019","description":"Greenberg, A. (2019, March 25). A Guide to LockerGoga, the Ransomware Crippling Industrial Firms. Retrieved July 17, 2019.","url":"https://www.wired.com/story/lockergoga-ransomware-crippling-industrial-firms/","source":"MITRE","title":"A Guide to LockerGoga, the Ransomware Crippling Industrial Firms","authors":"Greenberg, A","date_accessed":"2019-07-17T00:00:00Z","date_published":"2019-03-25T00:00:00Z","owner_name":null,"tidal_id":"dc71bce1-f4de-5245-8b8c-74ca1b7a423b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441142Z"},{"id":"61d00ae2-5494-4c6c-8860-6826e701ade8","name":"ZDNET Selling Data","description":"Cimpanu, C. (2020, May 9). A hacker group is selling more than 73 million user records on the dark web. Retrieved October 20, 2020.","url":"https://www.zdnet.com/article/a-hacker-group-is-selling-more-than-73-million-user-records-on-the-dark-web/","source":"MITRE","title":"A hacker group is selling more than 73 million user records on the dark web","authors":"Cimpanu, C","date_accessed":"2020-10-20T00:00:00Z","date_published":"2020-05-09T00:00:00Z","owner_name":null,"tidal_id":"cd4c9c98-dceb-58a9-9890-f8fbada3632b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424359Z"},{"id":"a78b6e71-3541-4ad3-a624-7933028c9c0a","name":"Huntress AMOS December 09 2025","description":"None Identified. (2025, December 9). AI-Poisoning & AMOS Stealer: How Trust Became the Biggest Mac Threat | Huntress. Retrieved December 19, 2025.","url":"https://www.huntress.com/blog/amos-stealer-chatgpt-grok-ai-trust","source":"Tidal Cyber","title":"AI-Poisoning & AMOS Stealer: How Trust Became the Biggest Mac Threat | Huntress","authors":"None Identified","date_accessed":"2025-12-19T12:00:00Z","date_published":"2025-12-09T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6d307f94-5b3c-59f7-8922-ad891463c7f2","created":"2026-01-14T13:29:38.131810Z","modified":"2026-01-14T13:29:38.286566Z"},{"id":"e50aca84-bfe7-424f-abe2-0e42d56c1fb2","name":"Cloudflare Aisuru December 10 2025","description":"None Identified. (2025, December 10). Aisuru botnet: Early October attacks escalate into record-setting DDoS activity | Cloudflare. Retrieved December 24, 2025.","url":"https://www.cloudflare.com/threat-intelligence/research/report/aisuru-botnet/","source":"Tidal Cyber","title":"Aisuru botnet: Early October attacks escalate into record-setting DDoS activity | Cloudflare","authors":"None Identified","date_accessed":"2025-12-24T12:00:00Z","date_published":"2025-12-10T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"61a9e130-802d-52e7-a09a-52ffae988f70","created":"2026-01-14T13:29:39.103768Z","modified":"2026-01-14T13:29:39.282323Z"},{"id":"f8b837fb-e46c-4153-8e86-dc4b909b393a","name":"ESET Zebrocy May 2019","description":"ESET Research. (2019, May 22). A journey to Zebrocy land. Retrieved June 20, 2019.","url":"https://www.welivesecurity.com/2019/05/22/journey-zebrocy-land/","source":"MITRE","title":"A journey to Zebrocy land","authors":"ESET Research","date_accessed":"2019-06-20T00:00:00Z","date_published":"2019-05-22T00:00:00Z","owner_name":null,"tidal_id":"2284c248-c175-58ae-9d3d-e7831eb5c499","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437930Z"},{"id":"df191993-a2cb-5d26-960c-11d1c6d3d73b","name":"Kersten Akira 2023","description":"Max Kersten & Alexandre Mundo. (2023, November 29). Akira Ransomware. Retrieved April 4, 2024.","url":"https://www.trellix.com/blogs/research/akira-ransomware/","source":"MITRE","title":"Akira Ransomware","authors":"Max Kersten & Alexandre Mundo","date_accessed":"2024-04-04T00:00:00Z","date_published":"2023-11-29T00:00:00Z","owner_name":null,"tidal_id":"30f541c0-9073-566a-9598-4f915854632f","created":"2024-04-25T13:28:48.067731Z","modified":"2025-12-17T15:08:36.419416Z"},{"id":"b34d6a98-158e-4fe7-8fcd-79554c07631a","name":"Akira Ransomware Analysis August 2023","description":"SEQBOSS. (2023, August 10). AKIRA RANSOMWARE ANALYSIS. Retrieved April 3, 2024.","url":"https://sequretek.com/akira-ransomware-analysis/","source":"Tidal Cyber","title":"AKIRA RANSOMWARE ANALYSIS","authors":"SEQBOSS","date_accessed":"2024-04-03T00:00:00Z","date_published":"2023-08-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8b628f26-8d9b-5854-960a-72a204ddbecf","created":"2024-04-04T20:38:54.245771Z","modified":"2024-04-04T20:38:54.411574Z"},{"id":"fa57d7ae-c0d2-58cd-8a91-a242f7348d60","name":"Cisco Akira Ransomware OCT 2024","description":"Nutland, J. and Szeliga, M. (2024, October 21). Akira ransomware continues to evolve. Retrieved December 10, 2024.","url":"https://blog.talosintelligence.com/akira-ransomware-continues-to-evolve/","source":"MITRE","title":"Akira ransomware continues to evolve","authors":"Nutland, J. and Szeliga, M","date_accessed":"2024-12-10T00:00:00Z","date_published":"2024-10-21T00:00:00Z","owner_name":null,"tidal_id":"5836ea2e-bb67-573a-b565-77a4e1e70356","created":"2025-04-22T20:47:23.786023Z","modified":"2025-12-17T15:08:36.418476Z"},{"id":"c9a58515-f911-4328-9237-daccd88711a5","name":"Cyble September 21 2023","description":"Cybleinc. (2023, September 21). Akira Ransomware Extends Reach To Linux Platform - Cyble. Retrieved December 9, 2024.","url":"https://cyble.com/blog/akira-ransomware-extends-reach-to-linux-platform/","source":"Tidal Cyber","title":"Akira Ransomware Extends Reach To Linux Platform - Cyble","authors":"Cybleinc","date_accessed":"2024-12-09T00:00:00Z","date_published":"2023-09-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ce103de0-ebc7-5b09-bd15-b1245b6ca10d","created":"2024-12-10T14:32:48.854306Z","modified":"2024-12-10T14:32:49.219631Z"},{"id":"1343b052-b158-4dad-9ed4-9dbb7bb778dd","name":"Sophos Akira May 9 2023","description":"Paul Jaramillo. (2023, May 9). Akira Ransomware is “bringin’ 1988 back”. Retrieved February 27, 2024.","url":"https://news.sophos.com/en-us/2023/05/09/akira-ransomware-is-bringin-88-back/","source":"Tidal Cyber","title":"Akira Ransomware is “bringin’ 1988 back”","authors":"Paul Jaramillo","date_accessed":"2024-02-27T00:00:00Z","date_published":"2023-05-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"136d5a60-a078-57fa-b31a-5292a497cc5d","created":"2024-04-04T20:38:51.374877Z","modified":"2024-04-04T20:38:52.055980Z"},{"id":"59a1bd0f-a907-4918-90e1-d163bf84f927","name":"BlackBerry Akira July 11 2024","description":"BlackBerry Research and Intelligence Team. (2024, July 11). Akira Ransomware Targets the LATAM Airline Industry. Retrieved September 16, 2024.","url":"https://blogs.blackberry.com/en/2024/07/akira-ransomware-targets-the-latam-airline-industry","source":"Tidal Cyber","title":"Akira Ransomware Targets the LATAM Airline Industry","authors":"BlackBerry Research and Intelligence Team","date_accessed":"2024-09-16T00:00:00Z","date_published":"2024-07-11T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"30719ff6-e48e-53ca-94ba-0376394a4da3","created":"2024-09-20T15:08:26.493243Z","modified":"2024-09-20T15:08:27.040257Z"},{"id":"809db259-3557-5597-9d1a-7c00cc10b89c","name":"Microsoft AKS Azure AD 2023","description":"Microsoft. (2023, February 27). AKS-managed Azure Active Directory integration. Retrieved March 8, 2023.","url":"https://learn.microsoft.com/en-us/azure/aks/managed-aad","source":"MITRE","title":"AKS-managed Azure Active Directory integration","authors":"Microsoft","date_accessed":"2023-03-08T00:00:00Z","date_published":"2023-02-27T00:00:00Z","owner_name":null,"tidal_id":"9c0a4034-22b1-5549-870f-780c02d4ebcd","created":"2023-05-26T01:21:20.614137Z","modified":"2025-12-17T15:08:36.442439Z"},{"id":"d792ede9-6ff6-5fae-a045-fd8b57abd3d3","name":"Okta DPoP 2023","description":"Venkat Viswanathan. (2023, June 13). A leap forward in token security: Okta adds support for DPoP. Retrieved January 2, 2024.","url":"https://www.okta.com/blog/2023/06/a-leap-forward-in-token-security-okta-adds-support-for-dpop/","source":"MITRE","title":"A leap forward in token security: Okta adds support for DPoP","authors":"Venkat Viswanathan","date_accessed":"2024-01-02T00:00:00Z","date_published":"2023-06-13T00:00:00Z","owner_name":null,"tidal_id":"acb2170d-1643-5cf4-a720-f2f935049e59","created":"2024-04-25T13:28:53.053216Z","modified":"2025-12-17T15:08:36.442420Z"},{"id":"b9d14fea-2330-4eed-892c-b4e05a35d273","name":"US-CERT SamSam 2018","description":"US-CERT. (2018, December 3). Alert (AA18-337A): SamSam Ransomware. Retrieved March 15, 2019.","url":"https://www.us-cert.gov/ncas/alerts/AA18-337A","source":"MITRE","title":"Alert (AA18-337A): SamSam Ransomware","authors":"US-CERT","date_accessed":"2019-03-15T00:00:00Z","date_published":"2018-12-03T00:00:00Z","owner_name":null,"tidal_id":"c0d57772-1767-50de-8ace-3b348eac5dce","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418372Z"},{"id":"ffe613e3-b528-42bf-81d5-4d8de38b3457","name":"CISA MSS Sep 2020","description":"CISA. (2020, September 14). Alert (AA20-258A): Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity. Retrieved October 1, 2020.","url":"https://us-cert.cisa.gov/ncas/alerts/aa20-258a","source":"MITRE","title":"Alert (AA20-258A): Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity","authors":"CISA","date_accessed":"2020-10-01T00:00:00Z","date_published":"2020-09-14T00:00:00Z","owner_name":null,"tidal_id":"a00cad0b-6c99-523b-9b6d-701a3e44f3ba","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428440Z"},{"id":"df979f7b-6de8-4029-ae47-700f29157db0","name":"CISA Lokibot September 2020","description":"DHS/CISA. (2020, September 22). Alert (AA20-266A) LokiBot Malware . Retrieved September 15, 2021.","url":"https://us-cert.cisa.gov/ncas/alerts/aa20-266a","source":"MITRE","title":"Alert (AA20-266A) LokiBot Malware","authors":"DHS/CISA","date_accessed":"2021-09-15T00:00:00Z","date_published":"2020-09-22T00:00:00Z","owner_name":null,"tidal_id":"f9d1ce49-2f33-5fc6-9b02-93d0e42844b8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421601Z"},{"id":"633c6045-8990-58ae-85f0-00139aa9a091","name":"CISA_AA21_200B","description":"CISA. (2021, August 20). Alert (AA21-200B) Chinese State-Sponsored Cyber Operations: Observed TTPs. Retrieved June 21, 2022.","url":"https://www.cisa.gov/uscert/ncas/alerts/aa21-200b","source":"MITRE","title":"Alert (AA21-200B) Chinese State-Sponsored Cyber Operations: Observed TTPs","authors":"CISA","date_accessed":"2022-06-21T00:00:00Z","date_published":"2021-08-20T00:00:00Z","owner_name":null,"tidal_id":"7a826efa-c553-5c76-ad90-0e01a66ff6d2","created":"2023-05-26T01:21:03.579288Z","modified":"2025-12-17T15:08:36.427116Z"},{"id":"ebe89b36-f87f-4e09-8030-a1328c0b8683","name":"cisa_malware_orgs_ukraine","description":"CISA. (2022, April 28). Alert (AA22-057A) Update: Destructive Malware Targeting Organizations in Ukraine. Retrieved July 29, 2022.","url":"https://www.cisa.gov/uscert/ncas/alerts/aa22-057a","source":"MITRE","title":"Alert (AA22-057A) Update: Destructive Malware Targeting Organizations in Ukraine","authors":"CISA","date_accessed":"2022-07-29T00:00:00Z","date_published":"2022-04-28T00:00:00Z","owner_name":null,"tidal_id":"22dad6a7-9bab-528e-9aec-cca0475b4b18","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436597Z"},{"id":"9de474cd-3eba-56c8-b6f5-f0b514e768bf","name":"CISA-AA22-103A","description":"DHS/CISA. (2022, May 25). Alert (AA22-103A) APT Cyber Tools Targeting ICS/SCADA Devices. Retrieved September","url":"https://www.cisa.gov/uscert/ncas/alerts/aa22-103a","source":"ICS","title":"Alert (AA22-103A) APT Cyber Tools Targeting ICS/SCADA Devices","authors":"DHS/CISA","date_accessed":"1978-09-01T00:00:00Z","date_published":"2022-05-25T00:00:00Z","owner_name":null,"tidal_id":"3c0b69f4-dbb2-536e-ab64-b79f7ccb2d44","created":"2026-01-28T13:08:18.176097Z","modified":"2026-01-28T13:08:18.176100Z"},{"id":"866484fa-836d-4c5b-bbad-3594ef60599c","name":"US-CERT Ransomware 2016","description":"US-CERT. (2016, March 31). Alert (TA16-091A): Ransomware and Recent Variants. Retrieved March 15, 2019.","url":"https://www.us-cert.gov/ncas/alerts/TA16-091A","source":"MITRE","title":"Alert (TA16-091A): Ransomware and Recent Variants","authors":"US-CERT","date_accessed":"2019-03-15T00:00:00Z","date_published":"2016-03-31T00:00:00Z","owner_name":null,"tidal_id":"550fa6af-fde2-501c-8a1a-c0589010fa7a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433987Z"},{"id":"349b8e9d-7172-4d01-b150-f0371d038b7e","name":"US-CERT WannaCry 2017","description":"US-CERT. (2017, May 12). Alert (TA17-132A): Indicators Associated With WannaCry Ransomware. Retrieved March 25, 2019.","url":"https://www.us-cert.gov/ncas/alerts/TA17-132A","source":"MITRE","title":"Alert (TA17-132A): Indicators Associated With WannaCry Ransomware","authors":"US-CERT","date_accessed":"2019-03-25T00:00:00Z","date_published":"2017-05-12T00:00:00Z","owner_name":null,"tidal_id":"96f6bb24-795b-5543-85c6-d9f4f105a1ae","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419671Z"},{"id":"d10d5cfd-0933-5d48-86a1-d5269bedc9a9","name":"CISA Alert TA17-163A CrashOverride June 2017","description":"CISA. (2017, June 12). Alert (TA17-163A). Retrieved October","url":"https://us-cert.cisa.gov/ncas/alerts/TA17-163A","source":"ICS","title":"Alert (TA17-163A)","authors":"CISA","date_accessed":"1978-10-01T00:00:00Z","date_published":"2017-06-12T00:00:00Z","owner_name":null,"tidal_id":"c94130dc-adcd-5083-995a-2881dd023e26","created":"2026-01-28T13:08:18.175390Z","modified":"2026-01-28T13:08:18.175394Z"},{"id":"8e57cea3-ee37-4507-bb56-7445050ec8ca","name":"US-CERT HIDDEN COBRA June 2017","description":"US-CERT. (2017, June 13). Alert (TA17-164A) HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure. Retrieved July 13, 2017.","url":"https://www.us-cert.gov/ncas/alerts/TA17-164A","source":"MITRE","title":"Alert (TA17-164A) HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure","authors":"US-CERT","date_accessed":"2017-07-13T00:00:00Z","date_published":"2017-06-13T00:00:00Z","owner_name":null,"tidal_id":"61ee4710-c901-5a83-a145-bc0deb045610","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437619Z"},{"id":"6a009850-834b-4178-9028-2745921b6743","name":"US-CERT NotPetya 2017","description":"US-CERT. (2017, July 1). Alert (TA17-181A): Petya Ransomware. Retrieved March 15, 2019.","url":"https://www.us-cert.gov/ncas/alerts/TA17-181A","source":"MITRE","title":"Alert (TA17-181A): Petya Ransomware","authors":"US-CERT","date_accessed":"2019-03-15T00:00:00Z","date_published":"2017-07-01T00:00:00Z","owner_name":null,"tidal_id":"4942a21c-74bc-5fa9-983e-2d446bc4eaaf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418733Z"},{"id":"e34ddf0a-a112-4557-ac09-1ff540241a89","name":"US-CERT APT Energy Oct 2017","description":"US-CERT. (2017, October 20). Alert (TA17-293A): Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved November 2, 2017.","url":"https://www.us-cert.gov/ncas/alerts/TA17-293A","source":"MITRE","title":"Alert (TA17-293A): Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors","authors":"US-CERT","date_accessed":"2017-11-02T00:00:00Z","date_published":"2017-10-20T00:00:00Z","owner_name":null,"tidal_id":"2700844f-d5af-5042-99e8-276f046d56cb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415835Z"},{"id":"045e03f9-af83-4442-b69e-b80f68e570ac","name":"US-CERT FALLCHILL Nov 2017","description":"US-CERT. (2017, November 22). Alert (TA17-318A): HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL. Retrieved December 7, 2017.","url":"https://www.us-cert.gov/ncas/alerts/TA17-318A","source":"MITRE","title":"Alert (TA17-318A): HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL","authors":"US-CERT","date_accessed":"2017-12-07T00:00:00Z","date_published":"2017-11-22T00:00:00Z","owner_name":null,"tidal_id":"e69ee381-778b-5a1b-ad2f-df965e163ce7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422623Z"},{"id":"c48c7ac0-8d55-4b62-9606-a9ce420459b6","name":"US-CERT Volgmer Nov 2017","description":"US-CERT. (2017, November 22). Alert (TA17-318B): HIDDEN COBRA – North Korean Trojan: Volgmer. Retrieved December 7, 2017.","url":"https://www.us-cert.gov/ncas/alerts/TA17-318B","source":"MITRE","title":"Alert (TA17-318B): HIDDEN COBRA – North Korean Trojan: Volgmer","authors":"US-CERT","date_accessed":"2017-12-07T00:00:00Z","date_published":"2017-11-22T00:00:00Z","owner_name":null,"tidal_id":"5a03a060-f8be-507c-bd78-ab4b2e53d0f4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418219Z"},{"id":"94e87a92-bf80-43e2-a3ab-cd7d4895f2fc","name":"US-CERT TA18-074A","description":"US-CERT. (2018, March 16). Alert (TA18-074A): Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved June 6, 2018.","url":"https://www.us-cert.gov/ncas/alerts/TA18-074A","source":"MITRE","title":"Alert (TA18-074A): Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors","authors":"US-CERT","date_accessed":"2018-06-06T00:00:00Z","date_published":"2018-03-16T00:00:00Z","owner_name":null,"tidal_id":"5f0f4981-2d09-51c3-90c6-ec24ec4cd9aa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432484Z"},{"id":"1fe55557-94af-4697-a675-884701f70f2a","name":"US-CERT-TA18-106A","description":"US-CERT. (2018, April 20). Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices. Retrieved October 19, 2020.","url":"https://www.us-cert.gov/ncas/alerts/TA18-106A","source":"MITRE","title":"Alert (TA18-106A) Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices","authors":"US-CERT","date_accessed":"2020-10-19T00:00:00Z","date_published":"2018-04-20T00:00:00Z","owner_name":null,"tidal_id":"9cda58bc-768c-5c68-b819-012694846149","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424453Z"},{"id":"0043043a-4741-41c2-a6f2-f88d5caa8b7a","name":"US-CERT Emotet Jul 2018","description":"US-CERT. (2018, July 20). Alert (TA18-201A) Emotet Malware. Retrieved March 25, 2019.","url":"https://www.us-cert.gov/ncas/alerts/TA18-201A","source":"MITRE","title":"Alert (TA18-201A) Emotet Malware","authors":"US-CERT","date_accessed":"2019-03-25T00:00:00Z","date_published":"2018-07-20T00:00:00Z","owner_name":null,"tidal_id":"2f5797ea-9331-5a94-90a3-de2c1024d3a1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417745Z"},{"id":"20d3128e-0900-5373-97f0-fcf26fc86271","name":"Sysdig LLMJacking 2024","description":"LLMjacking: Stolen Cloud Credentials Used in New AI Attack. (2024, May 6). Alessandro Brucato. Retrieved September 25, 2024.","url":"https://sysdig.com/blog/llmjacking-stolen-cloud-credentials-used-in-new-ai-attack/","source":"MITRE","title":"Alessandro Brucato","authors":"LLMjacking: Stolen Cloud Credentials Used in New AI Attack","date_accessed":"2024-09-25T00:00:00Z","date_published":"2024-05-06T00:00:00Z","owner_name":null,"tidal_id":"169f5f57-950a-5687-ba54-5f27f44c3fbf","created":"2024-10-31T16:28:23.814469Z","modified":"2025-12-17T15:08:36.432656Z"},{"id":"154a5d86-4478-5cf5-ac39-19ac7581a440","name":"Alexa-dns","description":"Scanning Alexa's Top 1M for AXFR. (2015, March 29). Retrieved June 5, 2024.","url":"https://en.internetwache.org/scanning-alexas-top-1m-for-axfr-29-03-2015/","source":"MITRE","title":"Alexa-dns","authors":"","date_accessed":"2024-06-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ad40248f-2ff8-515a-831d-101f73ac83c9","created":"2024-10-31T16:28:16.665647Z","modified":"2025-12-17T15:08:36.424912Z"},{"id":"fa289c48-4933-56c9-8a61-2a8e5d85f42c","name":"Alexander Bolshev, Gleb Cherbov July 2014","description":"Alexander Bolshev, Gleb Cherbov 2014, July 08 ICSCorsair: How I will PWN your ERP through 4-20 mA current loop. Retrieved 2020/01/05","url":"https://www.blackhat.com/docs/us-14/materials/us-14-Bolshev-ICSCorsair-How-I-Will-PWN-Your-ERP-Through-4-20mA-Current-Loop-WP.pdf","source":"ICS","title":"Alexander Bolshev, Gleb Cherbov July 2014","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8feba396-ad4d-57f7-960b-1e58ca694c78","created":"2026-01-28T13:08:18.176759Z","modified":"2026-01-28T13:08:18.176762Z"},{"id":"d9773aaf-e3ec-4ce3-b5c8-1ca3c4751622","name":"AlKhaser Debug","description":"Noteworthy. (2019, January 6). Al-Khaser. Retrieved April 1, 2022.","url":"https://github.com/LordNoteworthy/al-khaser/tree/master/al-khaser/AntiDebug","source":"MITRE","title":"Al-Khaser","authors":"Noteworthy","date_accessed":"2022-04-01T00:00:00Z","date_published":"2019-01-06T00:00:00Z","owner_name":null,"tidal_id":"046f1cb5-e038-56de-a694-e0e8ee919635","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435769Z"},{"id":"095bed1f-481f-50c5-8a4a-b6de39d82ccc","name":"Dragos","description":"Dragos. (n.d.). Allanite. Retrieved 2019/10/27","url":"https://dragos.com/resource/allanite/","source":"ICS","title":"Allanite","authors":"Dragos","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"32087a01-b498-5e38-8f33-691f69c75c71","created":"2026-01-28T13:08:18.178654Z","modified":"2026-01-28T13:08:18.178657Z"},{"id":"94715020-4c94-52cf-ba41-aad30c2b51b9","name":"Broadcom ESXi SSH","description":"Broadcom. (2024, December 12). Allowing SSH access to VMware vSphere ESXi/ESX hosts with public/private key authentication. Retrieved March 26, 2025.","url":"https://knowledge.broadcom.com/external/article/313767/allowing-ssh-access-to-vmware-vsphere-es.html","source":"MITRE","title":"Allowing SSH access to VMware vSphere ESXi/ESX hosts with public/private key authentication","authors":"Broadcom","date_accessed":"2025-03-26T00:00:00Z","date_published":"2024-12-12T00:00:00Z","owner_name":null,"tidal_id":"1b98f69b-7dc9-5a4e-b950-9c4a0f158129","created":"2025-04-22T20:47:15.504324Z","modified":"2025-12-17T15:08:36.430865Z"},{"id":"2b460644-dc33-5cf4-a80a-8509d9f7e152","name":"Microsoft RDP Logons","description":"Microsoft. (2017, April 9). Allow log on through Remote Desktop Services. Retrieved August 5, 2024.","url":"https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services","source":"MITRE","title":"Allow log on through Remote Desktop Services","authors":"Microsoft","date_accessed":"2024-08-05T00:00:00Z","date_published":"2017-04-09T00:00:00Z","owner_name":null,"tidal_id":"5d9423e2-bdbb-5b71-923e-767511d74148","created":"2024-10-31T16:28:19.673751Z","modified":"2025-12-17T15:08:36.428242Z"},{"id":"be17ae41-52d0-51bd-b48f-5c1d3c5c8dc1","name":"NetSPI ClickOnce","description":"Ryan Gandrud. (2015, March 23). All You Need Is One – A ClickOnce Love Story. Retrieved September 9, 2024.","url":"https://www.netspi.com/blog/technical-blog/adversary-simulation/all-you-need-is-one-a-clickonce-love-story/","source":"MITRE","title":"All You Need Is One – A ClickOnce Love Story","authors":"Ryan Gandrud","date_accessed":"2024-09-09T00:00:00Z","date_published":"2015-03-23T00:00:00Z","owner_name":null,"tidal_id":"8210823e-b985-5532-98e1-12d932425fad","created":"2024-10-31T16:28:25.720751Z","modified":"2025-12-17T15:08:36.434773Z"},{"id":"3e527ad6-6b56-473d-8178-e1c3c14f2311","name":"Fysbis Palo Alto Analysis","description":"Bryan Lee and Rob Downs. (2016, February 12). A Look Into Fysbis: Sofacy’s Linux Backdoor. Retrieved September 10, 2017.","url":"https://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/","source":"MITRE","title":"A Look Into Fysbis: Sofacy’s Linux Backdoor","authors":"Bryan Lee and Rob Downs","date_accessed":"2017-09-10T00:00:00Z","date_published":"2016-02-12T00:00:00Z","owner_name":null,"tidal_id":"75701e23-122f-5579-a175-362df9a4995e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418561Z"},{"id":"e117a6ac-eaa2-4494-b4ae-2d9ae52c3251","name":"Medium KONNI Jan 2020","description":"Karmi, D. (2020, January 4). A Look Into Konni 2019 Campaign. Retrieved April 28, 2020.","url":"https://medium.com/d-hunter/a-look-into-konni-2019-campaign-b45a0f321e9b","source":"MITRE","title":"A Look Into Konni 2019 Campaign","authors":"Karmi, D","date_accessed":"2020-04-28T00:00:00Z","date_published":"2020-01-04T00:00:00Z","owner_name":null,"tidal_id":"eb371294-d8ca-55e0-aada-e385bf40f254","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420000Z"},{"id":"cc6c2b69-ca51-513e-9666-a03be2ea5fcd","name":"Unit 42 Palo Alto Ransomware in Public Clouds 2022","description":"Jay Chen. (2022, May 16). A Look Into Public Clouds From the Ransomware Actor's Perspective. Retrieved March 21, 2023.","url":"https://unit42.paloaltonetworks.com/ransomware-in-public-clouds/","source":"MITRE","title":"A Look Into Public Clouds From the Ransomware Actor's Perspective","authors":"Jay Chen","date_accessed":"2023-03-21T00:00:00Z","date_published":"2022-05-16T00:00:00Z","owner_name":null,"tidal_id":"6978f137-db8a-5a8e-b982-f377b52d9eed","created":"2023-05-26T01:21:21.003768Z","modified":"2025-12-17T15:08:36.442925Z"},{"id":"610c8f22-1a96-42d2-934d-8467d136eed2","name":"Cyber Centre ALPHV/BlackCat July 25 2023","description":"Canadian Centre for Cyber Security. (2023, July 25). ALPHV/BlackCat Ransomware Targeting of Canadian Industries. Retrieved September 13, 2023.","url":"https://www.cyber.gc.ca/en/alerts-advisories/alphvblackcat-ransomware-targeting-canadian-industries","source":"Tidal Cyber","title":"ALPHV/BlackCat Ransomware Targeting of Canadian Industries","authors":"Canadian Centre for Cyber Security","date_accessed":"2023-09-13T00:00:00Z","date_published":"2023-07-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ffab9d56-f645-52f0-a5ee-5941b093230f","created":"2023-09-14T20:17:57.443300Z","modified":"2023-09-14T20:17:57.546240Z"},{"id":"b8375832-f6a9-4617-a2ac-d23aacbf2bfe","name":"Mandiant ALPHV Affiliate April 3 2023","description":"Jason Deyalsingh, Nick Smith, Eduardo Mattos, Tyler Mclellan. (2023, April 3). ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access. Retrieved March 5, 2024.","url":"https://www.mandiant.com/resources/blog/alphv-ransomware-backup","source":"Tidal Cyber","title":"ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access","authors":"Jason Deyalsingh, Nick Smith, Eduardo Mattos, Tyler Mclellan","date_accessed":"2024-03-05T00:00:00Z","date_published":"2023-04-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d48e3f93-0af6-548d-91bf-7955ed021a63","created":"2024-03-07T21:00:42.914013Z","modified":"2024-03-07T21:00:43.103063Z"},{"id":"eae434ff-97c0-4a82-9f80-215e515befae","name":"Microsoft ADS Mar 2014","description":"Marlin, J. (2013, March 24). Alternate Data Streams in NTFS. Retrieved March 21, 2018.","url":"https://blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/","source":"MITRE","title":"Alternate Data Streams in NTFS","authors":"Marlin, J","date_accessed":"2018-03-21T00:00:00Z","date_published":"2013-03-24T00:00:00Z","owner_name":null,"tidal_id":"377c9cd2-90bc-58da-83ca-e0877faa4f1b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416104Z"},{"id":"0dbf093e-4b54-4972-b048-2a6411037da4","name":"XPNSec PPID Nov 2017","description":"Chester, A. (2017, November 20). Alternative methods of becoming SYSTEM. Retrieved June 4, 2019.","url":"https://blog.xpnsec.com/becoming-system/","source":"MITRE","title":"Alternative methods of becoming SYSTEM","authors":"Chester, A","date_accessed":"2019-06-04T00:00:00Z","date_published":"2017-11-20T00:00:00Z","owner_name":null,"tidal_id":"2416e55f-b698-5977-ba29-a48d35af2ee9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432689Z"},{"id":"19026f4c-ad65-435e-8c0e-a8ccc9895348","name":"Microsoft AlwaysInstallElevated 2018","description":"Microsoft. (2018, May 31). AlwaysInstallElevated. Retrieved December 14, 2020.","url":"https://docs.microsoft.com/en-us/windows/win32/msi/alwaysinstallelevated","source":"MITRE","title":"AlwaysInstallElevated","authors":"Microsoft","date_accessed":"2020-12-14T00:00:00Z","date_published":"2018-05-31T00:00:00Z","owner_name":null,"tidal_id":"41647652-072a-5604-93a0-da2cd6d9ca00","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427659Z"},{"id":"e320cc74-005a-46db-8a04-6ec487df327f","name":"ASEC BLOG July 21 2022","description":"Sanseo. (2022, July 21). Amadey Bot Being Distributed Through SmokeLoader - ASEC BLOG. Retrieved May 15, 2023.","url":"https://asec.ahnlab.com/en/36634/","source":"Tidal Cyber","title":"Amadey Bot Being Distributed Through SmokeLoader - ASEC BLOG","authors":"Sanseo","date_accessed":"2023-05-15T00:00:00Z","date_published":"2022-07-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"90d8ea39-68b1-55ce-9132-ebb7dc10ad78","created":"2024-06-13T20:10:25.360315Z","modified":"2024-06-13T20:10:25.561096Z"},{"id":"3961a653-b53c-4ba4-9ea6-709e1d1bdb55","name":"Amazon Snapshots","description":"Amazon. (n.d.). Amazon EBS snapshots. Retrieved October 13, 2021.","url":"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html","source":"MITRE","title":"Amazon EBS snapshots","authors":"Amazon","date_accessed":"2021-10-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3b369517-1a3e-5543-b8f6-d956b5d88df4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437159Z"},{"id":"bc9ecf45-2a20-47df-a634-064237e5f126","name":"Amazon AMI","description":"Amazon. (n.d.). Amazon Machine Images (AMI). Retrieved October 13, 2021.","url":"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html","source":"MITRE","title":"Amazon Machine Images (AMI)","authors":"Amazon","date_accessed":"2021-10-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c34e6f46-3055-575d-98a2-c00459dc4322","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437056Z"},{"id":"7fecbd5d-626f-496a-a72f-5f166c78c204","name":"Amazon S3","description":"Amazon. (n.d.). Amazon S3. Retrieved October 13, 2021.","url":"https://aws.amazon.com/s3/","source":"MITRE","title":"Amazon S3","authors":"Amazon","date_accessed":"2021-10-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c7d626fd-beea-5982-a422-8430052ff259","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437092Z"},{"id":"cb9ff075-d033-4990-b389-4760d089e255","name":"Amazon Web Services December 15 2025","description":"None Identified. (2025, December 15). Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure | AWS Security Blog. Retrieved December 19, 2025.","url":"https://aws.amazon.com/blogs/security/amazon-threat-intelligence-identifies-russian-cyber-threat-group-targeting-western-critical-infrastructure/","source":"Tidal Cyber","title":"Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure | AWS Security Blog","authors":"None Identified","date_accessed":"2025-12-19T12:00:00Z","date_published":"2025-12-15T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"92bae60a-9a82-5c3b-8543-3dccb4fe6f9b","created":"2025-12-24T14:56:03.061442Z","modified":"2025-12-24T14:56:03.225988Z"},{"id":"1ba37b48-1219-4f87-af36-9bdd8d6265ca","name":"Trend Micro S3 Exposed PII, 2017","description":"Trend Micro. (2017, November 6). A Misconfigured Amazon S3 Exposed Almost 50 Thousand PII in Australia. Retrieved October 4, 2019.","url":"https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/a-misconfigured-amazon-s3-exposed-almost-50-thousand-pii-in-australia","source":"MITRE","title":"A Misconfigured Amazon S3 Exposed Almost 50 Thousand PII in Australia","authors":"Trend Micro","date_accessed":"2019-10-04T00:00:00Z","date_published":"2017-11-06T00:00:00Z","owner_name":null,"tidal_id":"be468733-d773-554b-9cfb-835497fb46bd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427435Z"},{"id":"792ca8a7-c9b2-4e7f-8562-e1ccb60a402a","name":"Recorded Future Beacon Certificates","description":"Insikt Group. (2019, June 18). A Multi-Method Approach to Identifying Rogue Cobalt Strike Servers. Retrieved September 16, 2024.","url":"https://www.recordedfuture.com/research/cobalt-strike-servers","source":"MITRE","title":"A Multi-Method Approach to Identifying Rogue Cobalt Strike Servers","authors":"Insikt Group","date_accessed":"2024-09-16T00:00:00Z","date_published":"2019-06-18T00:00:00Z","owner_name":null,"tidal_id":"17928620-9487-59be-82ae-8a5ac477f361","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425683Z"},{"id":"f765970e-96d5-5cee-acc1-dc730bae53a7","name":"TrendMicro ESXI Ransomware","description":"Junestherry Dela Cruz. (2022, January 24). Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant. Retrieved March 26, 2025.","url":"https://www.trendmicro.com/en_us/research/22/a/analysis-and-Impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant.html","source":"MITRE","title":"Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant","authors":"Junestherry Dela Cruz","date_accessed":"2025-03-26T00:00:00Z","date_published":"2022-01-24T00:00:00Z","owner_name":null,"tidal_id":"66e96db8-e89a-51c8-a3f8-ae5e45c4d8ee","created":"2025-04-22T20:47:11.602216Z","modified":"2025-12-17T15:08:36.426912Z"},{"id":"70672bc9-775b-4f99-a4df-67154c8d17a2","name":"A Cyber Guru Qilin September 15 2025","description":"acyberguru.io. (2025, September 15). Analysis for Qilin Ransomware | ACG Blog. Retrieved October 26, 2025.","url":"https://acyberguru.io/blog/analysis-for-qilin-ransomware","source":"Tidal Cyber","title":"Analysis for Qilin Ransomware | ACG Blog","authors":"acyberguru.io","date_accessed":"2025-10-26T12:00:00Z","date_published":"2025-09-15T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"dfa1b688-d54f-57c2-9812-5b1653149c8e","created":"2025-11-11T13:25:41.910212Z","modified":"2025-11-11T13:25:42.082604Z"},{"id":"ca09941c-fcc8-460b-8b02-d1608a7d3813","name":"Botnet Scan","description":"Dainotti, A. et al. (2012). Analysis of a “/0” Stealth Scan from a Botnet. Retrieved October 20, 2020.","url":"https://www.caida.org/publications/papers/2012/analysis_slash_zero/analysis_slash_zero.pdf","source":"MITRE","title":"Analysis of a “/0” Stealth Scan from a Botnet","authors":"Dainotti, A. et al","date_accessed":"2020-10-20T00:00:00Z","date_published":"2012-01-01T00:00:00Z","owner_name":null,"tidal_id":"f4be6bf6-b0fb-57ca-9f3d-7b6169f062d0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430630Z"},{"id":"e7b57e64-3532-4b98-9fa5-b832e6fcd53a","name":"Trend Micro Ngrok September 2020","description":"Borja, A. Camba, A. et al (2020, September 14). Analysis of a Convoluted Attack Chain Involving Ngrok. Retrieved September 15, 2020.","url":"https://www.trendmicro.com/en_us/research/20/i/analysis-of-a-convoluted-attack-chain-involving-ngrok.html","source":"MITRE","title":"Analysis of a Convoluted Attack Chain Involving Ngrok","authors":"Borja, A. Camba, A","date_accessed":"2020-09-15T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d40012d4-ced4-5495-b30b-096d70ad9187","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442697Z"},{"id":"8ab89236-6994-43a3-906c-383e294f65d1","name":"CIRCL PlugX March 2013","description":"Computer Incident Response Center Luxembourg. (2013, March 29). Analysis of a PlugX variant. Retrieved November 5, 2018.","url":"http://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdf","source":"MITRE","title":"Analysis of a PlugX variant","authors":"Computer Incident Response Center Luxembourg","date_accessed":"2018-11-05T00:00:00Z","date_published":"2013-03-29T00:00:00Z","owner_name":null,"tidal_id":"4f58c25b-3ad7-536e-8cba-223d017e4ea4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419235Z"},{"id":"a2169171-8e4a-4faa-811c-98b6204a5a57","name":"Apple Unified Log Analysis Remote Login and Screen Sharing","description":"Sarah Edwards. (2020, April 30). Analysis of Apple Unified Logs: Quarantine Edition [Entry 6] – Working From Home? Remote Logins. Retrieved August 19, 2021.","url":"https://sarah-edwards-xzkc.squarespace.com/blog/2020/4/30/analysis-of-apple-unified-logs-quarantine-edition-entry-6-working-from-home-remote-logins","source":"MITRE","title":"Analysis of Apple Unified Logs: Quarantine Edition [Entry 6] – Working From Home? Remote Logins","authors":"Sarah Edwards","date_accessed":"2021-08-19T00:00:00Z","date_published":"2020-04-30T00:00:00Z","owner_name":null,"tidal_id":"53568020-af6f-5dee-afe8-f313bbbb3b37","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423741Z"},{"id":"e73d331a-835f-59f4-8387-fc81c6cd9ec9","name":"Forescout Conti Leaks 2022","description":"Vedere Labs. (2022, March 11). Analysis of Conti Leaks. Retrieved May 22, 2025.","url":"https://www.forescout.com/resources/analysis-of-conti-leaks/","source":"MITRE","title":"Analysis of Conti Leaks","authors":"Vedere Labs","date_accessed":"2025-05-22T00:00:00Z","date_published":"2022-03-11T00:00:00Z","owner_name":null,"tidal_id":"19fbc99a-5920-527d-b1f6-96390cc29c55","created":"2025-10-29T21:08:48.166170Z","modified":"2025-12-17T15:08:36.433180Z"},{"id":"06cf7197-244a-431b-a288-4c2bbd431ad5","name":"Medium S2W WhisperGate January 2022","description":"S2W. (2022, January 18). Analysis of Destructive Malware (WhisperGate) targeting Ukraine. Retrieved March 14, 2022.","url":"https://medium.com/s2wblog/analysis-of-destructive-malware-whispergate-targeting-ukraine-9d5d158f19f3","source":"MITRE","title":"Analysis of Destructive Malware (WhisperGate) targeting Ukraine","authors":"S2W","date_accessed":"2022-03-14T00:00:00Z","date_published":"2022-01-18T00:00:00Z","owner_name":null,"tidal_id":"6b737a80-33a9-52ea-97d7-6b9e29ae254f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439885Z"},{"id":"355802a7-58dc-590e-8b9a-6437bff71e44","name":"Securonix Contagious Interview DEVPOPPER April 2024","description":"Securonix Threat Research, D.Iuzvyk, T. Peck, O.Kolesnikov. (2024, April 24). Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors. Retrieved October 20, 2025.","url":"https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/","source":"MITRE","title":"Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors","authors":"Securonix Threat Research, D.Iuzvyk, T. Peck, O.Kolesnikov","date_accessed":"2025-10-20T00:00:00Z","date_published":"2024-04-24T00:00:00Z","owner_name":null,"tidal_id":"9c505cf8-24fd-558f-9ffa-55e6faa54040","created":"2025-10-29T21:08:48.167134Z","modified":"2025-12-17T15:08:36.439029Z"},{"id":"f12b141e-6bb2-5563-9665-5756fec2d5e7","name":"Analysis of FG-IR-22-369","description":"Guillaume Lovet and Alex Kong. (2023, March 9). Analysis of FG-IR-22-369. Retrieved May 15, 2023.","url":"https://www.fortinet.com/blog/psirt-blogs/fg-ir-22-369-psirt-analysis","source":"MITRE","title":"Analysis of FG-IR-22-369","authors":"Guillaume Lovet and Alex Kong","date_accessed":"2023-05-15T00:00:00Z","date_published":"2023-03-09T00:00:00Z","owner_name":null,"tidal_id":"ecdaceb1-d43d-53d0-ae75-97f9c7c4f340","created":"2023-11-07T00:36:06.565355Z","modified":"2025-12-17T15:08:36.433383Z"},{"id":"3faa7879-4305-522f-a47e-1e01d323ecbd","name":"CloudSEK ESXiArgs 2023","description":"Mehardeep Singh Sawhney. (2023, February 9). Analysis of Files Used in ESXiArgs Ransomware Attack Against VMware ESXi Servers. Retrieved March 26, 2025.","url":"https://www.cloudsek.com/blog/analysis-of-files-used-in-esxiargs-ransomware-attack-against-vmware-esxi-servers","source":"MITRE","title":"Analysis of Files Used in ESXiArgs Ransomware Attack Against VMware ESXi Servers","authors":"Mehardeep Singh Sawhney","date_accessed":"2025-03-26T00:00:00Z","date_published":"2023-02-09T00:00:00Z","owner_name":null,"tidal_id":"763dc45e-e15e-5fe0-84a9-ed4a67b82082","created":"2025-04-22T20:47:11.423858Z","modified":"2025-12-17T15:08:36.426718Z"},{"id":"f2f9a6bf-b4d9-461e-b961-0610ea72faf0","name":"Graeber 2014","description":"Graeber, M. (2014, October). Analysis of Malicious Security Support Provider DLLs. Retrieved March 1, 2017.","url":"http://docplayer.net/20839173-Analysis-of-malicious-security-support-provider-dlls.html","source":"MITRE","title":"Analysis of Malicious Security Support Provider DLLs","authors":"Graeber, M","date_accessed":"2017-03-01T00:00:00Z","date_published":"2014-10-01T00:00:00Z","owner_name":null,"tidal_id":"84af971b-9ce6-5f4e-b6b2-a5b14da7e59f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416003Z"},{"id":"86a65be7-0f70-4755-b526-a26b92eabaa2","name":"Fortinet Agent Tesla April 2018","description":"Zhang, X. (2018, April 05). Analysis of New Agent Tesla Spyware Variant. Retrieved November 5, 2018.","url":"https://www.fortinet.com/blog/threat-research/analysis-of-new-agent-tesla-spyware-variant.html","source":"MITRE","title":"Analysis of New Agent Tesla Spyware Variant","authors":"Zhang, X","date_accessed":"2018-11-05T00:00:00Z","date_published":"2018-04-05T00:00:00Z","owner_name":null,"tidal_id":"66bd0522-5aaa-5900-8369-4fd9b07beec0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422142Z"},{"id":"700882a9-78d5-5bb1-81cc-6ac6235b2314","name":"DFIR Python Persistence 2025","description":"Stephan Berger. (2025, January 14). Analysis of Python's .pth files as a persistence mechanism. Retrieved May 22, 2025.","url":"https://dfir.ch/posts/publish_python_pth_extension/","source":"MITRE","title":"Analysis of Python's .pth files as a persistence mechanism","authors":"Stephan Berger","date_accessed":"2025-05-22T00:00:00Z","date_published":"2025-01-14T00:00:00Z","owner_name":null,"tidal_id":"1dc0ed21-8f5c-55bf-a092-9ba9aa078e93","created":"2025-10-29T21:08:48.166452Z","modified":"2025-12-17T15:08:36.434442Z"},{"id":"280636da-fa21-472c-947c-651a628ea2cd","name":"Antiy CERT Ramsay April 2020","description":"Antiy CERT. (2020, April 20). Analysis of Ramsay components of Darkhotel's infiltration and isolation network. Retrieved March 24, 2021.","url":"https://www.programmersought.com/article/62493896999/","source":"MITRE","title":"Analysis of Ramsay components of Darkhotel's infiltration and isolation network","authors":"Antiy CERT","date_accessed":"2021-03-24T00:00:00Z","date_published":"2020-04-20T00:00:00Z","owner_name":null,"tidal_id":"079d384e-2e18-58d9-ab93-e10b08b04157","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421382Z"},{"id":"3058206c-6817-4b53-b232-2b7a87f572cd","name":"ASEC November 18 2025","description":"ATCP. (2025, November 18). Analysis of ShadowPad Attack Exploiting WSUS Remote Code Execution Vulnerability (CVE-2025-59287) - ASEC. Retrieved November 21, 2025.","url":"https://asec.ahnlab.com/en/91166/","source":"Tidal Cyber","title":"Analysis of ShadowPad Attack Exploiting WSUS Remote Code Execution Vulnerability (CVE-2025-59287) - ASEC","authors":"ATCP","date_accessed":"2025-11-21T12:00:00Z","date_published":"2025-11-18T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"22120c2e-22c1-5f89-83c9-16809c1303ae","created":"2025-12-10T14:13:42.282228Z","modified":"2025-12-10T14:13:42.465933Z"},{"id":"a9cf756b-8157-4cc4-bdab-b10f320487df","name":"Microsoft Security Blog July 14 2023","description":"Microsoft Threat Intelligence. (2023, July 14). Analysis of Storm-0558 techniques for unauthorized email access . Retrieved February 25, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/","source":"Tidal Cyber","title":"Analysis of Storm-0558 techniques for unauthorized email access","authors":"Microsoft Threat Intelligence","date_accessed":"2024-02-25T00:00:00Z","date_published":"2023-07-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"82a1773f-9445-57bc-b65e-c42eff39a1b6","created":"2024-11-15T17:28:56.504586Z","modified":"2024-11-15T17:28:56.719575Z"},{"id":"74fd79a9-09f7-5149-a457-687a1e2989de","name":"Storm-0558 techniques for unauthorized email access","description":"Microsoft Threat Intelligence. (2023, July 14). Analysis of Storm-0558 techniques for unauthorized email access. Retrieved September 18, 2023.","url":"https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/","source":"MITRE","title":"Analysis of Storm-0558 techniques for unauthorized email access","authors":"Microsoft Threat Intelligence","date_accessed":"2023-09-18T00:00:00Z","date_published":"2023-07-14T00:00:00Z","owner_name":null,"tidal_id":"97999fc2-9dbc-52a7-b9b2-7f2b00dc1d24","created":"2023-11-07T00:36:06.183237Z","modified":"2025-12-17T15:08:36.432911Z"},{"id":"5d62c323-6626-4aad-8bf2-0d988e436f3d","name":"ESET Telebots July 2017","description":"Cherepanov, A.. (2017, July 4). Analysis of TeleBots’ cunning backdoor . Retrieved June 11, 2020.","url":"https://www.welivesecurity.com/2017/07/04/analysis-of-telebots-cunning-backdoor/","source":"MITRE","title":"Analysis of TeleBots’ cunning backdoor","authors":"Cherepanov, A.","date_accessed":"2020-06-11T00:00:00Z","date_published":"2017-07-04T00:00:00Z","owner_name":null,"tidal_id":"b98cb258-6521-5499-8eac-239ffd715cfb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442132Z"},{"id":"15213a3c-1e9f-47fa-9864-8ef2707c7fb6","name":"EST Kimsuky SmokeScreen April 2019","description":"ESTSecurity. (2019, April 17). Analysis of the APT Campaign ‘Smoke Screen’ targeting to Korea and US 출처: https://blog.alyac.co.kr/2243 [이스트시큐리티 알약 블로그]. Retrieved September 29, 2021.","url":"https://blog.alyac.co.kr/attachment/cfile5.uf@99A0CD415CB67E210DCEB3.pdf","source":"MITRE","title":"Analysis of the APT Campaign ‘Smoke Screen’ targeting to Korea and US 출처: https://blog.alyac.co.kr/2243 [이스트시큐리티 알약 블로그]","authors":"ESTSecurity","date_accessed":"2021-09-29T00:00:00Z","date_published":"2019-04-17T00:00:00Z","owner_name":null,"tidal_id":"b2d92e3d-b9c8-5c30-a147-abbc44a69f15","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438414Z"},{"id":"8adc6d36-3aa0-5d7b-8bb3-23f4426be8a6","name":"Ukraine15 - EISAC - 201603","description":"Electricity Information Sharing and Analysis Center; SANS Industrial Control Systems. (2016, March 18). Analysis of the Cyber Attack on the Ukranian Power Grid: Defense Use Case. Retrieved March 27, 2018.","url":"https://nsarchive.gwu.edu/sites/default/files/documents/3891751/SANS-and-Electricity-Information-Sharing-and.pdf","source":"MITRE","title":"Analysis of the Cyber Attack on the Ukranian Power Grid: Defense Use Case","authors":"Electricity Information Sharing and Analysis Center; SANS Industrial Control Systems","date_accessed":"2018-03-27T00:00:00Z","date_published":"2016-03-18T00:00:00Z","owner_name":null,"tidal_id":"71a92591-04a2-5446-ab39-2ac5c7853086","created":"2023-11-07T00:36:18.565589Z","modified":"2025-12-17T15:08:36.439926Z"},{"id":"638a1ce3-3118-482e-b1ec-75a76c2cb37b","name":"CSIRT MON January 22 2022","description":"CSIRT MON. (2022, January 22). ANALYSIS OF THE CYBERATTACK ON UKRAINIAN GOVERNMENT RESOURCES. Retrieved February 12, 2025.","url":"https://csirt-mon.wp.mil.pl/aktualnosci/analysis-of-the-cyberattack-on-ukrainian-government-resources/","source":"Tidal Cyber","title":"ANALYSIS OF THE CYBERATTACK ON UKRAINIAN GOVERNMENT RESOURCES","authors":"CSIRT MON","date_accessed":"2025-02-12T00:00:00Z","date_published":"2022-01-22T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f025cc6e-f223-5aa6-9c68-58239c17dda8","created":"2025-02-18T15:17:59.528989Z","modified":"2025-02-18T15:17:59.693800Z"},{"id":"2e00a539-acbe-4462-a30f-43da4e8b9c4f","name":"Check Point Havij Analysis","description":"Ganani, M. (2015, May 14). Analysis of the Havij SQL Injection tool. Retrieved March 19, 2018.","url":"https://blog.checkpoint.com/2015/05/14/analysis-havij-sql-injection-tool/","source":"MITRE","title":"Analysis of the Havij SQL Injection tool","authors":"Ganani, M","date_accessed":"2018-03-19T00:00:00Z","date_published":"2015-05-14T00:00:00Z","owner_name":null,"tidal_id":"01d1cf1e-c0c7-5910-860b-cc0d24b6a464","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423497Z"},{"id":"3fab9e25-e83e-4c90-ae32-dcd0c30757f8","name":"ESET Emotet Dec 2018","description":"Perez, D.. (2018, December 28). Analysis of the latest Emotet propagation campaign. Retrieved April 16, 2019.","url":"https://www.welivesecurity.com/2018/12/28/analysis-latest-emotet-propagation-campaign/","source":"MITRE","title":"Analysis of the latest Emotet propagation campaign","authors":"Perez, D.","date_accessed":"2019-04-16T00:00:00Z","date_published":"2018-12-28T00:00:00Z","owner_name":null,"tidal_id":"70a71cbd-9e11-5011-af57-31a2f228cf6f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442490Z"},{"id":"cdd779f1-30c2-40be-a500-332920f0e21c","name":"Rewterz Sidewinder COVID-19 June 2020","description":"Rewterz. (2020, June 22). Analysis on Sidewinder APT Group – COVID-19. Retrieved January 29, 2021.","url":"https://www.rewterz.com/articles/analysis-on-sidewinder-apt-group-covid-19","source":"MITRE","title":"Analysis on Sidewinder APT Group – COVID-19","authors":"Rewterz","date_accessed":"2021-01-29T00:00:00Z","date_published":"2020-06-22T00:00:00Z","owner_name":null,"tidal_id":"92ed0b17-46fd-5d4d-9131-24b91e9fcb83","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440348Z"},{"id":"a109e42d-604f-4885-ada3-5d6895addc96","name":"CISA AR18-352A Quasar RAT December 2018","description":"CISA. (2018, December 18). Analysis Report (AR18-352A) Quasar Open-Source Remote Administration Tool. Retrieved August 1, 2022.","url":"https://www.cisa.gov/uscert/ncas/analysis-reports/AR18-352A","source":"MITRE","title":"Analysis Report (AR18-352A) Quasar Open-Source Remote Administration Tool","authors":"CISA","date_accessed":"2022-08-01T00:00:00Z","date_published":"2018-12-18T00:00:00Z","owner_name":null,"tidal_id":"52a924b2-1c31-5bb2-a6d0-01c5449f2c66","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441213Z"},{"id":"f98604dd-2881-4024-8e43-6f5f48c6c9fa","name":"CISA AR21-126A FIVEHANDS May 2021","description":"CISA. (2021, May 6). Analysis Report (AR21-126A) FiveHands Ransomware. Retrieved June 7, 2021.","url":"https://us-cert.cisa.gov/ncas/analysis-reports/ar21-126a","source":"MITRE","title":"Analysis Report (AR21-126A) FiveHands Ransomware","authors":"CISA","date_accessed":"2021-06-07T00:00:00Z","date_published":"2021-05-06T00:00:00Z","owner_name":null,"tidal_id":"840b8dcb-a81c-5a24-b8b8-055527865dc9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418007Z"},{"id":"d403e610-fa83-4c17-842f-223063864009","name":"JoeSecurity Egregor 2020","description":"Joe Security. (n.d.). Analysis Report fasm.dll. Retrieved November 17, 2024.","url":"https://www.joesandbox.com/analysis/326673/0/pdf","source":"MITRE","title":"Analysis Report fasm.dll","authors":"Joe Security","date_accessed":"2024-11-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a17791fb-0517-5be1-b4c2-f53822af5f79","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440604Z"},{"id":"2d9a6957-5645-4863-968b-4a3c8736564b","name":"GDATA Zeus Panda June 2017","description":"Ebach, L. (2017, June 22). Analysis Results of Zeus.Variant.Panda. Retrieved November 5, 2018.","url":"https://cyberwtf.files.wordpress.com/2017/07/panda-whitepaper.pdf","source":"MITRE","title":"Analysis Results of Zeus.Variant.Panda","authors":"Ebach, L","date_accessed":"2018-11-05T00:00:00Z","date_published":"2017-06-22T00:00:00Z","owner_name":null,"tidal_id":"5e500dd2-511e-5d57-b02e-dfca833f6af0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417183Z"},{"id":"836489cd-dd2c-4a0d-8783-c055206131e1","name":"Trend Micro January 12 2026","description":"None Identified. (2026, January 12). Analyzing a a Multi-Stage AsyncRAT Campaign via Managed Detection and Response | Trend Micro (US). Retrieved January 12, 2026.","url":"https://www.trendmicro.com/en_us/research/26/a/analyzing-a-a-multi-stage-asyncrat-campaign-via-mdr.html","source":"Tidal Cyber","title":"Analyzing a a Multi-Stage AsyncRAT Campaign via Managed Detection and Response | Trend Micro (US)","authors":"None Identified","date_accessed":"2026-01-12T12:00:00Z","date_published":"2026-01-12T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"04e4c499-a1d1-5c4f-81bd-e93113c81656","created":"2026-01-14T13:29:43.635307Z","modified":"2026-01-14T13:29:43.797629Z"},{"id":"4e7f573d-f8cc-4538-9f8d-b945f037e46f","name":"jstnk9.github.io June 01 2022","description":"jstnk9.github.io. (2022, June 1). Analyzing AsyncRAT distributed in Colombia | Welcome to Jstnk webpage. Retrieved May 7, 2023.","url":"https://jstnk9.github.io/jstnk9/research/AsyncRAT-Analysis/","source":"Tidal Cyber","title":"Analyzing AsyncRAT distributed in Colombia | Welcome to Jstnk webpage","authors":"jstnk9.github.io","date_accessed":"2023-05-07T00:00:00Z","date_published":"2022-06-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"be472e01-b3f2-558d-a477-42168f9fa626","created":"2023-11-17T17:09:16.469232Z","modified":"2023-11-17T17:09:16.567619Z"},{"id":"f2cb06bc-66d5-4c60-a2a4-74e5a0c23bee","name":"Analyzing CS Dec 2020","description":"Maynier, E. (2020, December 20). Analyzing Cobalt Strike for Fun and Profit. Retrieved October 12, 2021.","url":"https://www.randhome.io/blog/2020/12/20/analyzing-cobalt-strike-for-fun-and-profit/","source":"MITRE","title":"Analyzing Cobalt Strike for Fun and Profit","authors":"Maynier, E","date_accessed":"2021-10-12T00:00:00Z","date_published":"2020-12-20T00:00:00Z","owner_name":null,"tidal_id":"ac87b0c7-950c-53e9-83ee-6c863a4556d3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433168Z"},{"id":"524c4276-1d67-5e8c-a6fb-3aa13bebe513","name":"Securonix Kimsuky February 2025","description":"Den Iuzvyk, Tim Peck. (2025, February 13). Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks. Retrieved August 19, 2025.","url":"https://www.securonix.com/blog/analyzing-deepdrive-north-korean-threat-actors-observed-exploiting-trusted-platforms-for-targeted-attacks/","source":"MITRE","title":"Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks","authors":"Den Iuzvyk, Tim Peck","date_accessed":"2025-08-19T00:00:00Z","date_published":"2025-02-13T00:00:00Z","owner_name":null,"tidal_id":"f912fbda-0058-50cc-a5df-ebcc09762c1e","created":"2025-10-29T21:08:48.167419Z","modified":"2025-12-17T15:08:36.440335Z"},{"id":"c96535be-4859-4ae3-9ba0-d482f1195863","name":"Objective_See 1 4 2024","description":"Objective_See. (2024, January 4). Analyzing DPRK's SpectralBlur. Retrieved March 8, 2024.","url":"https://objective-see.org/blog/blog_0x78.html","source":"Tidal Cyber","title":"Analyzing DPRK's SpectralBlur","authors":"Objective_See","date_accessed":"2024-03-08T00:00:00Z","date_published":"2024-01-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"26e6039c-f88b-5dae-aa89-fa9a483d0c69","created":"2024-06-13T20:10:54.418568Z","modified":"2024-06-13T20:10:54.604617Z"},{"id":"11e51dbf-b982-462c-b19e-f8c48a66ca70","name":"Fortinet Blog February 4 2025","description":"Axelle Apvrille. (2025, February 4). Analyzing ELFSshdinjector.A!tr with a Human and Artificial Analyst . Retrieved February 10, 2025.","url":"https://www.fortinet.com/blog/threat-research/analyzing-elf-sshdinjector-with-a-human-and-artificial-analyst","source":"Tidal Cyber","title":"Analyzing ELFSshdinjector.A!tr with a Human and Artificial Analyst","authors":"Axelle Apvrille","date_accessed":"2025-02-10T00:00:00Z","date_published":"2025-02-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6635492f-a0ca-5ae1-9d0f-03d3488401fe","created":"2025-02-11T18:20:07.029557Z","modified":"2025-02-11T18:20:07.230144Z"},{"id":"050ff793-d81d-499f-a136-905e76bce321","name":"Microsoft Security Blog 4 22 2024","description":"Microsoft Threat Intelligence. (2024, April 22). Analyzing Forest Blizzard's custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials . Retrieved April 22, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/","source":"Tidal Cyber","title":"Analyzing Forest Blizzard's custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials","authors":"Microsoft Threat Intelligence","date_accessed":"2024-04-22T00:00:00Z","date_published":"2024-04-22T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4cb1aa67-a051-5aba-88b9-8100b38c0318","created":"2024-06-13T20:11:00.847951Z","modified":"2024-06-13T20:11:01.031832Z"},{"id":"f6ffb916-ac14-44d1-8566-26bafa06e77b","name":"Uperesia Malicious Office Documents","description":"Felix. (2016, September). Analyzing Malicious Office Documents. Retrieved April 11, 2018.","url":"https://www.uperesia.com/analyzing-malicious-office-documents","source":"MITRE","title":"Analyzing Malicious Office Documents","authors":"Felix","date_accessed":"2018-04-11T00:00:00Z","date_published":"2016-09-01T00:00:00Z","owner_name":null,"tidal_id":"a4465769-7793-5079-99ff-cc7a68cb4537","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431786Z"},{"id":"fd78818b-2d33-4dd8-93a1-4263e8ceeec9","name":"None September 03 2025","description":"None Identified. (2025, September 3). Analyzing NotDoor: Inside APT28’s Expanding Arsenal. Retrieved November 19, 2025.","url":"https://lab52.io/blog/analyzing-notdoor-inside-apt28s-expanding-arsenal/","source":"Tidal Cyber","title":"Analyzing NotDoor: Inside APT28’s Expanding Arsenal","authors":"None Identified","date_accessed":"2025-11-19T12:00:00Z","date_published":"2025-09-03T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"268c1855-2306-512f-b389-ac4c6f41b4bf","created":"2025-11-26T19:37:28.238879Z","modified":"2025-11-26T19:37:28.377193Z"},{"id":"9bc09d8a-d890-473b-a8cf-ea319fcc3462","name":"Unit42 OilRig Nov 2018","description":"Falcone, R., Wilhoit, K.. (2018, November 16). Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery. Retrieved April 23, 2019.","url":"https://unit42.paloaltonetworks.com/unit42-analyzing-oilrigs-ops-tempo-testing-weaponization-delivery/","source":"MITRE","title":"Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery","authors":"Falcone, R., Wilhoit, K.","date_accessed":"2019-04-23T00:00:00Z","date_published":"2018-11-16T00:00:00Z","owner_name":null,"tidal_id":"cebfbd00-0c3a-5481-9f0e-d39a20fc76a9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441094Z"},{"id":"d1cd4f5b-253c-4833-8905-49fb58e7c016","name":"McAfee GhostSecret","description":"Sherstobitoff, R., Malhotra, A. (2018, April 24). Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide. Retrieved May 16, 2018.","url":"https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/","source":"MITRE","title":"Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide","authors":"Sherstobitoff, R., Malhotra, A","date_accessed":"2018-05-16T00:00:00Z","date_published":"2018-04-24T00:00:00Z","owner_name":null,"tidal_id":"1cabf16a-ce81-5324-b45d-f5f5c6a3b998","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416700Z"},{"id":"8c88bc0d-102a-59ff-99e7-0d8a789c08a0","name":"McAfee-GhostSecret-fixurl","description":"Ryan Sherstobitoff. (2018, April 24). Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide. Retrieved August 15, 2024.","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/","source":"MITRE","title":"Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide","authors":"Ryan Sherstobitoff","date_accessed":"2024-08-15T00:00:00Z","date_published":"2018-04-24T00:00:00Z","owner_name":null,"tidal_id":"3ee6cb7d-0400-51b7-b6de-fdf437a01e9f","created":"2024-10-31T16:28:35.703971Z","modified":"2025-12-17T15:08:36.440209Z"},{"id":"8ad72d46-ba2c-426f-bb0d-eb47723c8e11","name":"Microsoft Analyzing Solorigate Dec 2020","description":"MSTIC. (2020, December 18). Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers . Retrieved January 5, 2021.","url":"https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/","source":"MITRE","title":"Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers","authors":"MSTIC","date_accessed":"2021-01-05T00:00:00Z","date_published":"2020-12-18T00:00:00Z","owner_name":null,"tidal_id":"24458a2f-f6e7-5cb2-9da7-04e499d97827","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421178Z"},{"id":"34690978-0a23-5fa7-8349-2828e2af9e5e","name":"MITRE App Vetting Effectiveness","description":"M. Peck, C. Northern. (2016, August 22). Analyzing the Effectiveness of App Vetting Tools in the Enterprise. Retrieved April","url":"https://www.mitre.org/sites/default/files/publications/pr-16-4772-analyzing-effectiveness-mobile-app-vetting-tools-report.pdf","source":"Mobile","title":"Analyzing the Effectiveness of App Vetting Tools in the Enterprise","authors":"M. Peck, C. Northern","date_accessed":"1978-04-01T00:00:00Z","date_published":"2016-08-22T00:00:00Z","owner_name":null,"tidal_id":"f1449305-0379-50fe-9ce6-477913bcadcb","created":"2026-01-28T13:08:10.043950Z","modified":"2026-01-28T13:08:10.043953Z"},{"id":"597459cf-6d62-50ef-91ed-37c74f1ae656","name":"Pincus Emotet 2020","description":"Süleyman Özarslan, PhD; Pincus Security Inc.. (2020, July 14). An Analysis of Emotet Malware: PowerShell Unobfuscation. Retrieved November 25, 2024.","url":"https://medium.com/picus-security/an-analysis-of-emotet-malware-powershell-unobfuscation-4f46b50dcf2b","source":"MITRE","title":"An Analysis of Emotet Malware: PowerShell Unobfuscation","authors":"Süleyman Özarslan, PhD; Pincus Security Inc.","date_accessed":"2024-11-25T00:00:00Z","date_published":"2020-07-14T00:00:00Z","owner_name":null,"tidal_id":"64f1b8eb-1528-52d9-99a4-b75fedafa3d9","created":"2025-04-22T20:47:31.728650Z","modified":"2025-12-17T15:08:36.441898Z"},{"id":"9f7fa262-cede-4f47-94ca-1534c65c86e2","name":"Lastline PlugX Analysis","description":"Vasilenko, R. (2013, December 17). An Analysis of PlugX Malware. Retrieved November 24, 2015.","url":"https://lastline3.rssing.com/chan-29044929/all_p1.html#c29044929a2","source":"MITRE","title":"An Analysis of PlugX Malware","authors":"Vasilenko, R","date_accessed":"2015-11-24T00:00:00Z","date_published":"2013-12-17T00:00:00Z","owner_name":null,"tidal_id":"e8b0283b-b908-5cb5-874e-d12312dd2dc3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419249Z"},{"id":"84f289ce-c7b9-4f67-b6cc-bd058e5e6bcb","name":"TrendMicro Sandworm October 2014","description":"Wu, W. (2014, October 14). An Analysis of Windows Zero-day Vulnerability ‘CVE-2014-4114’ aka “Sandworm”. Retrieved June 18, 2020.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-windows-zero-day-vulnerability-cve-2014-4114-aka-sandworm/","source":"MITRE","title":"An Analysis of Windows Zero-day Vulnerability ‘CVE-2014-4114’ aka “Sandworm”","authors":"Wu, W","date_accessed":"2020-06-18T00:00:00Z","date_published":"2014-10-14T00:00:00Z","owner_name":null,"tidal_id":"ca2ca337-b24a-5ad5-93ad-574637d9eee8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441013Z"},{"id":"d14442d5-2557-4a92-9a29-b15a20752f56","name":"Dragos Crashoverride 2018","description":"Joe Slowik. (2018, October 12). Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE. Retrieved December 18, 2020.","url":"https://www.dragos.com/wp-content/uploads/CRASHOVERRIDE2018.pdf","source":"MITRE","title":"Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE","authors":"Joe Slowik","date_accessed":"2020-12-18T00:00:00Z","date_published":"2018-10-12T00:00:00Z","owner_name":null,"tidal_id":"d0899b42-f589-5774-ad6c-b17d8c3b843d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422094Z"},{"id":"fc99c444-8b27-5ac7-9239-4bf45bdb6f51","name":"Industroyer - Dragos - 201810","description":"Dragos. (2018, October 12). Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE. Retrieved October","url":"https://dragos.com/wp-content/uploads/CRASHOVERRIDE2018.pdf","source":"ICS","title":"Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE","authors":"Dragos","date_accessed":"1978-10-01T00:00:00Z","date_published":"2018-10-12T00:00:00Z","owner_name":null,"tidal_id":"f1d98240-f434-511f-9b5d-6a9337d75926","created":"2026-01-28T13:08:18.177055Z","modified":"2026-01-28T13:08:18.177058Z"},{"id":"5edcf0bf-1cd2-4f22-9d3c-be8eb1befda0","name":"Unit42 BlackSuit October 14 2025","description":"Preston Miller. (2025, October 14). Anatomy of an Attack: The 'BlackSuit Blitz' at a Global Equipment Manufacturer. Retrieved October 22, 2025.","url":"https://unit42.paloaltonetworks.com/anatomy-of-an-attack-blacksuit-ransomware-blitz/","source":"Tidal Cyber","title":"Anatomy of an Attack: The 'BlackSuit Blitz' at a Global Equipment Manufacturer","authors":"Preston Miller","date_accessed":"2025-10-22T12:00:00Z","date_published":"2025-10-14T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"beb2a573-68d3-5520-84e6-95df8428b789","created":"2025-10-24T16:13:07.237899Z","modified":"2025-10-24T16:13:07.381315Z"},{"id":"293c5d41-cd23-5da5-9d2b-754b626bc22a","name":"Anatomy of an hVNC Attack","description":"Keshet, Lior. Kessem, Limor. (2017, January 25). Anatomy of an hVNC Attack. Retrieved November 28, 2023.","url":"https://securityintelligence.com/anatomy-of-an-hvnc-attack/","source":"MITRE","title":"Anatomy of an hVNC Attack","authors":"Keshet, Lior. Kessem, Limor","date_accessed":"2023-11-28T00:00:00Z","date_published":"2017-01-25T00:00:00Z","owner_name":null,"tidal_id":"5f7d6313-87e3-5e06-acb2-2c30ac06e6c9","created":"2024-04-25T13:28:39.788822Z","modified":"2025-12-17T15:08:36.434742Z"},{"id":"4e8fe849-ab1a-4c51-b5eb-16fcd10e8bd0","name":"Syscall 2014","description":"Drysdale, D. (2014, July 16). Anatomy of a system call, part 2. Retrieved June 16, 2020.","url":"https://lwn.net/Articles/604515/","source":"MITRE","title":"Anatomy of a system call, part 2","authors":"Drysdale, D","date_accessed":"2020-06-16T00:00:00Z","date_published":"2014-07-16T00:00:00Z","owner_name":null,"tidal_id":"695f76f4-e333-5c9f-beb1-f8f3a433322b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432856Z"},{"id":"24c80db5-37a7-46ee-b232-f3c3ffb10f0a","name":"SCADAfence_ransomware","description":"Shaked, O. (2020, January 20). Anatomy of a Targeted Ransomware Attack. Retrieved June 18, 2022.","url":"https://cdn.logic-control.com/docs/scadafence/Anatomy-Of-A-Targeted-Ransomware-Attack-WP.pdf","source":"MITRE","title":"Anatomy of a Targeted Ransomware Attack","authors":"Shaked, O","date_accessed":"2022-06-18T00:00:00Z","date_published":"2020-01-20T00:00:00Z","owner_name":null,"tidal_id":"f1102f9f-9bc9-5a68-8161-d7f79fda1cc5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433420Z"},{"id":"d9c6e55b-39b7-4097-8ab2-8b87421ce2f4","name":"ESET IIS Malware 2021","description":"Hromcová, Z., Cherepanov, A. (2021). Anatomy of Native IIS Malware. Retrieved September 9, 2021.","url":"https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Anatomy-Of-Native-Iis-Malware-wp.pdf","source":"MITRE","title":"Anatomy of Native IIS Malware","authors":"Hromcová, Z., Cherepanov, A","date_accessed":"2021-09-09T00:00:00Z","date_published":"2021-01-01T00:00:00Z","owner_name":null,"tidal_id":"c8219d32-76a9-5fcc-aec2-b31d096fcf77","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433717Z"},{"id":"de246d53-385f-44be-bf0f-25a76442b835","name":"Medium Anchor DNS July 2020","description":"Grange, W. (2020, July 13). Anchor_dns malware goes cross platform. Retrieved September 10, 2020.","url":"https://medium.com/stage-2-security/anchor-dns-malware-family-goes-cross-platform-d807ba13ca30","source":"MITRE","title":"Anchor_dns malware goes cross platform","authors":"Grange, W","date_accessed":"2020-09-10T00:00:00Z","date_published":"2020-07-13T00:00:00Z","owner_name":null,"tidal_id":"e906cd23-7982-59cf-8312-a20d1508229f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419052Z"},{"id":"43d9c469-1d54-454b-ba67-74e7f1de9c10","name":"NSA Joint Advisory SVR SolarWinds April 2021","description":"NSA, FBI, DHS. (2021, April 15). Russian SVR Targets U.S. and Allied Networks. Retrieved April 16, 2021.","url":"https://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF","source":"MITRE","title":"and Allied Networks","authors":"NSA, FBI, DHS. (2021, April 15)","date_accessed":"2021-04-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8375aba1-ae79-550a-a691-96ae950a11c5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437561Z"},{"id":"f4efbcb5-494c-40e0-8734-5df1b92ec39c","name":"Kaspersky Andariel Ransomware June 2021","description":"Park, S. (2021, June 15). Andariel evolves to target South Korea with ransomware. Retrieved September 29, 2021.","url":"https://securelist.com/andariel-evolves-to-target-south-korea-with-ransomware/102811/","source":"MITRE","title":"Andariel evolves to target South Korea with ransomware","authors":"Park, S","date_accessed":"2021-09-29T00:00:00Z","date_published":"2021-06-15T00:00:00Z","owner_name":null,"tidal_id":"9c63ffb8-4251-509d-9983-f11ed7c5bba2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441166Z"},{"id":"e35f5a79-e23a-58ea-9401-62aac716cef6","name":"cloudmark_tanglebot_0921","description":"Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February","url":"https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19","source":"Mobile","title":"and Canada with COVID-19 Lures","authors":"Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23)","date_accessed":"1978-02-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2ca225db-e31b-5755-94f9-77ee38cf12d5","created":"2026-01-28T13:08:10.040803Z","modified":"2026-01-28T13:08:10.040806Z"},{"id":"c4dba764-d864-59bf-a80d-f1263bc904e4","name":"CISA GRU29155 2024","description":"US Cybersecurity & Infrastructure Security Agency et al. (2024, September 5). Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure. Retrieved September 6, 2024.","url":"https://www.cisa.gov/sites/default/files/2024-09/aa24-249a-russian-military-cyber-actors-target-us-and-global-critical-infrastructure.pdf","source":"MITRE","title":"and Global Critical Infrastructure","authors":"US Cybersecurity & Infrastructure Security Agency et al. (2024, September 5)","date_accessed":"2024-09-06T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"24732a22-3ce5-5f16-af25-5420650c43c5","created":"2024-10-31T16:28:30.972372Z","modified":"2025-12-17T15:08:36.437872Z"},{"id":"f58983c7-7b58-5aba-b707-474ff564e6c2","name":"Android 10 Limitations to Hiding App Icons","description":"Android. (n.d.). Android 10 Release Notes: Limitations to hiding app icons. Retrieved March","url":"https://source.android.com/setup/start/android-10-release#limitations_to_hiding_app_icons","source":"Mobile","title":"Android 10 Release Notes: Limitations to hiding app icons","authors":"Android","date_accessed":"1978-03-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a029e9a9-78a9-5223-9d45-ca6f53c85c62","created":"2026-01-28T13:08:10.046538Z","modified":"2026-01-28T13:08:10.046541Z"},{"id":"9f9abad5-6d7c-5d9f-aa06-a03bdd8b0110","name":"StackOverflow-getRunningAppProcesses","description":"Various. (n.d.). Android 5.1.1 and above - getRunningAppProcesses() returns my application package only. Retrieved January","url":"http://stackoverflow.com/questions/30619349/android-5-1-1-and-above-getrunningappprocesses-returns-my-application-packag","source":"Mobile","title":"Android 5.1.1 and above - getRunningAppProcesses() returns my application package only","authors":"Various","date_accessed":"1978-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b228b3b3-4086-5292-89dd-eab1157d25de","created":"2026-01-28T13:08:10.043823Z","modified":"2026-01-28T13:08:10.043826Z"},{"id":"953e6e26-4bee-5e90-aae4-e8061c45f828","name":"Android Capture Sensor 2019","description":"Android Developers. (, January). Android 9+ Privacy Changes . Retrieved August","url":"https://developer.android.com/about/versions/pie/android-9.0-changes-all#bg-sensor-access","source":"Mobile","title":"Android 9+ Privacy Changes","authors":"Android Developers","date_accessed":"1978-08-01T00:00:00Z","date_published":"1978-01-01T00:00:00Z","owner_name":null,"tidal_id":"4cf17a2b-4d99-57da-ad51-369690f0b282","created":"2026-01-28T13:08:10.047509Z","modified":"2026-01-28T13:08:10.047514Z"},{"id":"5b9a25f9-19e0-5b4f-b1ca-7d577364bed0","name":"Google_AndroidAcsOverview","description":"Google. (n.d.). Android accessibility overview. Retrieved April","url":"https://support.google.com/accessibility/android/answer/6006564?hl=en&ref_topic=6007234&sjid=9936713164149272548-NA","source":"Mobile","title":"Android accessibility overview","authors":"Google","date_accessed":"1978-04-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"74033d8c-d7fa-515d-a2eb-466f6282b052","created":"2026-01-28T13:08:10.043119Z","modified":"2026-01-28T13:08:10.043123Z"},{"id":"ecaccb06-e820-5d54-96e4-f47e58929c90","name":"EkbergTEE","description":"Jan-Erik Ekberg. (2015, September 10). Android and trusted execution environments. Retrieved December","url":"https://usmile.at/symposium/program/2015/ekberg","source":"Mobile","title":"Android and trusted execution environments","authors":"Jan-Erik Ekberg","date_accessed":"1978-12-01T00:00:00Z","date_published":"2015-09-10T00:00:00Z","owner_name":null,"tidal_id":"d2415a8b-479a-568f-a5f0-35d0194a094e","created":"2026-01-28T13:08:10.046438Z","modified":"2026-01-28T13:08:10.046441Z"},{"id":"75ce3848-3dd8-52b9-b806-c6e22244c8ab","name":"Github Anti-emulator","description":"Tim Strazzere. (n.d.). Android Anti-Emulator. Retrieved October","url":"https://github.com/strazzere/anti-emulator","source":"Mobile","title":"Android Anti-Emulator","authors":"Tim Strazzere","date_accessed":"1978-10-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3c3e3a1a-e061-5278-afa6-843db00a50ea","created":"2026-01-28T13:08:10.044816Z","modified":"2026-01-28T13:08:10.044819Z"},{"id":"42349417-8ed6-50c9-bc9d-4333b9c4bc55","name":"welivesecurity_ahrat_0523","description":"Lukas Stefanko. (2023, May 23). Android app breaking bad: From legitimate screen recording to file exfiltration within a year. Retrieved December","url":"https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/","source":"Mobile","title":"Android app breaking bad: From legitimate screen recording to file exfiltration within a year","authors":"Lukas Stefanko","date_accessed":"1978-12-01T00:00:00Z","date_published":"2023-05-23T00:00:00Z","owner_name":null,"tidal_id":"f1930973-57f5-5564-975d-dfb4681b180c","created":"2026-01-28T13:08:10.039818Z","modified":"2026-01-28T13:08:10.039822Z"},{"id":"468fe4c9-4956-5d72-9a6c-23190941eba7","name":"android_app_breaking_bad","description":"Stefanko, L. (2023, May 23). Android app breaking bad: From legitimate screen recording to file exfiltration within a year. Retrieved August","url":"https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/","source":"Mobile","title":"Android app breaking bad: From legitimate screen recording to file exfiltration within a year","authors":"Stefanko, L","date_accessed":"1978-08-01T00:00:00Z","date_published":"2023-05-23T00:00:00Z","owner_name":null,"tidal_id":"42189d4c-aef5-589a-9c70-20e3ff65c739","created":"2026-01-28T13:08:10.043266Z","modified":"2026-01-28T13:08:10.043269Z"},{"id":"29d548ed-6147-5b67-81da-8acaa64e5935","name":"sophos_android_apt_spyware","description":"Kohli, P. (2021, November 23). Android APT spyware, targeting Middle East victims, enhances evasiveness. Retrieved November","url":"https://web.archive.org/web/20231208015605/https:/news.sophos.com/en-us/2021/11/23/android-apt-spyware-targeting-middle-east-victims-improves-its-capabilities/","source":"Mobile","title":"Android APT spyware, targeting Middle East victims, enhances evasiveness","authors":"Kohli, P","date_accessed":"1978-11-01T00:00:00Z","date_published":"2021-11-23T00:00:00Z","owner_name":null,"tidal_id":"a55111ff-c24c-550a-bb59-99079a3d412c","created":"2026-01-28T13:08:10.047018Z","modified":"2026-01-28T13:08:10.047021Z"},{"id":"305c201b-ccc6-4e28-a1cb-97ca697bb214","name":"Sophos X-Ops C-23","description":"Pankaj Kohli. (2021, November 23). Android APT spyware, targeting Middle East victims, enhances evasiveness. Retrieved October 30, 2023.","url":"https://news.sophos.com/en-us/2021/11/23/android-apt-spyware-targeting-middle-east-victims-improves-its-capabilities/","source":"Tidal Cyber","title":"Android APT spyware, targeting Middle East victims, enhances evasiveness","authors":"Pankaj Kohli","date_accessed":"2023-10-30T00:00:00Z","date_published":"2021-11-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0d9b94a2-7b67-5b66-8ec7-c4c4f1b45198","created":"2024-04-25T14:10:44.619427Z","modified":"2024-04-25T14:10:44.846371Z"},{"id":"4a971a76-ed4e-5a64-84e0-eef3955b3f15","name":"ThreatFabric_Chameleon_Dec2023","description":"ThreatFabric. (2023, December 21). Android Banking Trojan Chameleon can now bypass any Biometric Authentication. Retrieved July","url":"https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action","source":"Mobile","title":"Android Banking Trojan Chameleon can now bypass any Biometric Authentication","authors":"ThreatFabric","date_accessed":"1978-07-01T00:00:00Z","date_published":"2023-12-21T00:00:00Z","owner_name":null,"tidal_id":"a104303c-4bb0-52f6-8f91-06c97a40ed53","created":"2026-01-28T13:08:10.039972Z","modified":"2026-01-28T13:08:10.039975Z"},{"id":"76ebf733-eddf-5161-ac5d-1e15f2c86ba4","name":"Dr.Webb Clipboard Modification origin August 2018","description":"Dr.Webb. (2018, August 8). Android.Clipper.1.origin. Retrieved July","url":"https://vms.drweb.com/virus/?i=17517750","source":"Mobile","title":"Android.Clipper.1.origin","authors":"Dr.Webb","date_accessed":"1978-07-01T00:00:00Z","date_published":"2018-08-08T00:00:00Z","owner_name":null,"tidal_id":"b95854b4-f4cb-57d0-86cd-c8b46028d071","created":"2026-01-28T13:08:10.046338Z","modified":"2026-01-28T13:08:10.046341Z"},{"id":"1fafaeab-d859-55aa-abbc-b8fa0da0c36a","name":"Dr.Webb Clipboard Modification origin2 August 2018","description":"Dr.Webb. (2018, August 8). Android.Clipper.2.origin. Retrieved July","url":"https://vms.drweb.com/virus/?i=17517761","source":"Mobile","title":"Android.Clipper.2.origin","authors":"Dr.Webb","date_accessed":"1978-07-01T00:00:00Z","date_published":"2018-08-08T00:00:00Z","owner_name":null,"tidal_id":"73efaafe-467d-551c-815b-53e9da807dba","created":"2026-01-28T13:08:10.046363Z","modified":"2026-01-28T13:08:10.046366Z"},{"id":"84ec39d1-0867-5539-a366-86c7e0aedaf6","name":"Android ScreenCap2 2019","description":"Android Developers. (n.d.). Android Debug Bridge (adb). Retrieved August","url":"https://developer.android.com/studio/command-line/adb","source":"Mobile","title":"Android Debug Bridge (adb)","authors":"Android Developers","date_accessed":"1978-08-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e0f50282-716c-538a-aa82-eb353bbe38c8","created":"2026-01-28T13:08:10.044541Z","modified":"2026-01-28T13:08:10.044544Z"},{"id":"af1bef76-cf48-5630-8341-6c5024cdb43e","name":"Sophos Anti-emulation","description":"Chen Yu et al. . (2017, April 13). Android malware anti-emulation techniques. Retrieved October","url":"https://news.sophos.com/en-us/2017/04/13/android-malware-anti-emulation-techniques/","source":"Mobile","title":"Android malware anti-emulation techniques","authors":"Chen Yu et al.","date_accessed":"1978-10-01T00:00:00Z","date_published":"2017-04-13T00:00:00Z","owner_name":null,"tidal_id":"0d155efe-47ef-5538-8552-45e6dffce04a","created":"2026-01-28T13:08:10.044767Z","modified":"2026-01-28T13:08:10.044770Z"},{"id":"b0e335c3-93de-5fe1-a428-3ca1e8694fb3","name":"Bleeipng Computer Escobar","description":"B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September","url":"https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/","source":"Mobile","title":"Android malware Escobar steals your Google Authenticator MFA codes","authors":"B. Toulas","date_accessed":"1978-09-01T00:00:00Z","date_published":"2022-03-12T00:00:00Z","owner_name":null,"tidal_id":"fb828d95-f7fd-552c-b190-4bbdbdca33e9","created":"2026-01-28T13:08:10.042102Z","modified":"2026-01-28T13:08:10.042105Z"},{"id":"79153d4a-83c2-55a9-a8af-8bca13341675","name":"TrendMicro-Anserver","description":"Karl Dominguez. (2011, October 2). Android Malware Uses Blog Posts as C&C. Retrieved February","url":"http://blog.trendmicro.com/trendlabs-security-intelligence/android-malware-uses-blog-posts-as-cc/","source":"Mobile","title":"Android Malware Uses Blog Posts as C&C","authors":"Karl Dominguez","date_accessed":"1978-02-01T00:00:00Z","date_published":"2011-10-02T00:00:00Z","owner_name":null,"tidal_id":"25c6804d-5f23-58c0-b32c-ee2b0b346eee","created":"2026-01-28T13:08:10.040469Z","modified":"2026-01-28T13:08:10.040472Z"},{"id":"e048c445-8fc3-5643-8d50-11d7ac7efea2","name":"Android ScreenCap1 2019","description":"Android Developers. (n.d.). Android MediaProjectionManager. Retrieved August","url":"https://developer.android.com/reference/android/media/projection/MediaProjectionManager","source":"Mobile","title":"Android MediaProjectionManager","authors":"Android Developers","date_accessed":"1978-08-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"62dd14c1-6173-5065-a914-8a8b315066c9","created":"2026-01-28T13:08:10.044565Z","modified":"2026-01-28T13:08:10.044568Z"},{"id":"8ac98a13-8547-5607-9695-81bf6383c747","name":"TrendMicro-Anserver2","description":"Karl Dominguez. (2011, September 27). ANDROIDOS_ANSERVER.A. Retrieved November","url":"https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ANDROIDOS_ANSERVER.A","source":"Mobile","title":"ANDROIDOS_ANSERVER.A","authors":"Karl Dominguez","date_accessed":"1978-11-01T00:00:00Z","date_published":"2011-09-27T00:00:00Z","owner_name":null,"tidal_id":"20a71f10-63f5-57fa-969b-8169f6811946","created":"2026-01-28T13:08:10.047715Z","modified":"2026-01-28T13:08:10.047718Z"},{"id":"b6f42b6b-fda8-51da-85e5-222ab31c1798","name":"threatpost AndroidSpyware 2020","description":"O'Donnell, L. (2020, September 30). Android Spyware Variant Snoops on WhatsApp, Telegram Messages. Retrieved January","url":"https://threatpost.com/new-android-spyware-whatsapp-telegram/159694/","source":"Mobile","title":"Android Spyware Variant Snoops on WhatsApp, Telegram Messages","authors":"O'Donnell, L","date_accessed":"1978-01-01T00:00:00Z","date_published":"2020-09-30T00:00:00Z","owner_name":null,"tidal_id":"e6301ba1-1acd-5537-9ff6-7fa768340149","created":"2026-01-28T13:08:10.047223Z","modified":"2026-01-28T13:08:10.047226Z"},{"id":"bf28b340-ffba-5a14-b84d-f9f65ab84945","name":"Kaspersky-WUC","description":"Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December","url":"https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/","source":"Mobile","title":"Android Trojan Found in Targeted Attack","authors":"Costin Raiu, Denis Maslennikov, Kurt Baumgartner","date_accessed":"1978-12-01T00:00:00Z","date_published":"2013-03-26T00:00:00Z","owner_name":null,"tidal_id":"eba74fdd-ea9b-5c9e-9828-3c2447bd5c39","created":"2026-01-28T13:08:10.041846Z","modified":"2026-01-28T13:08:10.041849Z"},{"id":"e5cece87-7af0-5cfa-8df0-817be66024e0","name":"android-trojan-steals-paypal-2fa","description":"Lukáš Štefanko. (2018, December 11). Android Trojan steals money from PayPal accounts even with 2FA on. Retrieved July","url":"https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/","source":"Mobile","title":"Android Trojan steals money from PayPal accounts even with 2FA on","authors":"Lukáš Štefanko","date_accessed":"1978-07-01T00:00:00Z","date_published":"2018-12-11T00:00:00Z","owner_name":null,"tidal_id":"123c281e-2dfe-5011-94ce-e099d18affc4","created":"2026-01-28T13:08:10.044025Z","modified":"2026-01-28T13:08:10.044028Z"},{"id":"f8730227-6c17-51a2-bf31-a0f48e4abfce","name":"Tripwire-MazarBOT","description":"Graham Cluley. (2016, February 16). Android users warned of malware attack spreading via SMS. Retrieved December","url":"https://www.tripwire.com/state-of-security/security-data-protection/android-malware-sms/","source":"Mobile","title":"Android users warned of malware attack spreading via SMS","authors":"Graham Cluley","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-02-16T00:00:00Z","owner_name":null,"tidal_id":"8fd2086b-64a0-5936-a17e-cc11cf9bc371","created":"2026-01-28T13:08:10.040701Z","modified":"2026-01-28T13:08:10.040704Z"},{"id":"fe249e30-0917-5229-bdb1-7474d41396de","name":"Android AVF Overview","description":"Android Open Source Project. (n.d.). Android Virtualization Framework (AVF) overview. Retrieved February","url":"https://source.android.com/docs/core/virtualization","source":"Mobile","title":"Android Virtualization Framework (AVF) overview","authors":"Android Open Source Project","date_accessed":"1978-02-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4af415d3-fb66-55fb-9039-3a78f187af08","created":"2026-01-28T13:08:10.044963Z","modified":"2026-01-28T13:08:10.044966Z"},{"id":"570c72da-928d-5fb8-ae48-7baef0f51fa3","name":"IBM-NexusUSB","description":"Roee Hay. (2017, January 5). Android Vulnerabilities: Attacking Nexus 6 and 6P Custom Boot Modes. Retrieved January","url":"https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/","source":"Mobile","title":"Android Vulnerabilities: Attacking Nexus 6 and 6P Custom Boot Modes","authors":"Roee Hay","date_accessed":"1978-01-01T00:00:00Z","date_published":"2017-01-05T00:00:00Z","owner_name":null,"tidal_id":"69fcfa65-1a1f-58bf-b5ef-a4d2afe810ed","created":"2026-01-28T13:08:10.044367Z","modified":"2026-01-28T13:08:10.044370Z"},{"id":"35d176e7-605b-5419-b0be-b6db2e1ea8ff","name":"github_androrat","description":"The404Hacking. (n.d.). AndroRAT. Retrieved November","url":"https://web.archive.org/web/20221013124327/https:/github.com/The404Hacking/AndroRAT","source":"Mobile","title":"AndroRAT","authors":"The404Hacking","date_accessed":"1978-11-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"97f943dc-c7d4-5d88-ade6-c0ea32837313","created":"2026-01-28T13:08:10.041397Z","modified":"2026-01-28T13:08:10.041400Z"},{"id":"30849319-b664-5257-9634-b3f9de1bc793","name":"Google XLoader 2017","description":"Nart Villeneuve, Randi Eitzman, Sandor Nemes & Tyler Dean, Google Cloud. (2017, October 5). Significant FormBook Distribution Campaigns Impacting the U.S. and South Korea. Retrieved March 11, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/formbook-malware-distribution-campaigns/","source":"MITRE","title":"and South Korea","authors":"Nart Villeneuve, Randi Eitzman, Sandor Nemes & Tyler Dean, Google Cloud. (2017, October 5)","date_accessed":"2025-03-11T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ea5067a8-ab12-5c0c-b7bc-d6516bf51211","created":"2025-04-22T20:47:28.103446Z","modified":"2025-12-17T15:08:36.420721Z"},{"id":"bcce85e3-1dc4-594c-99c4-d55df99f893f","name":"Andy Greenburg June 2019","description":"Andy Greenburg 2019, June 20 Iranian Hackers Launch a New US-Targeted Campaign as Tensions Mount. Retrieved 2020/01/03","url":"https://www.wired.com/story/iran-hackers-us-phishing-tensions/","source":"ICS","title":"Andy Greenburg June 2019","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2af8b83b-4c3b-5c6a-9cf1-91a05eb64026","created":"2026-01-28T13:08:18.179058Z","modified":"2026-01-28T13:08:18.179061Z"},{"id":"8eef2b68-f932-4cba-8646-bff9a7848532","name":"RFC826 ARP","description":"Plummer, D. (1982, November). An Ethernet Address Resolution Protocol. Retrieved October 15, 2020.","url":"https://tools.ietf.org/html/rfc826","source":"MITRE","title":"An Ethernet Address Resolution Protocol","authors":"Plummer, D","date_accessed":"2020-10-15T00:00:00Z","date_published":"1982-11-01T00:00:00Z","owner_name":null,"tidal_id":"221cdedf-9faf-5d47-8c60-da6561c596a4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434661Z"},{"id":"022bb231-6d04-5922-a389-e692c8a2e620","name":"threatfabric_sova_0921","description":"ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February","url":"https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html","source":"Mobile","title":"- A new Android Banking trojan with fowl intentions","authors":"ThreatFabric. (2021, September 9)","date_accessed":"1978-02-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ef4e6db9-ddc5-5731-b99f-c16934f9cb2e","created":"2026-01-28T13:08:10.040444Z","modified":"2026-01-28T13:08:10.040447Z"},{"id":"48d5ec83-f1b9-595c-bb9a-d6d5cc513a41","name":"HP SVCReady Jun 2022","description":"Schlapfer, Patrick. (2022, June 6). A New Loader Gets Ready. Retrieved December 13, 2022.","url":"https://threatresearch.ext.hp.com/svcready-a-new-loader-reveals-itself/","source":"MITRE","title":"A New Loader Gets Ready","authors":"Schlapfer, Patrick","date_accessed":"2022-12-13T00:00:00Z","date_published":"2022-06-06T00:00:00Z","owner_name":null,"tidal_id":"89d44be1-e3e5-5cdb-89e7-872182beded3","created":"2023-05-26T01:21:16.261167Z","modified":"2025-12-17T15:08:36.419478Z"},{"id":"03eb080d-0b83-5cbb-9317-c50b35996c9b","name":"SecureList Fileless","description":"Legezo, D. (2022, May 4). A new secret stash for “fileless” malware. Retrieved March 23, 2023.","url":"https://securelist.com/a-new-secret-stash-for-fileless-malware/106393/","source":"MITRE","title":"A new secret stash for “fileless” malware","authors":"Legezo, D","date_accessed":"2023-03-23T00:00:00Z","date_published":"2022-05-04T00:00:00Z","owner_name":null,"tidal_id":"fe186d98-7084-5e4e-8bfd-ac80cbc69232","created":"2023-05-26T01:21:00.442457Z","modified":"2025-12-17T15:08:36.423853Z"},{"id":"eb6d4f77-ac63-4cb8-8487-20f9e709334b","name":"ESET Ebury Feb 2014","description":"M.Léveillé, M.. (2014, February 21). An In-depth Analysis of Linux/Ebury. Retrieved April 19, 2019.","url":"https://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/","source":"MITRE","title":"An In-depth Analysis of Linux/Ebury","authors":"M.Léveillé, M.","date_accessed":"2019-04-19T00:00:00Z","date_published":"2014-02-21T00:00:00Z","owner_name":null,"tidal_id":"8a67fa48-baa7-5d0a-9839-f5ef892e4e0c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421773Z"},{"id":"39384c7a-3032-4b45-a5eb-8ebe7de22aa2","name":"Welivesecurity Ebury SSH","description":"M.Léveillé, M. (2014, February 21). An In-depth Analysis of Linux/Ebury. Retrieved January 8, 2018.","url":"https://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/","source":"MITRE","title":"An In-depth Analysis of Linux/Ebury","authors":"M.Léveillé, M","date_accessed":"2018-01-08T00:00:00Z","date_published":"2014-02-21T00:00:00Z","owner_name":null,"tidal_id":"f7438a44-7884-5092-aaa7-aff1e2b9c028","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434223Z"},{"id":"31c2ef62-2852-5418-9d52-2479a3a619d0","name":"Avertium Black Basta June 2022","description":"Avertium. (2022, June 1). AN IN-DEPTH LOOK AT BLACK BASTA RANSOMWARE. Retrieved March 7, 2023.","url":"https://www.avertium.com/resources/threat-reports/in-depth-look-at-black-basta-ransomware","source":"MITRE","title":"AN IN-DEPTH LOOK AT BLACK BASTA RANSOMWARE","authors":"Avertium","date_accessed":"2023-03-07T00:00:00Z","date_published":"2022-06-01T00:00:00Z","owner_name":null,"tidal_id":"321c1dd6-260a-5585-8369-d1813f95cfb5","created":"2023-05-26T01:21:16.603103Z","modified":"2025-12-17T15:08:36.420267Z"},{"id":"a93bb707-e8c0-5838-9f1e-5f471795d5a9","name":"Avertium Storm-0501 Sabbath Ransomware Arcane January 2022","description":"Avertium. (2022, January 11). An In-Depth Look at Ransomware Gang, Sabbath. Retrieved October 19, 2025.","url":"https://www.avertium.com/resources/threat-reports/in-depth-look-at-sabbath-ransomware-gang","source":"MITRE","title":"An In-Depth Look at Ransomware Gang, Sabbath","authors":"Avertium","date_accessed":"2025-10-19T00:00:00Z","date_published":"2022-01-11T00:00:00Z","owner_name":null,"tidal_id":"21437543-302c-5d80-914c-d31732f7a356","created":"2025-10-29T21:08:48.166972Z","modified":"2025-12-17T15:08:36.438705Z"},{"id":"827f6805-be84-541b-b7de-6b6bffe09bbd","name":"Thomas-TrustZone","description":"Josh Thomas and Charles Holmes. (2015, September). An infestation of dragons: Exploring vulnerabilities in the ARM TrustZone architecture. Retrieved December","url":"https://usmile.at/symposium/program/2015/thomas-holmes","source":"Mobile","title":"An infestation of dragons: Exploring vulnerabilities in the ARM TrustZone architecture","authors":"Josh Thomas and Charles Holmes","date_accessed":"1978-12-01T00:00:00Z","date_published":"2015-09-01T00:00:00Z","owner_name":null,"tidal_id":"0f4e9676-0335-55fd-a43f-de41691a18e9","created":"2026-01-28T13:08:10.046463Z","modified":"2026-01-28T13:08:10.046466Z"},{"id":"689dfe75-9c06-4438-86fa-5fbbb09f0fe7","name":"Myers 2007","description":"Myers, M., and Youndt, S. (2007). An Introduction to Hardware-Assisted Virtual Machine (HVM) Rootkits. Retrieved November 13, 2014.","url":"http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.90.8832&rep=rep1&type=pdf","source":"MITRE","title":"An Introduction to Hardware-Assisted Virtual Machine (HVM) Rootkits","authors":"Myers, M., and Youndt, S","date_accessed":"2014-11-13T00:00:00Z","date_published":"2007-01-01T00:00:00Z","owner_name":null,"tidal_id":"fbb53043-462d-5a85-aac6-8daf57ddd3b2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429160Z"},{"id":"091aa85d-7d30-4800-9b2d-97f96d257798","name":"Linux Services Run Levels","description":"The Linux Foundation. (2006, January 11). An introduction to services, runlevels, and rc.d scripts. Retrieved September 28, 2021.","url":"https://www.linux.com/news/introduction-services-runlevels-and-rcd-scripts/","source":"MITRE","title":"An introduction to services, runlevels, and rc.d scripts","authors":"The Linux Foundation","date_accessed":"2021-09-28T00:00:00Z","date_published":"2006-01-11T00:00:00Z","owner_name":null,"tidal_id":"6f4b8eff-4628-5ade-bef2-cde85a66afbd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437257Z"},{"id":"b921567d-1d36-57a7-abcd-514bf21446bb","name":"Google-Chrysaor","description":"Rich Cannings et al. (2017, April 3). An investigation of Chrysaor Malware on Android. Retrieved April","url":"https://android-developers.googleblog.com/2017/04/an-investigation-of-chrysaor-malware-on.html","source":"Mobile","title":"An investigation of Chrysaor Malware on Android","authors":"Rich Cannings et al","date_accessed":"1978-04-01T00:00:00Z","date_published":"2017-04-03T00:00:00Z","owner_name":null,"tidal_id":"f0752fc8-7c9b-5245-baf0-c0331f92035e","created":"2026-01-28T13:08:10.041113Z","modified":"2026-01-28T13:08:10.041116Z"},{"id":"a04d89b1-3334-4d96-8c45-bb88f396e036","name":"Trend Micro BlackCat April 18 2022","description":"Lucas Silva, Leandro Froes. (2022, April 18). An Investigation of the BlackCat Ransomware via Trend Micro Vision One. Retrieved February 20, 2025.","url":"https://www.trendmicro.com/en_us/research/22/d/an-investigation-of-the-blackcat-ransomware.html","source":"Tidal Cyber","title":"An Investigation of the BlackCat Ransomware via Trend Micro Vision One","authors":"Lucas Silva, Leandro Froes","date_accessed":"2025-02-20T00:00:00Z","date_published":"2022-04-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fea0c1cc-4b02-5da9-969a-fcb2588b9001","created":"2025-02-24T20:28:32.538976Z","modified":"2025-02-24T20:28:33.099542Z"},{"id":"a8f04ece-adbd-4319-b62f-2554d287a61e","name":"Trend Micro September 04 2025","description":"None Identified. (2025, September 4). An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via Cracked Apps | Trend Micro (US). Retrieved December 15, 2025.","url":"https://www.trendmicro.com/en_us/research/25/i/an-mdr-analysis-of-the-amos-stealer-campaign.html","source":"Tidal Cyber","title":"An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via Cracked Apps | Trend Micro (US)","authors":"None Identified","date_accessed":"2025-12-15T12:00:00Z","date_published":"2025-09-04T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3d0c719a-abd0-500e-be58-fd3fabf7739c","created":"2025-12-17T14:17:43.819537Z","modified":"2025-12-17T14:17:43.976551Z"},{"id":"f1d28b91-a529-439d-9548-c597baa245d4","name":"Anomali Pirate Panda April 2020","description":"Moore, S. et al. (2020, April 30). Anomali Suspects that China-Backed APT Pirate Panda May Be Seeking Access to Vietnam Government Data Center. Retrieved May 19, 2020.","url":"https://www.anomali.com/blog/anomali-suspects-that-china-backed-apt-pirate-panda-may-be-seeking-access-to-vietnam-government-data-center#When:15:00:00Z","source":"MITRE","title":"Anomali Suspects that China-Backed APT Pirate Panda May Be Seeking Access to Vietnam Government Data Center","authors":"Moore, S. et al","date_accessed":"2020-05-19T00:00:00Z","date_published":"2020-04-30T00:00:00Z","owner_name":null,"tidal_id":"faa73043-2fcc-5b63-bfe0-6373d46939aa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440235Z"},{"id":"f868f5fa-df66-435f-8b32-d58e4785e46c","name":"AnonGhost Team Profile","description":"ADL. (2015, July 6). AnonGhost Team. Retrieved October 10, 2023.","url":"https://www.adl.org/resources/profile/anonghost-team","source":"Tidal Cyber","title":"AnonGhost Team","authors":"ADL","date_accessed":"2023-10-10T00:00:00Z","date_published":"2015-07-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"91ba6664-bfe9-5f53-99d7-febf5ab76b9e","created":"2023-10-10T20:48:43.249959Z","modified":"2023-10-10T20:48:43.455338Z"},{"id":"19ab02ea-883f-441c-bebf-4be64855374a","name":"AnonHBGary","description":"Bright, P. (2011, February 15). Anonymous speaks: the inside story of the HBGary hack. Retrieved March 9, 2017.","url":"https://arstechnica.com/tech-policy/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack/","source":"MITRE","title":"Anonymous speaks: the inside story of the HBGary hack","authors":"Bright, P","date_accessed":"2017-03-09T00:00:00Z","date_published":"2011-02-15T00:00:00Z","owner_name":null,"tidal_id":"32384d8f-1a18-5e77-8403-a57acfd72a63","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426426Z"},{"id":"e1f48b82-07b0-4d68-92ed-2aa27db6702a","name":"Google Cloud Blog 09 24 2025","description":"Sarah Yoder, John Wolfram, Ashley Pearson, Doug Bienstock, Josh Madeley, Josh Murchie, Brad Slaybaugh, Matt Lin, Geoff Carstairs, Austin Larsen. (2025, September 24). Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors | Google Cloud Blog. Retrieved September 29, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign","source":"Tidal Cyber","title":"Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors | Google Cloud Blog","authors":"Sarah Yoder, John Wolfram, Ashley Pearson, Doug Bienstock, Josh Madeley, Josh Murchie, Brad Slaybaugh, Matt Lin, Geoff Carstairs, Austin Larsen","date_accessed":"2025-09-29T12:00:00Z","date_published":"2025-09-24T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"11399798-a553-5050-8d0d-ba9cec95519b","created":"2025-10-07T14:06:54.093256Z","modified":"2025-10-07T14:06:54.244293Z"},{"id":"e89e3825-85df-45cf-b309-e449afed0288","name":"Fortinet Metamorfo Feb 2020","description":"Zhang, X. (2020, February 4). Another Metamorfo Variant Targeting Customers of Financial Institutions in More Countries. Retrieved July 30, 2020.","url":"https://www.fortinet.com/blog/threat-research/another-metamorfo-variant-targeting-customers-of-financial-institutions","source":"MITRE","title":"Another Metamorfo Variant Targeting Customers of Financial Institutions in More Countries","authors":"Zhang, X","date_accessed":"2020-07-30T00:00:00Z","date_published":"2020-02-04T00:00:00Z","owner_name":null,"tidal_id":"4453edd1-2918-5047-8c1c-c31c4c0224a3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440248Z"},{"id":"b2c415e4-edbe-47fe-9820-b968114f81f0","name":"MuddyWater TrendMicro June 2018","description":"Villanueva, M., Co, M. (2018, June 14). Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor. Retrieved July 3, 2018.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/another-potential-muddywater-campaign-uses-powershell-based-prb-backdoor/","source":"MITRE","title":"Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor","authors":"Villanueva, M., Co, M","date_accessed":"2018-07-03T00:00:00Z","date_published":"2018-06-14T00:00:00Z","owner_name":null,"tidal_id":"1bd4ed9d-13c7-5390-826b-905e6ca85b8b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441587Z"},{"id":"5f85cc74-19d6-48f0-a4e8-98689674935a","name":"www.tamilguardian.com April 26 2022","description":"None Identified. (2022, April 26). Another Sri Lankan government website hacked by ‘Tamil Eelam Cyber Force’ | Tamil Guardian . Retrieved January 20, 2026.","url":"https://www.tamilguardian.com/content/another-sri-lankan-government-website-hacked-tamil-eelam-cyber-force","source":"Tidal Cyber","title":"Another Sri Lankan government website hacked by ‘Tamil Eelam Cyber Force’ | Tamil Guardian","authors":"None Identified","date_accessed":"2026-01-20T12:00:00Z","date_published":"2022-04-26T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1e1431dd-a7af-5adf-ad51-304800ef7883","created":"2026-01-23T20:29:37.614991Z","modified":"2026-01-23T20:29:37.748448Z"},{"id":"800363c1-60df-47e7-8ded-c0f4b6e758f4","name":"AlienVault Sykipot 2011","description":"Blasco, J. (2011, December 12). Another Sykipot sample likely targeting US federal agencies. Retrieved March 28, 2016.","url":"https://www.alienvault.com/open-threat-exchange/blog/another-sykipot-sample-likely-targeting-us-federal-agencies","source":"MITRE","title":"Another Sykipot sample likely targeting US federal agencies","authors":"Blasco, J","date_accessed":"2016-03-28T00:00:00Z","date_published":"2011-12-12T00:00:00Z","owner_name":null,"tidal_id":"6254ed58-505b-5474-9cad-c1dada50496e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440145Z"},{"id":"095a705f-810b-4c4f-90ce-016117a5b4b6","name":"RiskIQ Newegg September 2018","description":"Klijnsma, Y. (2018, September 19). Another Victim of the Magecart Assault Emerges: Newegg. Retrieved September 9, 2020.","url":"https://web.archive.org/web/20181209083100/https://www.riskiq.com/blog/labs/magecart-newegg/","source":"MITRE","title":"Another Victim of the Magecart Assault Emerges: Newegg","authors":"Klijnsma, Y","date_accessed":"2020-09-09T00:00:00Z","date_published":"2018-09-19T00:00:00Z","owner_name":null,"tidal_id":"e2e6c392-3e20-512d-90f4-f8303a64eb6f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441525Z"},{"id":"4a1ffc4e-adbc-5347-ae82-3b311c4dcf6a","name":"Socket HexEval BeaverTail Contagious Interview June 2025","description":"Kirill Boychenko. (2025, June 25). Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages. Retrieved October 19, 2025.","url":"https://socket.dev/blog/north-korean-contagious-interview-campaign-drops-35-new-malicious-npm-packages","source":"MITRE","title":"Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages","authors":"Kirill Boychenko","date_accessed":"2025-10-19T00:00:00Z","date_published":"2025-06-25T00:00:00Z","owner_name":null,"tidal_id":"613da54c-feaa-5497-aea9-64734ee7d634","created":"2025-10-29T21:08:48.165091Z","modified":"2025-12-17T15:08:36.417965Z"},{"id":"a88dd548-ac8f-4297-9e23-de2643294846","name":"Dell WMI Persistence","description":"Dell SecureWorks Counter Threat Unit™ (CTU) Research Team. (2016, March 28). A Novel WMI Persistence Implementation. Retrieved March 30, 2016.","url":"https://www.secureworks.com/blog/wmi-persistence","source":"MITRE","title":"A Novel WMI Persistence Implementation","authors":"Dell SecureWorks Counter Threat Unit™ (CTU) Research Team","date_accessed":"2016-03-30T00:00:00Z","date_published":"2016-03-28T00:00:00Z","owner_name":null,"tidal_id":"b3306ff7-b38a-5dd0-95ff-a16d56ef9736","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432573Z"},{"id":"c1aef861-9e31-42e6-a2eb-5151b056762b","name":"iDefense Rootkit Overview","description":"Chuvakin, A. (2003, February). An Overview of Rootkits. Retrieved April 6, 2018.","url":"http://www.megasecurity.org/papers/Rootkits.pdf","source":"MITRE","title":"An Overview of Rootkits","authors":"Chuvakin, A","date_accessed":"2018-04-06T00:00:00Z","date_published":"2003-02-01T00:00:00Z","owner_name":null,"tidal_id":"87d78e00-847e-51c0-8b0a-22788111f10e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430943Z"},{"id":"71704a3a-cf48-4764-af4e-8d2096bf5012","name":"Trend Micro Rhysida August 09 2023","description":"Trend Micro Research. (2023, August 9). An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector. Retrieved August 11, 2023.","url":"https://www.trendmicro.com/en_us/research/23/h/an-overview-of-the-new-rhysida-ransomware.html","source":"Tidal Cyber","title":"An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector","authors":"Trend Micro Research","date_accessed":"2023-08-11T00:00:00Z","date_published":"2023-08-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c0dce454-cdb7-5df6-b291-3b706392cde1","created":"2024-06-13T20:10:38.755802Z","modified":"2024-06-13T20:10:38.950436Z"},{"id":"6f53117f-2e94-4981-be61-c3da4b783ce2","name":"Mandiant Ukraine Cyber Threats January 2022","description":"Hultquist, J. (2022, January 20). Anticipating Cyber Threats as the Ukraine Crisis Escalates. Retrieved January 24, 2022.","url":"https://www.mandiant.com/resources/ukraine-crisis-cyber-threats","source":"MITRE","title":"Anticipating Cyber Threats as the Ukraine Crisis Escalates","authors":"Hultquist, J","date_accessed":"2022-01-24T00:00:00Z","date_published":"2022-01-20T00:00:00Z","owner_name":null,"tidal_id":"9e03552c-daba-537b-82a4-3859ce42df2f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437461Z"},{"id":"e4806ab9-c5cf-5249-a521-1ee4ca392520","name":"Apriorit","description":"Apriorit. (2024, June 4). Anti Debugging Protection Techniques with Examples. Retrieved March 4, 2025.","url":"https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software","source":"MITRE","title":"Anti Debugging Protection Techniques with Examples","authors":"Apriorit","date_accessed":"2025-03-04T00:00:00Z","date_published":"2024-06-04T00:00:00Z","owner_name":null,"tidal_id":"2c069e47-7777-5364-a75d-b48714070975","created":"2025-04-22T20:47:20.342627Z","modified":"2025-12-17T15:08:36.435751Z"},{"id":"32a4b7b5-8560-4600-aba9-15a6342b4dc3","name":"Microsoft AMSI","description":"Microsoft. (2019, April 19). Antimalware Scan Interface (AMSI). Retrieved September 28, 2021.","url":"https://docs.microsoft.com/en-us/windows/win32/amsi/antimalware-scan-interface-portal","source":"MITRE","title":"Antimalware Scan Interface (AMSI)","authors":"Microsoft","date_accessed":"2021-09-28T00:00:00Z","date_published":"2019-04-19T00:00:00Z","owner_name":null,"tidal_id":"c6d18073-e8d6-52b0-9d6b-6a35b6e46e5f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437036Z"},{"id":"b3ac28ac-3f98-40fd-b1da-2461a9e3ffca","name":"Microsoft Anti Spoofing","description":"Microsoft. (2020, October 13). Anti-spoofing protection in EOP. Retrieved October 19, 2020.","url":"https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spoofing-protection?view=o365-worldwide","source":"MITRE","title":"Anti-spoofing protection in EOP","authors":"Microsoft","date_accessed":"2020-10-19T00:00:00Z","date_published":"2020-10-13T00:00:00Z","owner_name":null,"tidal_id":"c5c367d6-bc86-58cc-8709-4be135003e34","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426758Z"},{"id":"17ab8200-8fec-570d-93f3-359d8cf045c7","name":"Anton Cherepanov, ESET June 2017","description":"Anton Cherepanov, ESET 2017, June 12 Win32/Industroyer: A new threat for industrial control systems. Retrieved 2017/09/15","url":"https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf","source":"ICS","title":"Anton Cherepanov, ESET June 2017","authors":"","date_accessed":"2017-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"80ca80a5-850f-54a4-aae5-15b7cfa20ffa","created":"2026-01-28T13:08:18.179305Z","modified":"2026-01-28T13:08:18.179308Z"},{"id":"3a4ea2fc-b423-4514-95f6-5bff4afff82f","name":"Trend Micro - United States June 13 2025","description":"Maristel Policarpio; Sarah Pearl Camiling; Sophia Nilette Robles Read time. (2025, June 13). Anubis A Closer Look at an Emerging Ransomware with Built-in Wiper. Retrieved June 20, 2025.","url":"https://www.trendmicro.com/en_us/research/25/f/anubis-a-closer-look-at-an-emerging-ransomware.html","source":"Tidal Cyber","title":"Anubis A Closer Look at an Emerging Ransomware with Built-in Wiper","authors":"Maristel Policarpio; Sarah Pearl Camiling; Sophia Nilette Robles Read time","date_accessed":"2025-06-20T12:00:00Z","date_published":"2025-06-13T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"eb131738-91c8-5f13-9f76-12318309e3b4","created":"2025-06-23T13:53:24.811781Z","modified":"2025-06-23T13:53:25.064491Z"},{"id":"321f34fb-b80b-4bd3-bceb-e51b6214b883","name":"Kelacyber February 25 2025","description":"KELA Cyber Team; Ben Kapon. (2025, February 25). Anubis A New Ransomware Threat . Retrieved June 20, 2025.","url":"https://www.kelacyber.com/blog/anubis-a-new-ransomware-threat/","source":"Tidal Cyber","title":"Anubis A New Ransomware Threat","authors":"KELA Cyber Team; Ben Kapon","date_accessed":"2025-06-20T12:00:00Z","date_published":"2025-02-25T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b9d187a5-7c06-528d-a78d-f6bf20ef6372","created":"2025-06-23T13:53:23.865695Z","modified":"2025-06-23T13:53:24.409328Z"},{"id":"d74a8d0b-887a-40b9-bd43-366764157990","name":"Fox-It Anunak Feb 2015","description":"Prins, R. (2015, February 16). Anunak (aka Carbanak) Update. Retrieved January 20, 2017.","url":"https://www.fox-it.com/en/news/blog/anunak-aka-carbanak-update/","source":"MITRE","title":"Anunak (aka Carbanak) Update","authors":"Prins, R","date_accessed":"2017-01-20T00:00:00Z","date_published":"2015-02-16T00:00:00Z","owner_name":null,"tidal_id":"23fb6d48-e4e4-52e0-849c-fa41bcb49ab8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419536Z"},{"id":"fd254ecc-a076-4b9f-97f2-acb73c6a1695","name":"Group-IB Anunak","description":"Group-IB and Fox-IT. (2014, December). Anunak: APT against financial institutions. Retrieved April 20, 2016.","url":"http://www.group-ib.com/files/Anunak_APT_against_financial_institutions.pdf","source":"MITRE","title":"Anunak: APT against financial institutions","authors":"Group-IB and Fox-IT","date_accessed":"2016-04-20T00:00:00Z","date_published":"2014-12-01T00:00:00Z","owner_name":null,"tidal_id":"960df438-7e15-5dea-a897-c9c7c21b18ec","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440842Z"},{"id":"a6070f95-fbee-472e-a737-a8adbedbb4f8","name":"Google TAG Ukraine Threat Landscape March 2022","description":"Huntley, S. (2022, March 7). An update on the threat landscape. Retrieved March 16, 2022.","url":"https://blog.google/threat-analysis-group/update-threat-landscape-ukraine","source":"MITRE","title":"An update on the threat landscape","authors":"Huntley, S","date_accessed":"2022-03-16T00:00:00Z","date_published":"2022-03-07T00:00:00Z","owner_name":null,"tidal_id":"c707de0d-8390-501a-9c9e-7d6f42f69327","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440291Z"},{"id":"e816127a-04e4-4145-a784-50b1215612f2","name":"Zairon Hooking Dec 2006","description":"Felici, M. (2006, December 6). Any application-defined hook procedure on my machine?. Retrieved December 12, 2017.","url":"https://zairon.wordpress.com/2006/12/06/any-application-defined-hook-procedure-on-my-machine/","source":"MITRE","title":"Any application-defined hook procedure on my machine?","authors":"Felici, M","date_accessed":"2017-12-12T00:00:00Z","date_published":"2006-12-06T00:00:00Z","owner_name":null,"tidal_id":"3834a8f3-9e20-579f-8b04-e474f7fbe953","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430600Z"},{"id":"b4e792e0-b1fa-4639-98b1-233aaec53594","name":"SentinelOne Aoqin Dragon June 2022","description":"Chen, Joey. (2022, June 9). Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years. Retrieved July 14, 2022.","url":"https://www.sentinelone.com/labs/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly-spying-on-organizations-for-10-years/","source":"MITRE","title":"Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years","authors":"Chen, Joey","date_accessed":"2022-07-14T00:00:00Z","date_published":"2022-06-09T00:00:00Z","owner_name":null,"tidal_id":"2693e2d4-927f-5f7d-a47e-3084c7830e5d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419436Z"},{"id":"46f62435-bfb3-44b6-8c79-54af584cc35f","name":"Apache Server 2018","description":"Apache. (n.d.). Apache HTTP Server Version 2.4 Documentation - Web Site Content. Retrieved July 27, 2018.","url":"http://httpd.apache.org/docs/2.4/getting-started.html#content","source":"MITRE","title":"Apache HTTP Server Version 2.4 Documentation - Web Site Content","authors":"Apache","date_accessed":"2018-07-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2160c42b-da27-5a1c-918e-6b875fff4322","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431798Z"},{"id":"912688a7-fe74-50da-b10b-094948fb58c4","name":"NowSecure-RemoteCode","description":"Ryan Welton. (2015, June 15). A Pattern for Remote Code Execution using Arbitrary File Writes and MultiDex Applications. Retrieved December","url":"https://www.nowsecure.com/blog/2015/06/15/a-pattern-for-remote-code-execution-using-arbitrary-file-writes-and-multidex-applications/","source":"Mobile","title":"A Pattern for Remote Code Execution using Arbitrary File Writes and MultiDex Applications","authors":"Ryan Welton","date_accessed":"1978-12-01T00:00:00Z","date_published":"2015-06-15T00:00:00Z","owner_name":null,"tidal_id":"7b40dd8c-d668-50fc-9963-5c23173c50d8","created":"2026-01-28T13:08:10.042917Z","modified":"2026-01-28T13:08:10.042920Z"},{"id":"691df278-fd7d-4b73-a22c-227bc7641dec","name":"Secureworks BRONZEUNION Feb 2019","description":"Counter Threat Unit Research Team. (2019, February 27). A Peek into BRONZE UNION’s Toolbox. Retrieved September 24, 2019.","url":"https://www.secureworks.com/research/a-peek-into-bronze-unions-toolbox","source":"MITRE","title":"A Peek into BRONZE UNION’s Toolbox","authors":"Counter Threat Unit Research Team","date_accessed":"2019-09-24T00:00:00Z","date_published":"2019-02-27T00:00:00Z","owner_name":null,"tidal_id":"486a7481-5eb0-5a10-b986-c60c420a242f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441836Z"},{"id":"f23b79ca-2108-4096-8fc9-a2d6e9029f06","name":"Cyble July 14 2022","description":"Cybleinc. (2022, July 14). ApolloRat Evasive Malware Compiled Using Nuitka - Cyble. Retrieved December 19, 2024.","url":"https://blog.cyble.com/2022/07/14/apollorat-evasive-malware-compiled-using-nuitka/","source":"Tidal Cyber","title":"ApolloRat Evasive Malware Compiled Using Nuitka - Cyble","authors":"Cybleinc","date_accessed":"2024-12-19T00:00:00Z","date_published":"2022-07-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"acf0014d-d163-5c2e-b3f2-adf601f107c7","created":"2025-04-11T15:06:08.695075Z","modified":"2025-04-11T15:06:08.948302Z"},{"id":"12df02e3-bbdd-4682-9662-1810402ad918","name":"AppArmor official","description":"AppArmor. (2017, October 19). AppArmor Security Project Wiki. Retrieved December 20, 2017.","url":"http://wiki.apparmor.net/index.php/Main_Page","source":"MITRE","title":"AppArmor Security Project Wiki","authors":"AppArmor","date_accessed":"2017-12-20T00:00:00Z","date_published":"2017-10-19T00:00:00Z","owner_name":null,"tidal_id":"a87b532b-1ed7-5981-a4c1-f803399a35f9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-04-22T20:47:33.340307Z"},{"id":"bc17c39a-5865-4c1e-b60e-06005a7302c9","name":"AppCert.exe - LOLBAS Project","description":"LOLBAS. (2024, March 6). AppCert.exe. Retrieved May 19, 2025.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Appcert/","source":"Tidal Cyber","title":"AppCert.exe","authors":"LOLBAS","date_accessed":"2025-05-19T00:00:00Z","date_published":"2024-03-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9ad7499d-76dd-5136-8222-2cfd10b30f73","created":"2025-05-20T16:19:05.519971Z","modified":"2025-05-20T16:19:05.679903Z"},{"id":"f681fd40-5bfc-50c6-a654-f9a128af5ff1","name":"PenTestLabs AppDomainManagerInject","description":"Administrator. (2020, May 26). APPDOMAINMANAGER INJECTION AND DETECTION. Retrieved March 28, 2024.","url":"https://pentestlaboratories.com/2020/05/26/appdomainmanager-injection-and-detection/","source":"MITRE","title":"APPDOMAINMANAGER INJECTION AND DETECTION","authors":"Administrator","date_accessed":"2024-03-28T00:00:00Z","date_published":"2020-05-26T00:00:00Z","owner_name":null,"tidal_id":"513970e4-213e-5415-a669-eafeb03f87be","created":"2024-04-25T13:28:32.561364Z","modified":"2025-12-17T15:08:36.427567Z"},{"id":"881f8d23-908f-58cf-904d-5ef7b959eb39","name":"Rapid7 AppDomain Manager Injection","description":"Spagnola, N. (2023, May 5). AppDomain Manager Injection: New Techniques For Red Teams. Retrieved March 29, 2024.","url":"https://www.rapid7.com/blog/post/2023/05/05/appdomain-manager-injection-new-techniques-for-red-teams/","source":"MITRE","title":"AppDomain Manager Injection: New Techniques For Red Teams","authors":"Spagnola, N","date_accessed":"2024-03-29T00:00:00Z","date_published":"2023-05-05T00:00:00Z","owner_name":null,"tidal_id":"3ef3e3d9-be0c-51ba-b302-fee2833db565","created":"2024-04-25T13:28:32.577837Z","modified":"2025-12-17T15:08:36.427588Z"},{"id":"1f31c09c-6a93-4142-8333-154138c1d70a","name":"Mandiant APT1 Appendix","description":"Mandiant. (n.d.). Appendix C (Digital) - The Malware Arsenal. Retrieved July 18, 2016.","url":"https://www.mandiant.com/sites/default/files/2021-09/mandiant-apt1-report.pdf","source":"MITRE","title":"Appendix C (Digital) - The Malware Arsenal","authors":"Mandiant","date_accessed":"2016-07-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"91cf47c4-30b7-5044-b38d-3a7882ab03b1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417233Z"},{"id":"aa2137d2-df2f-52d7-9022-9c0744e123ae","name":"app_hibernation","description":"Android Developers. (2023, August 28). App hibernation. Retrieved September","url":"https://developer.android.com/topic/performance/app-hibernation","source":"Mobile","title":"App hibernation","authors":"Android Developers","date_accessed":"1978-09-01T00:00:00Z","date_published":"2023-08-28T00:00:00Z","owner_name":null,"tidal_id":"9694517a-36be-566c-b917-f5e18dc2befd","created":"2026-01-28T13:08:10.047564Z","modified":"2026-01-28T13:08:10.047567Z"},{"id":"2b951be3-5105-4665-972f-7809c057fd3f","name":"AppInit Secure Boot","description":"Microsoft. (n.d.). AppInit DLLs and Secure Boot. Retrieved July 15, 2015.","url":"https://msdn.microsoft.com/en-us/library/dn280412","source":"MITRE","title":"AppInit DLLs and Secure Boot","authors":"Microsoft","date_accessed":"2015-07-15T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"93a7cf13-0e64-56c2-9e5c-4c828f8337e6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427254Z"},{"id":"9a777e7c-e76c-465c-8b45-67503e715f7e","name":"AppInstaller.exe - LOLBAS Project","description":"LOLBAS. (2020, December 2). AppInstaller.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/AppInstaller/","source":"Tidal Cyber","title":"AppInstaller.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-12-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"54fa500d-3104-5e75-a684-a3fa0225842f","created":"2024-01-12T14:46:30.568769Z","modified":"2024-01-12T14:46:30.763917Z"},{"id":"9efa0dc8-c36f-4648-b06f-341d8bdc2b2a","name":"AppLauncher.exe - LOLBAS Project","description":"LOLBAS. (2025, September 21). AppLauncher.exe. Retrieved December 30, 2025.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/AppLauncher/","source":"Tidal Cyber","title":"AppLauncher.exe","authors":"LOLBAS","date_accessed":"2025-12-30T12:00:00Z","date_published":"2025-09-21T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"82893851-fa8e-5216-bfd2-5ef9f00cef59","created":"2026-01-06T18:03:31.274467Z","modified":"2026-01-06T18:03:31.415349Z"},{"id":"a2127d3d-c320-4637-a85c-16e20c2654f6","name":"objectivesee osx.shlayer apple approved 2020","description":"Patrick Wardle. (2020, August 30). Apple Approved Malware malicious code ...now notarized!? #2020. Retrieved September 13, 2021.","url":"https://objective-see.com/blog/blog_0x4E.html","source":"MITRE","title":"Apple Approved Malware malicious code ...now notarized!? #2020","authors":"Patrick Wardle","date_accessed":"2021-09-13T00:00:00Z","date_published":"2020-08-30T00:00:00Z","owner_name":null,"tidal_id":"21dbbc16-ebe3-56a6-915a-42e87453320f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441861Z"},{"id":"7b8875e8-5b93-4d49-a12b-2683bab2ba6e","name":"AppleDocs AuthorizationExecuteWithPrivileges","description":"Apple. (n.d.). Apple Developer Documentation - AuthorizationExecuteWithPrivileges. Retrieved August 8, 2019.","url":"https://developer.apple.com/documentation/security/1540038-authorizationexecutewithprivileg","source":"MITRE","title":"Apple Developer Documentation - AuthorizationExecuteWithPrivileges","authors":"Apple","date_accessed":"2019-08-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"bc83477c-6570-51d9-8699-f68aae4526d6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425014Z"},{"id":"66dd8a7d-521f-4610-b478-52d748185ad3","name":"AppleDocs Scheduling Timed Jobs","description":"Apple. (n.d.). Retrieved July 17, 2017.","url":"https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/ScheduledJobs.html","source":"MITRE","title":"AppleDocs Scheduling Timed Jobs","authors":"","date_accessed":"2017-07-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"755abb42-e88e-5897-87ce-59e1f7a668f8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434210Z"},{"id":"1f324acc-8357-547f-8eda-d8d15f81ec5b","name":"Symantec-iOSProfile2","description":"Brian Duckering. (2017, March 27). Apple iOS 10.3 Finally Battles Malicious Profiles. Retrieved September","url":"https://www.symantec.com/connect/blogs/apple-ios-103-finally-battles-malicious-profiles","source":"Mobile","title":"Apple iOS 10.3 Finally Battles Malicious Profiles","authors":"Brian Duckering","date_accessed":"1978-09-01T00:00:00Z","date_published":"2017-03-27T00:00:00Z","owner_name":null,"tidal_id":"525b38f7-b792-598f-b627-f74d79260044","created":"2026-01-28T13:08:10.047336Z","modified":"2026-01-28T13:08:10.047339Z"},{"id":"6873e14d-eba4-4e3c-9ccf-cec1d760f0be","name":"CISA AppleJeus Feb 2021","description":"Cybersecurity and Infrastructure Security Agency. (2021, February 21). AppleJeus: Analysis of North Korea’s Cryptocurrency Malware. Retrieved March 1, 2021.","url":"https://us-cert.cisa.gov/ncas/alerts/aa21-048a","source":"MITRE","title":"AppleJeus: Analysis of North Korea’s Cryptocurrency Malware","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2021-03-01T00:00:00Z","date_published":"2021-02-21T00:00:00Z","owner_name":null,"tidal_id":"0c8b7745-e92a-5a3c-a131-55306395b5cc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422059Z"},{"id":"c57c2bba-a398-4e68-b2a7-fddcf0740b61","name":"Apple Remote Desktop Admin Guide 3.3","description":"Apple. (n.d.). Apple Remote Desktop Administrator Guide Version 3.3. Retrieved October 5, 2021.","url":"https://images.apple.com/remotedesktop/pdf/ARD_Admin_Guide_v3.3.pdf","source":"MITRE","title":"Apple Remote Desktop Administrator Guide Version 3.3","authors":"Apple","date_accessed":"2021-10-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9f070eb8-ac97-58d1-a75c-96a42160f314","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429659Z"},{"id":"dd76c7ab-c3df-4f34-aaf0-684b56499065","name":"applescript signing","description":"Steven Sande. (2013, December 23). AppleScript and Automator gain new features in OS X Mavericks. Retrieved September 21, 2018.","url":"https://www.engadget.com/2013/10/23/applescript-and-automator-gain-new-features-in-os-x-mavericks/","source":"MITRE","title":"AppleScript and Automator gain new features in OS X Mavericks","authors":"Steven Sande","date_accessed":"2018-09-21T00:00:00Z","date_published":"2013-12-23T00:00:00Z","owner_name":null,"tidal_id":"34622727-d8e9-5752-81dc-c98f693eff5b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415553Z"},{"id":"395f30ff-fa51-570f-81e9-dcc1e6488df6","name":"TechCrunch-ATS","description":"Kate Conger. (2016, June 14). Apple will require HTTPS connections for iOS apps by the end of 2016. Retrieved December","url":"https://techcrunch.com/2016/06/14/apple-will-require-https-connections-for-ios-apps-by-the-end-of-2016/","source":"Mobile","title":"Apple will require HTTPS connections for iOS apps by the end of 2016","authors":"Kate Conger","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-06-14T00:00:00Z","owner_name":null,"tidal_id":"d4d4246d-5e77-543a-a4bd-fc42b6a26d7c","created":"2026-01-28T13:08:10.038616Z","modified":"2026-01-28T13:08:10.038630Z"},{"id":"2a20c574-3e69-5da6-887e-68e34cee7562","name":"Microsoft Entra ID Service Principals","description":"Microsoft. (2023, December 15). Application and service principal objects in Microsoft Entra ID. Retrieved February 28, 2024.","url":"https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser","source":"MITRE","title":"Application and service principal objects in Microsoft Entra ID","authors":"Microsoft","date_accessed":"2024-02-28T00:00:00Z","date_published":"2023-12-15T00:00:00Z","owner_name":null,"tidal_id":"58e2f858-b3de-5be7-877d-24b96e8c7e0e","created":"2024-04-25T13:28:38.223848Z","modified":"2025-12-17T15:08:36.433042Z"},{"id":"268e7ade-c0a8-5859-8b16-6fa8aa3b0cb7","name":"Microsoft App Domains","description":"Microsoft. (2021, September 15). Application domains. Retrieved March 28, 2024.","url":"https://learn.microsoft.com/dotnet/framework/app-domains/application-domains","source":"MITRE","title":"Application domains","authors":"Microsoft","date_accessed":"2024-03-28T00:00:00Z","date_published":"2021-09-15T00:00:00Z","owner_name":null,"tidal_id":"bd8572da-0d79-5de5-ac6d-4fb92e5f843a","created":"2024-04-25T13:28:32.566765Z","modified":"2025-12-17T15:08:36.427574Z"},{"id":"cae409ca-1c77-45df-88cd-c0998ac724ec","name":"Corio 2008","description":"Corio, C., & Sayana, D. P. (2008, June). Application Lockdown with Software Restriction Policies. Retrieved November 18, 2014.","url":"http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx","source":"MITRE","title":"Application Lockdown with Software Restriction Policies","authors":"Corio, C., & Sayana, D. P","date_accessed":"2014-11-18T00:00:00Z","date_published":"2008-06-01T00:00:00Z","owner_name":null,"tidal_id":"6cdb4a2f-c457-57cb-8a81-c76517803be9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415462Z"},{"id":"5dab4466-0871-486a-84ad-0e648b2e937d","name":"Microsoft Application Lockdown","description":"Corio, C., & Sayana, D. P.. (2008, June). Application Lockdown with Software Restriction Policies. Retrieved November 18, 2014.","url":"https://docs.microsoft.com/en-us/previous-versions/technet-magazine/cc510322(v=msdn.10)?redirectedfrom=MSDN","source":"MITRE","title":"Application Lockdown with Software Restriction Policies","authors":"Corio, C., & Sayana, D. P.","date_accessed":"2014-11-18T00:00:00Z","date_published":"2008-06-01T00:00:00Z","owner_name":null,"tidal_id":"3663d316-fb54-51a5-93be-927a6776948a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440403Z"},{"id":"a610df66-aeb4-5c77-8365-30a57eff80b7","name":"Android Application Sandbox","description":"Android Open Source Project. (n.d.). Application Sandbox. Retrieved February","url":"https://source.android.com/docs/security/app-sandbox","source":"Mobile","title":"Application Sandbox","authors":"Android Open Source Project","date_accessed":"1978-02-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"0640cd2a-20a8-55d9-8120-c964dc1f5599","created":"2026-01-28T13:08:10.044987Z","modified":"2026-01-28T13:08:10.044990Z"},{"id":"a333f45f-1760-443a-9208-f3682ea32f67","name":"SANS Application Whitelisting","description":"Beechey, J.. (2014, November 18). Application Whitelisting: Panacea or Propaganda?. Retrieved November 18, 2014.","url":"https://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599","source":"MITRE","title":"Application Whitelisting: Panacea or Propaganda?","authors":"Beechey, J.","date_accessed":"2014-11-18T00:00:00Z","date_published":"2014-11-18T00:00:00Z","owner_name":null,"tidal_id":"2ab99bb1-053e-5982-b691-8d8ab03c80bf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440391Z"},{"id":"4994e065-c6e4-4b41-8ae3-d72023135429","name":"Beechey 2010","description":"Beechey, J. (2010, December). Application Whitelisting: Panacea or Propaganda?. Retrieved November 18, 2014.","url":"http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599","source":"MITRE","title":"Application Whitelisting: Panacea or Propaganda?","authors":"Beechey, J","date_accessed":"2014-11-18T00:00:00Z","date_published":"2010-12-01T00:00:00Z","owner_name":null,"tidal_id":"2164e71f-5067-5c42-802a-08d95d75bd3f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415439Z"},{"id":"0db5c3ea-5392-4fd3-9f1d-9fa69aba4259","name":"NSA MS AppLocker","description":"NSA Information Assurance Directorate. (2014, August). Application Whitelisting Using Microsoft AppLocker. Retrieved March 31, 2016.","url":"https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm","source":"MITRE","title":"Application Whitelisting Using Microsoft AppLocker","authors":"NSA Information Assurance Directorate","date_accessed":"2016-03-31T00:00:00Z","date_published":"2014-08-01T00:00:00Z","owner_name":null,"tidal_id":"40ec9583-acfd-51ea-a0d0-df845fdb24be","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415455Z"},{"id":"2f1adf20-a4b8-48c1-861f-0a44271765d7","name":"Penetration Testing Lab MSXSL July 2017","description":"netbiosX. (2017, July 6). AppLocker Bypass – MSXSL. Retrieved July 3, 2018.","url":"https://pentestlab.blog/2017/07/06/applocker-bypass-msxsl/","source":"MITRE","title":"AppLocker Bypass – MSXSL","authors":"netbiosX","date_accessed":"2018-07-03T00:00:00Z","date_published":"2017-07-06T00:00:00Z","owner_name":null,"tidal_id":"063ccc33-23ec-56e5-890a-cc3859a9ce05","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436209Z"},{"id":"e604f4ff-8f52-5085-86e5-1e567bc79714","name":"A G Foord, W G Gulland, C R Howard, T Kellacher, W H Smith 2004","description":"A G Foord, W G Gulland, C R Howard, T Kellacher, W H Smith. (2004). APPLYING THE LATEST STANDARD FOR FUNCTIONAL SAFETY IEC 61511. Retrieved September","url":"https://www.icheme.org/media/9906/xviii-paper-23.pdf","source":"ICS","title":"APPLYING THE LATEST STANDARD FOR FUNCTIONAL SAFETY IEC 61511","authors":"A G Foord, W G Gulland, C R Howard, T Kellacher, W H Smith","date_accessed":"1978-09-01T00:00:00Z","date_published":"2004-01-01T00:00:00Z","owner_name":null,"tidal_id":"16b2ac4d-fa75-5738-9f9b-6e08dbae536a","created":"2026-01-28T13:08:18.175068Z","modified":"2026-01-28T13:08:18.175072Z"},{"id":"1bb14130-f819-5666-ab57-8f96fd4e7b05","name":"Burke/CISA ClickOnce Paper","description":"William J. Burke IV. (n.d.). Appref-ms Abuse for Code Execution & C2. Retrieved September 9, 2024.","url":"https://i.blackhat.com/USA-19/Wednesday/us-19-Burke-ClickOnce-And-Youre-In-When-Appref-Ms-Abuse-Is-Operating-As-Intended-wp.pdf?_gl=1*1jv89bf*_gcl_au*NjAyMzkzMjc3LjE3MjQ4MDk4OTQ.*_ga*MTk5OTA3ODkwMC4xNzI0ODA5ODk0*_ga_K4JK67TFYV*MTcyNDgwOTg5NC4xLjEuMTcyNDgwOTk1Ny4wLjAuMA..&_ga=2.256219723.1512103758.1724809895-1999078900.1724809894","source":"MITRE","title":"Appref-ms Abuse for Code Execution & C2","authors":"William J. Burke IV","date_accessed":"2024-09-09T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ea9f2fa7-b635-5b98-9914-d80d4c0ea711","created":"2024-10-31T16:28:25.727941Z","modified":"2025-12-17T15:08:36.434779Z"},{"id":"1495effe-16a6-5b4e-9b50-1d1f7db48fa7","name":"Microsoft Requests for Azure AD Roles in Privileged Identity Management","description":"Microsoft. (2023, January 30). Approve or deny requests for Azure AD roles in Privileged Identity Management. Retrieved February 21, 2023.","url":"https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/azure-ad-pim-approval-workflow","source":"MITRE","title":"Approve or deny requests for Azure AD roles in Privileged Identity Management","authors":"Microsoft","date_accessed":"2023-02-21T00:00:00Z","date_published":"2023-01-30T00:00:00Z","owner_name":null,"tidal_id":"fad18da3-cdd2-5e49-beea-bbd3319738c1","created":"2023-05-26T01:21:19.308599Z","modified":"2025-12-17T15:08:36.441081Z"},{"id":"3b1e9a5d-7940-43b5-bc11-3112c0762740","name":"Apple App Security Overview","description":"Apple Inc. (2021, February 18). App security overview. Retrieved October 12, 2021.","url":"https://support.apple.com/guide/security/app-security-overview-sec35dd877d0/1/web/1","source":"MITRE","title":"App security overview","authors":"Apple Inc","date_accessed":"2021-10-12T00:00:00Z","date_published":"2021-02-18T00:00:00Z","owner_name":null,"tidal_id":"ea9f1f3a-82ab-5236-883f-d71faf367855","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442789Z"},{"id":"2afb9a5f-c023-49df-90d1-e0ffb6d192f3","name":"Tripwire AppUNBlocker","description":"Smith, T. (2016, October 27). AppUNBlocker: Bypassing AppLocker. Retrieved December 19, 2017.","url":"https://www.tripwire.com/state-of-security/off-topic/appunblocker-bypassing-applocker/","source":"MITRE","title":"AppUNBlocker: Bypassing AppLocker","authors":"Smith, T","date_accessed":"2017-12-19T00:00:00Z","date_published":"2016-10-27T00:00:00Z","owner_name":null,"tidal_id":"09e08c5e-ba40-5ff8-b853-69bcbe0a7b68","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434481Z"},{"id":"b0afe3e8-9f1d-4295-8811-8dfbe993c337","name":"Appvlp.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Appvlp.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Appvlp/","source":"Tidal Cyber","title":"Appvlp.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ef4ca281-6edb-5863-a1f1-e11f135326af","created":"2024-01-12T14:47:17.836812Z","modified":"2024-01-12T14:47:18.060168Z"},{"id":"2eaee06d-529d-4fe0-9ca3-c62419f47a90","name":"BlackHat Atkinson Winchester Token Manipulation","description":"Atkinson, J., Winchester, R. (2017, December 7). A Process is No One: Hunting for Token Manipulation. Retrieved December 21, 2017.","url":"https://www.blackhat.com/docs/eu-17/materials/eu-17-Atkinson-A-Process-Is-No-One-Hunting-For-Token-Manipulation.pdf","source":"MITRE","title":"A Process is No One: Hunting for Token Manipulation","authors":"Atkinson, J., Winchester, R","date_accessed":"2017-12-21T00:00:00Z","date_published":"2017-12-07T00:00:00Z","owner_name":null,"tidal_id":"734bc330-8c1a-56d8-8609-eea01a8432ef","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435422Z"},{"id":"2d494df8-83e3-45d2-b798-4c3bcf55f675","name":"FireEye APT10 April 2017","description":"FireEye iSIGHT Intelligence. (2017, April 6). APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat. Retrieved June 29, 2017.","url":"https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html","source":"MITRE","title":"APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat","authors":"FireEye iSIGHT Intelligence","date_accessed":"2017-06-29T00:00:00Z","date_published":"2017-04-06T00:00:00Z","owner_name":null,"tidal_id":"7113d29c-984a-5cf8-a080-7767d53164b2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417132Z"},{"id":"90450a1e-59c3-491f-b842-2cf81023fc9e","name":"Securelist APT10 March 2021","description":"GREAT. (2021, March 30). APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign. Retrieved June 17, 2021.","url":"https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/","source":"MITRE","title":"APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign","authors":"GREAT","date_accessed":"2021-06-17T00:00:00Z","date_published":"2021-03-30T00:00:00Z","owner_name":null,"tidal_id":"4cb9f07f-7d9f-5c98-9100-7d5b18946c4b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417486Z"},{"id":"5f122a27-2137-4016-a482-d04106187594","name":"FireEye APT10 Sept 2018","description":"Matsuda, A., Muhammad I. (2018, September 13). APT10 Targeting Japanese Corporations Using Updated TTPs. Retrieved September 17, 2018.","url":"https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html","source":"MITRE","title":"APT10 Targeting Japanese Corporations Using Updated TTPs","authors":"Matsuda, A., Muhammad I","date_accessed":"2018-09-17T00:00:00Z","date_published":"2018-09-13T00:00:00Z","owner_name":null,"tidal_id":"9e3637de-126b-5cd0-b369-7f0859d549f6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422531Z"},{"id":"02a50445-de06-40ab-9ea4-da5c37e066cd","name":"NCC Group APT15 Alive and Strong","description":"Smallridge, R. (2018, March 10). APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS. Retrieved April 4, 2018.","url":"https://research.nccgroup.com/2018/03/10/apt15-is-alive-and-strong-an-analysis-of-royalcli-and-royaldns/","source":"MITRE","title":"APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS","authors":"Smallridge, R","date_accessed":"2018-04-04T00:00:00Z","date_published":"2018-03-10T00:00:00Z","owner_name":null,"tidal_id":"14958a6b-6adb-5adb-915e-91cef041f143","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422870Z"},{"id":"865eba93-cf6a-4e41-bc09-de9b0b3c2669","name":"Mandiant APT1","description":"Mandiant. (n.d.). APT1 Exposing One of China’s Cyber Espionage Units. Retrieved July 18, 2016.","url":"https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf","source":"MITRE, Tidal Cyber","title":"APT1 Exposing One of China’s Cyber Espionage Units","authors":"Mandiant","date_accessed":"2016-07-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"40da18fe-2c98-5739-a280-174f7829da79","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.257560Z"},{"id":"a99c8dce-a85b-404f-8b91-65135de27537","name":"Google Cloud Blog November 20 2025","description":"None Identified. (2025, November 20). APT24's Pivot to Multi-Vector Attacks | Google Cloud Blog. Retrieved November 21, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/apt24-pivot-to-multi-vector-attacks","source":"Tidal Cyber","title":"APT24's Pivot to Multi-Vector Attacks | Google Cloud Blog","authors":"None Identified","date_accessed":"2025-11-21T12:00:00Z","date_published":"2025-11-20T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5b1986e2-1fa1-5770-9036-a461a14fde90","created":"2025-12-10T14:13:41.957031Z","modified":"2025-12-10T14:13:42.121260Z"},{"id":"0290ea31-f817-471e-85ae-c3855c63f5c3","name":"Profero APT27 December 2020","description":"Global Threat Center, Intelligence Team. (2020, December). APT27 Turns to Ransomware. Retrieved November 12, 2021.","url":"https://web.archive.org/web/20210104144857/https://shared-public-reports.s3-eu-west-1.amazonaws.com/APT27+turns+to+ransomware.pdf","source":"MITRE","title":"APT27 Turns to Ransomware","authors":"Global Threat Center, Intelligence Team","date_accessed":"2021-11-12T00:00:00Z","date_published":"2020-12-01T00:00:00Z","owner_name":null,"tidal_id":"3d529a3d-1fa6-5c41-9d6f-902e716daf97","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440121Z"},{"id":"61d80b8f-5bdb-41e6-b59a-d2d996392873","name":"FireEye APT28 January 2017","description":"FireEye iSIGHT Intelligence. (2017, January 11). APT28: At the Center of the Storm. Retrieved November 17, 2024.","url":"https://www.mandiant.com/sites/default/files/2021-09/APT28-Center-of-Storm-2017.pdf","source":"MITRE, Tidal Cyber","title":"APT28: At the Center of the Storm","authors":"FireEye iSIGHT Intelligence","date_accessed":"2024-11-17T00:00:00Z","date_published":"2017-01-11T00:00:00Z","owner_name":null,"tidal_id":"04639344-b888-56b5-a715-e18f48096d25","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.257819Z"},{"id":"c423b2b2-25a3-4a8d-b89a-83ab07c0cd20","name":"FireEye APT28","description":"FireEye. (2015). APT28: A WINDOW INTO RUSSIA’S CYBER ESPIONAGE OPERATIONS?. Retrieved August 19, 2015.","url":"https://web.archive.org/web/20151022204649/https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-apt28.pdf","source":"MITRE, Tidal Cyber","title":"APT28: A WINDOW INTO RUSSIA’S CYBER ESPIONAGE OPERATIONS?","authors":"FireEye","date_accessed":"2015-08-19T00:00:00Z","date_published":"2015-01-01T00:00:00Z","owner_name":null,"tidal_id":"467eaf28-1722-5a10-a811-8bdb19ba6d5b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.257825Z"},{"id":"c532a6fc-b27f-4240-a071-3eaa866bce89","name":"U.S. CISA APT28 Cisco Routers April 18 2023","description":"Cybersecurity and Infrastructure Security Agency. (2023, April 18). APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers. Retrieved August 23, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108","source":"Tidal Cyber","title":"APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-08-23T00:00:00Z","date_published":"2023-04-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"58e1d0cb-ced3-5887-9b0b-9486b57f8a2e","created":"2023-09-08T15:49:53.321666Z","modified":"2023-09-08T15:49:53.650120Z"},{"id":"777bc94a-6c21-4f8c-9efa-a1cf52ececc0","name":"Symantec APT28 Oct 2018","description":"Symantec Security Response. (2018, October 04). APT28: New Espionage Operations Target Military and Government Organizations. Retrieved November 14, 2018.","url":"https://www.symantec.com/blogs/election-security/apt28-espionage-military-government","source":"MITRE","title":"APT28: New Espionage Operations Target Military and Government Organizations","authors":"Symantec Security Response","date_accessed":"2018-11-14T00:00:00Z","date_published":"2018-10-04T00:00:00Z","owner_name":null,"tidal_id":"b7ea23e1-82da-5921-a5a3-ce8cee44cdbe","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418854Z"},{"id":"7887dc90-3f05-411a-81ea-b86aa392104b","name":"FireEye APT28 Hospitality Aug 2017","description":"Smith, L. and Read, B.. (2017, August 11). APT28 Targets Hospitality Sector, Presents Threat to Travelers. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20171202185937/https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html","source":"MITRE","title":"APT28 Targets Hospitality Sector, Presents Threat to Travelers","authors":"Smith, L. and Read, B.","date_accessed":"2024-11-17T00:00:00Z","date_published":"2017-08-11T00:00:00Z","owner_name":null,"tidal_id":"4b6f9ce1-2507-5397-b146-2f98a17ba229","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441038Z"},{"id":"3dd67aae-7feb-4b07-a985-ccadc1b16f1d","name":"Bitdefender APT28 Dec 2015","description":"Bitdefender. (2015, December). APT28 Under the Scope. Retrieved February 23, 2017.","url":"https://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender_In-depth_analysis_of_APT28%E2%80%93The_Political_Cyber-Espionage.pdf","source":"MITRE","title":"APT28 Under the Scope","authors":"Bitdefender","date_accessed":"2017-02-23T00:00:00Z","date_published":"2015-12-01T00:00:00Z","owner_name":null,"tidal_id":"b5edea28-a43e-58b2-929a-640bdc14b1d0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440103Z"},{"id":"1d919991-bc87-41bf-9e58-edf1b3806bb8","name":"FireEye APT29 Domain Fronting With TOR March 2017","description":"Matthew Dunwoody. (2017, March 27). APT29 Domain Fronting With TOR. Retrieved November 20, 2017.","url":"https://www.fireeye.com/blog/threat-research/2017/03/apt29_domain_frontin.html","source":"MITRE","title":"APT29 Domain Fronting With TOR","authors":"Matthew Dunwoody","date_accessed":"2017-11-20T00:00:00Z","date_published":"2017-03-27T00:00:00Z","owner_name":null,"tidal_id":"c1a6b2c4-d1c5-55a2-a8dd-d669c3397178","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415796Z"},{"id":"3e013b07-deaf-4387-acd7-2d0565d196a9","name":"FireEye APT29 Domain Fronting","description":"Dunwoody, M. (2017, March 27). APT29 Domain Fronting With TOR. Retrieved March 27, 2017.","url":"https://www.fireeye.com/blog/threat-research/2017/03/apt29_domain_frontin.html","source":"MITRE","title":"APT29 Domain Fronting With TOR","authors":"Dunwoody, M","date_accessed":"2017-03-27T00:00:00Z","date_published":"2017-03-27T00:00:00Z","owner_name":null,"tidal_id":"8db8e380-26bf-5ec6-a5a7-90916839a267","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442844Z"},{"id":"c48d2084-61cf-4e86-8072-01e5d2de8416","name":"FireEye APT30","description":"FireEye Labs. (2015, April). APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION. Retrieved November 17, 2024.","url":"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2015/05/20081935/rpt-apt30.pdf","source":"MITRE, Tidal Cyber","title":"APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION","authors":"FireEye Labs","date_accessed":"2024-11-17T00:00:00Z","date_published":"2015-04-01T00:00:00Z","owner_name":null,"tidal_id":"72038bb7-f9f9-537d-b28d-5211c3ce3acf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.258297Z"},{"id":"1647c9a6-e475-4a9a-a202-0133dbeef9a0","name":"Zscaler APT31 Covid-19 October 2020","description":"Singh, S. and Antil, S. (2020, October 27). APT-31 Leverages COVID-19 Vaccine Theme and Abuses Legitimate Online Services. Retrieved March 24, 2021.","url":"https://www.zscaler.com/blogs/security-research/apt-31-leverages-covid-19-vaccine-theme-and-abuses-legitimate-online","source":"MITRE","title":"APT-31 Leverages COVID-19 Vaccine Theme and Abuses Legitimate Online Services","authors":"Singh, S. and Antil, S","date_accessed":"2021-03-24T00:00:00Z","date_published":"2020-10-27T00:00:00Z","owner_name":null,"tidal_id":"73f4c5c8-036e-529d-95c2-c55ad3275e8f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434793Z"},{"id":"d31dcbe6-06ec-475e-b121-fd25a93c3ef7","name":"sentinelone apt32 macOS backdoor 2020","description":"Phil Stokes. (2020, December 2). APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique. Retrieved September 13, 2021.","url":"https://www.sentinelone.com/labs/apt32-multi-stage-macos-trojan-innovates-on-crimeware-scripting-technique/","source":"MITRE","title":"APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique","authors":"Phil Stokes","date_accessed":"2021-09-13T00:00:00Z","date_published":"2020-12-02T00:00:00Z","owner_name":null,"tidal_id":"e2fcf6be-36d2-5f16-b518-a2d289e4817b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440298Z"},{"id":"9b378592-5737-403d-8a07-27077f5b2d61","name":"FireEye APT33 Webinar Sept 2017","description":"Davis, S. and Carr, N. (2017, September 21). APT33: New Insights into Iranian Cyber Espionage Group. Retrieved February 15, 2018.","url":"https://www.brighttalk.com/webcast/10703/275683","source":"MITRE","title":"APT33: New Insights into Iranian Cyber Espionage Group","authors":"Davis, S. and Carr, N","date_accessed":"2018-02-15T00:00:00Z","date_published":"2017-09-21T00:00:00Z","owner_name":null,"tidal_id":"41c7b89a-11ea-5e35-984a-1130bd847f7c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417515Z"},{"id":"4eef7032-de14-44a2-a403-82aefdc85c50","name":"FireEye APT34 Webinar Dec 2017","description":"Davis, S. and Caban, D. (2017, December 19). APT34 - New Targeted Attack in the Middle East. Retrieved December 20, 2017.","url":"https://www.brighttalk.com/webcast/10703/296317/apt34-new-targeted-attack-in-the-middle-east","source":"MITRE","title":"APT34 - New Targeted Attack in the Middle East","authors":"Davis, S. and Caban, D","date_accessed":"2017-12-20T00:00:00Z","date_published":"2017-12-19T00:00:00Z","owner_name":null,"tidal_id":"b28fa6a5-405a-54e3-a8f7-c06e95769665","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416831Z"},{"id":"1837e917-d80b-4632-a1ca-c70d4b712ac7","name":"DFIR Report APT35 ProxyShell March 2022","description":"DFIR Report. (2022, March 21). APT35 Automates Initial Access Using ProxyShell. Retrieved May 25, 2022.","url":"https://thedfirreport.com/2022/03/21/apt35-automates-initial-access-using-proxyshell","source":"MITRE","title":"APT35 Automates Initial Access Using ProxyShell","authors":"DFIR Report","date_accessed":"2022-05-25T00:00:00Z","date_published":"2022-03-21T00:00:00Z","owner_name":null,"tidal_id":"1d3ae9bc-48e5-5589-98e4-ec676812b64a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440471Z"},{"id":"81dce660-93ea-42a4-902f-0c6021d30f59","name":"Check Point APT35 CharmPower January 2022","description":"Check Point. (2022, January 11). APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit. Retrieved January 24, 2022.","url":"https://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-powershell-toolkit/","source":"MITRE","title":"APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit","authors":"Check Point","date_accessed":"2022-01-24T00:00:00Z","date_published":"2022-01-11T00:00:00Z","owner_name":null,"tidal_id":"7528409d-8c53-551a-868f-70cdf0d01631","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419771Z"},{"id":"f2cc063a-854f-4f13-8679-f862a018fa38","name":"CYFIRMA December 30 2025","description":"None Identified. (2025, December 30). APT36 : Multi-Stage LNK Malware Campaign Targeting Indian Government Entities - CYFIRMA. Retrieved January 5, 2026.","url":"https://www.cyfirma.com/research/apt36-multi-stage-lnk-malware-campaign-targeting-indian-government-entities/","source":"Tidal Cyber","title":"APT36 : Multi-Stage LNK Malware Campaign Targeting Indian Government Entities - CYFIRMA","authors":"None Identified","date_accessed":"2026-01-05T12:00:00Z","date_published":"2025-12-30T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1e2fdf5a-656a-5129-8333-22dc7c7999e8","created":"2026-01-06T18:03:34.911632Z","modified":"2026-01-06T18:03:35.053681Z"},{"id":"4d575c1a-4ff9-49ce-97cd-f9d0637c2271","name":"FireEye APT37 Feb 2018","description":"FireEye. (2018, February 20). APT37 (Reaper): The Overlooked North Korean Actor. Retrieved November 17, 2024.","url":"https://services.google.com/fh/files/misc/apt37-reaper-the-overlooked-north-korean-actor.pdf","source":"MITRE, Tidal Cyber","title":"APT37 (Reaper): The Overlooked North Korean Actor","authors":"FireEye","date_accessed":"2024-11-17T00:00:00Z","date_published":"2018-02-20T00:00:00Z","owner_name":null,"tidal_id":"ca0b2c08-a447-55c2-ae5b-58580402c88c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.257057Z"},{"id":"7c916329-af56-4723-820c-ef932a6e3409","name":"FireEye APT38 Oct 2018","description":"FireEye. (2018, October 03). APT38: Un-usual Suspects. Retrieved November 6, 2018.","url":"https://content.fireeye.com/apt/rpt-apt38","source":"MITRE, Tidal Cyber","title":"APT38: Un-usual Suspects","authors":"FireEye","date_accessed":"2018-11-06T00:00:00Z","date_published":"2018-10-03T00:00:00Z","owner_name":null,"tidal_id":"5a411df6-28b0-5321-85b2-e4c3da7b4234","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.264916Z"},{"id":"ba366cfc-cc04-41a5-903b-a7bb73136bc3","name":"FireEye APT39 Jan 2019","description":"Hawley et al. (2019, January 29). APT39: An Iranian Cyber Espionage Group Focused on Personal Information. Retrieved February 19, 2019.","url":"https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html","source":"MITRE","title":"APT39: An Iranian Cyber Espionage Group Focused on Personal Information","authors":"Hawley et al","date_accessed":"2019-02-19T00:00:00Z","date_published":"2019-01-29T00:00:00Z","owner_name":null,"tidal_id":"7414d948-3db9-50d4-ab9a-d3d641296e6b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423273Z"},{"id":"64c01921-c33f-402e-b30d-a2ba26583a24","name":"APT3 Adversary Emulation Plan","description":"Korban, C, et al. (2017, September). APT3 Adversary Emulation Plan. Retrieved January 16, 2018.","url":"https://attack.mitre.org/docs/APT3_Adversary_Emulation_Plan.pdf","source":"MITRE","title":"APT3 Adversary Emulation Plan","authors":"Korban, C, et al","date_accessed":"2018-01-16T00:00:00Z","date_published":"2017-09-01T00:00:00Z","owner_name":null,"tidal_id":"44f920ab-1c57-5a44-b1e2-54310883cf93","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440562Z"},{"id":"9c8bd493-bf08-431b-9d53-29eb14a6eef5","name":"evolution of pirpi","description":"Yates, M. (2017, June 18). APT3 Uncovered: The code evolution of Pirpi. Retrieved September 28, 2017.","url":"https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-evolution_of_pirpi.pdf","source":"MITRE","title":"APT3 Uncovered: The code evolution of Pirpi","authors":"Yates, M","date_accessed":"2017-09-28T00:00:00Z","date_published":"2017-06-18T00:00:00Z","owner_name":null,"tidal_id":"296c6252-1d00-539a-93c0-8b85840ec9e4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441550Z"},{"id":"8a44368f-3348-4817-aca7-81bfaca5ae6d","name":"FireEye APT40 March 2019","description":"Plan, F., et al. (2019, March 4). APT40: Examining a China-Nexus Espionage Actor. Retrieved March 18, 2019.","url":"https://www.fireeye.com/blog/threat-research/2019/03/apt40-examining-a-china-nexus-espionage-actor.html","source":"MITRE","title":"APT40: Examining a China-Nexus Espionage Actor","authors":"Plan, F., et al","date_accessed":"2019-03-18T00:00:00Z","date_published":"2019-03-04T00:00:00Z","owner_name":null,"tidal_id":"26790e87-6dad-5b2a-bd0b-dd0905b0590c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438452Z"},{"id":"599f4411-6829-5a2d-865c-ac59e80afe83","name":"apt41_mandiant","description":"Mandiant. (n.d.). APT41, A DUAL ESPIONAGE AND CYBER CRIME OPERATION. Retrieved June 11, 2024.","url":"https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf","source":"MITRE","title":"APT41, A DUAL ESPIONAGE AND CYBER CRIME OPERATION","authors":"Mandiant","date_accessed":"2024-06-11T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1400939c-5088-5137-ba39-7011d1989b14","created":"2024-10-31T16:28:28.893168Z","modified":"2025-12-17T15:08:36.438833Z"},{"id":"33bb9f8a-db9d-5dda-b4ae-2ba7fee0a0ae","name":"Google Cloud APT41 2024","description":"Mike Stokkel et al. (2024, July 18). APT41 Has Arisen From the DUST. Retrieved September 16, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust","source":"MITRE","title":"APT41 Has Arisen From the DUST","authors":"Mike Stokkel et al","date_accessed":"2024-09-16T00:00:00Z","date_published":"2024-07-18T00:00:00Z","owner_name":null,"tidal_id":"d2f4d594-45ec-5401-bd86-f5d15321940e","created":"2024-10-31T16:28:28.020427Z","modified":"2025-12-17T15:08:36.417791Z"},{"id":"34ee3a7c-27c0-492f-a3c6-a5a3e86915f0","name":"Mandiant APT41 July 18 2024","description":"Mike Stokkel, Pierre Gerlings, Renato Fontana, Luis Rocha, Jared Wilson, Stephen Eckels, Jonathan Lepore. (2024, July 18). APT41 Has Arisen From the DUST. Retrieved August 2, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust","source":"Tidal Cyber","title":"APT41 Has Arisen From the DUST","authors":"Mike Stokkel, Pierre Gerlings, Renato Fontana, Luis Rocha, Jared Wilson, Stephen Eckels, Jonathan Lepore","date_accessed":"2024-08-02T00:00:00Z","date_published":"2024-07-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1bc8b031-313b-5ac5-9203-38ef83257be0","created":"2024-08-02T14:58:10.428137Z","modified":"2024-08-02T14:58:10.624138Z"},{"id":"fad90e96-93fd-59bd-970e-f0b37cac331d","name":"apt41_dcsocytec_dec2022","description":"DCSO CyTec Blog. (2022, December 24). APT41 — The spy who failed to encrypt me. Retrieved June 13, 2024.","url":"https://medium.com/@DCSO_CyTec/apt41-the-spy-who-failed-to-encrypt-me-24fc0f49cad1","source":"MITRE","title":"APT41 — The spy who failed to encrypt me","authors":"DCSO CyTec Blog","date_accessed":"2024-06-13T00:00:00Z","date_published":"2022-12-24T00:00:00Z","owner_name":null,"tidal_id":"8b6636d0-c0e9-55c7-a0c4-b27a0a42b34f","created":"2024-10-31T16:28:36.493908Z","modified":"2025-12-17T15:08:36.441050Z"},{"id":"b6e7fb29-7935-5454-8fb2-37585c46324a","name":"Rostovcev APT41 2021","description":"Nikita Rostovcev. (2022, August 18). APT41 World Tour 2021 on a tight schedule. Retrieved February 22, 2024.","url":"https://www.group-ib.com/blog/apt41-world-tour-2021/","source":"MITRE","title":"APT41 World Tour 2021 on a tight schedule","authors":"Nikita Rostovcev","date_accessed":"2024-02-22T00:00:00Z","date_published":"2022-08-18T00:00:00Z","owner_name":null,"tidal_id":"f17bbf19-5fc5-5705-81de-22829748cdb8","created":"2024-04-25T13:28:50.984821Z","modified":"2025-12-17T15:08:36.440416Z"},{"id":"10b3e476-a0c5-41fd-8cb8-5bfb245b118f","name":"Mandiant APT42","description":"Mandiant. (n.d.). APT42: Crooked Charms, Cons and Compromise. Retrieved September 16, 2022.","url":"https://www.mandiant.com/media/17826","source":"MITRE","title":"APT42: Crooked Charms, Cons and Compromise","authors":"Mandiant","date_accessed":"2022-09-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"71eeabc4-6aca-5124-bf61-2ea7f6e8951d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433697Z"},{"id":"12e517a6-0045-5434-b9ef-e3ecd9ec8508","name":"Mandiant APT42-charms","description":"Mandiant. (n.d.). APT42: Crooked Charms, Cons and Compromises. Retrieved October 9, 2024.","url":"https://services.google.com/fh/files/misc/apt42-crooked-charms-cons-and-compromises.pdf","source":"MITRE","title":"APT42: Crooked Charms, Cons and Compromises","authors":"Mandiant","date_accessed":"2024-10-09T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"89752cba-2304-5c7d-9da1-a3ea35978fbb","created":"2025-04-22T20:47:25.093882Z","modified":"2025-12-17T15:08:36.437741Z"},{"id":"53bab956-be5b-4d8d-b553-9926bc5d9fee","name":"Mandiant Crooked Charms August 12 2022","description":"Mandiant. (2022, August 12). APT42: Crooked Charms, Cons and Compromises. Retrieved August 30, 2024.","url":"https://www.mandiant.com/sites/default/files/2022-09/apt42-report-mandiant.pdf","source":"Tidal Cyber","title":"APT42: Crooked Charms, Cons and Compromises","authors":"Mandiant","date_accessed":"2024-08-30T00:00:00Z","date_published":"2022-08-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d6852c75-b9aa-5e76-94c2-96f69d1bfa47","created":"2024-08-30T18:11:24.901040Z","modified":"2024-08-30T18:11:25.180378Z"},{"id":"8ac3fd0a-4a93-5262-9ac2-f676c5d11fda","name":"Mandiant APT43 March 2024","description":"Mandiant. (2024, March 14). APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations. Retrieved May 3, 2024.","url":"https://services.google.com/fh/files/misc/apt43-report-en.pdf","source":"MITRE","title":"APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations","authors":"Mandiant","date_accessed":"2024-05-03T00:00:00Z","date_published":"2024-03-14T00:00:00Z","owner_name":null,"tidal_id":"49fa8c30-6e5e-54be-83f7-383cc4b63e45","created":"2024-10-31T16:28:28.774269Z","modified":"2025-12-17T15:08:36.421726Z"},{"id":"b5414a09-0da6-5d8c-bcca-47df9a469ec0","name":"Mandiant APT43 Full PDF Report","description":"Mandiant. (n.d.). APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations. Retrieved October 14, 2024.","url":"https://services.google.com/fh/files/misc/apt43-report-en.pdf","source":"MITRE","title":"APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations","authors":"Mandiant","date_accessed":"2024-10-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"dff0a33c-3db0-5239-a336-6f16bc85c898","created":"2025-04-22T20:47:29.809808Z","modified":"2025-12-17T15:08:36.440138Z"},{"id":"cc03d668-e4d9-5dc1-b365-203db84938f2","name":"mandiant_apt44_unearthing_sandworm","description":"Roncone, G. et al. (n.d.). APT44: Unearthing Sandworm. Retrieved July 11, 2024.","url":"https://services.google.com/fh/files/misc/apt44-unearthing-sandworm.pdf","source":"MITRE","title":"APT44: Unearthing Sandworm","authors":"Roncone, G. et al","date_accessed":"2024-07-11T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"cf775c0e-48c8-54cf-bac2-24587248471f","created":"2024-10-31T16:28:29.405984Z","modified":"2025-12-17T15:08:36.437818Z"},{"id":"a9673491-7493-4b85-b5fc-595e91bc7fdc","name":"Mandiant APT45 July 25 2024","description":"Taylor Long, Jeff Johnson, Alice Revelli, Fred Plan, Michael Barnhart. (2024, July 25). APT45: North Korea’s Digital Military Machine. Retrieved July 26, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine","source":"Tidal Cyber","title":"APT45: North Korea’s Digital Military Machine","authors":"Taylor Long, Jeff Johnson, Alice Revelli, Fred Plan, Michael Barnhart","date_accessed":"2024-07-26T00:00:00Z","date_published":"2024-07-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7b995b95-80b5-5327-9fae-53487b9283c1","created":"2024-08-02T14:58:07.046021Z","modified":"2024-08-02T14:58:07.513076Z"},{"id":"916e2137-46e6-53c2-a917-5b5b5c4bae3a","name":"NSA APT5 Citrix Threat Hunting December 2022","description":"National Security Agency. (2022, December). APT5: Citrix ADC Threat Hunting Guidance. Retrieved February 5, 2024.","url":"https://media.defense.gov/2022/Dec/13/2003131586/-1/-1/0/CSA-APT5-CITRIXADC-V1.PDF","source":"MITRE","title":"APT5: Citrix ADC Threat Hunting Guidance","authors":"National Security Agency","date_accessed":"2024-02-05T00:00:00Z","date_published":"2022-12-01T00:00:00Z","owner_name":null,"tidal_id":"3a20fa56-5fe4-51ab-a43d-d66978994283","created":"2024-04-25T13:28:45.803443Z","modified":"2025-12-17T15:08:36.438368Z"},{"id":"428333d6-8b04-415c-877c-36cf5a3e5967","name":"Medium April 20 2024","description":"Rakesh Krishnan. (2024, April 20). APT73-ERALEIG NEWS UNVEILING NEW RANSOMWARE GROUP. Retrieved April 25, 2024.","url":"https://rakeshkrish.medium.com/apt73-eraleig-news-unveiling-new-ransomware-group-55aec3e873ff","source":"Tidal Cyber","title":"APT73-ERALEIG NEWS UNVEILING NEW RANSOMWARE GROUP","authors":"Rakesh Krishnan","date_accessed":"2024-04-25T00:00:00Z","date_published":"2024-04-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f8ff1d4c-98d1-56c6-9789-e4ec48a45f63","created":"2024-11-25T18:00:53.479362Z","modified":"2024-11-25T18:00:53.695461Z"},{"id":"cd71395a-9b7f-4b38-9ca7-337f9bcf1598","name":"ASEC PebbleDash December 21 2021","description":"ASEC. (2021, December 21). APT Attack Cases of Kimsuky Group (PebbleDash). Retrieved February 10, 2025.","url":"https://asec.ahnlab.com/en/30022/","source":"Tidal Cyber","title":"APT Attack Cases of Kimsuky Group (PebbleDash)","authors":"ASEC","date_accessed":"2025-02-10T00:00:00Z","date_published":"2021-12-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"31e9a794-e73d-557c-9ad7-8ddc28fa9b70","created":"2025-02-11T18:20:05.712578Z","modified":"2025-02-11T18:20:05.912513Z"},{"id":"13b3c835-bc8d-525b-938d-f5655d86114d","name":"Cyfirma Bahamut","description":"Cyfirma. (2023, February 10). APT Bahamut Attacks Indian Intelligence Operative using Android Malware. Retrieved February","url":"https://www.cyfirma.com/outofband/apt-bahamut-attacks-indian-intelligence-operative-using-android-malware/","source":"Mobile","title":"APT Bahamut Attacks Indian Intelligence Operative using Android Malware","authors":"Cyfirma","date_accessed":"1978-02-01T00:00:00Z","date_published":"2023-02-10T00:00:00Z","owner_name":null,"tidal_id":"11d3573c-5dc1-5004-8209-8d6b5037e3ab","created":"2026-01-28T13:08:10.047411Z","modified":"2026-01-28T13:08:10.047414Z"},{"id":"7196226e-7d0d-5e14-a4e3-9b6322537039","name":"welivesecurity_apt-c-23","description":"Stefanko, L. (2020, September 30). APT‑C‑23 group evolves its Android spyware. Retrieved March 4, 2024.","url":"https://web.archive.org/web/20201123042131/www.welivesecurity.com/2020/09/30/aptc23-group-evolves-its-android-spyware/","source":"MITRE","title":"APT‑C‑23 group evolves its Android spyware","authors":"Stefanko, L","date_accessed":"2024-03-04T00:00:00Z","date_published":"2020-09-30T00:00:00Z","owner_name":null,"tidal_id":"2d986dcd-af3c-5437-9884-f0ac3b14c495","created":"2024-04-25T13:28:44.968299Z","modified":"2025-12-17T15:08:36.439628Z"},{"id":"9d6f6d88-a0d3-5501-a377-f5daf48f62af","name":"Cyware APT-C-23 2020","description":"Cyware. (2020, October 2). APT‑C‑23 is Still Active and Enhancing its Mobile Spying Capabilities. Retrieved December","url":"https://social.cyware.com/news/aptc23-is-still-active-and-enhancing-its-mobile-spying-capabilities-82e0cea4","source":"Mobile","title":"APT‑C‑23 is Still Active and Enhancing its Mobile Spying Capabilities","authors":"Cyware","date_accessed":"1978-12-01T00:00:00Z","date_published":"2020-10-02T00:00:00Z","owner_name":null,"tidal_id":"8a6012e3-ee95-5c45-b768-38bf1ebef0b6","created":"2026-01-28T13:08:10.046993Z","modified":"2026-01-28T13:08:10.046996Z"},{"id":"cae075ea-42cb-4695-ac66-9187241393d1","name":"QiAnXin APT-C-36 Feb2019","description":"QiAnXin Threat Intelligence Center. (2019, February 18). APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations. Retrieved May 5, 2020.","url":"https://web.archive.org/web/20190625182633if_/https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/","source":"MITRE, Tidal Cyber","title":"APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations","authors":"QiAnXin Threat Intelligence Center","date_accessed":"2020-05-05T00:00:00Z","date_published":"2019-02-18T00:00:00Z","owner_name":null,"tidal_id":"2f30f5d5-a6b8-593e-b0f7-3a770ab32f70","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.280172Z"},{"id":"682c843d-1bb8-4f30-9d2e-35e8d41b1976","name":"360 Machete Sep 2020","description":"kate. (2020, September 25). APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries — HpReact campaign. Retrieved November 20, 2020.","url":"https://blog.360totalsecurity.com/en/apt-c-43-steals-venezuelan-military-secrets-to-provide-intelligence-support-for-the-reactionaries-hpreact-campaign/","source":"MITRE, Tidal Cyber","title":"APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries — HpReact campaign","authors":"kate","date_accessed":"2020-11-20T00:00:00Z","date_published":"2020-09-25T00:00:00Z","owner_name":null,"tidal_id":"96d4673a-edc1-5378-8801-3b5418d06ca6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.258073Z"},{"id":"a5a14a4e-2214-44ab-9067-75429409d744","name":"Cycraft Chimera April 2020","description":"Cycraft. (2020, April 15). APT Group Chimera - APT Operation Skeleton key Targets Taiwan Semiconductor Vendors. Retrieved August 24, 2020..","url":"https://cycraft.com/download/CyCraft-Whitepaper-Chimera_V4.1.pdf","source":"MITRE","title":"APT Group Chimera - APT Operation Skeleton key Targets Taiwan Semiconductor Vendors","authors":"Cycraft","date_accessed":"2020-08-24T00:00:00Z","date_published":"2020-04-15T00:00:00Z","owner_name":null,"tidal_id":"add7ca3b-fd86-5aae-a64e-4d52f2d0251f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438656Z"},{"id":"b8bee7f9-155e-4765-9492-01182e4435b7","name":"CISA IT Service Providers","description":"CISA. (n.d.). APTs Targeting IT Service Provider Customers. Retrieved November 16, 2020.","url":"https://us-cert.cisa.gov/APTs-Targeting-IT-Service-Provider-Customers","source":"MITRE","title":"APTs Targeting IT Service Provider Customers","authors":"CISA","date_accessed":"2020-11-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5738c9ea-0d16-530f-b1ba-0d0d149080a4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432994Z"},{"id":"1f07f234-50f0-4c1e-942a-a01d3f733161","name":"Securelist GCMAN","description":"Kaspersky Lab's Global Research & Analysis Team. (2016, February 8). APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks. Retrieved April 20, 2016.","url":"https://securelist.com/apt-style-bank-robberies-increase-with-metel-gcman-and-carbanak-2-0-attacks/73638/","source":"MITRE, Tidal Cyber","title":"APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks","authors":"Kaspersky Lab's Global Research & Analysis Team","date_accessed":"2016-04-20T00:00:00Z","date_published":"2016-02-08T00:00:00Z","owner_name":null,"tidal_id":"1dfea1e7-a8d0-5d29-8f3e-71eb98a40e09","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.280218Z"},{"id":"dabad6df-1e31-4c16-9217-e079f2493b02","name":"Proofpoint TA459 April 2017","description":"Axel F. (2017, April 27). APT Targets Financial Analysts with CVE-2017-0199. Retrieved February 15, 2018.","url":"https://www.proofpoint.com/us/threat-insight/post/apt-targets-financial-analysts","source":"MITRE, Tidal Cyber","title":"APT Targets Financial Analysts with CVE-2017-0199","authors":"Axel F","date_accessed":"2018-02-15T00:00:00Z","date_published":"2017-04-27T00:00:00Z","owner_name":null,"tidal_id":"c91b829c-dfda-58e7-9a96-f7d718a9ac09","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.258534Z"},{"id":"285c038b-e5fc-57ef-9a98-d9e24c52e2cf","name":"Kaspersky ToddyCat June 2022","description":"Dedola, G. (2022, June 21). APT ToddyCat. Retrieved January 3, 2024.","url":"https://securelist.com/toddycat/106799/","source":"MITRE","title":"APT ToddyCat","authors":"Dedola, G","date_accessed":"2024-01-03T00:00:00Z","date_published":"2022-06-21T00:00:00Z","owner_name":null,"tidal_id":"ff3e5da5-7383-5907-8cad-62be6807748b","created":"2024-04-25T13:28:45.641275Z","modified":"2025-12-17T15:08:36.416510Z"},{"id":"587f5195-e696-4a3c-8c85-90b9c002cd11","name":"Securelist APT Trends April 2018","description":"Global Research and Analysis Team . (2018, April 12). APT Trends report Q1 2018. Retrieved January 27, 2021.","url":"https://securelist.com/apt-trends-report-q1-2018/85280/","source":"MITRE","title":"APT Trends report Q1 2018","authors":"Global Research and Analysis Team","date_accessed":"2021-01-27T00:00:00Z","date_published":"2018-04-12T00:00:00Z","owner_name":null,"tidal_id":"d4360081-2019-589a-8cc4-287eae21e704","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439047Z"},{"id":"23c91719-5ebe-4d03-8018-df1809fffd2f","name":"Kaspersky APT Trends Q1 2020","description":"Global Research and Analysis Team. (2020, April 30). APT trends report Q1 2020. Retrieved September 19, 2022.","url":"https://securelist.com/apt-trends-report-q1-2020/96826/","source":"MITRE","title":"APT trends report Q1 2020","authors":"Global Research and Analysis Team","date_accessed":"2022-09-19T00:00:00Z","date_published":"2020-04-30T00:00:00Z","owner_name":null,"tidal_id":"2432ef54-1f78-59b6-ac69-0a7aaa98c220","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437435Z"},{"id":"3fd0ba3b-7919-46d3-a444-50508603956f","name":"Kaspersky APT Trends Q1 April 2021","description":"GReAT . (2021, April 27). APT trends report Q1 2021. Retrieved June 6, 2022.","url":"https://securelist.com/apt-trends-report-q1-2021/101967","source":"MITRE","title":"APT trends report Q1 2021","authors":"GReAT","date_accessed":"2022-06-06T00:00:00Z","date_published":"2021-04-27T00:00:00Z","owner_name":null,"tidal_id":"290a837e-e8c8-55e6-ab05-b7b3b19b3c87","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442458Z"},{"id":"fe28042c-d289-463f-9ece-1a75a70b966e","name":"Securelist APT Trends Q2 2017","description":"Kaspersky Lab's Global Research & Analysis Team. (2017, August 8). APT Trends report Q2 2017. Retrieved February 15, 2018.","url":"https://securelist.com/apt-trends-report-q2-2017/79332/","source":"MITRE","title":"APT Trends report Q2 2017","authors":"Kaspersky Lab's Global Research & Analysis Team","date_accessed":"2018-02-15T00:00:00Z","date_published":"2017-08-08T00:00:00Z","owner_name":null,"tidal_id":"a3a63ddd-f9ad-5a4c-9c09-5f43fe210a9b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417320Z"},{"id":"05a8afd3-0173-41ca-b23b-196ea0f3b1c1","name":"Wired ArcaneDoor April 24 2024","description":"Andy Greenberg. (2024, April 24). ‘ArcaneDoor’ Cyberspies Hacked Cisco Firewalls to Access Government Networks. Retrieved May 6, 2024.","url":"https://www.wired.com/story/arcanedoor-cyberspies-hacked-cisco-firewalls-to-access-government-networks/","source":"Tidal Cyber","title":"‘ArcaneDoor’ Cyberspies Hacked Cisco Firewalls to Access Government Networks","authors":"Andy Greenberg","date_accessed":"2024-05-06T00:00:00Z","date_published":"2024-04-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6401312e-6851-52ba-ac81-ee71a3395c93","created":"2024-05-07T16:51:30.968786Z","modified":"2024-05-07T16:51:31.154331Z"},{"id":"da99c764-8c3d-5a2c-9321-0f6fe4da141b","name":"Cisco ArcaneDoor 2024","description":"Cisco Talos. (2024, April 24). ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices. Retrieved January 6, 2025.","url":"https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/","source":"MITRE","title":"ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices","authors":"Cisco Talos","date_accessed":"2025-01-06T00:00:00Z","date_published":"2024-04-24T00:00:00Z","owner_name":null,"tidal_id":"9afb6195-a661-5e06-a81c-ac701d2e67e7","created":"2025-04-22T20:47:21.967723Z","modified":"2025-12-17T15:08:36.418349Z"},{"id":"531c3f6f-2d2b-4774-b069-e2b7a13602c1","name":"Cisco Talos ArcaneDoor April 24 2024","description":"Cisco Talos. (2024, April 24). ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices. Retrieved May 6, 2024.","url":"https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/","source":"Tidal Cyber","title":"ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices","authors":"Cisco Talos","date_accessed":"2024-05-06T00:00:00Z","date_published":"2024-04-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f6f84aa7-544b-5388-a604-19bd822b2c97","created":"2024-05-07T16:51:30.492536Z","modified":"2024-05-07T16:51:30.804980Z"},{"id":"94295594-ae15-44d5-b3a0-96dbb4d971c9","name":"Arctic Wolf Networks August 1 2025","description":"Julian Tuin. (2025, August 1). Arctic Wolf Observes July 2025 Uptick in Akira Ransomware Activity Targeting SonicWall SSL VPN I Arctic Wolf. Retrieved August 5, 2025.","url":"https://arcticwolf.com/resources/blog/arctic-wolf-observes-july-2025-uptick-in-akira-ransomware-activity-targeting-sonicwall-ssl-vpn/","source":"Tidal Cyber","title":"Arctic Wolf Observes July 2025 Uptick in Akira Ransomware Activity Targeting SonicWall SSL VPN I Arctic Wolf","authors":"Julian Tuin","date_accessed":"2025-08-05T12:00:00Z","date_published":"2025-08-01T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"953a0f6f-cc88-5561-b90f-861cd3993eca","created":"2025-08-06T14:56:43.517379Z","modified":"2025-08-06T14:56:43.653895Z"},{"id":"87218d4c-ed0a-514c-b9c8-048bad4d0245","name":"Arctic Wolf","description":"Julian Tuin, Stefan Hostetler, Jon Grimm, Aaron Diaz, and Trevor Daher. (2024, November 22). Arctic Wolf Observes Threat Campaign Targeting Palo Alto Networks Firewall Devices. Retrieved January 8, 2025.","url":"https://arcticwolf.com/resources/blog/arctic-wolf-observes-threat-campaign-targeting-palo-alto-networks-firewall-devices/","source":"MITRE","title":"Arctic Wolf Observes Threat Campaign Targeting Palo Alto Networks Firewall Devices","authors":"Julian Tuin, Stefan Hostetler, Jon Grimm, Aaron Diaz, and Trevor Daher","date_accessed":"2025-01-08T00:00:00Z","date_published":"2024-11-22T00:00:00Z","owner_name":null,"tidal_id":"658d3b40-a678-517d-9df4-d57f5f4e37ac","created":"2025-04-22T20:47:19.451323Z","modified":"2025-12-17T15:08:36.434896Z"},{"id":"48bb84ac-56c8-4840-9a11-2cc76213e24e","name":"Wald0 Guide to GPOs","description":"Robbins, A. (2018, April 2). A Red Teamer’s Guide to GPOs and OUs. Retrieved March 5, 2019.","url":"https://wald0.com/?p=179","source":"MITRE","title":"A Red Teamer’s Guide to GPOs and OUs","authors":"Robbins, A","date_accessed":"2019-03-05T00:00:00Z","date_published":"2018-04-02T00:00:00Z","owner_name":null,"tidal_id":"f354f2a0-a377-54a4-a1b2-82e882542059","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430148Z"},{"id":"fa809aab-5051-4f9c-8e27-b5989608b03c","name":"Lau 2011","description":"Lau, H. (2011, August 8). Are MBR Infections Back in Fashion? (Infographic). Retrieved November 13, 2014.","url":"http://www.symantec.com/connect/blogs/are-mbr-infections-back-fashion","source":"MITRE","title":"Are MBR Infections Back in Fashion? (Infographic)","authors":"Lau, H","date_accessed":"2014-11-13T00:00:00Z","date_published":"2011-08-08T00:00:00Z","owner_name":null,"tidal_id":"c14877e1-ab07-5c41-aa0a-66b07a41ae92","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423886Z"},{"id":"d29a88ae-273b-439e-8808-dc9931f1ff72","name":"Krebs-Booter","description":"Brian Krebs. (2016, October 27). Are the Days of “Booter” Services Numbered?. Retrieved May 15, 2017.","url":"https://krebsonsecurity.com/2016/10/are-the-days-of-booter-services-numbered/","source":"MITRE","title":"Are the Days of “Booter” Services Numbered?","authors":"Brian Krebs","date_accessed":"2017-05-15T00:00:00Z","date_published":"2016-10-27T00:00:00Z","owner_name":null,"tidal_id":"d77ac36e-890e-537d-ace6-2dee648687cf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427186Z"},{"id":"923d6d3e-6117-43a5-92c6-ea0c131355c2","name":"RSA Forfiles Aug 2017","description":"Partington, E. (2017, August 14). Are you looking out for forfiles.exe (if you are watching for cmd.exe). Retrieved January 22, 2018.","url":"https://community.rsa.com/community/products/netwitness/blog/2017/08/14/are-you-looking-out-for-forfilesexe-if-you-are-watching-for-cmdexe","source":"MITRE","title":"Are you looking out for forfiles.exe (if you are watching for cmd.exe)","authors":"Partington, E","date_accessed":"2018-01-22T00:00:00Z","date_published":"2017-08-14T00:00:00Z","owner_name":null,"tidal_id":"2380b788-d6dc-5bfc-847d-f83c73ab2a1b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428078Z"},{"id":"e7091d66-7faa-49d6-b16f-be1f79db4471","name":"FireEye Respond Webinar July 2017","description":"Scavella, T. and Rifki, A. (2017, July 20). Are you Ready to Respond? (Webinar). Retrieved October 4, 2017.","url":"https://www2.fireeye.com/WBNR-Are-you-ready-to-respond.html","source":"MITRE","title":"Are you Ready to Respond? (Webinar)","authors":"Scavella, T. and Rifki, A","date_accessed":"2017-10-04T00:00:00Z","date_published":"2017-07-20T00:00:00Z","owner_name":null,"tidal_id":"e816d6e2-1e8a-519c-834c-e58ca995fe48","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439329Z"},{"id":"89e913a8-1d52-53fe-b692-fb72e21d794f","name":"Browser-updates","description":"Dusty Miller. (2023, October 17). Are You Sure Your Browser is Up to Date? The Current Landscape of Fake Browser Updates . Retrieved February 13, 2024.","url":"https://www.proofpoint.com/us/blog/threat-insight/are-you-sure-your-browser-date-current-landscape-fake-browser-updates","source":"MITRE","title":"Are You Sure Your Browser is Up to Date? The Current Landscape of Fake Browser Updates","authors":"Dusty Miller","date_accessed":"2024-02-13T00:00:00Z","date_published":"2023-10-17T00:00:00Z","owner_name":null,"tidal_id":"dc01ea40-9ae8-557e-b0a7-3827ce07af29","created":"2024-04-25T13:28:41.095810Z","modified":"2025-12-17T15:08:36.436127Z"},{"id":"963a97b9-71b2-46e7-8315-1d7ef76d832c","name":"Sekoia.io AridViper","description":"Threat & Detection Research Team. (2023, October 26). AridViper, an intrusion set allegedly associated with Hamas. Retrieved October 30, 2023.","url":"https://blog.sekoia.io/aridviper-an-intrusion-set-allegedly-associated-with-hamas/","source":"Tidal Cyber","title":"AridViper, an intrusion set allegedly associated with Hamas","authors":"Threat & Detection Research Team","date_accessed":"2023-10-30T00:00:00Z","date_published":"2023-10-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a70b34d5-0995-5645-b031-cf172b982566","created":"2024-04-25T14:10:44.143390Z","modified":"2024-04-25T14:10:44.389749Z"},{"id":"a727fad1-9078-59fb-9d4c-f20b269e4b69","name":"SentinelLabs AridViper 2023","description":"Delamotte, A. (2023, November 6). Arid Viper | APT’s Nest of SpyC23 Malware Continues to Target Android Devices. Retrieved December","url":"https://www.sentinelone.com/labs/arid-viper-apts-nest-of-spyc23-malware-continues-to-target-android-devices/","source":"Mobile","title":"Arid Viper | APT’s Nest of SpyC23 Malware Continues to Target Android Devices","authors":"Delamotte, A","date_accessed":"1978-12-01T00:00:00Z","date_published":"2023-11-06T00:00:00Z","owner_name":null,"tidal_id":"60d4b8bf-8cf5-5792-924f-a556b05929bf","created":"2026-01-28T13:08:10.046741Z","modified":"2026-01-28T13:08:10.046744Z"},{"id":"2fa6240b-ff2a-4d4b-93f2-901e15cffd5f","name":"Proofpoint April 16 2025","description":"Saher Naumaan; Mark Kelly; Greg Lesnewich; Josh Miller; The Proofpoint Threat Research Team. (2025, April 16). Around the World in 90 Days State-Sponsored Actors Try ClickFix . Retrieved May 6, 2025.","url":"https://www.proofpoint.com/us/blog/threat-insight/around-world-90-days-state-sponsored-actors-try-clickfix","source":"Tidal Cyber","title":"Around the World in 90 Days State-Sponsored Actors Try ClickFix","authors":"Saher Naumaan; Mark Kelly; Greg Lesnewich; Josh Miller; The Proofpoint Threat Research Team","date_accessed":"2025-05-06T00:00:00Z","date_published":"2025-04-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7e70a2ed-2c25-570c-83fb-2ad083f6ac98","created":"2025-05-06T16:28:39.822606Z","modified":"2025-05-06T16:28:40.000462Z"},{"id":"7714222e-8046-4884-b460-493d9ef46305","name":"TechNet Arp","description":"Microsoft. (n.d.). Arp. Retrieved April 17, 2016.","url":"https://technet.microsoft.com/en-us/library/bb490864.aspx","source":"MITRE","title":"Arp","authors":"Microsoft","date_accessed":"2016-04-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d84034d0-39c3-56f6-b62e-ee07ba890456","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422864Z"},{"id":"715cd044-f5ef-4cad-8741-308d104f05a5","name":"Cisco ARP Poisoning Mitigation 2016","description":"King, J., Lauerman, K. (2016, January 22). ARP Poisoning (Man-in-the-Middle) Attack and Mitigation Technique. Retrieved October 15, 2020.","url":"https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/white_paper_c11_603839.html","source":"MITRE","title":"ARP Poisoning (Man-in-the-Middle) Attack and Mitigation Technique","authors":"King, J., Lauerman, K","date_accessed":"2020-10-15T00:00:00Z","date_published":"2016-01-22T00:00:00Z","owner_name":null,"tidal_id":"30e4535c-c697-5700-98c8-9c6de6a0da46","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442733Z"},{"id":"365d02af-f696-5f9f-a993-df3ad20f5e0b","name":"PaloAlto MUSTANG PANDA PUBLOAD MARCH 2024","description":"Unit42. (2024, March 26). ASEAN Entities in the Spotlight: Chinese APT Group Targeting. Retrieved August 4, 2025.","url":"https://unit42.paloaltonetworks.com/chinese-apts-target-asean-entities/","source":"MITRE","title":"ASEAN Entities in the Spotlight: Chinese APT Group Targeting","authors":"Unit42","date_accessed":"2025-08-04T00:00:00Z","date_published":"2024-03-26T00:00:00Z","owner_name":null,"tidal_id":"ea84aa85-78e1-551e-a86d-7f81f911e505","created":"2025-10-29T21:08:48.167769Z","modified":"2025-12-17T15:08:36.442022Z"},{"id":"a02e3bbf-5864-4ccf-8b6f-5f8452395670","name":"ASEC Emotet 2017","description":"ASEC. (2017). ASEC REPORT VOL.88. Retrieved April 16, 2019.","url":"https://global.ahnlab.com/global/upload/download/asecreport/ASEC%20REPORT_vol.88_ENG.pdf","source":"MITRE","title":"ASEC REPORT VOL.88","authors":"ASEC","date_accessed":"2019-04-16T00:00:00Z","date_published":"2017-01-01T00:00:00Z","owner_name":null,"tidal_id":"6124d6ad-2d0e-5611-b427-5e7002c09392","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442831Z"},{"id":"bb8ba6af-1dc4-59fb-b717-fd36986387c8","name":"NSC_Android","description":"Lee, A., Ramirez, T. (2018, August 15). A Security Analyst’s Guide to Network Security Configuration in Android P . Retrieved February","url":"https://www.nowsecure.com/blog/2018/08/15/a-security-analysts-guide-to-network-security-configuration-in-android-p/","source":"Mobile","title":"A Security Analyst’s Guide to Network Security Configuration in Android P","authors":"Lee, A., Ramirez, T","date_accessed":"1978-02-01T00:00:00Z","date_published":"2018-08-15T00:00:00Z","owner_name":null,"tidal_id":"4a4e84df-5d61-5f2e-bc0b-5ad8357e00b0","created":"2026-01-28T13:08:10.042793Z","modified":"2026-01-28T13:08:10.042796Z"},{"id":"dbac0954-3daf-4265-bc7f-461861dc6a47","name":"Huntress RMMs December 18 2025","description":"None Identified. (2025, December 18). A Series of Unfortunate (RMM) Events | Huntress. Retrieved December 24, 2025.","url":"https://www.huntress.com/blog/series-of-unfortunate-rmm-events","source":"Tidal Cyber","title":"A Series of Unfortunate (RMM) Events | Huntress","authors":"None Identified","date_accessed":"2025-12-24T12:00:00Z","date_published":"2025-12-18T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1fda060e-e17e-5bca-aebb-7e76e63bdff6","created":"2026-01-14T13:29:39.448777Z","modified":"2026-01-14T13:29:39.593969Z"},{"id":"a8f323c7-82bc-46e6-bd6c-0b631abc644a","name":"ASERT Seven Pointed Dagger Aug 2015","description":"ASERT. (2015, August). ASERT Threat Intelligence Report – Uncovering the Seven Pointed Dagger. Retrieved March 19, 2018.","url":"https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/01/ASERT-Threat-Intelligence-Brief-2015-08-Uncovering-the-Seven-Point-Dagger.pdf","source":"MITRE","title":"ASERT Threat Intelligence Report – Uncovering the Seven Pointed Dagger","authors":"ASERT","date_accessed":"2018-03-19T00:00:00Z","date_published":"2015-08-01T00:00:00Z","owner_name":null,"tidal_id":"6b35861d-7880-5675-89fa-218b7331993b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419557Z"},{"id":"3a043bba-2451-4765-946b-c1f3bf4aea36","name":"Securelist Sofacy Feb 2018","description":"Kaspersky Lab's Global Research & Analysis Team. (2018, February 20). A Slice of 2017 Sofacy Activity. Retrieved November 27, 2018.","url":"https://securelist.com/a-slice-of-2017-sofacy-activity/83930/","source":"MITRE","title":"A Slice of 2017 Sofacy Activity","authors":"Kaspersky Lab's Global Research & Analysis Team","date_accessed":"2018-11-27T00:00:00Z","date_published":"2018-02-20T00:00:00Z","owner_name":null,"tidal_id":"bfeed1c5-f01f-56fc-90e2-1e835f97684e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419101Z"},{"id":"c134c6d8-c027-4528-a13f-08aebf40f8e6","name":"Sophos News April 26 2020","description":"Sophos. (2020, April 26). “Asnarok” Trojan targets firewalls. Retrieved November 8, 2024.","url":"https://news.sophos.com/en-us/2020/04/26/asnarok/","source":"Tidal Cyber","title":"“Asnarok” Trojan targets firewalls","authors":"Sophos","date_accessed":"2024-11-08T00:00:00Z","date_published":"2020-04-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c43eb31b-b691-5f0f-9d63-999004b3a476","created":"2024-11-08T20:32:29.300076Z","modified":"2024-11-08T20:32:29.479904Z"},{"id":"5a01f0b7-86f7-44a1-bf35-46a631402ceb","name":"THE FINANCIAL TIMES LTD 2019.","description":"THE FINANCIAL TIMES. (2019, September 2). A sobering day. Retrieved October 8, 2019.","url":"https://labs.ft.com/2013/05/a-sobering-day/?mhq5j=e6","source":"MITRE","title":"A sobering day","authors":"THE FINANCIAL TIMES","date_accessed":"2019-10-08T00:00:00Z","date_published":"2019-09-02T00:00:00Z","owner_name":null,"tidal_id":"df4001a8-d489-55c2-b9b9-c146dd9df784","created":"2022-12-14T20:06:32.013016Z","modified":"2023-11-07T00:36:06.234853Z"},{"id":"15864c56-115e-4163-b816-03bdb9bfd5c5","name":"Aspnet_Compiler.exe - LOLBAS Project","description":"LOLBAS. (2021, September 26). Aspnet_Compiler.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Aspnet_Compiler/","source":"Tidal Cyber","title":"Aspnet_Compiler.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-09-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"89981aec-9ce9-51d4-8ce1-9f16f2df97fc","created":"2024-01-12T14:46:30.950112Z","modified":"2024-01-12T14:46:31.139958Z"},{"id":"5276508c-6792-56be-b757-e4b495ef6c37","name":"Mandiant UNC2452 APT29 April 2022","description":"Mandiant. (2022, April 27). Assembling the Russian Nesting Doll: UNC2452 Merged into APT29. Retrieved March 26, 2023.","url":"https://www.mandiant.com/resources/blog/unc2452-merged-into-apt29","source":"MITRE","title":"Assembling the Russian Nesting Doll: UNC2452 Merged into APT29","authors":"Mandiant","date_accessed":"2023-03-26T00:00:00Z","date_published":"2020-04-27T00:00:00Z","owner_name":null,"tidal_id":"c4ed8455-f488-598b-9242-4789574906d8","created":"2023-05-26T01:21:11.499958Z","modified":"2025-12-17T15:08:36.437549Z"},{"id":"3d980d7a-7074-5812-9bb1-ca8e27e028bd","name":"Microsoft AssemblyLoad","description":"Microsoft. (n.d.). Assembly.Load Method. Retrieved February 9, 2024.","url":"https://learn.microsoft.com/dotnet/api/system.reflection.assembly.load","source":"MITRE","title":"Assembly.Load Method","authors":"Microsoft","date_accessed":"2024-02-09T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"38d49fe1-b9d9-5c0e-8a1a-3ace7826b0fa","created":"2024-04-25T13:28:33.872621Z","modified":"2025-12-17T15:08:36.428941Z"},{"id":"d5b51af4-2091-55c7-a97f-c8b5ab871342","name":"Mandiant DPRK Groups 2023","description":"Michael Barnhart, Austin Larsen, Jeff Johnson, Taylor Long, Michelle Cantos, Adrian Hernandez. (2023, October 10). Assessed Cyber Structure and Alignments of North Korea in 2023. Retrieved August 25, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/north-korea-cyber-structure-alignment-2023","source":"MITRE","title":"Assessed Cyber Structure and Alignments of North Korea in 2023","authors":"Michael Barnhart, Austin Larsen, Jeff Johnson, Taylor Long, Michelle Cantos, Adrian Hernandez","date_accessed":"2025-08-25T00:00:00Z","date_published":"2023-10-10T00:00:00Z","owner_name":null,"tidal_id":"55ee683c-1713-5b08-a95f-bcecbf17c24e","created":"2025-10-29T21:08:48.166735Z","modified":"2025-12-17T15:08:36.437588Z"},{"id":"fe6ba97b-ff61-541b-9a67-a835290dc4ab","name":"Kubernetes Assigning Pods to Nodes","description":"Kubernetes. (n.d.). Assigning Pods to Nodes. Retrieved February 15, 2024.","url":"https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/","source":"MITRE","title":"Assigning Pods to Nodes","authors":"Kubernetes","date_accessed":"2024-02-15T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c7f63bb7-05bc-5439-b9c7-8ff4daecf2c6","created":"2024-04-25T13:28:38.609107Z","modified":"2025-12-17T15:08:36.433529Z"},{"id":"63fb65d7-6423-42de-b868-37fbc2bc133d","name":"Microsoft Assoc Oct 2017","description":"Plett, C. et al.. (2017, October 15). assoc. Retrieved August 7, 2018.","url":"https://docs.microsoft.com/windows-server/administration/windows-commands/assoc","source":"MITRE","title":"assoc","authors":"Plett, C. et al.","date_accessed":"2018-08-07T00:00:00Z","date_published":"2017-10-15T00:00:00Z","owner_name":null,"tidal_id":"0f22327d-399c-5a7d-9d45-4f0a4ee5f00d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430728Z"},{"id":"f403fc54-bdac-415a-9cc0-78803dd84214","name":"Rhino Security Labs Enumerating AWS Roles","description":"Spencer Gietzen. (2018, August 8). Assume the Worst: Enumerating AWS Roles through ‘AssumeRole’. Retrieved April 1, 2022.","url":"https://rhinosecuritylabs.com/aws/assume-worst-aws-assume-role-enumeration","source":"MITRE","title":"Assume the Worst: Enumerating AWS Roles through ‘AssumeRole’","authors":"Spencer Gietzen","date_accessed":"2022-04-01T00:00:00Z","date_published":"2018-08-08T00:00:00Z","owner_name":null,"tidal_id":"626cfd39-1b10-5550-ae22-28c6a15113df","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436295Z"},{"id":"eb4dc1f8-c6e7-4d6c-9258-b03a0ae64d2e","name":"Cybereason Astaroth Feb 2019","description":"Salem, E. (2019, February 13). ASTAROTH MALWARE USES LEGITIMATE OS AND ANTIVIRUS PROCESSES TO STEAL PASSWORDS AND PERSONAL DATA. Retrieved April 17, 2019.","url":"https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil-full-research","source":"MITRE","title":"ASTAROTH MALWARE USES LEGITIMATE OS AND ANTIVIRUS PROCESSES TO STEAL PASSWORDS AND PERSONAL DATA","authors":"Salem, E","date_accessed":"2019-04-17T00:00:00Z","date_published":"2019-02-13T00:00:00Z","owner_name":null,"tidal_id":"e3f04b46-af86-5dbc-954c-e59a7eab5556","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422217Z"},{"id":"67e63f34-e4c6-4c6c-9d79-758c8b1ca7ff","name":"Acronis January 08 2026","description":"None Identified. (2026, January 8). Astaroth’s Boto Cor-de-Rosa campaign targets Brazil with new WhatsApp malware technique. Retrieved January 12, 2026.","url":"https://www.acronis.com/en/tru/posts/boto-cor-de-rosa-campaign-reveals-astaroth-whatsapp-based-worm-activity-in-brazil/","source":"Tidal Cyber","title":"Astaroth’s Boto Cor-de-Rosa campaign targets Brazil with new WhatsApp malware technique","authors":"None Identified","date_accessed":"2026-01-12T12:00:00Z","date_published":"2026-01-08T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"81969121-4b05-5fc5-a925-d70143084373","created":"2026-01-14T13:29:44.504085Z","modified":"2026-01-14T13:29:44.645289Z"},{"id":"15a4d429-28c3-52be-aeb8-d94ad2743866","name":"spamhaus-malvertising","description":"Miller, Sarah. (2023, February 2). A surge of malvertising across Google Ads is distributing dangerous malware. Retrieved February 21, 2023.","url":"https://www.spamhaus.com/resource-center/a-surge-of-malvertising-across-google-ads-is-distributing-dangerous-malware/","source":"MITRE","title":"A surge of malvertising across Google Ads is distributing dangerous malware","authors":"Miller, Sarah","date_accessed":"2023-02-21T00:00:00Z","date_published":"2023-02-02T00:00:00Z","owner_name":null,"tidal_id":"01ad2bc0-6161-5a53-a34a-d577ae9c9ec2","created":"2023-05-26T01:21:01.854821Z","modified":"2025-12-17T15:08:36.425362Z"},{"id":"313e8333-0512-50d4-a7f6-4294dc935003","name":"Lua Proofpoint Sunseed","description":"Raggi, Michael. Cass, Zydeca. The Proofpoint Threat Research Team.. (2022, March 1). Asylum Ambuscade: State Actor Uses Lua-based Sunseed Malware to Target European Governments and Refugee Movement. Retrieved August 5, 2024.","url":"https://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails","source":"MITRE","title":"Asylum Ambuscade: State Actor Uses Lua-based Sunseed Malware to Target European Governments and Refugee Movement","authors":"Raggi, Michael. Cass, Zydeca. The Proofpoint Threat Research Team.","date_accessed":"2024-08-05T00:00:00Z","date_published":"2022-03-01T00:00:00Z","owner_name":null,"tidal_id":"79eb5779-ad41-574a-a20a-6080ddc350ec","created":"2024-10-31T16:28:24.569299Z","modified":"2025-12-17T15:08:36.433504Z"},{"id":"37f1ef6c-fc0e-4e47-85ab-20d53caba77e","name":"Microsoft APC","description":"Microsoft. (n.d.). Asynchronous Procedure Calls. Retrieved December 8, 2017.","url":"https://msdn.microsoft.com/library/windows/desktop/ms681951.aspx","source":"MITRE","title":"Asynchronous Procedure Calls","authors":"Microsoft","date_accessed":"2017-12-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"39ee74c0-cb34-5845-921c-06d7fc6a9f21","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431524Z"},{"id":"86a69887-8d23-460f-9a51-96a10bfb3c29","name":"Medium February 08 2023","description":"Hack sydney. (2023, February 8). AsyncRAT: Analysing the Three Stages of Execution. Retrieved May 7, 2023.","url":"https://medium.com/@hcksyd/asyncrat-analysing-the-three-stages-of-execution-378b343216bf","source":"Tidal Cyber","title":"AsyncRAT: Analysing the Three Stages of Execution","authors":"Hack sydney","date_accessed":"2023-05-07T00:00:00Z","date_published":"2023-02-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c8a81859-2683-5d2e-87ac-d3889bb4e84b","created":"2024-06-13T20:10:11.902333Z","modified":"2024-06-13T20:10:12.106684Z"},{"id":"2869d93c-d3fe-475e-adc9-ab6eb7e26c0f","name":"AsyncRAT Crusade: Detections and Defense | Splunk","description":"Splunk-Blogs. (n.d.). AsyncRAT Crusade: Detections and Defense. Retrieved May 7, 2023.","url":"https://www.splunk.com/en_us/blog/security/asyncrat-crusade-detections-and-defense.html","source":"Tidal Cyber","title":"AsyncRAT Crusade: Detections and Defense","authors":"Splunk-Blogs","date_accessed":"2023-05-07T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"14708357-6701-5f5b-b45e-42d58622c952","created":"2024-06-13T20:10:11.363225Z","modified":"2024-06-13T20:10:11.718471Z"},{"id":"31b40c09-d68f-4889-b585-c077bd9cef28","name":"TechNet At","description":"Microsoft. (n.d.). At. Retrieved April 28, 2016.","url":"https://technet.microsoft.com/en-us/library/bb490866.aspx","source":"MITRE","title":"At","authors":"Microsoft","date_accessed":"2016-04-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"08225b19-ec52-5d65-bae7-12d1e3a64b4a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422739Z"},{"id":"4bc1389d-9586-4dfc-a67c-58c6d3f6796a","name":"Die.net Linux at Man Page","description":"Thomas Koenig. (n.d.). at(1) - Linux man page. Retrieved December 19, 2017.","url":"https://linux.die.net/man/1/at","source":"MITRE","title":"at(1) - Linux man page","authors":"Thomas Koenig","date_accessed":"2017-12-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4a2264bf-e787-5561-92ee-366197ed24ef","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434203Z"},{"id":"3e3a84bc-ab6d-460d-8abc-cafae6eaaedd","name":"Linux at","description":"IEEE/The Open Group. (2017). at(1p) — Linux manual page. Retrieved February 25, 2022.","url":"https://man7.org/linux/man-pages/man1/at.1p.html","source":"MITRE","title":"at(1p) — Linux manual page","authors":"IEEE/The Open Group","date_accessed":"2022-02-25T00:00:00Z","date_published":"2017-01-01T00:00:00Z","owner_name":null,"tidal_id":"ed433787-b426-5b41-942b-d0e266b73cd8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422732Z"},{"id":"4904261a-a3a9-4c3e-b6a7-079890026ee2","name":"PWC Pirpi Scanbox","description":"Lancaster, T. (2015, July 25). A tale of Pirpi, Scanbox & CVE-2015-3113. Retrieved March 30, 2016.","url":"http://pwc.blogs.com/cyber_security_updates/2015/07/pirpi-scanbox.html","source":"MITRE","title":"A tale of Pirpi, Scanbox & CVE-2015-3113","authors":"Lancaster, T","date_accessed":"2016-03-30T00:00:00Z","date_published":"2015-07-25T00:00:00Z","owner_name":null,"tidal_id":"a1f0e1b3-e461-5310-957a-6fffb7b8fdf3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439239Z"},{"id":"b33f6f56-399b-5780-bbf5-7da749663a6e","name":"Bonnie Zhu, Anthony Joseph, Shankar Sastry 2011","description":"Bonnie Zhu, Anthony Joseph, Shankar Sastry. (2011). A Taxonomy of Cyber Attacks on SCADA Systems. Retrieved January","url":"http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6142258","source":"ICS","title":"A Taxonomy of Cyber Attacks on SCADA Systems","authors":"Bonnie Zhu, Anthony Joseph, Shankar Sastry","date_accessed":"1978-01-01T00:00:00Z","date_published":"2011-01-01T00:00:00Z","owner_name":null,"tidal_id":"23801c54-ce85-51e0-b3e4-707afd9c73c3","created":"2026-01-28T13:08:18.176224Z","modified":"2026-01-28T13:08:18.176227Z"},{"id":"b0c21b56-6591-49c3-8e67-328ddb7b436d","name":"Atbroker.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Atbroker.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Atbroker/","source":"Tidal Cyber","title":"Atbroker.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"15b91e68-3fef-54e6-ab8a-88fcd2f0dba7","created":"2024-01-12T14:46:31.684484Z","modified":"2024-01-12T14:46:31.877473Z"},{"id":"fdd57c56-d989-4a6f-8cc5-5b3713605dec","name":"ESET Attor Oct 2019","description":"Hromcova, Z. (2019, October). AT COMMANDS, TOR-BASED COMMUNICATIONS: MEET ATTOR, A FANTASY CREATURE AND ALSO A SPY PLATFORM. Retrieved May 6, 2020.","url":"https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Attor.pdf","source":"MITRE","title":"AT COMMANDS, TOR-BASED COMMUNICATIONS: MEET ATTOR, A FANTASY CREATURE AND ALSO A SPY PLATFORM","authors":"Hromcova, Z","date_accessed":"2020-05-06T00:00:00Z","date_published":"2019-10-01T00:00:00Z","owner_name":null,"tidal_id":"0658913b-b750-5046-bd8c-66436475a237","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420363Z"},{"id":"305d0742-154a-44af-8686-c6d8bd7f8636","name":"LogRhythm WannaCry","description":"Noerenberg, E., Costis, A., and Quist, N. (2017, May 16). A Technical Analysis of WannaCry Ransomware. Retrieved December 8, 2024.","url":"https://web.archive.org/web/20230522041200/https://logrhythm.com/blog/a-technical-analysis-of-wannacry-ransomware/","source":"MITRE","title":"A Technical Analysis of WannaCry Ransomware","authors":"Noerenberg, E., Costis, A., and Quist, N","date_accessed":"2024-12-08T00:00:00Z","date_published":"2017-05-16T00:00:00Z","owner_name":null,"tidal_id":"9b46df58-d99a-5295-ba20-8fae92aca7a9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419664Z"},{"id":"0a5719f2-8a88-44e2-81c5-2d16a39f1f8d","name":"Malwarebytes Dyreza November 2015","description":"hasherezade. (2015, November 4). A Technical Look At Dyreza. Retrieved June 15, 2020.","url":"https://blog.malwarebytes.com/threat-analysis/2015/11/a-technical-look-at-dyreza/","source":"MITRE","title":"A Technical Look At Dyreza","authors":"hasherezade","date_accessed":"2020-06-15T00:00:00Z","date_published":"2015-11-04T00:00:00Z","owner_name":null,"tidal_id":"b8a47a51-c7ab-5c76-8574-8c153cf19851","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419192Z"},{"id":"a31e1f5c-9b8d-4af4-875b-5c03d2400c12","name":"At.exe - LOLBAS Project","description":"LOLBAS. (2019, September 20). At.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/At/","source":"Tidal Cyber","title":"At.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2019-09-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1ef716d8-1e53-531c-a561-238009e9f66a","created":"2024-01-12T14:46:31.320500Z","modified":"2024-01-12T14:46:31.505500Z"},{"id":"9282dbab-391c-4ffd-ada9-1687413b686b","name":"ENSIL AtomBombing Oct 2016","description":"Liberman, T. (2016, October 27). ATOMBOMBING: BRAND NEW CODE INJECTION FOR WINDOWS. Retrieved December 8, 2017.","url":"https://blog.ensilo.com/atombombing-brand-new-code-injection-for-windows","source":"MITRE","title":"ATOMBOMBING: BRAND NEW CODE INJECTION FOR WINDOWS","authors":"Liberman, T","date_accessed":"2017-12-08T00:00:00Z","date_published":"2016-10-27T00:00:00Z","owner_name":null,"tidal_id":"4a2a5c48-c94a-5bc1-86c8-4b900aaf6791","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431537Z"},{"id":"c4721cab-2895-48ed-bfde-748aa3c80209","name":"SentinelOne 5 3 2023","description":"Phil Stokes. (2023, May 3). Atomic Stealer . Retrieved January 1, 2024.","url":"https://www.sentinelone.com/blog/atomic-stealer-threat-actor-spawns-second-variant-of-macos-malware-sold-on-telegram/","source":"Tidal Cyber","title":"Atomic Stealer","authors":"Phil Stokes","date_accessed":"2024-01-01T00:00:00Z","date_published":"2023-05-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a406cf77-386d-5a4c-84d5-2936930d2cc6","created":"2024-06-13T20:10:57.846673Z","modified":"2024-06-13T20:10:58.027530Z"},{"id":"660de1b0-574d-48df-865a-257b8ed4b928","name":"Malwarebytes 1 10 2024","description":"Jerome Segura. (2024, January 10). Atomic Stealer rings in the new year with updated version . Retrieved January 11, 2024.","url":"https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version","source":"Tidal Cyber","title":"Atomic Stealer rings in the new year with updated version","authors":"Jerome Segura","date_accessed":"2024-01-11T00:00:00Z","date_published":"2024-01-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"cb5f87ef-bfcd-57c8-b72d-f1eaeea4cf6f","created":"2024-06-13T20:11:00.482479Z","modified":"2024-06-13T20:11:00.665601Z"},{"id":"bfa5886a-a7f4-40d1-98d0-c3358abcf265","name":"FireEye TRITON 2018","description":"Miller, S. Reese, E. (2018, June 7). A Totally Tubular Treatise on TRITON and TriStation. Retrieved January 6, 2021.","url":"https://www.fireeye.com/blog/threat-research/2018/06/totally-tubular-treatise-on-TRITON-and-tristation.html","source":"MITRE","title":"A Totally Tubular Treatise on TRITON and TriStation","authors":"Miller, S. Reese, E","date_accessed":"2021-01-06T00:00:00Z","date_published":"2018-06-07T00:00:00Z","owner_name":null,"tidal_id":"33eb76b0-948e-51e2-b8d3-68068a3880f1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420469Z"},{"id":"a6311a66-bb36-4cad-a98f-2b0b89aafa3d","name":"The DFIR Report Truebot June 12 2023","description":"The DFIR Report. (2023, June 12). A Truly Graceful Wipe Out. Retrieved June 15, 2023.","url":"https://thedfirreport.com/2023/06/12/a-truly-graceful-wipe-out/","source":"Tidal Cyber","title":"A Truly Graceful Wipe Out","authors":"The DFIR Report","date_accessed":"2023-06-15T00:00:00Z","date_published":"2023-06-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b9cf608f-1f17-5f85-8116-5922ae1e8015","created":"2023-07-14T12:56:31.677346Z","modified":"2023-07-14T12:56:31.791505Z"},{"id":"b65988a7-3469-54d2-804c-e8ce1f698b5c","name":"DFIR Report Trickbot June 2023","description":"The DFIR Report. (2023, June 12). A Truly Graceful Wipe Out. Retrieved May 31, 2024.","url":"https://thedfirreport.com/2023/06/12/a-truly-graceful-wipe-out/","source":"MITRE","title":"A Truly Graceful Wipe Out","authors":"The DFIR Report","date_accessed":"2024-05-31T00:00:00Z","date_published":"2023-06-12T00:00:00Z","owner_name":null,"tidal_id":"e23c83fe-db85-5802-86ea-173aaef63835","created":"2024-10-31T16:28:25.756175Z","modified":"2025-12-17T15:08:36.434799Z"},{"id":"52212570-b1a6-4249-99d4-3bcf66c27140","name":"att_def_ps_logging","description":"Hao, M. (2019, February 27). Attack and Defense Around PowerShell Event Logging. Retrieved November 24, 2021.","url":"https://nsfocusglobal.com/attack-and-defense-around-powershell-event-logging/","source":"MITRE","title":"Attack and Defense Around PowerShell Event Logging","authors":"Hao, M","date_accessed":"2021-11-24T00:00:00Z","date_published":"2019-02-27T00:00:00Z","owner_name":null,"tidal_id":"aeaaa3b6-8501-5273-81f1-f22ac06d12c3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431891Z"},{"id":"9b32397b-58be-4275-a701-fe0351ff2982","name":"Attack chain leads to XWORM and AGENTTESLA | Elastic","description":"Elastic Blog. (2023, April 7). Attack chain leads to XWORM and AGENTTESLA. Retrieved May 10, 2023.","url":"https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla","source":"Tidal Cyber","title":"Attack chain leads to XWORM and AGENTTESLA","authors":"Elastic Blog","date_accessed":"2023-05-10T00:00:00Z","date_published":"2023-04-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"110d75ac-e71f-53b5-b735-316283a35ed5","created":"2024-06-13T20:10:19.921421Z","modified":"2024-06-13T20:10:20.113987Z"},{"id":"1155a45e-86f4-497a-9a03-43b6dcb25202","name":"Intezer TeamTNT September 2020","description":"Fishbein, N. (2020, September 8). Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks. Retrieved September 22, 2021.","url":"https://www.intezer.com/blog/cloud-security/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/","source":"MITRE","title":"Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks","authors":"Fishbein, N","date_accessed":"2021-09-22T00:00:00Z","date_published":"2020-09-08T00:00:00Z","owner_name":null,"tidal_id":"d8360251-2e43-58c0-b34f-0447b4e2e26c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437677Z"},{"id":"1c899028-466c-49b0-8d64-1a954c812508","name":"Metcalf 2015","description":"Metcalf, S. (2015, January 19). Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your Active Directory Forest. Retrieved February 3, 2015.","url":"http://adsecurity.org/?p=1275","source":"MITRE","title":"Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your Active Directory Forest","authors":"Metcalf, S","date_accessed":"2015-02-03T00:00:00Z","date_published":"2015-01-19T00:00:00Z","owner_name":null,"tidal_id":"0c3b54d6-c1e0-57fd-bf07-33288a3a263d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436259Z"},{"id":"f7ce5099-7e04-4c0b-8767-e0eec664b18e","name":"Cisco Blog Legacy Device Attacks","description":"Omar Santos. (2020, October 19). Attackers Continue to Target Legacy Devices. Retrieved October 20, 2020.","url":"https://community.cisco.com/t5/security-blogs/attackers-continue-to-target-legacy-devices/ba-p/4169954","source":"MITRE","title":"Attackers Continue to Target Legacy Devices","authors":"Omar Santos","date_accessed":"2020-10-20T00:00:00Z","date_published":"2020-10-19T00:00:00Z","owner_name":null,"tidal_id":"42ea8b99-4085-5d01-b7fa-ec4a6ad1b249","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424290Z"},{"id":"9529f47c-9b75-5a62-aa92-998f327fe327","name":"FireEye TRITON","description":"Blake Johnson, Dan Caban, Marina Krotofil, Dan Scali, Nathan Brubaker, Christopher Glyer. (2017, December 14). Attackers Deploy New ICS Attack Framework \"TRITON\" and Cause Operational Disruption to Critical Infrastructure. Retrieved January","url":"https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html","source":"ICS","title":"Attackers Deploy New ICS Attack Framework \"TRITON\" and Cause Operational Disruption to Critical Infrastructure","authors":"Blake Johnson, Dan Caban, Marina Krotofil, Dan Scali, Nathan Brubaker, Christopher Glyer","date_accessed":"1978-01-01T00:00:00Z","date_published":"2017-12-14T00:00:00Z","owner_name":null,"tidal_id":"f9baf538-0df7-577f-b008-f86de72c000d","created":"2026-01-28T13:08:18.179597Z","modified":"2026-01-28T13:08:18.179600Z"},{"id":"597a4d8b-ffb2-4551-86db-b319f5a5b707","name":"FireEye TRITON 2017","description":"Johnson, B, et. al. (2017, December 14). Attackers Deploy New ICS Attack Framework \"TRITON\" and Cause Operational Disruption to Critical Infrastructure. Retrieved January 6, 2021.","url":"https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html","source":"MITRE","title":"Attackers Deploy New ICS Attack Framework \"TRITON\" and Cause Operational Disruption to Critical Infrastructure","authors":"Johnson, B, et. al","date_accessed":"2021-01-06T00:00:00Z","date_published":"2017-12-14T00:00:00Z","owner_name":null,"tidal_id":"ab6f2b59-759e-591b-a687-316f2a2c96a6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420463Z"},{"id":"d4ca3351-eeb8-5342-8c85-806614e22c48","name":"FireEye TRITON Dec 2017","description":"Blake Johnson, Dan Caban, Marina Krotofil, Dan Scali, Nathan Brubaker, Christopher Glyer. (2017, December 14). Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure. Retrieved January 12, 2018.","url":"https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html","source":"MITRE","title":"Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure","authors":"Blake Johnson, Dan Caban, Marina Krotofil, Dan Scali, Nathan Brubaker, Christopher Glyer","date_accessed":"2018-01-12T00:00:00Z","date_published":"2017-12-14T00:00:00Z","owner_name":null,"tidal_id":"d8d4ed63-2956-513e-b6d8-fe1e648390e4","created":"2024-04-25T13:28:52.270782Z","modified":"2025-12-17T15:08:36.441718Z"},{"id":"303f8801-bdd6-4a0c-a90a-37867898c99c","name":"Forbes GitHub Creds","description":"Sandvik, R. (2014, January 14). Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency. Retrieved October 19, 2020.","url":"https://www.forbes.com/sites/runasandvik/2014/01/14/attackers-scrape-github-for-cloud-service-credentials-hijack-account-to-mine-virtual-currency/#242c479d3196","source":"MITRE","title":"Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency","authors":"Sandvik, R","date_accessed":"2020-10-19T00:00:00Z","date_published":"2014-01-14T00:00:00Z","owner_name":null,"tidal_id":"e8c3c965-1955-5017-880d-a73af68f9d0a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429561Z"},{"id":"d2186b8c-10c9-493b-8e25-7d69fce006e4","name":"GitHub Cloud Service Credentials","description":"Runa A. Sandvik. (2014, January 14). Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency. Retrieved August 9, 2022.","url":"https://www.forbes.com/sites/runasandvik/2014/01/14/attackers-scrape-github-for-cloud-service-credentials-hijack-account-to-mine-virtual-currency/","source":"MITRE","title":"Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency","authors":"Runa A. Sandvik","date_accessed":"2022-08-09T00:00:00Z","date_published":"2014-01-14T00:00:00Z","owner_name":null,"tidal_id":"01f1f4d4-6348-573f-a18d-a95343bf6e67","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431189Z"},{"id":"efcbbbdd-9af1-46c2-8538-3fd22f2b67d2","name":"Unit 42 Unsecured Docker Daemons","description":"Chen, J.. (2020, January 29). Attacker's Tactics and Techniques in Unsecured Docker Daemons Revealed. Retrieved March 31, 2021.","url":"https://unit42.paloaltonetworks.com/attackers-tactics-and-techniques-in-unsecured-docker-daemons-revealed/","source":"MITRE","title":"Attacker's Tactics and Techniques in Unsecured Docker Daemons Revealed","authors":"Chen, J.","date_accessed":"2021-03-31T00:00:00Z","date_published":"2020-01-29T00:00:00Z","owner_name":null,"tidal_id":"b35dd926-5fb9-5d6e-8419-82c0a48bcc96","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431961Z"},{"id":"0346a943-4e49-4984-8fc9-90b27ebbcd26","name":"Proofpoint June 9 2025","description":"The Proofpoint Threat Research Team. (2025, June 9). Attackers Unleash TeamFiltration Account Takeover Campaign (UNK_SneakyStrike) Leverages Popular Pentesting Tool . Retrieved June 16, 2025.","url":"https://www.proofpoint.com/us/blog/threat-insight/attackers-unleash-teamfiltration-account-takeover-campaign","source":"Tidal Cyber","title":"Attackers Unleash TeamFiltration Account Takeover Campaign (UNK_SneakyStrike) Leverages Popular Pentesting Tool","authors":"The Proofpoint Threat Research Team","date_accessed":"2025-06-16T12:00:00Z","date_published":"2025-06-09T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ae470cbb-7f02-5dc0-8ac0-39b9241f9640","created":"2025-06-17T14:40:47.016392Z","modified":"2025-06-17T14:40:47.193972Z"},{"id":"9371ee4a-ac23-5acb-af3f-132ef3645392","name":"Talos Roblox Scam 2023","description":"Tiago Pereira. (2023, November 2). Attackers use JavaScript URLs, API forms and more to scam users in popular online game “Roblox”. Retrieved January 2, 2024.","url":"https://blog.talosintelligence.com/roblox-scam-overview/","source":"MITRE","title":"Attackers use JavaScript URLs, API forms and more to scam users in popular online game “Roblox”","authors":"Tiago Pereira","date_accessed":"2024-01-02T00:00:00Z","date_published":"2023-11-02T00:00:00Z","owner_name":null,"tidal_id":"aaaf8e9f-c569-5159-ba53-3d6953ea3d8e","created":"2024-04-25T13:28:30.358728Z","modified":"2025-12-17T15:08:36.425135Z"},{"id":"adedfddc-29b7-4245-aa67-cc590acb7434","name":"Black Hills Attacking Exchange MailSniper, 2016","description":"Bullock, B.. (2016, October 3). Attacking Exchange with MailSniper. Retrieved October 6, 2019.","url":"https://www.blackhillsinfosec.com/attacking-exchange-with-mailsniper/","source":"MITRE","title":"Attacking Exchange with MailSniper","authors":"Bullock, B.","date_accessed":"2019-10-06T00:00:00Z","date_published":"2016-10-03T00:00:00Z","owner_name":null,"tidal_id":"1fd22a1c-6973-52a6-99da-103ca58e1234","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429121Z"},{"id":"f20d6bd0-d699-4ee4-8ef6-3c45ec12cd42","name":"SANS Attacking Kerberos Nov 2014","description":"Medin, T. (2014, November). Attacking Kerberos - Kicking the Guard Dog of Hades. Retrieved March 22, 2018.","url":"https://redsiege.com/kerberoast-slides","source":"MITRE","title":"Attacking Kerberos - Kicking the Guard Dog of Hades","authors":"Medin, T","date_accessed":"2018-03-22T00:00:00Z","date_published":"2014-11-01T00:00:00Z","owner_name":null,"tidal_id":"d160abaa-e806-55ae-89ab-e6e98a17b5f9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427960Z"},{"id":"6f3d8c89-9d5d-4754-98d5-44fe3a5dd0d5","name":"NetSPI SQL Server CLR","description":"Sutherland, S. (2017, July 13). Attacking SQL Server CLR Assemblies. Retrieved September 12, 2024.","url":"https://www.netspi.com/blog/technical-blog/adversary-simulation/attacking-sql-server-clr-assemblies/","source":"MITRE","title":"Attacking SQL Server CLR Assemblies","authors":"Sutherland, S","date_accessed":"2024-09-12T00:00:00Z","date_published":"2017-07-13T00:00:00Z","owner_name":null,"tidal_id":"be53309a-b762-5c6b-80a9-20669fdfeeaa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436713Z"},{"id":"2bd39baf-4223-4344-ba93-98aa8453dc11","name":"Mandiant FIN5 GrrCON Oct 2016","description":"Bromiley, M. and Lewis, P. (2016, October 7). Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years. Retrieved October 6, 2017.","url":"https://www.youtube.com/watch?v=fevGZs0EQu8","source":"MITRE","title":"Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years","authors":"Bromiley, M. and Lewis, P","date_accessed":"2017-10-06T00:00:00Z","date_published":"2016-10-07T00:00:00Z","owner_name":null,"tidal_id":"91c927a4-7890-5939-834f-0ceb6245dba4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417016Z"},{"id":"f953ea41-f9ca-4f4e-a46f-ef1d2def1d07","name":"Attacking VNC Servers PentestLab","description":"Administrator, Penetration Testing Lab. (2012, October 30). Attacking VNC Servers. Retrieved October 6, 2021.","url":"https://pentestlab.blog/2012/10/30/attacking-vnc-servers/","source":"MITRE","title":"Attacking VNC Servers","authors":"Administrator, Penetration Testing Lab","date_accessed":"2021-10-06T00:00:00Z","date_published":"2012-10-30T00:00:00Z","owner_name":null,"tidal_id":"eadfa73f-d748-5ffd-b768-cb716cc75673","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423696Z"},{"id":"175ea537-2a94-42c7-a83b-bec8906ee6b9","name":"Talos Template Injection July 2017","description":"Baird, S. et al.. (2017, July 7). Attack on Critical Infrastructure Leverages Template Injection. Retrieved July 21, 2018.","url":"https://blog.talosintelligence.com/2017/07/template-injection.html","source":"MITRE","title":"Attack on Critical Infrastructure Leverages Template Injection","authors":"Baird, S. et al.","date_accessed":"2018-07-21T00:00:00Z","date_published":"2017-07-07T00:00:00Z","owner_name":null,"tidal_id":"30898688-afc5-533d-a016-d30270a3f264","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435389Z"},{"id":"dcbe51a0-6d63-4401-b19e-46cd3c42204c","name":"Lotus Blossom Dec 2015","description":"Falcone, R. and Miller-Osborn, J.. (2015, December 18). Attack on French Diplomat Linked to Operation Lotus Blossom. Retrieved February 15, 2016.","url":"http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-linked-to-operation-lotus-blossom/","source":"MITRE","title":"Attack on French Diplomat Linked to Operation Lotus Blossom","authors":"Falcone, R. and Miller-Osborn, J.","date_accessed":"2016-02-15T00:00:00Z","date_published":"2015-12-18T00:00:00Z","owner_name":null,"tidal_id":"304d0236-4bf2-5ada-8306-fc885e1085ec","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417036Z"},{"id":"f5940cc2-1bbd-4e42-813a-f50867b01035","name":"Symantec Attacks Against Government Sector","description":"Symantec. (2021, June 10). Attacks Against the Government Sector. Retrieved September 28, 2021.","url":"https://symantec.broadcom.com/hubfs/Attacks-Against-Government-Sector.pdf","source":"MITRE","title":"Attacks Against the Government Sector","authors":"Symantec","date_accessed":"2021-09-28T00:00:00Z","date_published":"2021-06-10T00:00:00Z","owner_name":null,"tidal_id":"6b15a5c2-df36-5828-9993-16091e8ec7ed","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430498Z"},{"id":"be9652d5-7531-4143-9c44-aefd019b7a32","name":"Aqua Security Cloud Native Threat Report June 2021","description":"Team Nautilus. (2021, June). Attacks in the Wild on the Container Supply Chain and Infrastructure. Retrieved August 26, 2021.","url":"https://info.aquasec.com/hubfs/Threat%20reports/AquaSecurity_Cloud_Native_Threat_Report_2021.pdf?utm_campaign=WP%20-%20Jun2021%20Nautilus%202021%20Threat%20Research%20Report&utm_medium=email&_hsmi=132931006&_hsenc=p2ANqtz-_8oopT5Uhqab8B7kE0l3iFo1koirxtyfTehxF7N-EdGYrwk30gfiwp5SiNlW3G0TNKZxUcDkYOtwQ9S6nNVNyEO-Dgrw&utm_content=132931006&utm_source=hs_automation","source":"MITRE","title":"Attacks in the Wild on the Container Supply Chain and Infrastructure","authors":"Team Nautilus","date_accessed":"2021-08-26T00:00:00Z","date_published":"2021-06-01T00:00:00Z","owner_name":null,"tidal_id":"742126fc-f9de-5492-a7a5-df920cd7e8a2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421809Z"},{"id":"4e502db6-2e09-4422-9dcc-1e10e701e122","name":"CERT-FR PYSA April 2020","description":"CERT-FR. (2020, April 1). ATTACKS INVOLVING THE MESPINOZA/PYSA RANSOMWARE. Retrieved March 1, 2021.","url":"https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-003.pdf","source":"MITRE","title":"ATTACKS INVOLVING THE MESPINOZA/PYSA RANSOMWARE","authors":"CERT-FR","date_accessed":"2021-03-01T00:00:00Z","date_published":"2020-04-01T00:00:00Z","owner_name":null,"tidal_id":"1a1d87cf-8155-5a2f-a696-fadfe77a36ff","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420818Z"},{"id":"c8ead385-5651-5d41-a9c6-fdf1d5d7f097","name":"Syracuse Clipboard Modification 2014","description":"Zhang, X; Du, W. (2014, January). Attacks on Android Clipboard. Retrieved July","url":"http://www.cis.syr.edu/~wedu/Research/paper/clipboard_attack_dimva2014.pdf","source":"Mobile","title":"Attacks on Android Clipboard","authors":"Zhang, X; Du, W","date_accessed":"1978-07-01T00:00:00Z","date_published":"2014-01-01T00:00:00Z","owner_name":null,"tidal_id":"c43b8aa9-4f35-59f3-b833-c53c14778dd5","created":"2026-01-28T13:08:10.046413Z","modified":"2026-01-28T13:08:10.046416Z"},{"id":"6d270128-0461-43ec-8925-204c7b5aacc9","name":"InsiderThreat NTFS EA Oct 2017","description":"Sander, J. (2017, October 12). Attack Step 3: Persistence with NTFS Extended Attributes – File System Attacks. Retrieved March 21, 2018.","url":"https://blog.stealthbits.com/attack-step-3-persistence-ntfs-extended-attributes-file-system-attacks","source":"MITRE","title":"Attack Step 3: Persistence with NTFS Extended Attributes – File System Attacks","authors":"Sander, J","date_accessed":"2018-03-21T00:00:00Z","date_published":"2017-10-12T00:00:00Z","owner_name":null,"tidal_id":"20eab2ff-53d6-5044-92a8-0cda57d79e66","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416120Z"},{"id":"dec646d4-8b32-5091-b097-abe887aeca96","name":"Microsoft ASR Obfuscation","description":"Microsoft. (2023, February 22). Attack surface reduction (ASR) rules reference: Block execution of potentially obfuscated scripts. Retrieved March 17, 2023.","url":"https://learn.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference#block-execution-of-potentially-obfuscated-scripts","source":"MITRE","title":"Attack surface reduction (ASR) rules reference: Block execution of potentially obfuscated scripts","authors":"Microsoft","date_accessed":"2023-03-17T00:00:00Z","date_published":"2023-02-22T00:00:00Z","owner_name":null,"tidal_id":"10f7d7ae-0bdb-576e-ab2f-2e877dea826d","created":"2023-05-26T01:21:19.282080Z","modified":"2025-12-17T15:08:36.441062Z"},{"id":"2b4dcb27-f32e-50f0-83e0-350659e49f0b","name":"Obfuscated scripts","description":"Microsoft. (2024, March 4). Attack surface reduction rules reference. Retrieved March 29, 2024.","url":"https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-execution-of-potentially-obfuscated-scripts","source":"MITRE","title":"Attack surface reduction rules reference","authors":"Microsoft","date_accessed":"2024-03-29T00:00:00Z","date_published":"2024-03-04T00:00:00Z","owner_name":null,"tidal_id":"ae5f103c-497c-58bf-9f98-fa4490b8c384","created":"2024-04-25T13:28:53.530422Z","modified":"2025-12-17T15:08:36.442888Z"},{"id":"af1dfc7b-fdc2-448f-a4bf-34f8ee7d55bc","name":"Sophos News August 27 2024","description":"Andreas Klopsch. (2024, August 27). Attack tool update impairs Windows computers. Retrieved August 30, 2024.","url":"https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/","source":"Tidal Cyber","title":"Attack tool update impairs Windows computers","authors":"Andreas Klopsch","date_accessed":"2024-08-30T00:00:00Z","date_published":"2024-08-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ef65f5da-7050-5664-b119-8c941764af2f","created":"2024-08-30T18:11:27.758056Z","modified":"2024-08-30T18:11:28.157137Z"},{"id":"768c99f3-ee28-47dc-bc33-06d50ac72dea","name":"TrendMicro Msiexec Feb 2018","description":"Co, M. and Sison, G. (2018, February 8). Attack Using Windows Installer msiexec.exe leads to LokiBot. Retrieved April 18, 2019.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/attack-using-windows-installer-msiexec-exe-leads-lokibot/","source":"MITRE","title":"Attack Using Windows Installer msiexec.exe leads to LokiBot","authors":"Co, M. and Sison, G","date_accessed":"2019-04-18T00:00:00Z","date_published":"2018-02-08T00:00:00Z","owner_name":null,"tidal_id":"574b2924-65ec-5d12-8d82-7c7c3dcaf581","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427641Z"},{"id":"b3d6bb33-2b23-4c0a-b8fa-e002a5c7edfc","name":"GitHub ATTACK Empire","description":"Stepanic, D. (2018, September 2). attck_empire: Generate ATT&CK Navigator layer file from PowerShell Empire agent logs. Retrieved March 11, 2019.","url":"https://github.com/dstepanic/attck_empire","source":"MITRE","title":"attck_empire: Generate ATT&CK Navigator layer file from PowerShell Empire agent logs","authors":"Stepanic, D","date_accessed":"2019-03-11T00:00:00Z","date_published":"2018-09-02T00:00:00Z","owner_name":null,"tidal_id":"bf324290-9b6b-5cae-baad-5400ae3e519e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422883Z"},{"id":"a8a49434-b083-508e-b710-adbc1dbee499","name":"The MITRE Corporation","description":"The MITRE Corporation The MITRE Corporation. (n.d.). ATT&CK T1068: Exploitation for Privilege Escalation. Retrieved 2021/04/12","url":"https://attack.mitre.org/techniques/T1068/","source":"ICS","title":"ATT&CK T1068: Exploitation for Privilege Escalation","authors":"The MITRE Corporation The MITRE Corporation","date_accessed":"2021-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"126ca3b7-fa2c-5ff9-8854-7e722d27eeeb","created":"2026-01-28T13:08:18.178178Z","modified":"2026-01-28T13:08:18.178181Z"},{"id":"196f0c77-4c98-57e7-ad79-eb43bdd2c848","name":"lambert systemd 2022","description":"Tony Lambert. (2022, November 13). ATT&CK T1501: Understanding systemd service persistence. Retrieved March 20, 2023.","url":"https://redcanary.com/blog/attck-t1501-understanding-systemd-service-persistence/","source":"MITRE","title":"ATT&CK T1501: Understanding systemd service persistence","authors":"Tony Lambert","date_accessed":"2023-03-20T00:00:00Z","date_published":"2022-11-13T00:00:00Z","owner_name":null,"tidal_id":"d4ca68cd-fb5f-5dcf-ba67-e59361a19569","created":"2023-05-26T01:21:10.462086Z","modified":"2025-12-17T15:08:36.435548Z"},{"id":"5c183c97-0ab2-4b75-8dbc-9db92a929ff4","name":"TechNet Credential Theft","description":"Microsoft. (2016, April 15). Attractive Accounts for Credential Theft. Retrieved June 3, 2016.","url":"https://technet.microsoft.com/en-us/library/dn535501.aspx","source":"MITRE","title":"Attractive Accounts for Credential Theft","authors":"Microsoft","date_accessed":"2016-06-03T00:00:00Z","date_published":"2016-04-15T00:00:00Z","owner_name":null,"tidal_id":"225ad56e-95a3-5346-af86-b6ac2a987d9e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416319Z"},{"id":"47ff2831-85b9-5873-95aa-2cd676d1e82d","name":"Microsoft attrib 2023","description":"Xelu86, et al. (2023, September 25). attrib. Retrieved November 22, 2024.","url":"https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/attrib","source":"MITRE","title":"attrib","authors":"Xelu86, et al","date_accessed":"2024-11-22T00:00:00Z","date_published":"2023-09-25T00:00:00Z","owner_name":null,"tidal_id":"2a7414d3-9e28-5c8b-9438-1916f861c692","created":"2025-04-22T20:47:32.646355Z","modified":"2025-12-17T15:08:36.423110Z"},{"id":"9d514c52-9def-5b11-aa06-fdf3ee9923ed","name":"AcidRain State Department 2022","description":"Antony J. Blinken, US Department of State. (2022, May 10). Attribution of Russia’s Malicious Cyber Activity Against Ukraine. Retrieved March 25, 2024.","url":"https://www.state.gov/attribution-of-russias-malicious-cyber-activity-against-ukraine/","source":"MITRE","title":"Attribution of Russia’s Malicious Cyber Activity Against Ukraine","authors":"Antony J. Blinken, US Department of State","date_accessed":"2024-03-25T00:00:00Z","date_published":"2022-05-10T00:00:00Z","owner_name":null,"tidal_id":"aa8dcd0d-e554-5e26-b070-5ca764124f10","created":"2024-04-25T13:28:46.800969Z","modified":"2025-12-17T15:08:36.416633Z"},{"id":"c5181c95-0a94-4ea0-9940-04a9663d0069","name":"Audit OSX","description":"Gagliardi, R. (n.d.). Audit in a OS X System. Retrieved September 23, 2021.","url":"https://www.scip.ch/en/?labs.20150108","source":"MITRE","title":"Audit in a OS X System","authors":"Gagliardi, R","date_accessed":"2021-09-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"fcb5e6b5-86e0-5916-a61c-de966c031859","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437172Z"},{"id":"8c30038c-eb5b-5795-966a-e5ea4f6323ac","name":"Broadcom ESXi Shell Audit","description":"Broadcom. (2025, February 20). Auditing ESXi Shell logins and commands. Retrieved March 26, 2025.","url":"https://knowledge.broadcom.com/external/article/321910/auditing-esxi-shell-logins-and-commands.html","source":"MITRE","title":"Auditing ESXi Shell logins and commands","authors":"Broadcom","date_accessed":"2025-03-26T00:00:00Z","date_published":"2025-02-20T00:00:00Z","owner_name":null,"tidal_id":"ee9ef4dd-995d-5cc7-9c02-33935ac37f29","created":"2025-04-22T20:47:12.648464Z","modified":"2025-12-17T15:08:36.428031Z"},{"id":"050d6da7-a78c-489d-8bef-b06d802b55d7","name":"Microsoft Audit Logon Events","description":"Microsoft. (2021, September 6). Audit logon events. Retrieved September 28, 2021.","url":"https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-logon-events","source":"MITRE","title":"Audit logon events","authors":"Microsoft","date_accessed":"2021-09-28T00:00:00Z","date_published":"2021-09-06T00:00:00Z","owner_name":null,"tidal_id":"3a6a0b5b-847e-5f53-b6a6-b2bd39eecf35","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437122Z"},{"id":"500bdcea-5f49-4949-80fb-5eec1ce5e09e","name":"Cloud Audit Logs","description":"Google. (n.d.). Audit Logs. Retrieved June 1, 2020.","url":"https://cloud.google.com/logging/docs/audit#admin-activity","source":"MITRE","title":"Audit Logs","authors":"Google","date_accessed":"2020-06-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"44417347-a014-5997-98ff-890e4028d6a9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431176Z"},{"id":"79e54b41-69ba-4738-86ef-88c4f540bce3","name":"Microsoft Scheduled Task Events Win10","description":"Microsoft. (2017, May 28). Audit Other Object Access Events. Retrieved June 27, 2019.","url":"https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-other-object-access-events","source":"MITRE","title":"Audit Other Object Access Events","authors":"Microsoft","date_accessed":"2019-06-27T00:00:00Z","date_published":"2017-05-28T00:00:00Z","owner_name":null,"tidal_id":"7deef499-f73b-551e-9a41-a3022f1e430c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423591Z"},{"id":"20d18ecf-d7d3-4433-9a3c-c28be71de4b1","name":"auditpol","description":"Jason Gerend, et al. (2017, October 16). auditpol. Retrieved September 1, 2021.","url":"https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/auditpol","source":"MITRE","title":"auditpol","authors":"Jason Gerend, et al","date_accessed":"2021-09-01T00:00:00Z","date_published":"2017-10-16T00:00:00Z","owner_name":null,"tidal_id":"3784fc43-f062-5d53-815f-f3c89176441f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429282Z"},{"id":"c8a305b3-cd17-4415-a740-32787da703cd","name":"auditpol.exe_STRONTIC","description":"STRONTIC. (n.d.). auditpol.exe. Retrieved September 9, 2021.","url":"https://strontic.github.io/xcyclopedia/library/auditpol.exe-214E0EA1F7F7C27C82D23F183F9D23F1.html","source":"MITRE","title":"auditpol.exe","authors":"STRONTIC","date_accessed":"2021-09-09T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a10f3502-230e-5d5b-b6a0-aeae8bfd9759","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429308Z"},{"id":"9ff43f64-7fcb-4aa3-9599-9d00774d8da5","name":"Audit_Policy_Microsoft","description":"Daniel Simpson. (2017, April 19). Audit Policy. Retrieved September 13, 2021.","url":"https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/audit-policy","source":"MITRE","title":"Audit Policy","authors":"Daniel Simpson","date_accessed":"2021-09-13T00:00:00Z","date_published":"2017-04-19T00:00:00Z","owner_name":null,"tidal_id":"e4a2b6be-d7f7-570d-96aa-0894aabd925c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429263Z"},{"id":"406cd8ff-e539-4853-85ed-775726155cf1","name":"TechNet Audit Policy","description":"Microsoft. (2016, April 15). Audit Policy Recommendations. Retrieved June 3, 2016.","url":"https://technet.microsoft.com/en-us/library/dn487457.aspx","source":"MITRE","title":"Audit Policy Recommendations","authors":"Microsoft","date_accessed":"2016-06-03T00:00:00Z","date_published":"2016-04-15T00:00:00Z","owner_name":null,"tidal_id":"56dbc04f-f041-5c29-8bc3-5d62cf87e4bf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429449Z"},{"id":"4e95ad81-cbc4-4f66-ba95-fb781d7d9c3c","name":"Microsoft Audit Registry July 2012","description":"Microsoft. (2012, July 2). Audit Registry. Retrieved January 31, 2018.","url":"https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd941614(v=ws.10)","source":"MITRE","title":"Audit Registry","authors":"Microsoft","date_accessed":"2018-01-31T00:00:00Z","date_published":"2012-07-02T00:00:00Z","owner_name":null,"tidal_id":"6c9374bd-dff2-59ef-92e4-6797204a97e5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429617Z"},{"id":"b9f940cf-74fb-5a33-992c-82bdb538adbb","name":"audits linikatz","description":"Wadhwa-Brown, Tim. (2022). audit.rules. Retrieved September 17, 2024.","url":"https://github.com/CiscoCXSecurity/linikatz/blob/master/blue/audit/audit.rules","source":"MITRE","title":"audit.rules","authors":"Wadhwa-Brown, Tim","date_accessed":"2024-09-17T00:00:00Z","date_published":"2022-01-01T00:00:00Z","owner_name":null,"tidal_id":"c82cb0af-086e-5767-ace9-4630300d89fc","created":"2024-10-31T16:28:37.482928Z","modified":"2025-12-17T15:08:36.441950Z"},{"id":"ebfc56c5-0490-4b91-b49f-548c00a59162","name":"Security Affairs Elderwood Sept 2012","description":"Paganini, P. (2012, September 9). Elderwood project, who is behind Op. Aurora and ongoing attacks?. Retrieved February 13, 2018.","url":"http://securityaffairs.co/wordpress/8528/hacking/elderwood-project-who-is-behind-op-aurora-and-ongoing-attacks.html","source":"MITRE","title":"Aurora and ongoing attacks?","authors":"Paganini, P. (2012, September 9)","date_accessed":"2018-02-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a65caeda-9f5c-5a58-a426-e45075d1064c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437364Z"},{"id":"c7a0f04d-e777-4f7a-961f-1a6d83023913","name":"Austin Larsen LinkedIn Salesforce Gainsight November 20 2025","description":"Salesforce. (2025, November 20). Austin Larsen LinkedIn Salesforce Gainsight. Retrieved November 24, 2025.","url":"https://www.linkedin.com/feed/update/urn:li:activity:7397331617578610690/","source":"Tidal Cyber","title":"Austin Larsen LinkedIn Salesforce Gainsight","authors":"Salesforce","date_accessed":"2025-11-24T12:00:00Z","date_published":"2025-11-20T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"87d1d0a3-24ab-563d-8990-e1b4316bb634","created":"2025-11-26T19:37:28.787178Z","modified":"2025-11-26T19:37:28.924744Z"},{"id":"b50c354b-cdca-57e6-b8d6-a43ee334f091","name":"Australia ‘Evil Twin’","description":"Toulas, Bill. (2024, July 1). Australian charged for ‘Evil Twin’ WiFi attack on plane. Retrieved September 17, 2024.","url":"https://www.bleepingcomputer.com/news/security/australian-charged-for-evil-twin-wifi-attack-on-plane/","source":"MITRE","title":"Australian charged for ‘Evil Twin’ WiFi attack on plane","authors":"Toulas, Bill","date_accessed":"2024-09-17T00:00:00Z","date_published":"2024-07-01T00:00:00Z","owner_name":null,"tidal_id":"33b43765-06d1-572c-b936-7e638b5a7fe5","created":"2024-10-31T16:28:20.377721Z","modified":"2025-12-17T15:08:36.428901Z"},{"id":"f3cfb9b9-62f4-4066-a2b9-7e6f25bd7a46","name":"NIST Authentication","description":"NIST. (n.d.). Authentication. Retrieved January 30, 2020.","url":"https://csrc.nist.gov/glossary/term/authentication","source":"MITRE","title":"Authentication","authors":"NIST","date_accessed":"2020-01-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ff842148-7766-5baa-aa9c-41fba96db726","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429455Z"},{"id":"e9bb8434-9b6d-4301-bfe2-5c83ceabb020","name":"MSDN Authentication Packages","description":"Microsoft. (n.d.). Authentication Packages. Retrieved March 1, 2017.","url":"https://msdn.microsoft.com/library/windows/desktop/aa374733.aspx","source":"MITRE","title":"Authentication Packages","authors":"Microsoft","date_accessed":"2017-03-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e32d274d-e7f1-5700-b209-808d5a60a0b0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425989Z"},{"id":"33efd1a3-ffe9-42b3-ae12-970ed11454bf","name":"Microsoft Authenticode","description":"Microsoft. (n.d.). Authenticode. Retrieved January 31, 2018.","url":"https://msdn.microsoft.com/library/ms537359.aspx","source":"MITRE","title":"Authenticode","authors":"Microsoft","date_accessed":"2018-01-31T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8821a926-09d7-50cc-9ab8-9dc6b3086efb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429629Z"},{"id":"120f968a-c81f-4902-9b76-7544577b768d","name":"K8s Authorization Overview","description":"Kubernetes. (n.d.). Authorization Overview. Retrieved June 24, 2021.","url":"https://kubernetes.io/docs/reference/access-authn-authz/authorization/","source":"MITRE","title":"Authorization Overview","authors":"Kubernetes","date_accessed":"2021-06-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3c6eb10e-dd0b-5722-9fc2-5c871a304000","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425375Z"},{"id":"ff100b76-894e-4d7c-9b8d-5f0eedcf59cc","name":"SSH Authorized Keys","description":"ssh.com. (n.d.). Authorized_keys File in SSH. Retrieved June 24, 2020.","url":"https://www.ssh.com/ssh/authorized_keys/","source":"MITRE","title":"Authorized_keys File in SSH","authors":"ssh.com","date_accessed":"2020-06-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"60b4d9b9-48a9-5b7d-a0e2-64c2cebbd986","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430903Z"},{"id":"c6122a50-4ce0-5fe3-9ac2-c34c6079e89d","name":"MDSec","description":"MDSec. (n.d.). Autodial(DLL)ing Your Way. Retrieved September 25, 2025.","url":"https://www.mdsec.co.uk/2022/10/autodialdlling-your-way/","source":"MITRE","title":"Autodial(DLL)ing Your Way","authors":"MDSec","date_accessed":"2025-09-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"33b852e6-699f-53b2-86d8-68e7c359f1fc","created":"2025-10-29T21:08:48.165457Z","modified":"2025-12-17T15:08:36.425567Z"},{"id":"8e0899c8-993d-5095-9191-7de847dfa7f7","name":"bitwarden autofill logins","description":"Bitwarden. (n.d.). Auto-fill logins on Android . Retrieved September","url":"https://help.bitwarden.com/article/auto-fill-android/","source":"Mobile","title":"Auto-fill logins on Android","authors":"Bitwarden","date_accessed":"1978-09-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"111a485f-41d4-5c22-9af1-bd18379589a4","created":"2026-01-28T13:08:10.045821Z","modified":"2026-01-28T13:08:10.045824Z"},{"id":"d8e7b428-84dd-4d96-b3f3-70e7ed7f8271","name":"Trend Micro njRAT 2018","description":"Pascual, C. (2018, November 27). AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor. Retrieved June 4, 2019.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-compiled-worm-affecting-removable-media-delivers-fileless-version-of-bladabindi-njrat-backdoor/","source":"MITRE","title":"AutoIt-Compiled Worm Affecting Removable Media Delivers Fileless Version of BLADABINDI/njRAT Backdoor","authors":"Pascual, C","date_accessed":"2019-06-04T00:00:00Z","date_published":"2018-11-27T00:00:00Z","owner_name":null,"tidal_id":"55d04517-013f-5084-a075-20eeeeef91cb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421838Z"},{"id":"ed907f1e-71d6-45db-8ef3-75bec59c238b","name":"Re-Open windows on Mac","description":"Apple. (2016, December 6). Automatically re-open windows, apps, and documents on your Mac. Retrieved July 11, 2017.","url":"https://support.apple.com/en-us/HT204005","source":"MITRE","title":"Automatically re-open windows, apps, and documents on your Mac","authors":"Apple","date_accessed":"2017-07-11T00:00:00Z","date_published":"2016-12-06T00:00:00Z","owner_name":null,"tidal_id":"47a7da67-d97b-5544-b404-4f62f52c7833","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415478Z"},{"id":"e2b3c47b-12ef-5ba2-8456-0a4be08f27a6","name":"BlackBerry_FIN7_April2024","description":"The BlackBerry Research and Intelligence Team. (2024, April 17). Threat Group FIN7 Targets the U.S. Automotive Industry. Retrieved May 1, 2025.","url":"https://blogs.blackberry.com/en/2024/04/fin7-targets-the-united-states-automotive-industry","source":"MITRE","title":"Automotive Industry","authors":"The BlackBerry Research and Intelligence Team. (2024, April 17)","date_accessed":"2025-05-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a62522e0-21e0-5f8e-b1a3-ff3fea6a2cfe","created":"2025-10-29T21:08:48.167610Z","modified":"2025-12-17T15:08:36.440909Z"},{"id":"709f4509-9d69-4033-8aa6-a947496a1703","name":"TechNet Autoruns","description":"Russinovich, M. (2016, January 4). Autoruns for Windows v13.51. Retrieved June 6, 2016.","url":"https://technet.microsoft.com/en-us/sysinternals/bb963902","source":"MITRE","title":"Autoruns for Windows v13.51","authors":"Russinovich, M","date_accessed":"2016-06-06T00:00:00Z","date_published":"2016-01-04T00:00:00Z","owner_name":null,"tidal_id":"6e04b95a-7387-5511-b71b-799b37157474","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423611Z"},{"id":"aaf66ad0-c444-48b5-875f-a0f66b82031c","name":"Autoruns for Windows","description":"Mark Russinovich. (2019, June 28). Autoruns for Windows v13.96. Retrieved March 13, 2020.","url":"https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns","source":"MITRE","title":"Autoruns for Windows v13.96","authors":"Mark Russinovich","date_accessed":"2020-03-13T00:00:00Z","date_published":"2019-06-28T00:00:00Z","owner_name":null,"tidal_id":"48508f0f-4fd9-5bcf-9f49-54ccb8430eec","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425560Z"},{"id":"d66a4368-9233-4628-9a05-014f6d58259b","name":"None November 28 2025","description":"None Identified. (2025, November 28). Autumn Dragon: China-nexus APT Group Target South East Asia. Retrieved December 19, 2025.","url":"https://cdn.prod.website-files.com/68cd99b1bd96b42702f97a39/691bf999a544b31f93edb11d_1ef2574b3561b372b9c766a6638315ff_CyberArmor-AutumnDragon-China-nexus-APT-group-target-se-asia.pdf","source":"Tidal Cyber","title":"Autumn Dragon: China-nexus APT Group Target South East Asia","authors":"None Identified","date_accessed":"2025-12-19T12:00:00Z","date_published":"2025-11-28T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f66dd8e1-6e57-5f2f-b80b-920211689dcd","created":"2025-12-24T14:56:02.382561Z","modified":"2025-12-24T14:56:02.543126Z"},{"id":"41377d56-2e7b-48a8-8561-681e04a65907","name":"Hornet Security Avaddon June 2020","description":"Security Lab. (2020, June 5). Avaddon: From seeking affiliates to in-the-wild in 2 days. Retrieved August 19, 2021.","url":"https://www.hornetsecurity.com/en/security-information/avaddon-from-seeking-affiliates-to-in-the-wild-in-2-days/","source":"MITRE","title":"Avaddon: From seeking affiliates to in-the-wild in 2 days","authors":"Security Lab","date_accessed":"2021-08-19T00:00:00Z","date_published":"2020-06-05T00:00:00Z","owner_name":null,"tidal_id":"fb79b46c-32a1-5fd3-91ad-058dc874a8d8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441467Z"},{"id":"dbee8e7e-f477-4bd5-8225-84e0e222617e","name":"Arxiv Avaddon Feb 2021","description":"Yuste, J. Pastrana, S. (2021, February 9). Avaddon ransomware: an in-depth analysis and decryption of infected systems. Retrieved August 19, 2021.","url":"https://arxiv.org/pdf/2102.04796.pdf","source":"MITRE","title":"Avaddon ransomware: an in-depth analysis and decryption of infected systems","authors":"Yuste, J. Pastrana, S","date_accessed":"2021-08-19T00:00:00Z","date_published":"2021-02-09T00:00:00Z","owner_name":null,"tidal_id":"d3df4b69-8d32-502b-b2fe-d2579c218a0b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418778Z"},{"id":"9f6d1282-5bc1-5d0d-aede-8131411bd255","name":"Avaddon Ransomware 2021","description":"Javier Yuste and Sergio Pastrana. (2021). Avaddon ransomware: an in-depth analysis and decryption of infected systems. Retrieved March 24, 2025.","url":"https://arxiv.org/pdf/2102.04796","source":"MITRE","title":"Avaddon ransomware: an in-depth analysis and decryption of infected systems","authors":"Javier Yuste and Sergio Pastrana","date_accessed":"2025-03-24T00:00:00Z","date_published":"2021-01-01T00:00:00Z","owner_name":null,"tidal_id":"f0fb3160-3149-505b-8fb5-517be8bd3f90","created":"2025-04-22T20:47:14.516514Z","modified":"2025-12-17T15:08:36.429942Z"},{"id":"0c98bf66-f43c-5b09-ae43-d10c682f51e7","name":"CISA Phishing","description":"CISA. (2021, February 1). Avoiding Social Engineering and Phishing Attacks. Retrieved September 8, 2023.","url":"https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks","source":"MITRE","title":"Avoiding Social Engineering and Phishing Attacks","authors":"CISA","date_accessed":"2023-09-08T00:00:00Z","date_published":"2021-02-01T00:00:00Z","owner_name":null,"tidal_id":"9ff56afc-ad94-5bb0-8355-bced940c0970","created":"2023-11-07T00:36:19.490977Z","modified":"2025-12-17T15:08:36.440860Z"},{"id":"88dffb14-a7a7-5b36-b269-8283dec0f1a3","name":"Malwarebytes AvosLocker Jul 2021","description":"Hasherezade. (2021, July 23). AvosLocker enters the ransomware scene, asks for partners. Retrieved January 11, 2023.","url":"https://www.malwarebytes.com/blog/threat-intelligence/2021/07/avoslocker-enters-the-ransomware-scene-asks-for-partners","source":"MITRE","title":"AvosLocker enters the ransomware scene, asks for partners","authors":"Hasherezade","date_accessed":"2023-01-11T00:00:00Z","date_published":"2021-07-23T00:00:00Z","owner_name":null,"tidal_id":"65ffba9f-b3e5-52b2-bdbe-1cb62b6db384","created":"2023-05-26T01:21:15.310982Z","modified":"2025-12-17T15:08:36.416817Z"},{"id":"ea2756ce-a183-4c80-af11-92374ad045b2","name":"avoslocker_ransomware","description":"Lakshmanan, R. (2022, May 2). AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection. Retrieved May 17, 2022.","url":"https://thehackernews.com/2022/05/avoslocker-ransomware-variant-using-new.html","source":"MITRE","title":"AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection","authors":"Lakshmanan, R","date_accessed":"2022-05-17T00:00:00Z","date_published":"2022-05-02T00:00:00Z","owner_name":null,"tidal_id":"279046e4-eafd-56a5-ba67-c2eb58596fb5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433407Z"},{"id":"1170fdc2-6d8e-5b60-bf9e-ca915790e534","name":"Cisco Talos Avos Jun 2022","description":"Venere, G. Neal, C. (2022, June 21). Avos ransomware group expands with new attack arsenal. Retrieved January 11, 2023.","url":"https://blog.talosintelligence.com/avoslocker-new-arsenal/","source":"MITRE","title":"Avos ransomware group expands with new attack arsenal","authors":"Venere, G. Neal, C","date_accessed":"2023-01-11T00:00:00Z","date_published":"2022-06-21T00:00:00Z","owner_name":null,"tidal_id":"076ae0b4-f39c-5701-8bfd-4ca4aca0a8ca","created":"2023-05-26T01:21:11.453914Z","modified":"2025-12-17T15:08:36.438757Z"},{"id":"565bf600-5657-479b-9678-803e991c88a5","name":"Awesome Executable Packing","description":"Alexandre D'Hondt. (n.d.). Awesome Executable Packing. Retrieved March 11, 2022.","url":"https://github.com/dhondta/awesome-executable-packing","source":"MITRE","title":"Awesome Executable Packing","authors":"Alexandre D'Hondt","date_accessed":"2022-03-11T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5e1d42cc-b9ad-546c-95dd-a635ccb83a1d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435462Z"},{"id":"745e963e-33fd-40d4-a8c6-1a9f321017f4","name":"ESET Kobalos Jan 2021","description":"M.Leveille, M., Sanmillan, I. (2021, January). A WILD KOBALOS APPEARS Tricksy Linux malware goes after HPCs. Retrieved August 24, 2021.","url":"https://www.welivesecurity.com/wp-content/uploads/2021/01/ESET_Kobalos.pdf","source":"MITRE","title":"A WILD KOBALOS APPEARS Tricksy Linux malware goes after HPCs","authors":"M.Leveille, M., Sanmillan, I","date_accessed":"2021-08-24T00:00:00Z","date_published":"2021-01-01T00:00:00Z","owner_name":null,"tidal_id":"49f3442b-e347-57a1-b989-59a8003447eb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420665Z"},{"id":"71dcac81-efb2-4631-80bd-5fae77c32d7f","name":"GeeksforGeeks October 10 2017","description":"GeeksforGeeks Improve. (2017, October 10). AWK command in UnixLinux with examples - GeeksforGeeks. Retrieved December 19, 2024.","url":"https://www.geeksforgeeks.org/awk-command-unixlinux-examples/","source":"Tidal Cyber","title":"AWK command in UnixLinux with examples - GeeksforGeeks","authors":"GeeksforGeeks Improve","date_accessed":"2024-12-19T00:00:00Z","date_published":"2017-10-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0f42c915-859f-5c9b-ae75-4a5ea08d4731","created":"2025-04-11T15:06:18.189255Z","modified":"2025-04-11T15:06:18.344349Z"},{"id":"5f315c21-f02f-4c9e-aac6-d648deff3ff9","name":"AWS Root User","description":"Amazon. (n.d.). AWS Account Root User. Retrieved April 5, 2021.","url":"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html","source":"MITRE","title":"AWS Account Root User","authors":"Amazon","date_accessed":"2021-04-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a079727b-38b5-545d-a35f-5091693db5a4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430236Z"},{"id":"340a3a20-0ee1-4fd8-87ab-10ac0d2a50c8","name":"GitHub AWS-ADFS-Credential-Generator","description":"Damian Hickey. (2017, January 28). AWS-ADFS-Credential-Generator. Retrieved September 27, 2024.","url":"https://github.com/pvanbuijtene/aws-adfs-credential-generator","source":"MITRE","title":"AWS-ADFS-Credential-Generator","authors":"Damian Hickey","date_accessed":"2024-09-27T00:00:00Z","date_published":"2017-01-28T00:00:00Z","owner_name":null,"tidal_id":"6c3b50dc-9a3e-5350-8059-9b00125e35c1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432757Z"},{"id":"dd44d565-b9d9-437e-a31a-a52c6a21e3b3","name":"AWS GetPasswordPolicy","description":"Amazon Web Services. (n.d.). AWS API GetAccountPasswordPolicy. Retrieved June 8, 2021.","url":"https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountPasswordPolicy.html","source":"MITRE","title":"AWS API GetAccountPasswordPolicy","authors":"Amazon Web Services","date_accessed":"2021-06-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"aff4c3fb-ae89-531c-ade7-e5e6a0fc800d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433836Z"},{"id":"72578d0b-f68a-40fa-9a5d-379a66792be8","name":"AWS Console Sign-in Events","description":"Amazon. (n.d.). AWS Console Sign-in Events. Retrieved October 23, 2019.","url":"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-aws-console-sign-in-events.html","source":"MITRE","title":"AWS Console Sign-in Events","authors":"Amazon","date_accessed":"2019-10-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5006fda4-6e60-5c3d-86f0-0b8f39f68530","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435732Z"},{"id":"85bda17d-7b7c-4d0e-a0d2-2adb5f0a6b82","name":"AWS Describe DB Instances","description":"Amazon Web Services. (n.d.). Retrieved May 28, 2021.","url":"https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeDBInstances.html","source":"MITRE","title":"AWS Describe DB Instances","authors":"","date_accessed":"2021-05-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d17a2465-671a-5697-83d0-363ad5592a2f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430030Z"},{"id":"1eddbd32-8314-4f95-812a-550904eac2fa","name":"AWS Get Bucket ACL","description":"Amazon Web Services. (n.d.). Retrieved May 28, 2021.","url":"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAcl.html","source":"MITRE","title":"AWS Get Bucket ACL","authors":"","date_accessed":"2021-05-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8ea5b735-ae92-556e-acb7-22636af71ace","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425480Z"},{"id":"f2887980-569a-4bc2-949e-bd8ff266c43c","name":"AWS Get Public Access Block","description":"Amazon Web Services. (n.d.). Retrieved May 28, 2021.","url":"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetPublicAccessBlock.html","source":"MITRE","title":"AWS Get Public Access Block","authors":"","date_accessed":"2021-05-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6795ba00-3747-59f5-a9ec-ed352d6bb7b0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430025Z"},{"id":"1388a78e-9f86-4927-a619-e0fcbac5b7a1","name":"AWS Head Bucket","description":"Amazon Web Services. (n.d.). AWS HeadBucket. Retrieved February 14, 2022.","url":"https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html","source":"MITRE","title":"AWS HeadBucket","authors":"Amazon Web Services","date_accessed":"2022-02-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b210064b-310e-5730-811b-f90e120f1f82","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430019Z"},{"id":"693e5783-4aa1-40ce-8080-cec01c3e7b59","name":"Rhino Security Labs AWS Privilege Escalation","description":"Spencer Gietzen. (n.d.). AWS IAM Privilege Escalation – Methods and Mitigation. Retrieved May 27, 2022.","url":"https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/","source":"MITRE","title":"AWS IAM Privilege Escalation – Methods and Mitigation","authors":"Spencer Gietzen","date_accessed":"2022-05-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5ef79285-6439-59c9-8aff-f40bb16aae70","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426967Z"},{"id":"9ba87a5d-a140-4959-9905-c4a80e684d56","name":"AWS Lambda Redirector","description":"Adam Chester. (2020, February 25). AWS Lambda Redirector. Retrieved July 8, 2022.","url":"https://blog.xpnsec.com/aws-lambda-redirector/","source":"MITRE","title":"AWS Lambda Redirector","authors":"Adam Chester","date_accessed":"2022-07-08T00:00:00Z","date_published":"2020-02-25T00:00:00Z","owner_name":null,"tidal_id":"49cec48d-4991-5418-bd70-2655f9312528","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424104Z"},{"id":"7ffa880f-5854-4b8a-83f5-da42c1c39345","name":"Sysdig AMBERSQUID September 18 2023","description":"Alessandro Brucato. (2023, September 18). AWS’s Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation. Retrieved April 11, 2024.","url":"https://sysdig.com/blog/ambersquid/","source":"Tidal Cyber","title":"AWS’s Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation","authors":"Alessandro Brucato","date_accessed":"2024-04-11T00:00:00Z","date_published":"2023-09-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"30c40e75-4d8a-5a29-90f1-db4bb83ca18d","created":"2024-06-13T20:10:54.786844Z","modified":"2024-06-13T20:10:54.976282Z"},{"id":"785c6b11-c5f0-5cb4-931b-cf75fcc368a1","name":"Rhino Security Labs AWS S3 Ransomware","description":"Spencer Gietzen. (n.d.). AWS Simple Storage Service S3 Ransomware Part 2: Prevention and Defense. Retrieved March 21, 2023.","url":"https://rhinosecuritylabs.com/aws/s3-ransomware-part-2-prevention-and-defense/","source":"MITRE","title":"AWS Simple Storage Service S3 Ransomware Part 2: Prevention and Defense","authors":"Spencer Gietzen","date_accessed":"2023-03-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"70b81f8b-7dda-546a-840a-3c6308b41707","created":"2023-05-26T01:21:11.116530Z","modified":"2025-12-17T15:08:36.436643Z"},{"id":"ef66f17b-6a5b-5eb8-83de-943e2bddd114","name":"AWS Systems Manager Run Command","description":"AWS. (n.d.). AWS Systems Manager Run Command. Retrieved March 13, 2023.","url":"https://docs.aws.amazon.com/systems-manager/latest/userguide/run-command.html","source":"MITRE","title":"AWS Systems Manager Run Command","authors":"AWS","date_accessed":"2023-03-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"aac61104-4d03-57a3-8fad-b20b2729ff44","created":"2023-05-26T01:21:10.230201Z","modified":"2025-12-17T15:08:36.435308Z"},{"id":"e2f246d8-c75e-4e0f-bba8-869d82be26da","name":"Pylos Xenotime 2019","description":"Slowik, J.. (2019, April 12). A XENOTIME to Remember: Veles in the Wild. Retrieved April 16, 2019.","url":"https://pylos.co/2019/04/12/a-xenotime-to-remember-veles-in-the-wild/","source":"MITRE","title":"A XENOTIME to Remember: Veles in the Wild","authors":"Slowik, J.","date_accessed":"2019-04-16T00:00:00Z","date_published":"2019-04-12T00:00:00Z","owner_name":null,"tidal_id":"6370be03-2458-5960-9438-45b71e3a8f21","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439436Z"},{"id":"1b1d656c-4fe6-47d1-9ce5-a70c33003507","name":"objective-see ay mami 2018","description":"Patrick Wardle. (2018, January 11). Ay MaMi. Retrieved March 19, 2018.","url":"https://objective-see.com/blog/blog_0x26.html","source":"MITRE","title":"Ay MaMi","authors":"Patrick Wardle","date_accessed":"2018-03-19T00:00:00Z","date_published":"2018-01-11T00:00:00Z","owner_name":null,"tidal_id":"3414bdca-d1ee-594a-958c-2772463ff798","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434468Z"},{"id":"cfd94553-272b-466b-becb-3859942bcaa5","name":"Microsoft AZ CLI","description":"Microsoft. (n.d.). az ad user. Retrieved October 6, 2019.","url":"https://docs.microsoft.com/en-us/cli/azure/ad/user?view=azure-cli-latest","source":"MITRE","title":"az ad user","authors":"Microsoft","date_accessed":"2019-10-06T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ea8cf217-ef38-5936-867d-ea85db4266dd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425507Z"},{"id":"d79f6d7e-c824-5c8a-9d86-2e01d610396d","name":"azure az disk","description":"Azure. (n.d.). az disk. Retrieved October 20, 2025.","url":"https://learn.microsoft.com/en-us/cli/azure/disk?view=azure-cli-latest","source":"MITRE","title":"az disk","authors":"Azure","date_accessed":"2025-10-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4ecd3be6-5358-5f3e-919a-ec36d8470d70","created":"2025-10-29T21:08:48.166622Z","modified":"2025-12-17T15:08:36.436381Z"},{"id":"88d8a3b7-d994-4fd2-9aa1-83b79bccda7e","name":"Intezer Russian APT Dec 2020","description":"Kennedy, J. (2020, December 9). A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy. Retrieved February 22, 2021.","url":"https://www.intezer.com/blog/research/russian-apt-uses-covid-19-lures-to-deliver-zebrocy/","source":"MITRE","title":"A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy","authors":"Kennedy, J","date_accessed":"2021-02-22T00:00:00Z","date_published":"2020-12-09T00:00:00Z","owner_name":null,"tidal_id":"73c370ba-f8df-5c00-a096-7cab70ae7378","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431750Z"},{"id":"6ddd92ee-1014-4b7a-953b-18ac396b100e","name":"az monitor diagnostic-settings","description":"Microsoft. (n.d.). az monitor diagnostic-settings. Retrieved October 16, 2020.","url":"https://docs.microsoft.com/en-us/cli/azure/monitor/diagnostic-settings?view=azure-cli-latest#az_monitor_diagnostic_settings_delete","source":"MITRE","title":"az monitor diagnostic-settings","authors":"Microsoft","date_accessed":"2020-10-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8a6f1e40-36e5-50aa-be97-ee68601e6d55","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434705Z"},{"id":"eeba5eab-a9d8-55c0-b555-0414f65d2c2d","name":"Microsoft Azure AD Security Operations for Devices","description":"Microsoft. (2020, September 16). Azure Active Directory security operations for devices. Retrieved February 21, 2023.","url":"https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/security-operations-devices","source":"MITRE","title":"Azure Active Directory security operations for devices","authors":"Microsoft","date_accessed":"2023-02-21T00:00:00Z","date_published":"2020-09-16T00:00:00Z","owner_name":null,"tidal_id":"bd8d01f1-5b40-5869-bd24-495b8b466685","created":"2023-05-26T01:21:19.738398Z","modified":"2025-04-22T20:47:31.300951Z"},{"id":"b75a3f28-a028-50e6-b971-cc85e7d52e0c","name":"Microsoft Azure Active Directory security operations guide","description":"Microsoft . (2022, September 16). Azure Active Directory security operations guide. Retrieved February 21, 2023.","url":"https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/security-operations-introduction","source":"MITRE","title":"Azure Active Directory security operations guide","authors":"Microsoft","date_accessed":"2023-02-21T00:00:00Z","date_published":"2022-09-16T00:00:00Z","owner_name":null,"tidal_id":"214f8d78-7078-54d6-bf37-a734b130fbd9","created":"2023-05-26T01:21:19.405764Z","modified":"2025-04-22T20:47:30.916964Z"},{"id":"0b9946ff-8c1c-4d93-8401-e1e4dd186305","name":"Azure AD Connect for Read Teamers","description":"Adam Chester. (2019, February 18). Azure AD Connect for Red Teamers. Retrieved September 28, 2022.","url":"https://blog.xpnsec.com/azuread-connect-for-redteam/","source":"MITRE","title":"Azure AD Connect for Red Teamers","authors":"Adam Chester","date_accessed":"2022-09-28T00:00:00Z","date_published":"2019-02-18T00:00:00Z","owner_name":null,"tidal_id":"c0ed57e3-9df3-5225-a169-e52118742974","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429698Z"},{"id":"3b17b649-9efa-525f-aa49-cf6c9ad559d7","name":"Microsoft - Azure PowerShell","description":"Microsoft. (2014, December 12). Azure/azure-powershell. Retrieved March 24, 2023.","url":"https://github.com/Azure/azure-powershell","source":"MITRE","title":"Azure/azure-powershell","authors":"Microsoft","date_accessed":"2023-03-24T00:00:00Z","date_published":"2014-12-12T00:00:00Z","owner_name":null,"tidal_id":"86ec9672-3a61-5c3e-b3c0-24320799cde1","created":"2023-05-26T01:21:05.917332Z","modified":"2025-12-17T15:08:36.429737Z"},{"id":"7a392b85-872a-4a5a-984c-185a8e8f8a3f","name":"Azure Blob Storage","description":"Microsoft. (n.d.). Azure Blob Storage. Retrieved November 17, 2024.","url":"https://azure.microsoft.com/en-us/products/storage/blobs/","source":"MITRE","title":"Azure Blob Storage","authors":"Microsoft","date_accessed":"2024-11-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2a36f12b-732e-5d98-8eb7-d29362685a75","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437104Z"},{"id":"66e93b75-0067-4cdb-b695-8f8109ef26e0","name":"Microsoft Azure Instance Metadata 2021","description":"Microsoft. (2021, February 21). Azure Instance Metadata Service (Windows). Retrieved April 2, 2021.","url":"https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service?tabs=windows","source":"MITRE","title":"Azure Instance Metadata Service (Windows)","authors":"Microsoft","date_accessed":"2021-04-02T00:00:00Z","date_published":"2021-02-21T00:00:00Z","owner_name":null,"tidal_id":"5fe84040-62fc-521d-82b4-6a443ec97c4a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434564Z"},{"id":"761d102e-768a-5536-a098-0b1819029d33","name":"Microsoft Azure Policy","description":"Microsoft. (2023, August 30). Azure Policy built-in policy definitions. Retrieved September 5, 2023.","url":"https://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies#compute","source":"MITRE","title":"Azure Policy built-in policy definitions","authors":"Microsoft","date_accessed":"2023-09-05T00:00:00Z","date_published":"2023-08-30T00:00:00Z","owner_name":null,"tidal_id":"4d37e422-1a36-58f1-b1cb-a351380308c8","created":"2023-11-07T00:36:07.769658Z","modified":"2025-12-17T15:08:36.434656Z"},{"id":"5dba5a6d-465e-4489-bc4d-299a891b62f6","name":"SpecterOps Azure Privilege Escalation","description":"Andy Robbins. (2021, October 12). Azure Privilege Escalation via Service Principal Abuse. Retrieved April 1, 2022.","url":"https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5","source":"MITRE","title":"Azure Privilege Escalation via Service Principal Abuse","authors":"Andy Robbins","date_accessed":"2022-04-01T00:00:00Z","date_published":"2021-10-12T00:00:00Z","owner_name":null,"tidal_id":"fd5fc828-c99f-5e19-8db8-ef414e86b0ac","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432382Z"},{"id":"12a72e05-ada4-4f77-8d6e-03024f88cab6","name":"Azure Products","description":"Microsoft. (n.d.). Azure products. Retrieved November 17, 2024.","url":"https://azure.microsoft.com/en-us/products/","source":"MITRE","title":"Azure products","authors":"Microsoft","date_accessed":"2024-11-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d48ce38c-ee80-5325-80ea-7541fe30aebe","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437209Z"},{"id":"223cc020-e88a-4236-9c34-64fe606a1729","name":"Azure - Resource Manager API","description":"Microsoft. (2019, May 20). Azure Resource Manager. Retrieved June 17, 2020.","url":"https://docs.microsoft.com/en-us/rest/api/resources/","source":"MITRE","title":"Azure Resource Manager","authors":"Microsoft","date_accessed":"2020-06-17T00:00:00Z","date_published":"2019-05-20T00:00:00Z","owner_name":null,"tidal_id":"b7b691a4-c122-5921-a22e-ab645737f9d4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435658Z"},{"id":"e15d38de-bc15-525b-bd03-27c0edca768d","name":"Mandiant Azure Run Command 2021","description":"Adrien Bataille, Anders Vejlby, Jared Scott Wilson, and Nader Zaveri. (2021, December 14). Azure Run Command for Dummies. Retrieved March 13, 2023.","url":"https://www.mandiant.com/resources/blog/azure-run-command-dummies","source":"MITRE","title":"Azure Run Command for Dummies","authors":"Adrien Bataille, Anders Vejlby, Jared Scott Wilson, and Nader Zaveri","date_accessed":"2023-03-13T00:00:00Z","date_published":"2021-12-14T00:00:00Z","owner_name":null,"tidal_id":"95979be2-e89a-56e8-aff8-94fb1da43b05","created":"2023-05-26T01:21:20.354943Z","modified":"2025-12-17T15:08:36.442937Z"},{"id":"2bc66dc9-2ed2-52ad-8ae2-5497be3b0c53","name":"Microsoft Azure security baseline for Azure Active Directory","description":"Microsoft. (2022, November 14). Azure security baseline for Azure Active Directory. Retrieved February 21, 2023.","url":"https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/aad-security-baseline","source":"MITRE","title":"Azure security baseline for Azure Active Directory","authors":"Microsoft","date_accessed":"2023-02-21T00:00:00Z","date_published":"2022-11-14T00:00:00Z","owner_name":null,"tidal_id":"df9097e9-520e-544b-9ea4-9f1111925257","created":"2023-05-26T01:21:19.801836Z","modified":"2025-12-17T15:08:36.441618Z"},{"id":"34314090-33c2-4276-affa-3d0b527bbcef","name":"Microsoft - Azure Sentinel ADFSDomainTrustMods","description":"Microsoft. (2020, December). Azure Sentinel Detections. Retrieved December 30, 2020.","url":"https://github.com/Azure/Azure-Sentinel/blob/master/Detections/AuditLogs/ADFSDomainTrustMods.yaml","source":"MITRE","title":"Azure Sentinel Detections","authors":"Microsoft","date_accessed":"2020-12-30T00:00:00Z","date_published":"2020-12-01T00:00:00Z","owner_name":null,"tidal_id":"12a976d9-eced-5ddd-ba5d-a13da882cbca","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426379Z"},{"id":"fd75d136-e818-5233-b2c2-5d8ed033b9e6","name":"Azure Serial Console","description":"Microsoft. (2022, October 17). Azure Serial Console. Retrieved June 2, 2023.","url":"https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-overview","source":"MITRE","title":"Azure Serial Console","authors":"Microsoft","date_accessed":"2023-06-02T00:00:00Z","date_published":"2022-10-17T00:00:00Z","owner_name":null,"tidal_id":"c89118d1-aee1-52f4-a324-df282ee398c1","created":"2023-11-07T00:36:01.715549Z","modified":"2025-12-17T15:08:36.428756Z"},{"id":"95bda448-bb13-4fa6-b663-e48a9d1b866f","name":"Microsoft Azure Storage Security, 2019","description":"Amlekar, M., Brooks, C., Claman, L., et. al.. (2019, March 20). Azure Storage security guide. Retrieved October 4, 2019.","url":"https://docs.microsoft.com/en-us/azure/storage/common/storage-security-guide","source":"MITRE","title":"Azure Storage security guide","authors":"Amlekar, M., Brooks, C., Claman, L., et. al.","date_accessed":"2019-10-04T00:00:00Z","date_published":"2019-03-20T00:00:00Z","owner_name":null,"tidal_id":"0fb1aeea-96ac-5d28-876c-1577190f5ae3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427401Z"},{"id":"42383ed1-9705-4313-8068-28a22a23f50e","name":"Azure - Stormspotter","description":"Microsoft. (2020). Azure Stormspotter GitHub. Retrieved June 17, 2020.","url":"https://github.com/Azure/Stormspotter","source":"MITRE","title":"Azure Stormspotter GitHub","authors":"Microsoft","date_accessed":"2020-06-17T00:00:00Z","date_published":"2020-01-01T00:00:00Z","owner_name":null,"tidal_id":"85c1bddd-eaae-535f-be97-7f9bfad55006","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435664Z"},{"id":"1d775a36-8b15-49f8-8c08-f92101e6d1be","name":"Cyjax Bjorka January 29 2025","description":"Jovana Macakanja. (2025, January 29). Babuk Ba-back? Potential Return of the Infamous RaaS Group. Retrieved February 14, 2025.","url":"https://www.cyjax.com/resources/blog/babuk-ba-back-potential-return-of-the-infamous-raas-group/","source":"Tidal Cyber","title":"Babuk Ba-back? Potential Return of the Infamous RaaS Group","authors":"Jovana Macakanja","date_accessed":"2025-02-14T00:00:00Z","date_published":"2025-01-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"32d70653-7cf4-5e5f-870b-e951aa389ccb","created":"2025-02-18T15:18:02.431265Z","modified":"2025-02-18T15:18:02.586081Z"},{"id":"58759b1c-8e2c-44fa-8e37-8bf7325c330d","name":"Medium Babuk February 2021","description":"Sebdraven. (2021, February 8). Babuk is distributed packed. Retrieved August 11, 2021.","url":"https://sebdraven.medium.com/babuk-is-distributed-packed-78e2f5dd2e62","source":"MITRE","title":"Babuk is distributed packed","authors":"Sebdraven","date_accessed":"2021-08-11T00:00:00Z","date_published":"2021-02-08T00:00:00Z","owner_name":null,"tidal_id":"ac589f2b-f72f-500c-9edd-1ab1f64935fa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440464Z"},{"id":"e85e3bd9-6ddc-4d0f-a16c-b525a75baa7e","name":"Sogeti CERT ESEC Babuk March 2021","description":"Sogeti. (2021, March). Babuk Ransomware. Retrieved August 11, 2021.","url":"https://www.sogeti.com/globalassets/reports/cybersecchronicles_-_babuk.pdf","source":"MITRE","title":"Babuk Ransomware","authors":"Sogeti","date_accessed":"2021-08-11T00:00:00Z","date_published":"2021-03-01T00:00:00Z","owner_name":null,"tidal_id":"e9d83060-6318-55c0-973d-f52c6f7a1c83","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419150Z"},{"id":"c020569d-9c85-45fa-9f0b-97be5bdbab08","name":"Unit42 BabyShark Apr 2019","description":"Lim, M.. (2019, April 26). BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat . Retrieved October 7, 2019.","url":"https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/","source":"MITRE","title":"BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat","authors":"Lim, M.","date_accessed":"2019-10-07T00:00:00Z","date_published":"2019-04-26T00:00:00Z","owner_name":null,"tidal_id":"3b7a37c1-4b7c-58ee-b476-b9e1cd63d12c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421719Z"},{"id":"ad3fa9b5-2c2b-490e-bb46-0337020446f8","name":"Mandiant APT29 Phishing September 21 2023","description":"Luke Jenkins, Josh Atkins, Dan Black. (2023, September 21). Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations. Retrieved March 22, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/apt29-evolving-diplomatic-phishing/","source":"Tidal Cyber","title":"Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations","authors":"Luke Jenkins, Josh Atkins, Dan Black","date_accessed":"2025-03-22T00:00:00Z","date_published":"2023-09-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"18713e33-f348-5e35-aa92-16bf6332bfeb","created":"2025-03-25T13:15:57.592076Z","modified":"2025-03-25T13:15:57.758512Z"},{"id":"bcf0f82b-1b26-4c0c-905e-0dd8b88d0903","name":"Symantec Briba May 2012","description":"Ladley, F. (2012, May 15). Backdoor.Briba. Retrieved February 21, 2018.","url":"https://www.symantec.com/security_response/writeup.jsp?docid=2012-051515-2843-99","source":"MITRE","title":"Backdoor.Briba","authors":"Ladley, F","date_accessed":"2018-02-21T00:00:00Z","date_published":"2012-05-15T00:00:00Z","owner_name":null,"tidal_id":"14439444-274c-50e9-af49-7ef6fc38c335","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419764Z"},{"id":"efeb475c-2a7c-4ab6-814d-3ee7866fa322","name":"TrendMicro Squiblydoo Aug 2017","description":"Bermejo, L., Giagone, R., Wu, R., and Yarochkin, F. (2017, August 7). Backdoor-carrying Emails Set Sights on Russian-speaking Businesses. Retrieved March 7, 2019.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-carrying-emails-set-sights-on-russian-speaking-businesses/","source":"MITRE","title":"Backdoor-carrying Emails Set Sights on Russian-speaking Businesses","authors":"Bermejo, L., Giagone, R., Wu, R., and Yarochkin, F","date_accessed":"2019-03-07T00:00:00Z","date_published":"2017-08-07T00:00:00Z","owner_name":null,"tidal_id":"77a9707c-6505-5862-b753-fbab54d59004","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431006Z"},{"id":"7088234d-a6fc-49ad-b4fd-2fe8ca333c1d","name":"Symantec Darkmoon Aug 2005","description":"Hayashi, K. (2005, August 18). Backdoor.Darkmoon. Retrieved February 23, 2018.","url":"https://www.symantec.com/security_response/writeup.jsp?docid=2005-081910-3934-99","source":"MITRE","title":"Backdoor.Darkmoon","authors":"Hayashi, K","date_accessed":"2018-02-23T00:00:00Z","date_published":"2005-08-18T00:00:00Z","owner_name":null,"tidal_id":"b53916f4-51a8-5a66-95ba-def4306b4063","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421247Z"},{"id":"127d4b10-8d61-4bdf-b5b9-7d86bbc065b6","name":"ESET BackdoorDiplomacy Jun 2021","description":"Adam Burgher. (2021, June 10). BackdoorDiplomacy: Upgrading from Quarian to Turian. Retrieved September 1, 2021","url":"https://www.welivesecurity.com/2021/06/10/backdoordiplomacy-upgrading-quarian-turian/","source":"MITRE, Tidal Cyber","title":"BackdoorDiplomacy: Upgrading from Quarian to Turian","authors":"Adam Burgher","date_accessed":"2021-09-01T00:00:00Z","date_published":"2021-06-10T00:00:00Z","owner_name":null,"tidal_id":"a9b7ebfc-29b0-5a59-8b9a-631b9eee47ad","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.258039Z"},{"id":"2c867527-1584-44f7-b5e5-8ca54ea79619","name":"Backdooring an AWS account","description":"Daniel Grzelak. (2016, July 9). Backdooring an AWS account. Retrieved May 27, 2022.","url":"https://medium.com/daniel-grzelak/backdooring-an-aws-account-da007d36f8f9","source":"MITRE","title":"Backdooring an AWS account","authors":"Daniel Grzelak","date_accessed":"2022-05-27T00:00:00Z","date_published":"2016-07-09T00:00:00Z","owner_name":null,"tidal_id":"ae89291b-9be1-5889-9769-cb1cee353ef8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433866Z"},{"id":"e6b88cd4-a58e-4139-b266-48d0f5957407","name":"Symantec Linfo May 2012","description":"Zhou, R. (2012, May 15). Backdoor.Linfo. Retrieved February 23, 2018.","url":"https://www.symantec.com/security_response/writeup.jsp?docid=2012-051605-2535-99","source":"MITRE","title":"Backdoor.Linfo","authors":"Zhou, R","date_accessed":"2018-02-23T00:00:00Z","date_published":"2012-05-15T00:00:00Z","owner_name":null,"tidal_id":"f12fad62-7b0f-595f-a6bb-0276865192c3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422169Z"},{"id":"800780e3-7d00-4cfc-8458-74fe17da2f71","name":"Symantec Backdoor.Mivast","description":"Stama, D.. (2015, February 6). Backdoor.Mivast. Retrieved February 15, 2016.","url":"http://www.symantec.com/security_response/writeup.jsp?docid=2015-020623-0740-99&tabid=2","source":"MITRE","title":"Backdoor.Mivast","authors":"Stama, D.","date_accessed":"2016-02-15T00:00:00Z","date_published":"2015-02-06T00:00:00Z","owner_name":null,"tidal_id":"bc0df3ac-c306-55dd-a31b-00eb5ef31127","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422543Z"},{"id":"1613fd6b-4d62-464b-9cda-6f7d3f0192e1","name":"Symantec Nerex May 2012","description":"Ladley, F. (2012, May 15). Backdoor.Nerex. Retrieved February 23, 2018.","url":"https://www.symantec.com/security_response/writeup.jsp?docid=2012-051515-3445-99","source":"MITRE","title":"Backdoor.Nerex","authors":"Ladley, F","date_accessed":"2018-02-23T00:00:00Z","date_published":"2012-05-15T00:00:00Z","owner_name":null,"tidal_id":"48c5bdc1-c252-57e0-8548-71aa214a3c62","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421506Z"},{"id":"01852772-c333-47a3-9e3f-e234a87f0b9b","name":"Symantec Backdoor.Nidiran","description":"Sponchioni, R.. (2016, March 11). Backdoor.Nidiran. Retrieved August 3, 2016.","url":"https://www.symantec.com/security_response/writeup.jsp?docid=2015-120123-5521-99","source":"MITRE","title":"Backdoor.Nidiran","authors":"Sponchioni, R.","date_accessed":"2016-08-03T00:00:00Z","date_published":"2016-03-11T00:00:00Z","owner_name":null,"tidal_id":"a7a5b482-e243-5f8a-b976-7708c7b3d79e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441498Z"},{"id":"b00bf616-96e6-42c9-a56c-380047ad5acb","name":"Symantec Remsec IOCs","description":"Symantec Security Response. (2016, August 8). Backdoor.Remsec indicators of compromise. Retrieved August 17, 2016.","url":"http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/Symantec_Remsec_IOCs.pdf","source":"MITRE","title":"Backdoor.Remsec indicators of compromise","authors":"Symantec Security Response","date_accessed":"2016-08-17T00:00:00Z","date_published":"2016-08-08T00:00:00Z","owner_name":null,"tidal_id":"d7c32a17-3750-5550-9b84-91015fff8b52","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440599Z"},{"id":"1c8b1762-8abd-479b-b78c-43d8c7be7c27","name":"Symantec Ristol May 2012","description":"Ladley, F. (2012, May 15). Backdoor.Ritsol. Retrieved February 23, 2018.","url":"https://www.symantec.com/security_response/writeup.jsp?docid=2012-051515-3909-99","source":"MITRE","title":"Backdoor.Ritsol","authors":"Ladley, F","date_accessed":"2018-02-23T00:00:00Z","date_published":"2012-05-15T00:00:00Z","owner_name":null,"tidal_id":"7df962e0-b760-59d3-95fd-c61420602cab","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440446Z"},{"id":"7fc6baa7-0ba1-5574-9e20-a31b480b29ba","name":"Ahmed Backdoors in Python and NPM Packages","description":"Deeba Ahmed. (2025, June 2). Backdoors in Python and NPM Packages Target Windows and Linux. Retrieved September 24, 2025.","url":"https://hackread.com/backdoors-python-npm-packages-windows-linux/","source":"MITRE","title":"Backdoors in Python and NPM Packages Target Windows and Linux","authors":"Deeba Ahmed","date_accessed":"2025-09-24T00:00:00Z","date_published":"2025-06-02T00:00:00Z","owner_name":null,"tidal_id":"3128d065-c369-5a78-92ad-f9ed0cecd34f","created":"2025-10-29T21:08:48.165531Z","modified":"2025-12-17T15:08:36.425622Z"},{"id":"2dc7d7fb-3d13-4647-b15b-5e501946d606","name":"Symantec Vasport May 2012","description":"Zhou, R. (2012, May 15). Backdoor.Vasport. Retrieved February 22, 2018.","url":"https://www.symantec.com/security_response/writeup.jsp?docid=2012-051606-5938-99","source":"MITRE","title":"Backdoor.Vasport","authors":"Zhou, R","date_accessed":"2018-02-22T00:00:00Z","date_published":"2012-05-15T00:00:00Z","owner_name":null,"tidal_id":"3d1b76ca-4101-5c51-83c2-1e7843e07ad5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422422Z"},{"id":"08ceb57f-065e-45e9-98e9-d58a92caa755","name":"FSecure Hupigon","description":"FSecure. (n.d.). Backdoor - W32/Hupigon.EMV - Threat Description. Retrieved December 18, 2017.","url":"https://www.f-secure.com/v-descs/backdoor_w32_hupigon_emv.shtml","source":"MITRE","title":"Backdoor - W32/Hupigon.EMV - Threat Description","authors":"FSecure","date_accessed":"2017-12-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b9a3f746-2d31-52cc-8942-0364fe5b5c13","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430299Z"},{"id":"78285833-4b0d-4077-86d2-f34b010a5862","name":"Symantec Wiarp May 2012","description":"Zhou, R. (2012, May 15). Backdoor.Wiarp. Retrieved February 22, 2018.","url":"https://www.symantec.com/security_response/writeup.jsp?docid=2012-051606-1005-99","source":"MITRE","title":"Backdoor.Wiarp","authors":"Zhou, R","date_accessed":"2018-02-22T00:00:00Z","date_published":"2012-05-15T00:00:00Z","owner_name":null,"tidal_id":"3b1722c2-56d9-54ee-9960-59ebfb32a813","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416550Z"},{"id":"84b8b159-6e85-4329-8903-aca156f4ed84","name":"Microsoft Lamin Sept 2017","description":"Microsoft. (2009, May 17). Backdoor:Win32/Lamin.A. Retrieved September 6, 2018.","url":"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Backdoor:Win32/Lamin.A","source":"MITRE","title":"Backdoor:Win32/Lamin.A","authors":"Microsoft","date_accessed":"2018-09-06T00:00:00Z","date_published":"2009-05-17T00:00:00Z","owner_name":null,"tidal_id":"e021aa28-7c4d-55a9-9701-b6380dc03e73","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430807Z"},{"id":"fc97a89c-c912-4b0c-b151-916695dbbca4","name":"Microsoft PoisonIvy 2017","description":"McCormack, M. (2017, September 15). Backdoor:Win32/Poisonivy.E. Retrieved December 21, 2020.","url":"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor%3aWin32%2fPoisonivy.E","source":"MITRE","title":"Backdoor:Win32/Poisonivy.E","authors":"McCormack, M","date_accessed":"2020-12-21T00:00:00Z","date_published":"2017-09-15T00:00:00Z","owner_name":null,"tidal_id":"d82d49f5-7ac7-5846-9f2b-9d9d9a6ddd5f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441927Z"},{"id":"3c8ba6ef-8edc-44bf-9abe-655ba0f45912","name":"Microsoft Win Defender Truvasys Sep 2017","description":"Microsoft. (2017, September 15). Backdoor:Win32/Truvasys.A!dha. Retrieved November 30, 2017.","url":"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Truvasys.A!dha","source":"MITRE","title":"Backdoor:Win32/Truvasys.A!dha","authors":"Microsoft","date_accessed":"2017-11-30T00:00:00Z","date_published":"2017-09-15T00:00:00Z","owner_name":null,"tidal_id":"6fd086c6-0a9c-5391-a367-a5bc2611e2f1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419339Z"},{"id":"6c7e2b89-8f3a-443c-9b72-12934b9dc364","name":"Microsoft Wingbird Nov 2017","description":"Microsoft. (2017, November 9). Backdoor:Win32/Wingbird.A!dha. Retrieved November 27, 2017.","url":"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Wingbird.A!dha","source":"MITRE","title":"Backdoor:Win32/Wingbird.A!dha","authors":"Microsoft","date_accessed":"2017-11-27T00:00:00Z","date_published":"2017-11-09T00:00:00Z","owner_name":null,"tidal_id":"ed41ea24-1bd1-5c17-9bd3-ea6dd26ebf95","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420988Z"},{"id":"b4b71551-45a7-50eb-891f-0f3df592f316","name":"Microsoft KnuckleTouch 2024","description":"Microsoft. (2024, February 14). Backdoor:Win64/KnuckleTouch.A!dha. Retrieved January 6, 2025.","url":"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win64/KnuckleTouch.A!dha&threatId=-2147067254","source":"MITRE","title":"Backdoor:Win64/KnuckleTouch.A!dha","authors":"Microsoft","date_accessed":"2025-01-06T00:00:00Z","date_published":"2024-02-14T00:00:00Z","owner_name":null,"tidal_id":"a7a3bfbd-d682-5f92-ac07-1d8b42c3a75e","created":"2025-04-22T20:47:28.190313Z","modified":"2025-12-17T15:08:36.420858Z"},{"id":"3d925a69-35f3-4337-8e1e-275de4c1783e","name":"Microsoft BITS","description":"Microsoft. (n.d.). Background Intelligent Transfer Service. Retrieved January 12, 2018.","url":"https://msdn.microsoft.com/library/windows/desktop/bb968799.aspx","source":"MITRE","title":"Background Intelligent Transfer Service","authors":"Microsoft","date_accessed":"2018-01-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"0c00f65b-e146-552f-b7e3-2ac2900dc703","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416305Z"},{"id":"8c1fbe98-5fc1-4e67-9b96-b740ffc9b1ae","name":"NCC Group Research Blog August 19 2022","description":"NCC Group Research Blog. (2022, August 19). Back in Black: Unlocking a LockBit 3.0 Ransomware Attack. Retrieved May 7, 2023.","url":"https://research.nccgroup.com/2022/08/19/back-in-black-unlocking-a-lockbit-3-0-ransomware-attack/","source":"Tidal Cyber","title":"Back in Black: Unlocking a LockBit 3.0 Ransomware Attack","authors":"NCC Group Research Blog","date_accessed":"2023-05-07T00:00:00Z","date_published":"2022-08-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e2b338d2-b9f0-5834-b54d-5ca3b7fd197e","created":"2023-08-18T18:56:14.817107Z","modified":"2023-08-18T18:56:14.958991Z"},{"id":"bfe848a3-c855-4bca-a6ea-44804d48c7eb","name":"Tech Republic - Restore AWS Snapshots","description":"Hardiman, N.. (2012, March 20). Backing up and restoring snapshots on Amazon EC2 machines. Retrieved October 8, 2019.","url":"https://www.techrepublic.com/blog/the-enterprise-cloud/backing-up-and-restoring-snapshots-on-amazon-ec2-machines/","source":"MITRE","title":"Backing up and restoring snapshots on Amazon EC2 machines","authors":"Hardiman, N.","date_accessed":"2019-10-08T00:00:00Z","date_published":"2012-03-20T00:00:00Z","owner_name":null,"tidal_id":"6a60c6aa-7c29-5349-bfe5-b4f513130eb4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424242Z"},{"id":"47fed6be-5d7e-5491-ba2e-0a8129494476","name":"BleepingComputer BackSwap","description":"Catalin Cimpanu. (2018, May 25). BackSwap Banking Trojan Uses Never-Before-Seen Techniques. Retrieved March 27, 2025.","url":"https://www.bleepingcomputer.com/news/security/backswap-banking-trojan-uses-never-before-seen-techniques/","source":"MITRE","title":"BackSwap Banking Trojan Uses Never-Before-Seen Techniques","authors":"Catalin Cimpanu","date_accessed":"2025-03-27T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":null,"tidal_id":"454f482e-60b8-5c3e-b077-9c7a7e752163","created":"2025-04-22T20:47:15.001689Z","modified":"2025-12-17T15:08:36.430415Z"},{"id":"aeb4e022-a0cb-58ab-8ee5-1c5753927755","name":"welivesecurity BackSwap","description":"Michal Poslušný. (2018, May 25). BackSwap malware finds innovative ways to empty bank accounts. Retrieved March 27, 2025.","url":"https://www.welivesecurity.com/2018/05/25/backswap-malware-empty-bank-accounts/","source":"MITRE","title":"BackSwap malware finds innovative ways to empty bank accounts","authors":"Michal Poslušný","date_accessed":"2025-03-27T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":null,"tidal_id":"ff632e72-09c6-5cee-aa2a-5cde7fe46c15","created":"2025-04-22T20:47:15.060977Z","modified":"2025-12-17T15:08:36.430427Z"},{"id":"addbb46b-b2b5-4844-b4be-f6294cf51caa","name":"Secureworks COBALT DICKENS August 2018","description":"Counter Threat Unit Research Team. (2018, August 24). Back to School: COBALT DICKENS Targets Universities. Retrieved February 3, 2021.","url":"https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities","source":"MITRE","title":"Back to School: COBALT DICKENS Targets Universities","authors":"Counter Threat Unit Research Team","date_accessed":"2021-02-03T00:00:00Z","date_published":"2018-08-24T00:00:00Z","owner_name":null,"tidal_id":"de912e84-6b76-5b30-aa9b-8439f751f278","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439482Z"},{"id":"ecc2f5ad-b2a8-470b-b919-cb184d12d00f","name":"Cybereason Kimsuky November 2020","description":"Dahan, A. et al. (2020, November 2). Back to the Future: Inside the Kimsuky KGH Spyware Suite. Retrieved November 6, 2020.","url":"https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite","source":"MITRE, Tidal Cyber","title":"Back to the Future: Inside the Kimsuky KGH Spyware Suite","authors":"Dahan, A. et al","date_accessed":"2020-11-06T00:00:00Z","date_published":"2020-11-02T00:00:00Z","owner_name":null,"tidal_id":"d4fbf065-1e88-5a22-be02-bba9f933a921","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.260563Z"},{"id":"5ba4217c-813b-4cc5-b694-3a4dcad776e4","name":"Proofpoint TA453 March 2021","description":"Miller, J. et al. (2021, March 30). BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns. Retrieved May 4, 2021.","url":"https://www.proofpoint.com/us/blog/threat-insight/badblood-ta453-targets-us-and-israeli-medical-research-personnel-credential","source":"MITRE","title":"BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns","authors":"Miller, J. et al","date_accessed":"2021-05-04T00:00:00Z","date_published":"2021-03-30T00:00:00Z","owner_name":null,"tidal_id":"9e8adebe-a8e2-5251-857a-ce8779892435","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438082Z"},{"id":"96d45dbb-7d4f-5bc8-87d0-dcb8d84587a1","name":"Tan","description":"Vincent Tan. (2016, August). BAD FOR ENTERPRISE: ATTACKING BYOD ENTERPRISE MOBILE SECURITY SOLUTIONS. Retrieved February","url":"http://www.blackhat.com/us-16/briefings.html#bad-for-enterprise-attacking-byod-enterprise-mobile-security-solutions","source":"Mobile","title":"BAD FOR ENTERPRISE: ATTACKING BYOD ENTERPRISE MOBILE SECURITY SOLUTIONS","authors":"Vincent Tan","date_accessed":"1978-02-01T00:00:00Z","date_published":"2016-08-01T00:00:00Z","owner_name":null,"tidal_id":"475e6528-f3e7-55d3-8d01-abaa0a91f14c","created":"2026-01-28T13:08:10.045512Z","modified":"2026-01-28T13:08:10.045517Z"},{"id":"9c294bf7-24ba-408a-90b8-5b9885838e1b","name":"Unit 42 BadPatch Oct 2017","description":"Bar, T., Conant, S. (2017, October 20). BadPatch. Retrieved November 13, 2018.","url":"https://researchcenter.paloaltonetworks.com/2017/10/unit42-badpatch/","source":"MITRE","title":"BadPatch","authors":"Bar, T., Conant, S","date_accessed":"2018-11-13T00:00:00Z","date_published":"2017-10-20T00:00:00Z","owner_name":null,"tidal_id":"f98b3377-95ff-5321-92c8-8477b6a72058","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420672Z"},{"id":"a9664f01-78f0-4461-a757-12f54ec99a56","name":"ESET Bad Rabbit","description":"M.Léveille, M-E.. (2017, October 24). Bad Rabbit: Not‑Petya is back with improved ransomware. Retrieved January 28, 2021.","url":"https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/","source":"MITRE","title":"Bad Rabbit: Not‑Petya is back with improved ransomware","authors":"M.Léveille, M-E.","date_accessed":"2021-01-28T00:00:00Z","date_published":"2017-10-24T00:00:00Z","owner_name":null,"tidal_id":"a12cc627-4d7d-5576-9bcd-643e130bf108","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417601Z"},{"id":"f4cec03a-ea94-4874-9bea-16189e967ff9","name":"Secure List Bad Rabbit","description":"Mamedov, O. Sinitsyn, F. Ivanov, A.. (2017, October 24). Bad Rabbit ransomware. Retrieved January 28, 2021.","url":"https://securelist.com/bad-rabbit-ransomware/82851/","source":"MITRE","title":"Bad Rabbit ransomware","authors":"Mamedov, O. Sinitsyn, F. Ivanov, A.","date_accessed":"2021-01-28T00:00:00Z","date_published":"2017-10-24T00:00:00Z","owner_name":null,"tidal_id":"d30a5917-1e23-5c6d-adfe-7a302be3edc0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417607Z"},{"id":"b9467dc2-8cf9-5796-9fb3-1d5f5d864b11","name":"Kaspersky Bad Rabbit Oct 2017","description":"Orkhan Mamedov, Fedor Sinitsyn, Anton Ivanov. (2017, October 27). Bad Rabbit Ransomware. Retrieved October","url":"https://securelist.com/bad-rabbit-ransomware/82851/","source":"ICS","title":"Bad Rabbit Ransomware","authors":"Orkhan Mamedov, Fedor Sinitsyn, Anton Ivanov","date_accessed":"1978-10-01T00:00:00Z","date_published":"2017-10-27T00:00:00Z","owner_name":null,"tidal_id":"7195d426-86f8-50bd-81f9-b9b138d4435c","created":"2026-01-28T13:08:18.175442Z","modified":"2026-01-28T13:08:18.175445Z"},{"id":"09edd87d-8b5b-5071-90f5-b4d394df38fa","name":"Google Cloud Threat Intelligence ESXi VIBs 2022","description":"Alexander Marvi, Jeremy Koppen, Tufail Ahmed, and Jonathan Lepore. (2022, September 29). Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors. Retrieved March 26, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/esxi-hypervisors-malware-persistence","source":"MITRE","title":"Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors","authors":"Alexander Marvi, Jeremy Koppen, Tufail Ahmed, and Jonathan Lepore","date_accessed":"2025-03-26T00:00:00Z","date_published":"2022-09-29T00:00:00Z","owner_name":null,"tidal_id":"9da5dde3-ed30-52d0-9f61-722f36eda567","created":"2025-04-22T20:47:15.890932Z","modified":"2025-12-17T15:08:36.419792Z"},{"id":"872c377b-724b-454c-8432-e38062a7c331","name":"BlackBerry Bahamut","description":"The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.","url":"https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf","source":"MITRE","title":"BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps","authors":"The BlackBerry Research & Intelligence Team","date_accessed":"2021-02-08T00:00:00Z","date_published":"2020-10-01T00:00:00Z","owner_name":null,"tidal_id":"1c60c8cd-023b-5c3d-a999-b6fe16e3d9a1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440110Z"},{"id":"f578de81-ea6b-49d0-9a0a-111e07249cd8","name":"BaltimoreSun RobbinHood May 2019","description":"Duncan, I., Campbell, C. (2019, May 7). Baltimore city government computer network hit by ransomware attack. Retrieved July 29, 2019.","url":"https://www.baltimoresun.com/politics/bs-md-ci-it-outage-20190507-story.html","source":"MITRE","title":"Baltimore city government computer network hit by ransomware attack","authors":"Duncan, I., Campbell, C","date_accessed":"2019-07-29T00:00:00Z","date_published":"2019-05-07T00:00:00Z","owner_name":null,"tidal_id":"8601b386-ca0b-5f7f-9c4c-626ff32dd87d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416861Z"},{"id":"da6cac04-a318-4972-bd78-8272116b4ad7","name":"ESET Research Bandook July 7 2021","description":"Fernando Tavella, Matías Porolli. (2021, July 7). Bandidos at large: A spying campaign in Latin America. Retrieved October 25, 2023.","url":"https://www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america/","source":"Tidal Cyber","title":"Bandidos at large: A spying campaign in Latin America","authors":"Fernando Tavella, Matías Porolli","date_accessed":"2023-10-25T00:00:00Z","date_published":"2021-07-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"716bf1a7-87a5-5b7a-9478-74bd7c71fe9a","created":"2024-06-13T20:10:43.742472Z","modified":"2024-06-13T20:10:43.932057Z"},{"id":"352652a9-86c9-42e1-8ee0-968180c6a51e","name":"CheckPoint Bandook Nov 2020","description":"Check Point. (2020, November 26). Bandook: Signed & Delivered. Retrieved May 31, 2021.","url":"https://research.checkpoint.com/2020/bandook-signed-delivered/","source":"MITRE","title":"Bandook: Signed & Delivered","authors":"Check Point","date_accessed":"2021-05-31T00:00:00Z","date_published":"2020-11-26T00:00:00Z","owner_name":null,"tidal_id":"1c1b3039-1977-5cdd-91ec-0606dc675e3e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419950Z"},{"id":"e45f764d-d81a-577a-aec9-d38d9d38497b","name":"bankbot-spybanker","description":"NJCCIC. (2017, March 2). BankBot/Spy Banker. Retrieved September","url":"https://www.cyber.nj.gov/threat-landscape/malware/trojans/bankbot-spy-banker","source":"Mobile","title":"BankBot/Spy Banker","authors":"NJCCIC","date_accessed":"1978-09-01T00:00:00Z","date_published":"2017-03-02T00:00:00Z","owner_name":null,"tidal_id":"36690f7f-217f-50c9-aec6-c221d372b71a","created":"2026-01-28T13:08:10.046613Z","modified":"2026-01-28T13:08:10.046616Z"},{"id":"93f37adc-d060-4b35-9a4d-62d2ad61cdf3","name":"Banker Google Chrome Extension Steals Creds","description":"Marinho, R. (n.d.). (Banker(GoogleChromeExtension)).targeting. Retrieved November 18, 2017.","url":"https://isc.sans.edu/forums/diary/BankerGoogleChromeExtensiontargetingBrazil/22722/","source":"MITRE","title":"(Banker(GoogleChromeExtension)).targeting","authors":"Marinho, R","date_accessed":"2017-11-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6afbd22b-c104-5e7c-bf68-90a70d25ee43","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426499Z"},{"id":"8512e823-c751-5ce8-b891-2e9765cfd6ee","name":"cyble_chameleon_0423","description":"Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August","url":"https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/","source":"Mobile","title":"Banking Trojan targeting mobile users in Australia and Poland","authors":"Cyble Research & Intelligence Labs","date_accessed":"1978-08-01T00:00:00Z","date_published":"2023-04-13T00:00:00Z","owner_name":null,"tidal_id":"6c0b9775-c429-5434-9e2e-a637dda2b485","created":"2026-01-28T13:08:10.039946Z","modified":"2026-01-28T13:08:10.039950Z"},{"id":"411c3df4-08e6-518a-953d-19988b663dc4","name":"Unit42 Banking Trojans Hooking 2022","description":"Or Chechik. (2022, October 31). Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure. Retrieved September 27, 2023.","url":"https://unit42.paloaltonetworks.com/banking-trojan-techniques/#post-125550-_rm3d6xxbk52n","source":"MITRE","title":"Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure","authors":"Or Chechik","date_accessed":"2023-09-27T00:00:00Z","date_published":"2022-10-31T00:00:00Z","owner_name":null,"tidal_id":"8d6ed37f-032e-5311-9563-9b1aa6cf75bd","created":"2023-11-07T00:36:06.036754Z","modified":"2025-12-17T15:08:36.432788Z"},{"id":"beb7f804-f6b7-4b9c-996b-61136b97a546","name":"Google Cloud June 15 2023","description":"Mandiant. (2023, June 15). Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China . Retrieved August 27, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/barracuda-esg-exploited-globally","source":"Tidal Cyber","title":"Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China","authors":"Mandiant","date_accessed":"2025-08-27T12:00:00Z","date_published":"2023-06-15T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"25db664a-d44e-5279-9ca5-0a82fb710881","created":"2025-08-28T19:35:15.433618Z","modified":"2025-08-28T19:35:15.583632Z"},{"id":"e9cc15db-10b0-5369-ae4c-a0d043fde518","name":"Weinmann-Baseband","description":"R. Weinmann. (2012, August 6-7). Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks. Retrieved December","url":"https://www.usenix.org/system/files/conference/woot12/woot12-final24.pdf","source":"Mobile","title":"Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks","authors":"R. Weinmann","date_accessed":"1978-12-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"00f30576-6700-5e85-8c5d-7a043bb1798e","created":"2026-01-28T13:08:10.043370Z","modified":"2026-01-28T13:08:10.043372Z"},{"id":"06185cbd-6635-46c7-9783-67bd8742b66f","name":"Linux manual bash invocation","description":"ArchWiki. (2021, January 19). Bash. Retrieved February 25, 2021.","url":"https://wiki.archlinux.org/index.php/Bash#Invocation","source":"MITRE","title":"Bash","authors":"ArchWiki","date_accessed":"2021-02-25T00:00:00Z","date_published":"2021-01-19T00:00:00Z","owner_name":null,"tidal_id":"8983e77f-70a0-5820-b681-7a5a1ab8b39d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433884Z"},{"id":"c5b362ce-6bae-46f7-b047-e3a0b2bf2580","name":"DieNet Bash","description":"die.net. (n.d.). bash(1) - Linux man page. Retrieved June 12, 2020.","url":"https://linux.die.net/man/1/bash","source":"MITRE","title":"bash(1) - Linux man page","authors":"die.net","date_accessed":"2020-06-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"43e5f318-72a4-58b5-a063-0f3666333949","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433358Z"},{"id":"7d3efbc7-6abf-4f3f-aec8-686100bb90ad","name":"Bash.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Bash.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Bash/","source":"Tidal Cyber","title":"Bash.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"46d3cb26-d864-5ba4-ab29-c4263693e4f5","created":"2024-01-12T14:46:32.054675Z","modified":"2024-01-12T14:46:32.265019Z"},{"id":"c0256889-3ff0-59de-b0d1-39a947a4c89d","name":"Bashfuscator Command Obfuscators","description":"LeFevre, A. (n.d.). Bashfuscator Command Obfuscators. Retrieved March 17, 2023.","url":"https://bashfuscator.readthedocs.io/en/latest/Mutators/command_obfuscators/index.html","source":"MITRE","title":"Bashfuscator Command Obfuscators","authors":"LeFevre, A","date_accessed":"2023-03-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5a13a767-af5e-5ed1-89f6-c5f26f4618f3","created":"2023-05-26T01:21:10.188122Z","modified":"2025-12-17T15:08:36.435258Z"},{"id":"72798536-a7e3-43e2-84e3-b5b8b54f0bca","name":"Microsoft Basic TxF Concepts","description":"Microsoft. (n.d.). Basic TxF Concepts. Retrieved December 20, 2017.","url":"https://msdn.microsoft.com/library/windows/desktop/dd979526.aspx","source":"MITRE","title":"Basic TxF Concepts","authors":"Microsoft","date_accessed":"2017-12-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"10be26ef-343b-54e9-ae51-97baee216faa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431130Z"},{"id":"a09b1528-92d9-58e9-adfa-fbeaf3744fff","name":"Basnight, Zachry, et al.","description":"Basnight, Zachry, et al. (2013).. Retrieved 2017/10/17","url":"http://www.sciencedirect.com/science/article/pii/S1874548213000231","source":"ICS","title":"Basnight, Zachry, et al.","authors":"","date_accessed":"2017-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"0d39715f-0ae3-5ad0-9cc3-f2294ce46c0c","created":"2026-01-28T13:08:18.177842Z","modified":"2026-01-28T13:08:18.177851Z"},{"id":"c84bf4be-d9eb-5423-a081-3200c2cf7013","name":"Bastille April 2017","description":"Bastille 2017, April 17 Dallas Siren Attack. Retrieved 2020/11/06","url":"https://www.bastille.net/blogs/2017/4/17/dallas-siren-attack","source":"ICS","title":"Bastille April 2017","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"233cd46e-32b0-52aa-94ee-215a5fc23471","created":"2026-01-28T13:08:18.176297Z","modified":"2026-01-28T13:08:18.176301Z"},{"id":"1bf10604-708f-4c4f-abe5-816768873496","name":"eSentire | BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif","description":"eSentire. (2023, March 9). BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif. Retrieved May 10, 2023.","url":"https://www.esentire.com/blog/batloader-continues-to-abuse-google-search-ads-to-deliver-vidar-stealer-and-ursnif","source":"Tidal Cyber","title":"BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif","authors":"eSentire","date_accessed":"2023-05-10T00:00:00Z","date_published":"2023-03-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b97dbde8-6ede-5b31-9632-aeb4be74c2dd","created":"2024-06-13T20:10:22.388566Z","modified":"2024-06-13T20:10:22.578543Z"},{"id":"53e12ade-99ed-51ee-b5c8-32180f144658","name":"BATLOADER: The Evasive Downloader Malware","description":"Bethany Hardin, Lavine Oluoch, Tatiana Vollbrecht. (2022, November 14). BATLOADER: The Evasive Downloader Malware. Retrieved June 5, 2023.","url":"https://blogs.vmware.com/security/2022/11/batloader-the-evasive-downloader-malware.html","source":"MITRE","title":"BATLOADER: The Evasive Downloader Malware","authors":"Bethany Hardin, Lavine Oluoch, Tatiana Vollbrecht","date_accessed":"2023-06-05T00:00:00Z","date_published":"2022-11-14T00:00:00Z","owner_name":null,"tidal_id":"75c56bd5-d61f-52b1-b43d-069cc29d870c","created":"2023-11-07T00:36:08.944966Z","modified":"2025-12-17T15:08:36.436026Z"},{"id":"5d3dff70-28c2-42a5-bf58-211fe6491fd2","name":"AdvIntel Bazar Call August 10 2022","description":"AdvIntel. (2022, August 10). “BazarCall” Advisory: Essential Guide to Attack Vector that Revolutionized Data Breaches. Retrieved June 28, 2024.","url":"https://web.archive.org/web/20220810223007/https://www.advintel.io/post/bazarcall-advisory-the-essential-guide-to-call-back-phishing-attacks-that-revolutionized-the-data","source":"Tidal Cyber","title":"“BazarCall” Advisory: Essential Guide to Attack Vector that Revolutionized Data Breaches","authors":"AdvIntel","date_accessed":"2024-06-28T00:00:00Z","date_published":"2022-08-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5b90a44b-63e3-5ae2-a18c-3c2da7158b7b","created":"2024-06-28T17:22:19.721686Z","modified":"2024-06-28T17:22:19.891721Z"},{"id":"d73833c1-c6d6-5f52-81c5-b7cd15c95c4f","name":"BBC April 2016","description":"BBC 2016, April 28 German nuclear plant hit by computer viruses. Retrieved 2019/10/14","url":"https://www.bbc.com/news/technology-36158606","source":"ICS","title":"BBC April 2016","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8a462b09-4127-5897-a604-95824e263854","created":"2026-01-28T13:08:18.177884Z","modified":"2026-01-28T13:08:18.177888Z"},{"id":"8c5d61ba-24c5-4f6c-a208-e0a5d23ebb49","name":"Palo Alto Networks BBSRAT","description":"Lee, B. Grunzweig, J. (2015, December 22). BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger. Retrieved August 19, 2016.","url":"http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger/","source":"MITRE","title":"BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger","authors":"Lee, B. Grunzweig, J","date_accessed":"2016-08-19T00:00:00Z","date_published":"2015-12-22T00:00:00Z","owner_name":null,"tidal_id":"212c0fe8-149a-5330-a75b-0d2172d525b4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419228Z"},{"id":"40dedfcb-f666-4f2d-a518-5cd4ae2e273c","name":"Microsoft bcdedit 2021","description":"Microsoft. (2021, May 27). bcdedit. Retrieved June 23, 2021.","url":"https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/bcdedit","source":"MITRE","title":"bcdedit","authors":"Microsoft","date_accessed":"2021-06-23T00:00:00Z","date_published":"2021-05-27T00:00:00Z","owner_name":null,"tidal_id":"3a3ad50d-550a-59ab-86fa-2abb45bf2f8b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426581Z"},{"id":"0735cdfc-1f92-4e9e-848e-bc898e85b29d","name":"MicrosoftLearn December 15 2021","description":"MicrosoftLearn. (2021, December 15). BCDEdit Command-Line Options. Retrieved December 19, 2024.","url":"https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/bcdedit-command-line-options?view=windows-11","source":"Tidal Cyber","title":"BCDEdit Command-Line Options","authors":"MicrosoftLearn","date_accessed":"2024-12-19T00:00:00Z","date_published":"2021-12-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"faad7b52-b591-5c18-aa83-9459c7bea263","created":"2025-04-11T15:06:09.937934Z","modified":"2025-04-11T15:06:10.121119Z"},{"id":"cc38b6e9-d6e3-4076-ad90-60f28c240356","name":"Bcp.exe - LOLBAS Project","description":"LOLBAS. (2025, November 13). Bcp.exe. Retrieved December 30, 2025.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Bcp/","source":"Tidal Cyber","title":"Bcp.exe","authors":"LOLBAS","date_accessed":"2025-12-30T12:00:00Z","date_published":"2025-11-13T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ebb2b012-b7b0-53fd-9601-c2343310d81f","created":"2026-01-06T18:03:31.551232Z","modified":"2026-01-06T18:03:31.705194Z"},{"id":"c64696d0-ee42-41e5-92cb-13cf43fac0c9","name":"Securelist BlackEnergy Nov 2014","description":"Baumgartner, K. and Garnaeva, M.. (2014, November 3). BE2 custom plugins, router abuse, and target profiles. Retrieved March 24, 2016.","url":"https://securelist.com/be2-custom-plugins-router-abuse-and-target-profiles/67353/","source":"MITRE","title":"BE2 custom plugins, router abuse, and target profiles","authors":"Baumgartner, K. and Garnaeva, M.","date_accessed":"2016-03-24T00:00:00Z","date_published":"2014-11-03T00:00:00Z","owner_name":null,"tidal_id":"b8db4438-b953-5212-b930-3507d3a20486","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440303Z"},{"id":"ef043c07-6ae6-4cd2-82cf-7cbdb259f676","name":"Securelist BlackEnergy Feb 2015","description":"Baumgartner, K. and Garnaeva, M.. (2015, February 17). BE2 extraordinary plugins, Siemens targeting, dev fails. Retrieved March 24, 2016.","url":"https://securelist.com/be2-extraordinary-plugins-siemens-targeting-dev-fails/68838/","source":"MITRE","title":"BE2 extraordinary plugins, Siemens targeting, dev fails","authors":"Baumgartner, K. and Garnaeva, M.","date_accessed":"2016-03-24T00:00:00Z","date_published":"2015-02-17T00:00:00Z","owner_name":null,"tidal_id":"1fd9affe-5e5d-5bd7-8401-529dfb0fc8af","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440242Z"},{"id":"7f4edc06-ac67-4d71-b39c-5df9ce521bbb","name":"Crowdstrike DNC June 2016","description":"Alperovitch, D.. (2016, June 15). Bears in the Midst: Intrusion into the Democratic National Committee. Retrieved August 3, 2016.","url":"https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/","source":"MITRE, Tidal Cyber","title":"Bears in the Midst: Intrusion into the Democratic National Committee","authors":"Alperovitch, D.","date_accessed":"2016-08-03T00:00:00Z","date_published":"2016-06-15T00:00:00Z","owner_name":null,"tidal_id":"a4a6c323-fb41-5405-9a5a-9b7021927c20","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.259913Z"},{"id":"72b64d7d-f8eb-54d3-83c8-a883906ceea1","name":"Deep Instinct Black Basta August 2022","description":"Vilkomir-Preisman, S. (2022, August 18). Beating Black Basta Ransomware. Retrieved March 8, 2023.","url":"https://www.deepinstinct.com/blog/black-basta-ransomware-threat-emergence","source":"MITRE","title":"Beating Black Basta Ransomware","authors":"Vilkomir-Preisman, S","date_accessed":"2023-03-08T00:00:00Z","date_published":"2022-08-18T00:00:00Z","owner_name":null,"tidal_id":"3578a2b9-caf4-51d2-b87c-ca5cd1207498","created":"2023-05-26T01:21:16.623467Z","modified":"2025-12-17T15:08:36.420296Z"},{"id":"4866e6c3-c1b2-4131-bd8f-0ac228168a10","name":"Bienstock, D. - Defending O365 - 2019","description":"Bienstock, D.. (2019). BECS and Beyond: Investigating and Defending O365. Retrieved November 17, 2024.","url":"https://www.slideshare.net/slideshow/shmoocon-2019-becs-and-beyond-investigating-and-defending-office-365/128744511","source":"MITRE","title":"BECS and Beyond: Investigating and Defending O365","authors":"Bienstock, D.","date_accessed":"2024-11-17T00:00:00Z","date_published":"2019-01-01T00:00:00Z","owner_name":null,"tidal_id":"8ab362f1-7952-5fcf-aa7d-14abd8551642","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435898Z"},{"id":"c40a3f96-75f4-4b1c-98a5-cb38129c6dc4","name":"Kevin Mandia Statement to US Senate Committee on Intelligence","description":"Kevin Mandia. (2017, March 30). Prepared Statement of Kevin Mandia, CEO of FireEye, Inc. before the United States Senate Select Committee on Intelligence. Retrieved April 19, 2019.","url":"https://www.intelligence.senate.gov/sites/default/files/documents/os-kmandia-033017.pdf","source":"MITRE","title":"before the United States Senate Select Committee on Intelligence","authors":"Kevin Mandia. (2017, March 30)","date_accessed":"2019-04-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"99a82a73-aaea-5ffe-a18f-03dd338d8c3a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424681Z"},{"id":"5fc99925-b0c2-5984-89b7-f9f417c3a4e2","name":"Android 10 Execute","description":"Android Developers. (n.d.). Behavior changes: all apps - Removed execute permission for app home directory. Retrieved September","url":"https://developer.android.com/about/versions/10/behavior-changes-all#execute-permission","source":"Mobile","title":"Behavior changes: all apps - Removed execute permission for app home directory","authors":"Android Developers","date_accessed":"1978-09-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b6459cfa-86d9-581a-9afe-e38a1fbaadfa","created":"2026-01-28T13:08:10.047461Z","modified":"2026-01-28T13:08:10.047464Z"},{"id":"85069317-2c25-448b-9ff4-504e429dc1bf","name":"Microsoft Dofoil 2018","description":"Windows Defender Research. (2018, March 7). Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign. Retrieved March 20, 2018.","url":"https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/","source":"MITRE","title":"Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign","authors":"Windows Defender Research","date_accessed":"2018-03-20T00:00:00Z","date_published":"2018-03-07T00:00:00Z","owner_name":null,"tidal_id":"29f6fd77-0de3-56be-b2d9-e3a4fc543e8d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416966Z"},{"id":"8c27a1c5-ca95-57d5-857a-1717ff569c2d","name":"Cybereason - Hidden Malicious Remote Access","description":"Cybereason Security Services Team. (n.d.). Behind Closed Doors: The Rise of Hidden Malicious Remote Access. Retrieved July 22, 2025.","url":"https://www.cybereason.com/blog/behind-closed-doors-the-rise-of-hidden-malicious-remote-access","source":"MITRE","title":"Behind Closed Doors: The Rise of Hidden Malicious Remote Access","authors":"Cybereason Security Services Team","date_accessed":"2025-07-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"23d764af-4221-551c-9119-8a3c5826dab5","created":"2025-10-29T21:08:48.166502Z","modified":"2025-12-17T15:08:36.434723Z"},{"id":"7f28f770-ef06-5923-b759-b731ceabe08a","name":"Obsidian SSPR Abuse 2023","description":"Noah Corradin and Shuyang Wang. (2023, August 1). Behind The Breach: Self-Service Password Reset (SSPR) Abuse in Azure AD. Retrieved March 28, 2024.","url":"https://www.obsidiansecurity.com/blog/behind-the-breach-self-service-password-reset-azure-ad/","source":"MITRE","title":"Behind The Breach: Self-Service Password Reset (SSPR) Abuse in Azure AD","authors":"Noah Corradin and Shuyang Wang","date_accessed":"2024-03-28T00:00:00Z","date_published":"2023-08-01T00:00:00Z","owner_name":null,"tidal_id":"3f59dce7-eec3-5a0e-803d-a6aefd566ccb","created":"2024-04-25T13:28:34.586728Z","modified":"2025-12-17T15:08:36.429554Z"},{"id":"39105492-6044-460c-9dc9-3d4473ee862e","name":"FireEye CARBANAK June 2017","description":"Bennett, J., Vengerik, B. (2017, June 12). Behind the CARBANAK Backdoor. Retrieved June 11, 2018.","url":"https://www.fireeye.com/blog/threat-research/2017/06/behind-the-carbanak-backdoor.html","source":"MITRE","title":"Behind the CARBANAK Backdoor","authors":"Bennett, J., Vengerik, B","date_accessed":"2018-06-11T00:00:00Z","date_published":"2017-06-12T00:00:00Z","owner_name":null,"tidal_id":"c82f01d6-c4d9-5a9b-9c53-b25ea2094d20","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419529Z"},{"id":"ca3f8c94-6b26-4361-abaa-0e678aec8651","name":"Trend Micro June 19 2024","description":"None Identified. (2024, June 19). Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework | Trend Micro (US). Retrieved January 12, 2026.","url":"https://www.trendmicro.com/en_us/research/24/f/behind-the-great-wall-void-arachne-targets-chinese-speaking-user.html","source":"Tidal Cyber","title":"Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework | Trend Micro (US)","authors":"None Identified","date_accessed":"2026-01-12T12:00:00Z","date_published":"2024-06-19T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2b7960af-f8cb-58b7-b691-32a97e18cff6","created":"2026-01-14T13:29:41.072682Z","modified":"2026-01-14T13:29:41.219346Z"},{"id":"d538026c-da30-48d2-bc30-fde3776db1a8","name":"Expel Behind the Scenes","description":"S. Lipton, L. Easterly, A. Randazzo and J. Hencinski. (2020, July 28). Behind the scenes in the Expel SOC: Alert-to-fix in AWS. Retrieved October 1, 2020.","url":"https://expel.io/blog/behind-the-scenes-expel-soc-alert-aws/","source":"MITRE","title":"Behind the scenes in the Expel SOC: Alert-to-fix in AWS","authors":"S. Lipton, L. Easterly, A. Randazzo and J. Hencinski","date_accessed":"2020-10-01T00:00:00Z","date_published":"2020-07-28T00:00:00Z","owner_name":null,"tidal_id":"9ae3ad82-dfb3-567c-986d-65e0e05f618a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432437Z"},{"id":"1de8c853-2b0c-439b-a31b-a2c4fa9f4206","name":"Microsoft BEC Campaign","description":"Carr, N., Sellmer, S. (2021, June 14). Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign. Retrieved June 15, 2021.","url":"https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/","source":"MITRE","title":"Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign","authors":"Carr, N., Sellmer, S","date_accessed":"2021-06-15T00:00:00Z","date_published":"2021-06-14T00:00:00Z","owner_name":null,"tidal_id":"f9bd8283-7f94-5517-8caa-e1812c0d7e3d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424629Z"},{"id":"631c6e38-0253-5618-abeb-d67abe102da4","name":"Trend Micro Mustang Panda Earth Preta TONESHELL June 2023","description":"Sunny Lu, Vickie Su, Nick Dai. (2023, June 14). Behind the Scenes: Unveiling the Hidden Workings of Earth Preta. Retrieved September 10, 2025.","url":"https://www.trendmicro.com/en_us/research/23/f/behind-the-scenes-unveiling-the-hidden-workings-of-earth-preta.html","source":"MITRE","title":"Behind the Scenes: Unveiling the Hidden Workings of Earth Preta","authors":"Sunny Lu, Vickie Su, Nick Dai","date_accessed":"2025-09-10T00:00:00Z","date_published":"2023-06-14T00:00:00Z","owner_name":null,"tidal_id":"d2cd1f06-ee55-5940-8a48-42629517c9e4","created":"2025-10-29T21:08:48.166940Z","modified":"2025-12-17T15:08:36.438615Z"},{"id":"7f549454-a535-4453-8586-5c4603089cc4","name":"FBI i-Soon PSA March 5 2025","description":"FBI IC3. (2025, March 5). Beijing Leveraging Freelance Hackers and Information Security Companies to Compromise Computer Networks Worldwide. Retrieved March 12, 2025.","url":"https://www.ic3.gov/PSA/2025/PSA250305","source":"Tidal Cyber","title":"Beijing Leveraging Freelance Hackers and Information Security Companies to Compromise Computer Networks Worldwide","authors":"FBI IC3","date_accessed":"2025-03-12T00:00:00Z","date_published":"2025-03-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a20bacfe-cd20-5d22-89ae-56729a5df764","created":"2025-03-17T18:33:05.083167Z","modified":"2025-03-17T18:33:05.515163Z"},{"id":"c3a04d5b-09dc-4f95-bfb6-1ea82dcaaa13","name":"BankInfoSecurity UNC4841 February 27 2025","description":"Akshaya Asokan. (2025, February 27). Belgium Investigating Intelligence Agency Hack by China. Retrieved August 27, 2025.","url":"https://www.bankinfosecurity.com/belgium-investigating-intelligence-agency-hack-by-china-a-27615","source":"Tidal Cyber","title":"Belgium Investigating Intelligence Agency Hack by China","authors":"Akshaya Asokan","date_accessed":"2025-08-27T12:00:00Z","date_published":"2025-02-27T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e7ca66f0-b0c2-5743-b9c8-7940aa74d154","created":"2025-08-28T19:35:15.717578Z","modified":"2025-08-28T19:35:15.860623Z"},{"id":"f5cbc08f-6f2c-4c81-9d68-07f61e16f138","name":"Unit42 BendyBear Feb 2021","description":"Harbison, M. (2021, February 9). BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech. Retrieved February 16, 2021.","url":"https://unit42.paloaltonetworks.com/bendybear-shellcode-blacktech/","source":"MITRE","title":"BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech","authors":"Harbison, M","date_accessed":"2021-02-16T00:00:00Z","date_published":"2021-02-09T00:00:00Z","owner_name":null,"tidal_id":"68c419ca-5d99-51ea-ba4c-849f91dcb78a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419889Z"},{"id":"c30c07ff-a4d5-55fb-a933-959a15d68a1b","name":"Ben Hunter and Fred Gutierrez July 2020","description":"Ben Hunter and Fred Gutierrez 2020, July 01 EKANS Ransomware Targeting OT ICS Systems. Retrieved 2021/04/12","url":"https://www.fortinet.com/blog/threat-research/ekans-ransomware-targeting-ot-ics-systems","source":"ICS","title":"Ben Hunter and Fred Gutierrez July 2020","authors":"","date_accessed":"2021-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"941d3f59-9535-5962-8cca-bc2b2182d37a","created":"2026-01-28T13:08:18.179154Z","modified":"2026-01-28T13:08:18.179157Z"},{"id":"d34b7991-71a6-5ccc-9e69-e75c65b97cf0","name":"Benjamin Freed March 2019","description":"Benjamin Freed 2019, March 13 Tornado sirens in Dallas suburbs deactivated after being hacked and set off. Retrieved 2020/11/06","url":"https://statescoop.com/tornado-sirens-in-dallas-suburbs-deactivated-after-being-hacked-and-set-off/","source":"ICS","title":"Benjamin Freed March 2019","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a5216349-5a96-5e87-930d-ce14b1102343","created":"2026-01-28T13:08:18.177007Z","modified":"2026-01-28T13:08:18.177011Z"},{"id":"752ad355-0f10-4c8d-bad8-42bf2fc75fa0","name":"Google Cloud Storage Best Practices, 2019","description":"Google. (2019, September 16). Best practices for Cloud Storage. Retrieved October 4, 2019.","url":"https://cloud.google.com/storage/docs/best-practices","source":"MITRE","title":"Best practices for Cloud Storage","authors":"Google","date_accessed":"2019-10-04T00:00:00Z","date_published":"2019-09-16T00:00:00Z","owner_name":null,"tidal_id":"0375b963-5773-58c6-8914-294ffa714dc0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427414Z"},{"id":"f20b5870-d82d-5c50-893a-73248c8f5900","name":"AWS Management Account Best Practices","description":"AWS. (n.d.). Best practices for the management account. Retrieved October 16, 2024.","url":"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_best-practices_mgmt-acct.html","source":"MITRE","title":"Best practices for the management account","authors":"AWS","date_accessed":"2024-10-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1f1f1ea3-d496-5b11-9ccd-ba3e49086b8b","created":"2024-10-31T16:28:38.229156Z","modified":"2025-12-17T15:08:36.442703Z"},{"id":"64f4d843-7243-561f-a31a-0ddcc7050dcc","name":"site notifications - krebsonsecurity","description":"Frank Angiolelli, Indelible LLC, Malwarebytes, McAfee, Norton, Pieter Arntz, PushWelcome. (2020, November 17). Be Very Sparing in Allowing Site Notifications. Retrieved March 14, 2025.","url":"https://krebsonsecurity.com/2020/11/be-very-sparing-in-allowing-site-notifications/","source":"MITRE","title":"Be Very Sparing in Allowing Site Notifications","authors":"Frank Angiolelli, Indelible LLC, Malwarebytes, McAfee, Norton, Pieter Arntz, PushWelcome","date_accessed":"2025-03-14T00:00:00Z","date_published":"2020-11-17T00:00:00Z","owner_name":null,"tidal_id":"c297c51a-da68-532a-85e8-d28458b087e6","created":"2025-04-22T20:47:32.037988Z","modified":"2025-12-17T15:08:36.442188Z"},{"id":"b621071e-6b0f-4e27-b179-2f28b5d66b7f","name":"blog.avast.com January 16 2023","description":"Emma McGowan. (2023, January 16). Beware of DDosia, a botnet created to facilitate DDoS attacks. Retrieved December 12, 2024.","url":"https://blog.avast.com/ddosia-project","source":"Tidal Cyber","title":"Beware of DDosia, a botnet created to facilitate DDoS attacks","authors":"Emma McGowan","date_accessed":"2024-12-12T00:00:00Z","date_published":"2023-01-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"32f0f232-a827-59c7-b126-5a743b0272a9","created":"2025-04-11T15:05:56.926357Z","modified":"2025-04-11T15:05:57.106167Z"},{"id":"08dcbd21-bd85-53a5-bf49-00d3f0ebffc0","name":"Krebs-JuiceJacking","description":"Brian Krebs. (2011, August 17). Beware of Juice-Jacking. Retrieved December","url":"http://krebsonsecurity.com/2011/08/beware-of-juice-jacking/","source":"Mobile","title":"Beware of Juice-Jacking","authors":"Brian Krebs","date_accessed":"1978-12-01T00:00:00Z","date_published":"2011-08-17T00:00:00Z","owner_name":null,"tidal_id":"73a3a411-96d6-5f1c-88a9-91433ccb4780","created":"2026-01-28T13:08:10.044249Z","modified":"2026-01-28T13:08:10.044255Z"},{"id":"13e70e21-edf7-5894-ad90-9a2545df13fc","name":"vNinja Rogue VMs 2024","description":"Christian Mohn. (2024, November 11). Beware Of The Rogue VMs!. Retrieved March 26, 2025.","url":"https://vninja.net/2024/11/11/beware-of-the-rogue-vms/","source":"MITRE","title":"Beware Of The Rogue VMs!","authors":"Christian Mohn","date_accessed":"2025-03-26T00:00:00Z","date_published":"2024-11-11T00:00:00Z","owner_name":null,"tidal_id":"b5e27dab-ea88-51ad-9c1a-30ec64adbf7c","created":"2025-04-22T20:47:18.336406Z","modified":"2025-12-17T15:08:36.433772Z"},{"id":"eef7cd8a-8cb6-4b24-ba49-9b17353d20b5","name":"Shadowbunny VM Defense Evasion","description":"Johann Rehberger. (2020, September 23). Beware of the Shadowbunny - Using virtual machines to persist and evade detections. Retrieved September 22, 2021.","url":"https://embracethered.com/blog/posts/2020/shadowbunny-virtual-machine-red-teaming-technique/","source":"MITRE","title":"Beware of the Shadowbunny - Using virtual machines to persist and evade detections","authors":"Johann Rehberger","date_accessed":"2021-09-22T00:00:00Z","date_published":"2020-09-23T00:00:00Z","owner_name":null,"tidal_id":"39a4998d-4975-5faf-b4c6-a23a73f26054","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433796Z"},{"id":"140284f8-075c-4225-99dd-519ba5cebabe","name":"Akamai Corona Zero-Day August 28 2024","description":"Kyle Lefton, Larry Cashdollar, Aline Eliovich. (2024, August 28). Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day. Retrieved September 5, 2024.","url":"https://www.akamai.com/blog/security-research/2024-corona-mirai-botnet-infects-zero-day-sirt","source":"Tidal Cyber","title":"Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day","authors":"Kyle Lefton, Larry Cashdollar, Aline Eliovich","date_accessed":"2024-09-05T00:00:00Z","date_published":"2024-08-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"53ac7501-78b8-5715-80b8-03ec88348f63","created":"2024-09-06T15:12:30.392441Z","modified":"2024-09-06T15:12:31.017993Z"},{"id":"7079d170-9ead-5be4-bbc8-13c3f082b3dd","name":"T1105: Trellix_search-ms","description":"Mathanraj Thangaraju, Sijo Jacob. (2023, July 26). Beyond File Search: A Novel Method for Exploiting the \"search-ms\" URI Protocol Handler. Retrieved March 15, 2024.","url":"https://www.trellix.com/blogs/research/beyond-file-search-a-novel-method/","source":"MITRE","title":"Beyond File Search: A Novel Method for Exploiting the \"search-ms\" URI Protocol Handler","authors":"Mathanraj Thangaraju, Sijo Jacob","date_accessed":"2024-03-15T00:00:00Z","date_published":"2023-07-26T00:00:00Z","owner_name":null,"tidal_id":"b7775f8c-fd7c-5eb2-b9c0-e6ae1dd87dbf","created":"2024-04-25T13:28:40.819601Z","modified":"2025-12-17T15:08:36.435832Z"},{"id":"60d90852-ea00-404d-b613-9ad1589aff31","name":"Hexacorn Office Test","description":"Hexacorn. (2014, April 16). Beyond good ol’ Run key, Part 10. Retrieved July 3, 2017.","url":"http://www.hexacorn.com/blog/2014/04/16/beyond-good-ol-run-key-part-10/","source":"MITRE","title":"Beyond good ol’ Run key, Part 10","authors":"Hexacorn","date_accessed":"2017-07-03T00:00:00Z","date_published":"2014-04-16T00:00:00Z","owner_name":null,"tidal_id":"7fc9326e-a121-51a5-9c03-5649bfd33e0d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436254Z"},{"id":"bdcdfe9e-1f22-4472-9a86-faefcb5c5618","name":"Hexacorn Logon Scripts","description":"Hexacorn. (2014, November 14). Beyond good ol’ Run key, Part 18. Retrieved November 15, 2019.","url":"http://www.hexacorn.com/blog/2014/11/14/beyond-good-ol-run-key-part-18/","source":"MITRE","title":"Beyond good ol’ Run key, Part 18","authors":"Hexacorn","date_accessed":"2019-11-15T00:00:00Z","date_published":"2014-11-14T00:00:00Z","owner_name":null,"tidal_id":"56d8fe1e-5cf8-56e3-ad07-ef2ce70bc5ca","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436084Z"},{"id":"8096cc39-c0c5-51d9-bbe5-f95c7217f917","name":"hexacorn","description":"hexacorn. (2015, January 13). Beyond good ol’ Run key, Part 24. Retrieved September 25, 2025.","url":"https://www.hexacorn.com/blog/2015/01/13/beyond-good-ol-run-key-part-24/","source":"MITRE","title":"Beyond good ol’ Run key, Part 24","authors":"hexacorn","date_accessed":"2025-09-25T00:00:00Z","date_published":"2015-01-13T00:00:00Z","owner_name":null,"tidal_id":"f1765e41-7cf0-55e4-830c-30473a8273fa","created":"2025-10-29T21:08:48.165439Z","modified":"2025-12-17T15:08:36.425540Z"},{"id":"bbe0690e-f368-5715-8a41-aa95836a5e4c","name":"Hexacorn DLL Hijacking","description":"Hexacorn. (2013, December 8). Beyond good ol’ Run key, Part 5. Retrieved August 14, 2024.","url":"https://www.hexacorn.com/blog/2013/12/08/beyond-good-ol-run-key-part-5/","source":"MITRE","title":"Beyond good ol’ Run key, Part 5","authors":"Hexacorn","date_accessed":"2024-08-14T00:00:00Z","date_published":"2013-12-08T00:00:00Z","owner_name":null,"tidal_id":"035fdf9a-6357-5f20-9350-703e5fe0676c","created":"2024-10-31T16:28:18.561999Z","modified":"2025-12-17T15:08:36.427054Z"},{"id":"7d558a35-a5c0-4e4c-92bf-cb2435c41a95","name":"Hexacorn Office Template Macros","description":"Hexacorn. (2017, April 17). Beyond good ol’ Run key, Part 62. Retrieved July 3, 2017.","url":"http://www.hexacorn.com/blog/2017/04/19/beyond-good-ol-run-key-part-62/","source":"MITRE","title":"Beyond good ol’ Run key, Part 62","authors":"Hexacorn","date_accessed":"2017-07-03T00:00:00Z","date_published":"2017-04-17T00:00:00Z","owner_name":null,"tidal_id":"0e95293c-c38c-5092-bd59-4d8f9722f9f8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431437Z"},{"id":"9cfe5512-0fa8-48c3-8431-392aaa1a2baa","name":"elastic.co August 15 2024","description":"Elastic Security Labs. (2024, August 15). Beyond the wail deconstructing the BANSHEE infostealer — Elastic Security Labs. Retrieved August 25, 2024.","url":"https://www.elastic.co/security-labs/beyond-the-wail","source":"Tidal Cyber","title":"Beyond the wail deconstructing the BANSHEE infostealer — Elastic Security Labs","authors":"Elastic Security Labs","date_accessed":"2024-08-25T00:00:00Z","date_published":"2024-08-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"89641aee-2fb2-5b93-a63a-e0eebdcb01a0","created":"2025-01-13T21:01:03.363480Z","modified":"2025-01-13T21:01:04.147013Z"},{"id":"1d1347e2-56b6-4376-b2b6-7e3fc0a1ccde","name":"BeyondTrust Announcement December 8 2024","description":"BeyondTrust. (2024, December 8). BeyondTrust Remote Support SaaS Service Security Investigation. Retrieved January 6, 2025.","url":"https://www.beyondtrust.com/remote-support-saas-service-security-investigation","source":"Tidal Cyber","title":"BeyondTrust Remote Support SaaS Service Security Investigation","authors":"BeyondTrust","date_accessed":"2025-01-06T00:00:00Z","date_published":"2024-12-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"333a02ed-0dbb-5acd-adb0-f545744b8bd1","created":"2025-01-06T19:39:06.190117Z","modified":"2025-01-06T19:39:07.824364Z"},{"id":"20c92ad4-9481-48cd-8e72-2f720cd7c52b","name":"BleepingComputer BeyondTrust December 19 2024","description":"Bill Toulas. (2024, December 19). BeyondTrust says hackers breached Remote Support SaaS instances. Retrieved January 6, 2025.","url":"https://www.bleepingcomputer.com/news/security/beyondtrust-says-hackers-breached-remote-support-saas-instances/","source":"Tidal Cyber","title":"BeyondTrust says hackers breached Remote Support SaaS instances","authors":"Bill Toulas","date_accessed":"2025-01-06T00:00:00Z","date_published":"2024-12-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e4bdcdf2-37bc-5818-8f6b-573a42257559","created":"2025-01-06T19:39:11.899580Z","modified":"2025-01-06T19:39:12.292023Z"},{"id":"ca1eaac2-7449-4a76-bec2-9dc5971fd808","name":"Bginfo.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Bginfo.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Bginfo/","source":"Tidal Cyber","title":"Bginfo.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e0bb3663-2018-51e7-a5b2-6fc35a3b27ab","created":"2024-01-12T14:47:18.277989Z","modified":"2024-01-12T14:47:18.480667Z"},{"id":"181470fa-8133-5c21-be63-194409d4d89f","name":"Fortinet screencap July 2019","description":"Dario Durando. (2019, July 3). BianLian: A New Wave Emerges. Retrieved September","url":"https://www.fortinet.com/blog/threat-research/new-wave-bianlian-malware.html","source":"Mobile","title":"BianLian: A New Wave Emerges","authors":"Dario Durando","date_accessed":"1978-09-01T00:00:00Z","date_published":"2019-07-03T00:00:00Z","owner_name":null,"tidal_id":"4d7e7438-5111-5877-91c6-1510c4e2b1f0","created":"2026-01-28T13:08:10.044592Z","modified":"2026-01-28T13:08:10.044595Z"},{"id":"2de00d16-9b9e-4e03-925f-4fcdae4d6e1a","name":"Cyble August 18 2022","description":"Cybleinc. (2022, August 18). BianLian: New Ransomware variant on the rise. Retrieved May 18, 2023.","url":"https://blog.cyble.com/2022/08/18/bianlian-new-ransomware-variant-on-the-rise/","source":"Tidal Cyber","title":"BianLian: New Ransomware variant on the rise","authors":"Cybleinc","date_accessed":"2023-05-18T00:00:00Z","date_published":"2022-08-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4b98aa2c-1db0-548f-af39-33df689df7d0","created":"2024-06-13T20:10:26.125213Z","modified":"2024-06-13T20:10:26.317508Z"},{"id":"fc1aa979-7dbc-4fff-a8d1-b35a3b2bec3d","name":"BianLian Ransomware Gang Gives It a Go! | [redacted]","description":"Ben Armstrong, Lauren Pearce, Brad Pittack, Danny Quist. (2022, September 1). BianLian Ransomware Gang Gives It a Go!. Retrieved May 18, 2023.","url":"https://redacted.com/blog/bianlian-ransomware-gang-gives-it-a-go/","source":"Tidal Cyber","title":"BianLian Ransomware Gang Gives It a Go!","authors":"Ben Armstrong, Lauren Pearce, Brad Pittack, Danny Quist","date_accessed":"2023-05-18T00:00:00Z","date_published":"2022-09-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"14b4ae94-4e6e-5390-bde9-7e878573f877","created":"2023-07-14T12:56:30.814231Z","modified":"2023-07-14T12:56:30.933322Z"},{"id":"a2bf43a0-c7da-4cb9-8f9a-b34fac92b625","name":"Group IB APT 41 June 2021","description":"Rostovcev, N. (2021, June 10). Big airline heist APT41 likely behind a third-party attack on Air India. Retrieved August 26, 2021.","url":"https://www.group-ib.com/blog/colunmtk-apt41/","source":"MITRE","title":"Big airline heist APT41 likely behind a third-party attack on Air India","authors":"Rostovcev, N","date_accessed":"2021-08-26T00:00:00Z","date_published":"2021-06-10T00:00:00Z","owner_name":null,"tidal_id":"baa0df97-34f3-51f1-9649-b430736f6e4b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438839Z"},{"id":"0f85f611-90db-43ba-8b71-5d0d4ec8cdd5","name":"Crowdstrike Indrik November 2018","description":"Frankoff, S., Hartley, B. (2018, November 14). Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware. Retrieved January 6, 2021.","url":"https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/","source":"MITRE, Tidal Cyber","title":"Big Game Hunting: The Evolution of INDRIK SPIDER From Dridex Wire Fraud to BitPaymer Targeted Ransomware","authors":"Frankoff, S., Hartley, B","date_accessed":"2021-01-06T00:00:00Z","date_published":"2018-11-14T00:00:00Z","owner_name":null,"tidal_id":"ce4b220a-76b1-54ce-81c8-29b1c9e998e4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.263050Z"},{"id":"df471757-2ce0-48a7-922f-a84c57704914","name":"CrowdStrike Ryuk January 2019","description":"Hanel, A. (2019, January 10). Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware. Retrieved May 12, 2020.","url":"https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/","source":"MITRE, Tidal Cyber","title":"Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware","authors":"Hanel, A","date_accessed":"2020-05-12T00:00:00Z","date_published":"2019-01-10T00:00:00Z","owner_name":null,"tidal_id":"8a81b58d-62b1-5bff-8800-3008d7a74245","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.261173Z"},{"id":"0f4f0ac1-2a0b-56a5-9ea9-c5b2d1cb8c05","name":"Symantec Bilbug 2022","description":"Symntec Threat Hunter Team. (2022, November 12). Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries. Retrieved March 15, 2025.","url":"https://www.security.com/threat-intelligence/espionage-asia-governments-cert-authority","source":"MITRE","title":"Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries","authors":"Symntec Threat Hunter Team","date_accessed":"2025-03-15T00:00:00Z","date_published":"2022-11-12T00:00:00Z","owner_name":null,"tidal_id":"e7b28f26-ebc4-50ae-8ef8-fa5c1add9cb1","created":"2025-04-22T20:47:24.523635Z","modified":"2025-12-17T15:08:36.417412Z"},{"id":"025912f5-531c-5a14-b300-e42f00077264","name":"Elastic Binary Executed from Shared Memory Directory","description":"Elastic. (n.d.). Binary Executed from Shared Memory Directory. Retrieved September 24, 2024.","url":"https://www.elastic.co/guide/en/security/7.17/prebuilt-rule-7-16-3-binary-executed-from-shared-memory-directory.html","source":"MITRE","title":"Binary Executed from Shared Memory Directory","authors":"Elastic","date_accessed":"2024-09-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ea3cd741-43fa-535e-8cf1-1bd7a89d609c","created":"2024-10-31T16:28:15.638505Z","modified":"2025-12-17T15:08:36.423845Z"},{"id":"86fc5a62-385e-4c56-9812-138db0808fba","name":"OWASP Binary Planting","description":"OWASP. (2013, January 30). Binary planting. Retrieved June 7, 2016.","url":"https://www.owasp.org/index.php/Binary_planting","source":"MITRE","title":"Binary planting","authors":"OWASP","date_accessed":"2016-06-07T00:00:00Z","date_published":"2013-01-30T00:00:00Z","owner_name":null,"tidal_id":"9dbae428-c653-5d4b-98a0-1cdfb8063082","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428814Z"},{"id":"78a3b96a-42d6-51d1-97ed-89de5d91dbb0","name":"dll pre load owasp","description":"OWASP. (n.d.). Binary Planting. Retrieved January 30, 2025.","url":"https://owasp.org/www-community/attacks/Binary_planting","source":"MITRE","title":"Binary Planting","authors":"OWASP","date_accessed":"2025-01-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"61dc42f6-1b03-529f-8b0d-2caf1d43c19f","created":"2025-04-22T20:47:11.765360Z","modified":"2025-12-17T15:08:36.427082Z"},{"id":"9b3820e8-f094-4e87-9ed6-ab0207d509fb","name":"Wikipedia Binary-to-text Encoding","description":"Wikipedia. (2016, December 26). Binary-to-text encoding. Retrieved March 1, 2017.","url":"https://en.wikipedia.org/wiki/Binary-to-text_encoding","source":"MITRE","title":"Binary-to-text encoding","authors":"Wikipedia","date_accessed":"2017-03-01T00:00:00Z","date_published":"2016-12-26T00:00:00Z","owner_name":null,"tidal_id":"cc1c9c9d-1450-5529-87f6-9fff7af4d1b4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424152Z"},{"id":"5e108782-2f32-4704-be01-055d9e767216","name":"Sucuri BIND9 August 2015","description":"Cid, D.. (2015, August 2). BIND9 – Denial of Service Exploit in the Wild. Retrieved April 26, 2019.","url":"https://blog.sucuri.net/2015/08/bind9-denial-of-service-exploit-in-the-wild.html","source":"MITRE","title":"BIND9 – Denial of Service Exploit in the Wild","authors":"Cid, D.","date_accessed":"2019-04-26T00:00:00Z","date_published":"2015-08-02T00:00:00Z","owner_name":null,"tidal_id":"a432fa28-eeb6-5393-958a-9fa573455914","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426791Z"},{"id":"0c4a2cb3-d663-47ee-87af-c5e9e68fe15f","name":"Wikipedia BIOS","description":"Wikipedia. (n.d.). BIOS. Retrieved January 5, 2016.","url":"https://en.wikipedia.org/wiki/BIOS","source":"MITRE","title":"BIOS","authors":"Wikipedia","date_accessed":"2016-01-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"0eedaa16-ab22-55c6-aad4-c71d3e66e0f2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425452Z"},{"id":"dd6032fb-8913-4593-81b9-86d1239e01f4","name":"Ge 2011","description":"Ge, L. (2011, September 9). BIOS Threat is Showing up Again!. Retrieved November 14, 2014.","url":"http://www.symantec.com/connect/blogs/bios-threat-showing-again","source":"MITRE","title":"BIOS Threat is Showing up Again!","authors":"Ge, L","date_accessed":"2014-11-14T00:00:00Z","date_published":"2011-09-09T00:00:00Z","owner_name":null,"tidal_id":"ae01f245-c3da-52ca-b6b5-b07510fb1caf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421513Z"},{"id":"a55197e2-3ed7-5b6f-8ab5-06218c2226a4","name":"Broadcom BirdyClient Microsoft Graph API 2024","description":"Broadcom. (2024, May 2). BirdyClient malware leverages Microsoft Graph API for C&C communication. Retrieved July 1, 2024.","url":"https://www.broadcom.com/support/security-center/protection-bulletin/birdyclient-malware-leverages-microsoft-graph-api-for-c-c-communication","source":"MITRE","title":"BirdyClient malware leverages Microsoft Graph API for C&C communication","authors":"Broadcom","date_accessed":"2024-07-01T00:00:00Z","date_published":"2024-05-02T00:00:00Z","owner_name":null,"tidal_id":"b03c5244-2864-5696-bffd-023292a11314","created":"2024-10-31T16:28:23.132976Z","modified":"2025-12-17T15:08:36.431949Z"},{"id":"eaecccff-e0a0-4fa0-81e5-799b23c26b5a","name":"Talos Bisonal Mar 2020","description":"Mercer, W., et al. (2020, March 5). Bisonal: 10 years of play. Retrieved January 26, 2022.","url":"https://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html","source":"MITRE","title":"Bisonal: 10 years of play","authors":"Mercer, W., et al","date_accessed":"2022-01-26T00:00:00Z","date_published":"2020-03-05T00:00:00Z","owner_name":null,"tidal_id":"57238319-4f05-5e4e-b578-61f712391347","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419271Z"},{"id":"6844e59b-d393-43df-9978-e3e3cc7b8db6","name":"Talos Bisonal 10 Years March 2020","description":"Warren Mercer, Paul Rascagneres, Vitor Ventura. (2020, March 6). Bisonal 10 Years of Play. Retrieved October 17, 2021.","url":"https://blog.talosintelligence.com/2020/03/bisonal-10-years-of-play.html","source":"MITRE","title":"Bisonal 10 Years of Play","authors":"Warren Mercer, Paul Rascagneres, Vitor Ventura","date_accessed":"2021-10-17T00:00:00Z","date_published":"2020-03-06T00:00:00Z","owner_name":null,"tidal_id":"129490c8-c20e-5140-b26d-8760e16769aa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439118Z"},{"id":"30b2ec12-b785-43fb-ab72-b37387046d15","name":"Unit 42 Bisonal July 2018","description":"Hayashi, K., Ray, V. (2018, July 31). Bisonal Malware Used in Attacks Against Russia and South Korea. Retrieved August 7, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/07/unit42-bisonal-malware-used-attacks-russia-south-korea/","source":"MITRE","title":"Bisonal Malware Used in Attacks Against Russia and South Korea","authors":"Hayashi, K., Ray, V","date_accessed":"2018-08-07T00:00:00Z","date_published":"2018-07-31T00:00:00Z","owner_name":null,"tidal_id":"e05bc79b-0f7c-505a-b290-e29c4ac3e17b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419264Z"},{"id":"89bdc17b-553c-4245-acde-f6c56602e357","name":"Bitsadmin.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Bitsadmin.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Bitsadmin/","source":"Tidal Cyber","title":"Bitsadmin.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"04c6c307-f621-56d0-b215-fba5d649f7fa","created":"2024-01-12T14:46:32.442008Z","modified":"2024-01-12T14:46:32.621036Z"},{"id":"5b8c2a8c-f01e-491a-aaf9-504ee7a1caed","name":"Microsoft BITSAdmin","description":"Microsoft. (n.d.). BITSAdmin Tool. Retrieved January 12, 2018.","url":"https://msdn.microsoft.com/library/aa362813.aspx","source":"MITRE","title":"BITSAdmin Tool","authors":"Microsoft","date_accessed":"2018-01-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f67a6553-fb99-597b-816b-ab3f25020705","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423015Z"},{"id":"097583ed-03b0-41cd-bf85-66d473f46439","name":"Cisco Talos Bitter Bangladesh May 2022","description":"Raghuprasad, C . (2022, May 11). Bitter APT adds Bangladesh to their targets. Retrieved June 1, 2022.","url":"https://blog.talosintelligence.com/2022/05/bitter-apt-adds-bangladesh-to-their.html","source":"MITRE","title":"Bitter APT adds Bangladesh to their targets","authors":"Raghuprasad, C","date_accessed":"2022-06-01T00:00:00Z","date_published":"2022-05-11T00:00:00Z","owner_name":null,"tidal_id":"b34d8222-1b57-5060-936c-de5b6474a128","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420595Z"},{"id":"68260461-694f-5321-8460-4781bbe4cb3d","name":"forcepoint_bitter","description":"Dela Paz, R. (2016, October 21). BITTER: a targeted attack against Pakistan. Retrieved March","url":"https://web.archive.org/web/20220706125432/https://www.forcepoint.com/blog/x-labs/bitter-targeted-attack-against-pakistan","source":"Mobile","title":"BITTER: a targeted attack against Pakistan","authors":"Dela Paz, R","date_accessed":"1978-03-01T00:00:00Z","date_published":"2016-10-21T00:00:00Z","owner_name":null,"tidal_id":"163fe179-d758-577b-a5f6-456bd7d3870b","created":"2026-01-28T13:08:10.047093Z","modified":"2026-01-28T13:08:10.047098Z"},{"id":"9fc54fb0-b7d9-49dc-b6dd-ab4cb2cd34fa","name":"Forcepoint BITTER Pakistan Oct 2016","description":"Dela Paz, R. (2016, October 21). BITTER: a targeted attack against Pakistan. Retrieved June 1, 2022.","url":"https://www.forcepoint.com/blog/x-labs/bitter-targeted-attack-against-pakistan","source":"MITRE","title":"BITTER: a targeted attack against Pakistan","authors":"Dela Paz, R","date_accessed":"2022-06-01T00:00:00Z","date_published":"2016-10-21T00:00:00Z","owner_name":null,"tidal_id":"37b1be7f-abb4-57d1-976b-19f989a5d6c2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438674Z"},{"id":"bca93846-457d-4644-ba43-f9293982916f","name":"Camba RARSTONE","description":"Camba, A. (2013, February 27). BKDR_RARSTONE: New RAT to Watch Out For. Retrieved January 8, 2016.","url":"http://blog.trendmicro.com/trendlabs-security-intelligence/bkdr_rarstone-new-rat-to-watch-out-for/","source":"MITRE","title":"BKDR_RARSTONE: New RAT to Watch Out For","authors":"Camba, A","date_accessed":"2016-01-08T00:00:00Z","date_published":"2013-02-27T00:00:00Z","owner_name":null,"tidal_id":"9bbe5872-d95a-57c2-a496-a0889594f078","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440977Z"},{"id":"aa791512-039e-4230-ab49-f184ca0e38c5","name":"TrendMicro BKDR_URSNIF.SM","description":"Sioting, S. (2013, June 15). BKDR_URSNIF.SM. Retrieved June 5, 2019.","url":"https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/BKDR_URSNIF.SM?_ga=2.129468940.1462021705.1559742358-1202584019.1549394279","source":"MITRE","title":"BKDR_URSNIF.SM","authors":"Sioting, S","date_accessed":"2019-06-05T00:00:00Z","date_published":"2013-06-15T00:00:00Z","owner_name":null,"tidal_id":"61eda0e8-4bc8-5a70-ab6a-461e4b7c221d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440080Z"},{"id":"ae2daa9c-6741-4ab7-854d-bee1170b3d7a","name":"Cyble September 28 2022","description":"Cybleinc. (2023, September 28). Bl00dy – New Ransomware Strain Active in the Wild. Retrieved August 3, 2023.","url":"https://cyble.com/blog/bl00dy-new-ransomware-strain-active-in-the-wild/","source":"Tidal Cyber","title":"Bl00dy – New Ransomware Strain Active in the Wild","authors":"Cybleinc","date_accessed":"2023-08-03T00:00:00Z","date_published":"2023-09-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a8ba6713-2207-5a59-a9b3-5e2e7d868816","created":"2023-08-04T16:40:31.285732Z","modified":"2023-08-04T16:40:32.645542Z"},{"id":"a2a22246-d49e-5847-9d20-dac64f1df3ea","name":"TrendMicro Pikabot 2024","description":"Shinji Robert Arasawa, Joshua Aquino, Charles Steven Derion, Juhn Emmanuel Atanque, Francisrey Joshua Castillo, John Carlo Marquez, Henry Salcedo, John Rainier Navato, Arianne Dela Cruz, Raymart Yambot & Ian Kenefick. (2024, January 9). Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign. Retrieved July 17, 2024.","url":"https://www.trendmicro.com/en_us/research/24/a/a-look-into-pikabot-spam-wave-campaign.html","source":"MITRE","title":"Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign","authors":"Shinji Robert Arasawa, Joshua Aquino, Charles Steven Derion, Juhn Emmanuel Atanque, Francisrey Joshua Castillo, John Carlo Marquez, Henry Salcedo, John Rainier Navato, Arianne Dela Cruz, Raymart Yambot & Ian Kenefick","date_accessed":"2024-07-17T00:00:00Z","date_published":"2024-01-09T00:00:00Z","owner_name":null,"tidal_id":"1a9ef569-f8a8-5f6b-9aca-9cf6de7bb31a","created":"2024-10-31T16:28:27.861818Z","modified":"2025-12-17T15:08:36.439200Z"},{"id":"dc7d882b-4e83-42da-8e2f-f557b675930a","name":"Trend Micro Pikabot January 9 2024","description":"Shinji Robert Arasawa, Joshua Aquino, Charles Steven Derion, Juhn Emmanuel Atanque, Francisrey Joshua Castillo, John Carlo Marquez, Henry Salcedo, John Rainier Navato, Arianne Dela Cruz, Raymart Yambot, Ian Kenefick. (2024, January 9). Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign. Retrieved January 11, 2024.","url":"https://www.trendmicro.com/en_us/research/24/a/a-look-into-pikabot-spam-wave-campaign.html","source":"Tidal Cyber","title":"Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign","authors":"Shinji Robert Arasawa, Joshua Aquino, Charles Steven Derion, Juhn Emmanuel Atanque, Francisrey Joshua Castillo, John Carlo Marquez, Henry Salcedo, John Rainier Navato, Arianne Dela Cruz, Raymart Yambot, Ian Kenefick","date_accessed":"2024-01-11T00:00:00Z","date_published":"2024-01-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"08bf7c48-dab3-5810-966a-fbdaf1910c98","created":"2024-01-26T18:00:32.941781Z","modified":"2024-01-26T18:00:33.084051Z"},{"id":"7a00457b-ae72-5aea-904f-9ca7f4cb9fe9","name":"Check Point Black Basta October 2022","description":"Check Point. (2022, October 20). BLACK BASTA AND THE UNNOTICED DELIVERY. Retrieved March 8, 2023.","url":"https://research.checkpoint.com/2022/black-basta-and-the-unnoticed-delivery/","source":"MITRE","title":"BLACK BASTA AND THE UNNOTICED DELIVERY","authors":"Check Point","date_accessed":"2023-03-08T00:00:00Z","date_published":"2022-10-20T00:00:00Z","owner_name":null,"tidal_id":"86bfb8d1-557e-5749-8a0a-f0402b580060","created":"2023-05-26T01:21:18.163244Z","modified":"2025-12-17T15:08:36.439733Z"},{"id":"c7e55e37-d051-5111-8d0a-738656f88650","name":"BlackBasta","description":"Antonio Cocomazzi and Antonio Pirozzi. (2022, November 3). Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor. Retrieved March 14, 2023.","url":"https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/","source":"MITRE","title":"Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor","authors":"Antonio Cocomazzi and Antonio Pirozzi","date_accessed":"2023-03-14T00:00:00Z","date_published":"2022-11-03T00:00:00Z","owner_name":null,"tidal_id":"d0bbbd9b-23cd-583f-b35d-55de75a8746a","created":"2023-05-26T01:21:09.367671Z","modified":"2025-12-17T15:08:36.434155Z"},{"id":"a7a7b054-03ce-5e2d-96a7-5b7be993b260","name":"Rapid7 BlackBasta 2024","description":"McGraw, T. (2024, December 4). Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware. Retrieved December 9, 2024.","url":"https://www.rapid7.com/blog/post/2024/12/04/black-basta-ransomware-campaign-drops-zbot-darkgate-and-custom-malware/","source":"MITRE","title":"Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware","authors":"McGraw, T","date_accessed":"2024-12-09T00:00:00Z","date_published":"2024-12-04T00:00:00Z","owner_name":null,"tidal_id":"89d19f04-ae59-5db1-ae18-02cd40719ef7","created":"2025-04-22T20:47:29.283179Z","modified":"2025-12-17T15:08:36.439665Z"},{"id":"6e4a1565-4a30-5a6b-961c-226a6f1967ae","name":"Trend Micro Black Basta October 2022","description":"Kenefick, I. et al. (2022, October 12). Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike. Retrieved February 6, 2023.","url":"https://www.trendmicro.com/en_us/research/22/j/black-basta-infiltrates-networks-via-qakbot-brute-ratel-and-coba.html","source":"MITRE","title":"Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike","authors":"Kenefick, I. et al","date_accessed":"2023-02-06T00:00:00Z","date_published":"2022-10-12T00:00:00Z","owner_name":null,"tidal_id":"92e751da-de2e-564a-9232-de3dbba2bfff","created":"2023-05-26T01:21:18.295665Z","modified":"2025-12-17T15:08:36.423056Z"},{"id":"a8145e38-c2a4-5021-824d-5a831299b9d9","name":"Uptycs Black Basta ESXi June 2022","description":"Sharma, S. and Hegde, N. (2022, June 7). Black basta Ransomware Goes Cross-Platform, Now Targets ESXi Systems. Retrieved March 8, 2023.","url":"https://www.uptycs.com/blog/black-basta-ransomware-goes-cross-platform-now-targets-esxi-systems","source":"MITRE","title":"Black basta Ransomware Goes Cross-Platform, Now Targets ESXi Systems","authors":"Sharma, S. and Hegde, N","date_accessed":"2023-03-08T00:00:00Z","date_published":"2022-06-07T00:00:00Z","owner_name":null,"tidal_id":"c89c5325-8c92-5738-9a2d-324f67dfc38d","created":"2023-05-26T01:21:20.194834Z","modified":"2025-12-17T15:08:36.441933Z"},{"id":"dc7579c0-911d-417d-bba5-bc36e078b640","name":"Elliptic Black Basta November 29 2023","description":"Elliptic Research. (2023, November 29). Black Basta ransomware victims have paid over $100 million. Retrieved May 14, 2024.","url":"https://www.elliptic.co/blog/black-basta-ransomware-victims-have-paid-over-100-million","source":"Tidal Cyber","title":"Black Basta ransomware victims have paid over $100 million","authors":"Elliptic Research","date_accessed":"2024-05-14T00:00:00Z","date_published":"2023-11-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d5d48497-4681-52a7-9b61-48956ab0e024","created":"2024-05-14T19:29:46.461377Z","modified":"2024-05-14T19:29:46.636082Z"},{"id":"32a272fe-ac10-5478-88a0-b3dd366ec540","name":"BlackBerry Black Basta May 2022","description":"Ballmer, D. (2022, May 6). Black Basta: Rebrand of Conti or Something New?. Retrieved March 7, 2023.","url":"https://blogs.blackberry.com/en/2022/05/black-basta-rebrand-of-conti-or-something-new","source":"MITRE","title":"Black Basta: Rebrand of Conti or Something New?","authors":"Ballmer, D","date_accessed":"2023-03-07T00:00:00Z","date_published":"2022-05-06T00:00:00Z","owner_name":null,"tidal_id":"ee939116-5f60-5faa-819a-886edb2783f9","created":"2023-05-26T01:21:19.457556Z","modified":"2025-12-17T15:08:36.441226Z"},{"id":"0b5c9baf-0f4e-5bed-a77d-7006559fc110","name":"Cisco BlackByte 2024","description":"James Nutland, Craig Jackson, Terryn Valikodath, & Brennan Evans. (2024, August 28). BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks. Retrieved December 16, 2024.","url":"https://blog.talosintelligence.com/blackbyte-blends-tried-and-true-tradecraft-with-newly-disclosed-vulnerabilities-to-support-ongoing-attacks/","source":"MITRE","title":"BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks","authors":"James Nutland, Craig Jackson, Terryn Valikodath, & Brennan Evans","date_accessed":"2024-12-16T00:00:00Z","date_published":"2024-08-28T00:00:00Z","owner_name":null,"tidal_id":"ef6c64f1-5976-5980-a86f-49e7d57ad929","created":"2025-04-22T20:47:22.668340Z","modified":"2025-12-17T15:08:36.420483Z"},{"id":"df07a086-0d38-570b-b0c5-9f5061212db7","name":"WMI 6","description":"Microsoft. (2022, June 13). BlackCat. Retrieved February 13, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/","source":"MITRE","title":"BlackCat","authors":"Microsoft","date_accessed":"2024-02-13T00:00:00Z","date_published":"2022-06-13T00:00:00Z","owner_name":null,"tidal_id":"dd11aa19-6716-5e90-8045-0c01860bb7a4","created":"2024-04-25T13:28:28.910042Z","modified":"2025-12-17T15:08:36.423783Z"},{"id":"2640b58c-8413-4691-80e1-33aec9b6c7f6","name":"FBI BlackCat April 19 2022","description":"FBI. (2022, April 19). BlackCat/ALPHV Ransomware Indicators of Compromise. Retrieved September 14, 2023.","url":"https://www.ic3.gov/Media/News/2022/220420.pdf","source":"Tidal Cyber","title":"BlackCat/ALPHV Ransomware Indicators of Compromise","authors":"FBI","date_accessed":"2023-09-14T00:00:00Z","date_published":"2022-04-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bdc8d909-1067-591c-9e94-cccd38e887b8","created":"2023-09-14T20:17:57.645156Z","modified":"2023-09-14T20:17:57.771688Z"},{"id":"b80c1f70-9d05-4f4b-bdc2-6157c6837202","name":"X-Force BlackCat May 30 2023","description":"IBM Security X-Force Team. (2023, May 30). BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration. Retrieved September 14, 2023.","url":"https://securityintelligence.com/posts/blackcat-ransomware-levels-up-stealth-speed-exfiltration/","source":"Tidal Cyber","title":"BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration","authors":"IBM Security X-Force Team","date_accessed":"2023-09-14T00:00:00Z","date_published":"2023-05-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"408b8b19-c437-57c5-94b9-4df62382d12a","created":"2023-09-14T20:17:57.859977Z","modified":"2023-09-14T20:17:57.966406Z"},{"id":"59f98ae1-c62d-460f-8d2a-9ae287b59953","name":"BlackBerry BlackCat Threat Overview","description":"BlackBerry. (n.d.). BlackCat Malware (AKA ALPHV). Retrieved September 14, 2023.","url":"https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/blackcat","source":"Tidal Cyber","title":"BlackCat Malware (AKA ALPHV)","authors":"BlackBerry","date_accessed":"2023-09-14T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"50ed2179-a6c8-5602-a1b0-19f65af3661c","created":"2023-09-14T20:17:58.458349Z","modified":"2023-09-14T20:17:58.585864Z"},{"id":"61dc7b51-3cca-5973-80a2-116cc9ad6f08","name":"Cybereason","description":"Cybereason Nocturnus. (n.d.). Cybereason vs. BlackCat Ransomware. Retrieved March 26, 2025.","url":"https://www.cybereason.com/blog/cybereason-vs.-blackcat-ransomware","source":"MITRE","title":"BlackCat Ransomware","authors":"Cybereason Nocturnus. (n.d.)","date_accessed":"2025-03-26T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"40e3636f-b4d0-5a28-89b7-9970e5c7b5b6","created":"2025-04-22T20:47:21.223569Z","modified":"2025-12-17T15:08:36.436623Z"},{"id":"faa60cf9-0fc5-5728-90be-d0e11b48a921","name":"Huntress BlackCat","description":"Carvey, H. (2024, February 28). BlackCat Ransomware Affiliate TTPs. Retrieved March 27, 2024.","url":"https://www.huntress.com/blog/blackcat-ransomware-affiliate-ttps","source":"MITRE","title":"BlackCat Ransomware Affiliate TTPs","authors":"Carvey, H","date_accessed":"2024-03-27T00:00:00Z","date_published":"2024-02-28T00:00:00Z","owner_name":null,"tidal_id":"f9875d5a-37a8-5dff-912f-6122680943c2","created":"2024-04-25T13:28:34.607425Z","modified":"2025-12-17T15:08:36.429580Z"},{"id":"481a0106-d5b6-532c-8f5b-6c0c477185f4","name":"Sophos BlackCat Jul 2022","description":"Brandt, Andrew. (2022, July 14). BlackCat ransomware attacks not merely a byproduct of bad luck. Retrieved December 20, 2022.","url":"https://news.sophos.com/en-us/2022/07/14/blackcat-ransomware-attacks-not-merely-a-byproduct-of-bad-luck/","source":"MITRE","title":"BlackCat ransomware attacks not merely a byproduct of bad luck","authors":"Brandt, Andrew","date_accessed":"2022-12-20T00:00:00Z","date_published":"2022-07-14T00:00:00Z","owner_name":null,"tidal_id":"d5bd37ff-0387-57d3-a8d0-6915d878858f","created":"2023-05-26T01:21:15.903066Z","modified":"2025-12-17T15:08:36.418547Z"},{"id":"4d626eb9-3722-4aa4-b95e-1650cc2865c2","name":"ESEST Black Energy Jan 2016","description":"Cherepanov, A.. (2016, January 3). BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry. Retrieved May 18, 2016.","url":"http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/","source":"MITRE","title":"BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry","authors":"Cherepanov, A.","date_accessed":"2016-05-18T00:00:00Z","date_published":"2016-01-03T00:00:00Z","owner_name":null,"tidal_id":"dbe4ea19-55f4-5bde-a737-f5b389a0e525","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422010Z"},{"id":"afa93b42-6cbd-53ad-885b-d1bd305b7776","name":"Anton Cherepanov","description":"Anton Cherepanov. (n.d.). BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry. Retrieved 2019/10/29","url":"https://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/","source":"ICS","title":"BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry","authors":"Anton Cherepanov","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"be2ff247-0537-5c07-a258-a77ccb8dfd12","created":"2026-01-28T13:08:18.180333Z","modified":"2026-01-28T13:08:18.180336Z"},{"id":"a0103079-c966-46b6-8871-c01f7f0eea4c","name":"ESET BlackEnergy Jan 2016","description":"Cherepanov, A.. (2016, January 3). BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry . Retrieved June 10, 2020.","url":"https://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/","source":"MITRE","title":"BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry","authors":"Cherepanov, A.","date_accessed":"2020-06-10T00:00:00Z","date_published":"2016-01-03T00:00:00Z","owner_name":null,"tidal_id":"6812d386-6d69-5df3-94c5-255ff5b4437d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441172Z"},{"id":"5f228fb5-d959-4c4a-bb8c-f9dc01d5af07","name":"F-Secure BlackEnergy 2014","description":"F-Secure Labs. (2014). BlackEnergy & Quedagh: The convergence of crimeware and APT attacks. Retrieved March 24, 2016.","url":"https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf","source":"MITRE","title":"BlackEnergy & Quedagh: The convergence of crimeware and APT attacks","authors":"F-Secure Labs","date_accessed":"2016-03-24T00:00:00Z","date_published":"2014-01-01T00:00:00Z","owner_name":null,"tidal_id":"04c8132f-e4b0-5c54-8d65-60c5f04ac7f0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418679Z"},{"id":"2977c45f-3a7a-42ae-be59-378aa288dc24","name":"Resecurity BlackLock March 25 2025","description":"Resecurity. (2025, March 25). Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor's Infrastructure. Retrieved June 13, 2025.","url":"https://www.resecurity.com/blog/article/blacklock-ransomware-a-late-holiday-gift-with-intrusion-into-the-threat-actors-infrastructure","source":"Tidal Cyber","title":"Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor's Infrastructure","authors":"Resecurity","date_accessed":"2025-06-13T12:00:00Z","date_published":"2025-03-25T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"eea07235-ae5b-55a4-90f3-acd0f9b8d239","created":"2025-06-17T14:40:43.690066Z","modified":"2025-06-17T14:40:44.247481Z"},{"id":"01ac7d5f-252c-496f-b637-6ba673e7ccab","name":"The Hacker News BlackLock March 29 2025","description":"Ravie Lakshmanan. (2025, March 29). BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability. Retrieved June 13, 2025.","url":"https://thehackernews.com/2025/03/blacklock-ransomware-exposed-after.html","source":"Tidal Cyber","title":"BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability","authors":"Ravie Lakshmanan","date_accessed":"2025-06-13T12:00:00Z","date_published":"2025-03-29T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5c01368a-f595-5edc-abdd-9a0100494710","created":"2025-06-17T14:40:44.446262Z","modified":"2025-06-17T14:40:44.663221Z"},{"id":"1a4c134b-c701-400f-beee-e6b3cc835042","name":"ESET BlackLotus March 01 2023","description":"Martin Smolár. (2023, March 1). BlackLotus UEFI bootkit: Myth confirmed. Retrieved September 29, 2023.","url":"https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/","source":"Tidal Cyber","title":"BlackLotus UEFI bootkit: Myth confirmed","authors":"Martin Smolár","date_accessed":"2023-09-29T00:00:00Z","date_published":"2023-03-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"68cab816-eba9-52ff-a2b1-fe6bee58f491","created":"2024-06-13T20:10:42.621298Z","modified":"2024-06-13T20:10:42.807238Z"},{"id":"dedb9dce-a1d7-5537-9695-064a27e9a5d6","name":"welivesecurity","description":"Martin Smolár. (2023, March 1). BlackLotus UEFI bootkit: Myth confirmed. Retrieved February 11, 2025.","url":"https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/","source":"MITRE","title":"BlackLotus UEFI bootkit: Myth confirmed","authors":"Martin Smolár","date_accessed":"2025-02-11T00:00:00Z","date_published":"2023-03-01T00:00:00Z","owner_name":null,"tidal_id":"cca81680-7a1b-5aa5-ac9b-77be6ac447c1","created":"2025-04-22T20:47:10.575112Z","modified":"2025-12-17T15:08:36.425805Z"},{"id":"66121c37-6b66-4ab2-9f63-1adb80dcec62","name":"Securelist BlackOasis Oct 2017","description":"Kaspersky Lab's Global Research & Analysis Team. (2017, October 16). BlackOasis APT and new targeted attacks leveraging zero-day exploit. Retrieved February 15, 2018.","url":"https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/","source":"MITRE, Tidal Cyber","title":"BlackOasis APT and new targeted attacks leveraging zero-day exploit","authors":"Kaspersky Lab's Global Research & Analysis Team","date_accessed":"2018-02-15T00:00:00Z","date_published":"2017-10-16T00:00:00Z","owner_name":null,"tidal_id":"456ca385-f6b8-5312-aa57-18b0acece635","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.261368Z"},{"id":"2a67b1df-9a15-487e-a777-8a3fe46b0179","name":"ReliaQuest May 28 2024","description":"ReliaQuest Threat Research Team. (2024, May 28). BlackSuit Attack Analysis - ReliaQuest. Retrieved June 5, 2024.","url":"https://www.reliaquest.com/blog/blacksuit-attack-analysis/","source":"Tidal Cyber","title":"BlackSuit Attack Analysis - ReliaQuest","authors":"ReliaQuest Threat Research Team","date_accessed":"2024-06-05T00:00:00Z","date_published":"2024-05-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ee68de1d-6d74-5d3f-b540-d2d7869ec3f2","created":"2024-06-13T20:11:04.585603Z","modified":"2024-06-13T20:11:04.772104Z"},{"id":"d956f0c6-d90e-49e8-a64c-a46bfc177cc6","name":"HC3 Analyst Note BlackSuit Ransomware November 2023","description":"Health Sector Cybersecurity Coordination Center (HC3). (2023, November 6). BlackSuit Ransomware. Retrieved June 7, 2024.","url":"https://www.hhs.gov/sites/default/files/blacksuit-ransomware-analyst-note-tlpclear.pdf","source":"Tidal Cyber","title":"BlackSuit Ransomware","authors":"Health Sector Cybersecurity Coordination Center (HC3)","date_accessed":"2024-06-07T00:00:00Z","date_published":"2023-11-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"aa2c4e75-7ec0-50a8-b7d8-2e34daad52fd","created":"2024-06-13T20:11:06.455057Z","modified":"2024-06-13T20:11:06.639206Z"},{"id":"7e335494-86a7-49cd-a9f3-783d73c36d9d","name":"Cyble May 12 2023","description":"Cybleinc. (2023, May 12). BlackSuit Ransomware Strikes Windows and Linux Users. Retrieved January 1, 2024.","url":"https://cyble.com/blog/blacksuit-ransomware-strikes-windows-and-linux-users/","source":"Tidal Cyber","title":"BlackSuit Ransomware Strikes Windows and Linux Users","authors":"Cybleinc","date_accessed":"2024-01-01T00:00:00Z","date_published":"2023-05-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"be200a74-3d5f-54b8-b2ab-dae42ac5df49","created":"2024-06-13T20:11:04.960407Z","modified":"2024-06-13T20:11:05.152529Z"},{"id":"d4351c8e-026d-4660-9344-166481ecf64a","name":"Palo Alto Black-T October 2020","description":"Quist, N. (2020, October 5). Black-T: New Cryptojacking Variant from TeamTNT. Retrieved September 22, 2021.","url":"https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/","source":"MITRE","title":"Black-T: New Cryptojacking Variant from TeamTNT","authors":"Quist, N","date_accessed":"2021-09-22T00:00:00Z","date_published":"2020-10-05T00:00:00Z","owner_name":null,"tidal_id":"02df974c-002a-5e08-88ad-e2393f9c9a9f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437696Z"},{"id":"053895e8-da3f-4291-a728-2198fde774e7","name":"BlackWater Malware Cloudflare Workers","description":"Lawrence Abrams. (2020, March 14). BlackWater Malware Abuses Cloudflare Workers for C2 Communication. Retrieved July 8, 2022.","url":"https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for-c2-communication/","source":"MITRE","title":"BlackWater Malware Abuses Cloudflare Workers for C2 Communication","authors":"Lawrence Abrams","date_accessed":"2022-07-08T00:00:00Z","date_published":"2020-03-14T00:00:00Z","owner_name":null,"tidal_id":"55990d6c-3ff2-540b-8e9b-f788756decd1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424118Z"},{"id":"f45df994-4e57-576c-8424-1241657152f0","name":"Blake Johnson, Dan Caban, Marina Krotofil, Dan Scali, Nathan Brubaker, Christopher Glyer December 2017","description":"Blake Johnson, Dan Caban, Marina Krotofil, Dan Scali, Nathan Brubaker, Christopher Glyer 2017, December 14 Attackers Deploy New ICS Attack Framework TRITON and Cause Operational Disruption to Critical Infrastructure. Retrieved 2018/01/12","url":"https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html","source":"ICS","title":"Blake Johnson, Dan Caban, Marina Krotofil, Dan Scali, Nathan Brubaker, Christopher Glyer December 2017","authors":"","date_accessed":"2018-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"45047363-5900-5ea0-929d-7262541d426b","created":"2026-01-28T13:08:18.175721Z","modified":"2026-01-28T13:08:18.175724Z"},{"id":"4a9b874a-8ed3-476d-8da2-d59e081c4b40","name":"Check Point Research Blind Eagle March 10 2025","description":"Check Point Research. (2025, March 10). Blind Eagle: …And Justice for All. Retrieved March 22, 2025.","url":"https://research.checkpoint.com/2025/blind-eagle-and-justice-for-all/","source":"Tidal Cyber","title":"Blind Eagle: …And Justice for All","authors":"Check Point Research","date_accessed":"2025-03-22T00:00:00Z","date_published":"2025-03-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5fde4096-7100-5b3e-afec-05b21a9207b4","created":"2025-03-25T13:15:55.856106Z","modified":"2025-03-25T13:15:56.189355Z"},{"id":"77a0f06e-b16f-4d3d-998e-0af3e1789624","name":"None December 16 2025","description":"None Identified. (2025, December 16). BlindEagle Deploys Caminho and DCRAT | ThreatLabz. Retrieved December 19, 2025.","url":"https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-government-agency-caminho-and-dcrat","source":"Tidal Cyber","title":"BlindEagle Deploys Caminho and DCRAT | ThreatLabz","authors":"None Identified","date_accessed":"2025-12-19T12:00:00Z","date_published":"2025-12-16T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8fe387c9-94e1-5e88-bc78-f4562b3c2adb","created":"2025-12-24T14:56:04.824332Z","modified":"2025-12-24T14:56:04.957580Z"},{"id":"32b6b963-e5e2-4e7c-9f4d-990c2cec8e0f","name":"Zscaler BlindEagle December 16 2025","description":"None Identified. (2025, December 16). BlindEagle Deploys Caminho and DCRAT | ThreatLabz. Retrieved December 19, 2025.","url":"https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-government-agency-caminho-and-dcrat","source":"Tidal Cyber","title":"BlindEagle Deploys Caminho and DCRAT | ThreatLabz","authors":"None Identified","date_accessed":"2025-12-19T12:00:00Z","date_published":"2025-12-16T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"93b82ce7-99e2-5c60-bc8f-31bf6a9240bc","created":"2026-01-14T13:29:37.097437Z","modified":"2026-01-14T13:29:37.252254Z"},{"id":"46689fc2-1a48-43d6-9c48-78e050e7f102","name":"Zscaler September 5 2024","description":"Gaetano Pellegrino. (2024, September 5). BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar. Retrieved September 6, 2024.","url":"https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-insurance-sector-blotchyquasar","source":"Tidal Cyber","title":"BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar","authors":"Gaetano Pellegrino","date_accessed":"2024-09-06T00:00:00Z","date_published":"2024-09-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"12b0dc51-a672-5a0f-bb22-3cd31034d652","created":"2025-02-11T18:20:02.818052Z","modified":"2025-02-11T18:20:03.199660Z"},{"id":"acca4c89-acce-4916-88b6-f4dac7d8ab19","name":"NHS UK BLINDINGCAN Aug 2020","description":"NHS Digital . (2020, August 20). BLINDINGCAN Remote Access Trojan. Retrieved August 20, 2020.","url":"https://digital.nhs.uk/cyber-alerts/2020/cc-3603","source":"MITRE","title":"BLINDINGCAN Remote Access Trojan","authors":"NHS Digital","date_accessed":"2020-08-20T00:00:00Z","date_published":"2020-08-20T00:00:00Z","owner_name":null,"tidal_id":"dc62077e-8715-5883-bb52-e38fdcab7c0b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416495Z"},{"id":"d6c50145-2bf9-4f7c-97b9-81cc2e1575f2","name":"Unit 42 August 23 2024","description":"Chandni Vaya; Margaret Kelley. (2024, August 23). Bling Libra's Tactical Evolution The Threat Actor Group Behind ShinyHunters Ransomware. Retrieved September 18, 2025.","url":"https://unit42.paloaltonetworks.com/shinyhunters-ransomware-extortion/","source":"Tidal Cyber","title":"Bling Libra's Tactical Evolution The Threat Actor Group Behind ShinyHunters Ransomware","authors":"Chandni Vaya; Margaret Kelley","date_accessed":"2025-09-18T12:00:00Z","date_published":"2024-08-23T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d30f9c52-2e69-5534-a7f4-cb2e37675658","created":"2025-09-19T19:47:43.032616Z","modified":"2025-09-19T19:47:43.163857Z"},{"id":"152628ab-3244-4cc7-a68e-a220b652039b","name":"Azure Blob Snapshots","description":"Microsoft Azure. (2021, December 29). Blob snapshots. Retrieved March 2, 2022.","url":"https://docs.microsoft.com/en-us/azure/storage/blobs/snapshots-overview","source":"MITRE","title":"Blob snapshots","authors":"Microsoft Azure","date_accessed":"2022-03-02T00:00:00Z","date_published":"2021-12-29T00:00:00Z","owner_name":null,"tidal_id":"b82a9e3f-490d-5bd8-ab1d-bee9fc01549a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435154Z"},{"id":"76511800-8331-476b-ab4f-0daa587f5e22","name":"objsee block blocking login items","description":"Patrick Wardle. (2018, July 23). Block Blocking Login Items. Retrieved October 1, 2021.","url":"https://objective-see.com/blog/blog_0x31.html","source":"MITRE","title":"Block Blocking Login Items","authors":"Patrick Wardle","date_accessed":"2021-10-01T00:00:00Z","date_published":"2018-07-23T00:00:00Z","owner_name":null,"tidal_id":"469a7390-e72c-5903-b5ed-5323d0270944","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432071Z"},{"id":"76faf20c-27d3-4e67-8ab7-8480f8f88ae5","name":"Technospot Chrome Extensions GP","description":"Mohta, A. (n.d.). Block Chrome Extensions using Google Chrome Group Policy Settings. Retrieved January 10, 2018.","url":"http://www.technospot.net/blogs/block-chrome-extensions-using-google-chrome-group-policy-settings/","source":"MITRE","title":"Block Chrome Extensions using Google Chrome Group Policy Settings","authors":"Mohta, A","date_accessed":"2018-01-10T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b49c8f0f-7a33-5b66-84b0-d94b881430b1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416177Z"},{"id":"b292b85e-68eb-43c3-9b5b-222810e2f26a","name":"Evi1cg Forfiles Nov 2017","description":"Evi1cg. (2017, November 26). block cmd.exe ? try this :. Retrieved September 12, 2024.","url":"https://x.com/Evi1cg/status/935027922397573120","source":"MITRE","title":"block cmd.exe ? try this :","authors":"Evi1cg","date_accessed":"2024-09-12T00:00:00Z","date_published":"2017-11-26T00:00:00Z","owner_name":null,"tidal_id":"24c3a18f-cf25-5457-8313-73d15385a555","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428071Z"},{"id":"52671075-c425-40c7-a49a-b75e44a0c58a","name":"Fifield Blocking Resistent Communication through domain fronting 2015","description":"David Fifield, Chang Lan, Rod Hynes, Percy Wegmann, and Vern Paxson. (2015). Blocking-resistant communication through domain fronting. Retrieved November 20, 2017.","url":"http://www.icir.org/vern/papers/meek-PETS-2015.pdf","source":"MITRE","title":"Blocking-resistant communication through domain fronting","authors":"David Fifield, Chang Lan, Rod Hynes, Percy Wegmann, and Vern Paxson","date_accessed":"2017-11-20T00:00:00Z","date_published":"2015-01-01T00:00:00Z","owner_name":null,"tidal_id":"dc7b1963-fe80-5fc7-b011-58e5f943187d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425890Z"},{"id":"c945046b-c266-4646-85ab-0573f86f0a9d","name":"Cybertrainer.uk December 12 2023","description":"Mark. (2023, December 12). Blog 346 – “Kelvin Security” hacking group leader arrested in Spanish raid. Retrieved January 6, 2026.","url":"https://cybertrainer.uk/2023/12/12/12-12-23-blog-346-kelvin-security-hacking-group-leader-arrested-in-spanish-raid/","source":"Tidal Cyber","title":"Blog 346 – “Kelvin Security” hacking group leader arrested in Spanish raid","authors":"Mark","date_accessed":"2026-01-06T12:00:00Z","date_published":"2023-12-12T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6326273e-bd3a-56eb-b787-ef90251f6747","created":"2026-01-14T13:29:40.485633Z","modified":"2026-01-14T13:29:40.639430Z"},{"id":"8dcd43e9-e28f-4536-93d3-9823aa064cdb","name":"None December 10 2025","description":"None Identified. (2025, December 10). Blog: From Armillaria loader to EDR killer. Retrieved December 19, 2025.","url":"https://www.threatlocker.com/blog/from-armillaria-loader-to-edr-killer","source":"Tidal Cyber","title":"Blog: From Armillaria loader to EDR killer","authors":"None Identified","date_accessed":"2025-12-19T12:00:00Z","date_published":"2025-12-10T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"92bcc34c-7680-5770-826a-1907d743ac1f","created":"2025-12-24T14:56:05.359718Z","modified":"2025-12-24T14:56:05.497082Z"},{"id":"4a782ecc-7028-4fae-8bf4-6aa46c4edb2f","name":"ThreatLocker Armillaria December 10 2025","description":"None Identified. (2025, December 10). Blog: From Armillaria loader to EDR killer. Retrieved December 19, 2025.","url":"https://www.threatlocker.com/blog/from-armillaria-loader-to-edr-killer","source":"Tidal Cyber","title":"Blog: From Armillaria loader to EDR killer","authors":"None Identified","date_accessed":"2025-12-19T12:00:00Z","date_published":"2025-12-10T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ee847717-a362-553e-9b31-9b26c2a99208","created":"2026-01-14T13:29:37.792537Z","modified":"2026-01-14T13:29:37.955599Z"},{"id":"e90b4941-5dff-4f38-b4dd-af3426fd621e","name":"GitHub Bloodhound","description":"Robbins, A., Vazarkar, R., and Schroeder, W. (2016, April 17). Bloodhound: Six Degrees of Domain Admin. Retrieved March 5, 2019.","url":"https://github.com/BloodHoundAD/BloodHound","source":"MITRE","title":"Bloodhound: Six Degrees of Domain Admin","authors":"Robbins, A., Vazarkar, R., and Schroeder, W","date_accessed":"2019-03-05T00:00:00Z","date_published":"2016-04-17T00:00:00Z","owner_name":null,"tidal_id":"1026a89a-c31f-56aa-9ec6-dacf14b36d0b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422719Z"},{"id":"0baac037-864d-47d6-beb2-6243cd816036","name":"Recorded Future BlueAlpha December 5 2024","description":"Insikt Group. (2024, December 5). BlueAlpha Abuses Cloudflare Tunneling Service for GammaDrop Staging Infrastructure. Retrieved December 10, 2024.","url":"https://go.recordedfuture.com/hubfs/reports/cta-ru-2024-1205.pdf","source":"Tidal Cyber","title":"BlueAlpha Abuses Cloudflare Tunneling Service for GammaDrop Staging Infrastructure","authors":"Insikt Group","date_accessed":"2024-12-10T00:00:00Z","date_published":"2024-12-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c7116ea1-b32d-5778-9e54-7fbb0f800f4e","created":"2024-12-10T14:32:49.942160Z","modified":"2024-12-10T14:32:50.304169Z"},{"id":"ab48a205-ca06-4328-96a4-876007024a7d","name":"PwC Blue Callisto December 6 2022","description":"PwC Threat Intelligence. (2022, December 6). Blue Callisto orbits around US Laboratories in 2022. Retrieved October 1, 2024.","url":"https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/blue-callisto-orbits-around-us.html","source":"Tidal Cyber","title":"Blue Callisto orbits around US Laboratories in 2022","authors":"PwC Threat Intelligence","date_accessed":"2024-10-01T00:00:00Z","date_published":"2022-12-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"db7ea5ab-2689-5f36-a9c2-f0fd82445718","created":"2024-10-04T20:31:30.103974Z","modified":"2024-10-04T20:31:30.509201Z"},{"id":"0c764280-9d8c-4fa4-9088-170f02550d4c","name":"Blue Cloud of Death","description":"Kunz, Bryce. (2018, May 11). Blue Cloud of Death: Red Teaming Azure. Retrieved October 23, 2019.","url":"https://speakerdeck.com/tweekfawkes/blue-cloud-of-death-red-teaming-azure-1","source":"MITRE","title":"Blue Cloud of Death: Red Teaming Azure","authors":"Kunz, Bryce","date_accessed":"2019-10-23T00:00:00Z","date_published":"2018-05-11T00:00:00Z","owner_name":null,"tidal_id":"710fe171-ffc0-52db-92f8-54044ab2a216","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432419Z"},{"id":"39b0adf6-c71e-4501-b8bb-fab82718486b","name":"Blue Cloud of Death Video","description":"Kunz, Bruce. (2018, October 14). Blue Cloud of Death: Red Teaming Azure. Retrieved November 21, 2019.","url":"https://www.youtube.com/watch?v=wQ1CuAPnrLM&feature=youtu.be&t=2815","source":"MITRE","title":"Blue Cloud of Death: Red Teaming Azure","authors":"Kunz, Bruce","date_accessed":"2019-11-21T00:00:00Z","date_published":"2018-10-14T00:00:00Z","owner_name":null,"tidal_id":"69f78648-0dad-590d-9b19-8622ffbfcd59","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432412Z"},{"id":"52c306a6-a1ce-538d-b109-7b90b6d91e33","name":"SecureList BlueNoroff Device Cred Dev","description":"Seongsu Park. (2022, December 27). BlueNoroff introduces new methods bypassing MoTW. Retrieved July 22, 2025.","url":"https://securelist.com/bluenoroff-methods-bypass-motw/108383/","source":"MITRE","title":"BlueNoroff introduces new methods bypassing MoTW","authors":"Seongsu Park","date_accessed":"2025-07-22T00:00:00Z","date_published":"2022-12-27T00:00:00Z","owner_name":null,"tidal_id":"a940cc7d-8eca-5988-b768-ff77a5a15d17","created":"2025-10-29T21:08:48.166530Z","modified":"2025-12-17T15:08:36.434748Z"},{"id":"acdf0a7f-f341-5bec-bfe0-f879827f0185","name":"1 - appv","description":"SEONGSU PARK. (2022, December 27). BlueNoroff introduces new methods bypassing MoTW. Retrieved February 6, 2024.","url":"https://securelist.com/bluenoroff-methods-bypass-motw/108383/","source":"MITRE","title":"BlueNoroff introduces new methods bypassing MoTW","authors":"SEONGSU PARK","date_accessed":"2024-02-06T00:00:00Z","date_published":"2022-12-27T00:00:00Z","owner_name":null,"tidal_id":"b7f7b12d-cc91-51b5-839d-86ae94555a58","created":"2024-04-25T13:28:40.865968Z","modified":"2025-12-17T15:08:36.435885Z"},{"id":"cb5511fe-e8c0-4878-b986-a5b5aaa902d8","name":"Securelist October 28 2025","description":"None Identified. (2025, October 28). BlueNoroff’s latest campaigns: GhostCall and GhostHire | Securelist. Retrieved December 19, 2025.","url":"https://securelist.com/bluenoroff-apt-campaigns-ghostcall-and-ghosthire/117842/","source":"Tidal Cyber","title":"BlueNoroff’s latest campaigns: GhostCall and GhostHire | Securelist","authors":"None Identified","date_accessed":"2025-12-19T12:00:00Z","date_published":"2025-10-28T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e341fa35-5029-59ec-90c6-4af913f53729","created":"2025-12-24T14:56:01.486165Z","modified":"2025-12-24T14:56:01.999217Z"},{"id":"b8538d67-ab91-41c2-9cc3-a7b00c6b372a","name":"apple doco bonjour description","description":"Apple Inc. (2013, April 23). Bonjour Overview. Retrieved October 11, 2021.","url":"https://developer.apple.com/library/archive/documentation/Cocoa/Conceptual/NetServices/Introduction.html","source":"MITRE","title":"Bonjour Overview","authors":"Apple Inc","date_accessed":"2021-10-11T00:00:00Z","date_published":"2013-04-23T00:00:00Z","owner_name":null,"tidal_id":"07444ca0-d387-5cd0-9852-182b90ed7c6d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435714Z"},{"id":"1a820fb8-3cff-584b-804f-9bad0592873b","name":"Booby Trap Shortcut 2017","description":"Weyne, F. (2017, April). Booby trap a shortcut with a backdoor. Retrieved October 3, 2023.","url":"https://www.uperesia.com/booby-trapped-shortcut","source":"MITRE","title":"Booby trap a shortcut with a backdoor","authors":"Weyne, F","date_accessed":"2023-10-03T00:00:00Z","date_published":"2017-04-01T00:00:00Z","owner_name":null,"tidal_id":"5be8f472-9d46-5ba3-987a-f8dfb124ade3","created":"2023-11-07T00:36:05.586394Z","modified":"2025-12-17T15:08:36.432276Z"},{"id":"97eb3c97-229c-523e-8604-c276a8a36584","name":"Broadcom","description":"Broadcom Protection Bulletins. (2025, February 20). Bookworm malware linked to Fireant (aka Stately Tarurus) activity observed in Southeast Asia. Retrieved July 21, 2025.","url":"https://www.broadcom.com/support/security-center/protection-bulletin/bookworm-malware-linked-to-fireant-aka-stately-tarurus-activity-observed-in-southeast-asia","source":"MITRE","title":"Bookworm malware linked to Fireant (aka Stately Tarurus) activity observed in Southeast Asia","authors":"Broadcom Protection Bulletins","date_accessed":"2025-07-21T00:00:00Z","date_published":"2025-02-20T00:00:00Z","owner_name":null,"tidal_id":"9058b403-265e-58c0-8d85-4c2b39aed740","created":"2025-10-29T21:08:48.164961Z","modified":"2025-12-17T15:08:36.417550Z"},{"id":"794a1cb4-1eb4-587a-92f6-eb5c8e98de97","name":"Unit42 Bookworm Nov2015","description":"Robert Falcone, Mike Scott, Juan Cortes. (2015, November 10). Bookworm Trojan: A Model of Modular Architecture. Retrieved July 21, 2025.","url":"https://unit42.paloaltonetworks.com/bookworm-trojan-a-model-of-modular-architecture/","source":"MITRE","title":"Bookworm Trojan: A Model of Modular Architecture","authors":"Robert Falcone, Mike Scott, Juan Cortes","date_accessed":"2025-07-21T00:00:00Z","date_published":"2015-11-10T00:00:00Z","owner_name":null,"tidal_id":"c99fa4be-c440-5c63-a2e1-5513f12ebb35","created":"2025-10-29T21:08:48.164976Z","modified":"2025-12-17T15:08:36.417557Z"},{"id":"44ffaa60-4461-4463-a1b5-abc868368c0a","name":"Microsoft Bootcfg","description":"Gerend, J. et al. (2017, October 16). bootcfg. Retrieved August 30, 2021.","url":"https://docs.microsoft.com/windows-server/administration/windows-commands/bootcfg","source":"MITRE","title":"bootcfg","authors":"Gerend, J. et al","date_accessed":"2021-08-30T00:00:00Z","date_published":"2017-10-16T00:00:00Z","owner_name":null,"tidal_id":"2b3ed765-75e9-5654-a063-7361a837ad3f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426575Z"},{"id":"86f87ec6-058e-45a7-9314-0579a2b4e8f2","name":"Imperva DDoS for Hire","description":"Imperva. (n.d.). Booters, Stressers and DDoSers. Retrieved October 4, 2020.","url":"https://www.imperva.com/learn/ddos/booters-stressers-ddosers/","source":"MITRE","title":"Booters, Stressers and DDoSers","authors":"Imperva","date_accessed":"2020-10-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4751eaaa-6abd-50d0-acd4-2eebf6f79c7a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427205Z"},{"id":"6d9c72cb-6cda-445e-89ea-7e695063d49a","name":"Wikipedia Booting","description":"Wikipedia. (n.d.). Booting. Retrieved November 13, 2019.","url":"https://en.wikipedia.org/wiki/Booting","source":"MITRE","title":"Booting","authors":"Wikipedia","date_accessed":"2019-11-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"91bc58e9-538b-5d29-afa3-8f51d87b8b00","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431768Z"},{"id":"835c9e5d-b291-43d9-9b8a-2978aa8c8cd3","name":"FireEye BOOTRASH SANS","description":"Glyer, C.. (2017, June 22). Boot What?. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20190926040727/https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1498163766.pdf","source":"MITRE","title":"Boot What?","authors":"Glyer, C.","date_accessed":"2024-11-17T00:00:00Z","date_published":"2017-06-22T00:00:00Z","owner_name":null,"tidal_id":"766a20d5-c294-57fd-9463-ee7892167787","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421865Z"},{"id":"c4dbb0f9-c562-5bc1-954d-5988525ca0de","name":"Esentire ContagiousInterview BeaverTail InvisibleFerret November 2024","description":"eSentire Threat Response Unit (TRU). (2024, November 14). Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus Lure Pt.2. Retrieved October 17, 2025.","url":"https://www.esentire.com/blog/bored-beavertail-invisibleferret-yacht-club-a-lazarus-lure-pt-2","source":"MITRE","title":"Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus Lure Pt.2","authors":"eSentire Threat Response Unit (TRU)","date_accessed":"2025-10-17T00:00:00Z","date_published":"2024-11-14T00:00:00Z","owner_name":null,"tidal_id":"3a56a8e4-cf73-500a-a788-68506c3740c7","created":"2025-10-29T21:08:48.164735Z","modified":"2025-12-17T15:08:36.417248Z"},{"id":"8f058923-f2f7-4c0e-b90a-c7a0d5e62186","name":"Unit42 LockerGoga 2019","description":"Harbison, M. (2019, March 26). Born This Way? Origins of LockerGoga. Retrieved April 16, 2019.","url":"https://unit42.paloaltonetworks.com/born-this-way-origins-of-lockergoga/","source":"MITRE","title":"Born This Way? Origins of LockerGoga","authors":"Harbison, M","date_accessed":"2019-04-16T00:00:00Z","date_published":"2019-03-26T00:00:00Z","owner_name":null,"tidal_id":"823a53d3-4230-5173-b2af-133f4357e8e0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418904Z"},{"id":"156efefd-793f-4219-8904-ef160a45c9ec","name":"Threatexpress MetaTwin 2017","description":"Vest, J. (2017, October 9). Borrowing Microsoft MetaData and Signatures to Hide Binary Payloads. Retrieved September 10, 2019.","url":"https://threatexpress.com/blogs/2017/metatwin-borrowing-microsoft-metadata-and-digital-signatures-to-hide-binaries/","source":"MITRE","title":"Borrowing Microsoft MetaData and Signatures to Hide Binary Payloads","authors":"Vest, J","date_accessed":"2019-09-10T00:00:00Z","date_published":"2017-10-09T00:00:00Z","owner_name":null,"tidal_id":"5955dbec-89a8-5d1c-a644-68a9bfe90b12","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433759Z"},{"id":"01c8337f-614b-5f63-870f-5c880b390922","name":"Sandfly BPFDoor 2022","description":"The Sandfly Security Team. (2022, May 11). BPFDoor - An Evasive Linux Backdoor Technical Analysis. Retrieved September 29, 2023.","url":"https://sandflysecurity.com/blog/bpfdoor-an-evasive-linux-backdoor-technical-analysis/","source":"MITRE","title":"BPFDoor - An Evasive Linux Backdoor Technical Analysis","authors":"The Sandfly Security Team","date_accessed":"2023-09-29T00:00:00Z","date_published":"2022-05-11T00:00:00Z","owner_name":null,"tidal_id":"36c015b9-d1a9-5310-ac28-aa8a82b16c33","created":"2023-11-07T00:36:00.284265Z","modified":"2025-12-17T15:08:36.420260Z"},{"id":"c246b4da-75fb-5b41-ba9c-c0eb1b261e37","name":"Deep Instinct BPFDoor 2023","description":"Shaul Vilkomir-Preisman and Eliran Nissan. (2023, May 10). BPFDoor Malware Evolves – Stealthy Sniffing Backdoor Ups Its Game. Retrieved September 19, 2024.","url":"https://www.deepinstinct.com/blog/bpfdoor-malware-evolves-stealthy-sniffing-backdoor-ups-its-game","source":"MITRE","title":"BPFDoor Malware Evolves – Stealthy Sniffing Backdoor Ups Its Game","authors":"Shaul Vilkomir-Preisman and Eliran Nissan","date_accessed":"2024-09-19T00:00:00Z","date_published":"2023-05-10T00:00:00Z","owner_name":null,"tidal_id":"8f98d6ad-c5f8-5de9-a527-53d2dd58cf51","created":"2024-10-31T16:28:20.497592Z","modified":"2025-12-17T15:08:36.420253Z"},{"id":"19af3fce-eb57-4e67-9678-1968e9ea9677","name":"AADInternals - BPRT","description":"Dr. Nestori Syynimaa. (2021, January 31). BPRT unleashed: Joining multiple devices to Azure AD and Intune. Retrieved March 4, 2022.","url":"https://o365blog.com/post/bprt/","source":"MITRE","title":"BPRT unleashed: Joining multiple devices to Azure AD and Intune","authors":"Dr. Nestori Syynimaa","date_accessed":"2022-03-04T00:00:00Z","date_published":"2021-01-31T00:00:00Z","owner_name":null,"tidal_id":"695a625d-dffd-5bef-ac64-7a2a408162b5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431666Z"},{"id":"464cd394-8fa8-5814-9334-a3e8cc668beb","name":"CheckPoint-BrainTest","description":"Andrey Polkovnichenko and Alon Boxiner. (2015, September 21). BrainTest – A New Level of Sophistication in Mobile Malware. Retrieved December","url":"http://blog.checkpoint.com/2015/09/21/braintest-a-new-level-of-sophistication-in-mobile-malware/","source":"Mobile","title":"BrainTest – A New Level of Sophistication in Mobile Malware","authors":"Andrey Polkovnichenko and Alon Boxiner","date_accessed":"1978-12-01T00:00:00Z","date_published":"2015-09-21T00:00:00Z","owner_name":null,"tidal_id":"73c9bce9-86f6-519a-9fb1-d204838dfec8","created":"2026-01-28T13:08:10.042026Z","modified":"2026-01-28T13:08:10.042029Z"},{"id":"ffbb49b1-6fb2-5121-9748-f96e5d368af0","name":"Lookout-BrainTest","description":"Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December","url":"https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/","source":"Mobile","title":"Brain Test re-emerges: 13 apps found in Google Play Read more: Brain Test re-emerges: 13 apps found in Google Play","authors":"Chris Dehghanpoor","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-01-06T00:00:00Z","owner_name":null,"tidal_id":"0cc678d1-7e1f-54db-8ea8-745e291ee385","created":"2026-01-28T13:08:10.042051Z","modified":"2026-01-28T13:08:10.042054Z"},{"id":"51aa2d82-6231-5806-b963-b2a2d26de61c","name":"mcafee_brata_0421","description":"Fernando Ruiz. (2021, April 12). BRATA Keeps Sneaking into Google Play, Now Targeting USA and Spain. Retrieved December","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/brata-keeps-sneaking-into-google-play-now-targeting-usa-and-spain/","source":"Mobile","title":"BRATA Keeps Sneaking into Google Play, Now Targeting USA and Spain","authors":"Fernando Ruiz","date_accessed":"1978-12-01T00:00:00Z","date_published":"2021-04-12T00:00:00Z","owner_name":null,"tidal_id":"d58d6144-6a8c-52e1-abac-baae09d63299","created":"2026-01-28T13:08:10.040651Z","modified":"2026-01-28T13:08:10.040654Z"},{"id":"fa813afd-b8f0-535b-9108-6d3d3989b6b9","name":"Brazking-Websockets","description":"Shahar Tavor. (n.d.). BrazKing Android Malware Upgraded and Targeting Brazilian Banks. Retrieved March 24, 2023.","url":"https://securityintelligence.com/posts/brazking-android-malware-upgraded-targeting-brazilian-banks/","source":"MITRE","title":"BrazKing Android Malware Upgraded and Targeting Brazilian Banks","authors":"Shahar Tavor","date_accessed":"2023-03-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4418a841-2128-51f6-a737-0900c98222ec","created":"2023-05-26T01:21:10.390257Z","modified":"2025-12-17T15:08:36.435467Z"},{"id":"38d88851-1b71-4ed7-88e3-2ee5c3876c06","name":"Morphisec 3 26 2024","description":"Arnold Osipov. (2024, March 26). Breaking Boundaries Mispadu's Infiltration Beyond LATAM. Retrieved April 4, 2024.","url":"https://blog.morphisec.com/mispadu-infiltration-beyond-latam","source":"Tidal Cyber","title":"Breaking Boundaries Mispadu's Infiltration Beyond LATAM","authors":"Arnold Osipov","date_accessed":"2024-04-04T00:00:00Z","date_published":"2024-03-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e0f17a83-aa49-5f32-a09b-9fd963ca6a5b","created":"2024-04-25T14:10:42.541647Z","modified":"2024-04-25T14:10:42.932979Z"},{"id":"75e21136-ebd2-449a-8fd9-7379db7bdc64","name":"Trend Micro Earth Estries November 8 2024","description":"Ted Lee, Leon M Chang, Lenart Bermejo. (2024, November 8). Breaking Down Earth Estries' Persistent TTPs in Prolonged Cyber Operations. Retrieved November 13, 2024.","url":"https://www.trendmicro.com/en_us/research/24/k/breaking-down-earth-estries-persistent-ttps-in-prolonged-cyber-o.html","source":"Tidal Cyber","title":"Breaking Down Earth Estries' Persistent TTPs in Prolonged Cyber Operations","authors":"Ted Lee, Leon M Chang, Lenart Bermejo","date_accessed":"2024-11-13T00:00:00Z","date_published":"2024-11-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"74d51bf6-60d8-5412-b0e2-9735ad207b62","created":"2024-11-15T17:28:54.010609Z","modified":"2024-11-15T17:28:54.351714Z"},{"id":"7633f4c3-0e22-5e02-b92b-aa10a246ea77","name":"Splunk Linux Gormir 2024","description":"Splunk Threat Research Team , Teoderick Contreras. (2024, July 15). Breaking Down Linux.Gomir: Understanding this Backdoor’s TTPs. Retrieved May 22, 2025.","url":"https://www.splunk.com/en_us/blog/security/breaking-down-linux-gomir-understanding-this-backdoors-ttps.html","source":"MITRE","title":"Breaking Down Linux.Gomir: Understanding this Backdoor’s TTPs","authors":"Splunk Threat Research Team , Teoderick Contreras","date_accessed":"2025-05-22T00:00:00Z","date_published":"2024-07-15T00:00:00Z","owner_name":null,"tidal_id":"46b0aff5-cc46-5c98-a2c6-6a96ad2d7900","created":"2025-10-29T21:08:48.165851Z","modified":"2025-12-17T15:08:36.427342Z"},{"id":"52464e69-ff9e-4101-9596-dd0c6404bf76","name":"MSTIC Nobelium Toolset May 2021","description":"MSTIC. (2021, May 28). Breaking down NOBELIUM’s latest early-stage toolset. Retrieved August 4, 2021.","url":"https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/","source":"MITRE","title":"Breaking down NOBELIUM’s latest early-stage toolset","authors":"MSTIC","date_accessed":"2021-08-04T00:00:00Z","date_published":"2021-05-28T00:00:00Z","owner_name":null,"tidal_id":"d442f859-1583-5e60-b8ba-e899c5912372","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417614Z"},{"id":"6d1e2b0a-fed2-490b-be25-6580dfb7d6aa","name":"Lee 2013","description":"Lee, T., Hanzlik, D., Ahl, I. (2013, August 7). Breaking Down the China Chopper Web Shell - Part I. Retrieved March 27, 2015.","url":"https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-i.html","source":"MITRE","title":"Breaking Down the China Chopper Web Shell - Part I","authors":"Lee, T., Hanzlik, D., Ahl, I","date_accessed":"2015-03-27T00:00:00Z","date_published":"2013-08-07T00:00:00Z","owner_name":null,"tidal_id":"19d28f61-418b-5eaf-8c85-81de57de9167","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418884Z"},{"id":"7989f0de-90b8-5e6d-bc20-1764610d1568","name":"sentinelone-malvertising","description":"Hegel, Tom. (2023, January 19). Breaking Down the SEO Poisoning Attack | How Attackers Are Hijacking Search Results. Retrieved February 21, 2023.","url":"https://www.sentinelone.com/blog/breaking-down-the-seo-poisoning-attack-how-attackers-are-hijacking-search-results/","source":"MITRE","title":"Breaking Down the SEO Poisoning Attack | How Attackers Are Hijacking Search Results","authors":"Hegel, Tom","date_accessed":"2023-02-21T00:00:00Z","date_published":"2023-01-19T00:00:00Z","owner_name":null,"tidal_id":"e1cdb174-dcbf-572a-b176-98af1569d48b","created":"2023-05-26T01:21:01.848129Z","modified":"2025-12-17T15:08:36.425355Z"},{"id":"bde3ff9c-fbf9-49c4-b414-70dc8356d57d","name":"OS X Keychain","description":"Juuso Salonen. (2012, September 5). Breaking into the OS X keychain. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20130106164109/https://juusosalonen.com/post/30923743427/breaking-into-the-os-x-keychain","source":"MITRE","title":"Breaking into the OS X keychain","authors":"Juuso Salonen","date_accessed":"2024-11-17T00:00:00Z","date_published":"2012-09-05T00:00:00Z","owner_name":null,"tidal_id":"a0d39e36-ba7b-54d0-a748-86a5055b3aa2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425777Z"},{"id":"24674e91-5cbf-4023-98ae-a9f0968ad99a","name":"Brown Exploiting Linkers","description":"Tim Brown. (2011, June 29). Breaking the links: Exploiting the linker. Retrieved March 29, 2021.","url":"http://www.nth-dimension.org.uk/pub/BTL.pdf","source":"MITRE","title":"Breaking the links: Exploiting the linker","authors":"Tim Brown","date_accessed":"2021-03-29T00:00:00Z","date_published":"2011-06-29T00:00:00Z","owner_name":null,"tidal_id":"cbcc357a-5b6f-5d8b-8b99-63a4b10eb081","created":"2022-12-14T20:06:32.013016Z","modified":"2024-10-31T16:28:21.818043Z"},{"id":"f23a773f-9c50-4193-877d-97f7c13f48f1","name":"FireEye Outlook Dec 2019","description":"McWhirt, M., Carr, N., Bienstock, D. (2019, December 4). Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774). Retrieved June 23, 2020.","url":"https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html","source":"MITRE","title":"Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774)","authors":"McWhirt, M., Carr, N., Bienstock, D","date_accessed":"2020-06-23T00:00:00Z","date_published":"2019-12-04T00:00:00Z","owner_name":null,"tidal_id":"2e443be9-abb3-5744-8b2f-d0a590737d64","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432211Z"},{"id":"bcf92374-48a3-480f-a679-9fd34b67bcdd","name":"Cisco Talos Blog December 08 2022","description":"Cisco Talos Blog. (2022, December 8). Breaking the silence - Recent Truebot activity. Retrieved May 8, 2023.","url":"https://blog.talosintelligence.com/breaking-the-silence-recent-truebot-activity/","source":"Tidal Cyber","title":"Breaking the silence - Recent Truebot activity","authors":"Cisco Talos Blog","date_accessed":"2023-05-08T00:00:00Z","date_published":"2022-12-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4b8d4d48-2743-57bd-acd8-c91eb67423e7","created":"2023-07-14T12:56:29.484199Z","modified":"2023-07-14T12:56:29.614822Z"},{"id":"60fac434-2815-4568-b951-4bde55c2e3af","name":"PaloAlto Preventing Opportunistic Attacks Apr 2016","description":"Kiwi. (2016, April 6). Breakout Recap: Cybersecurity Best Practices Part 1 - Preventing Opportunistic Attacks. Retrieved October 3, 2018.","url":"https://live.paloaltonetworks.com/t5/Ignite-2016-Blog/Breakout-Recap-Cybersecurity-Best-Practices-Part-1-Preventing/ba-p/75913","source":"MITRE","title":"Breakout Recap: Cybersecurity Best Practices Part 1 - Preventing Opportunistic Attacks","authors":"Kiwi","date_accessed":"2018-10-03T00:00:00Z","date_published":"2016-04-06T00:00:00Z","owner_name":null,"tidal_id":"146ca72f-1685-5563-abd8-26b0c6832d37","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415486Z"},{"id":"c8aceeec-1eed-4d73-891e-55dabb6a3a03","name":"Cybersecurity and Infrastructure Security Agency CISA December 04 2025","description":"None Identified. (2025, December 4). BRICKSTORM Backdoor | CISA. Retrieved December 5, 2025.","url":"https://www.cisa.gov/news-events/analysis-reports/ar25-338a","source":"Tidal Cyber","title":"BRICKSTORM Backdoor | CISA","authors":"None Identified","date_accessed":"2025-12-05T12:00:00Z","date_published":"2025-12-04T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"003df969-babf-5623-b134-ecd94284d867","created":"2025-12-10T14:13:44.999623Z","modified":"2025-12-10T14:13:45.209447Z"},{"id":"e7743974-f2b8-56e9-9812-dba6c38b6928","name":"Mandiant-iab-control","description":"Michael Raggi, Adam Aprahamian, Dan Kelly, Mathew Potaczek, Marcin Siedlarz, Austin Larsen. (2024, March 21). Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect. Retrieved January 31, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/initial-access-brokers-exploit-f5-screenconnect","source":"MITRE","title":"Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect","authors":"Michael Raggi, Adam Aprahamian, Dan Kelly, Mathew Potaczek, Marcin Siedlarz, Austin Larsen","date_accessed":"2025-01-31T00:00:00Z","date_published":"2024-03-21T00:00:00Z","owner_name":null,"tidal_id":"12cd95c0-eb26-535c-b5c2-aec150cbf504","created":"2025-04-22T20:47:20.168330Z","modified":"2025-12-17T15:08:36.435580Z"},{"id":"efba67c7-a481-44de-84bd-cf74bc946f6e","name":"Google Cloud Blog March 21 2024","description":"Michael Raggi, Adam Aprahamian, Dan Kelly, Mathew Potaczek, Marcin Siedlarz, Austin Larsen. (2024, March 21). Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect | Google Cloud Blog. Retrieved December 8, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/initial-access-brokers-exploit-f5-screenconnect","source":"Tidal Cyber","title":"Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect | Google Cloud Blog","authors":"Michael Raggi, Adam Aprahamian, Dan Kelly, Mathew Potaczek, Marcin Siedlarz, Austin Larsen","date_accessed":"2025-12-08T12:00:00Z","date_published":"2024-03-21T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"12b0eba6-59f9-597e-840c-819232d2581d","created":"2025-12-17T14:17:40.105356Z","modified":"2025-12-17T14:17:40.302465Z"},{"id":"445efe8b-659a-4023-afc7-aa7cd21ee5a1","name":"Mandiant BYOL","description":"Kirk, N. (2018, June 18). Bring Your Own Land (BYOL) – A Novel Red Teaming Technique. Retrieved October 4, 2021.","url":"https://www.mandiant.com/resources/bring-your-own-land-novel-red-teaming-technique","source":"MITRE","title":"Bring Your Own Land (BYOL) – A Novel Red Teaming Technique","authors":"Kirk, N","date_accessed":"2021-10-04T00:00:00Z","date_published":"2018-06-18T00:00:00Z","owner_name":null,"tidal_id":"4a9823cd-2bcd-5a21-93b4-07de71a3fc5a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428921Z"},{"id":"104a1c1c-0899-4ff9-a5c4-73de702c467d","name":"Mandiant BYOL 2018","description":"Kirk, N. (2018, June 18). Bring Your Own Land (BYOL) – A Novel Red Teaming Technique. Retrieved October 8, 2021.","url":"https://www.mandiant.com/resources/bring-your-own-land-novel-red-teaming-technique","source":"MITRE","title":"Bring Your Own Land (BYOL) – A Novel Red Teaming Technique","authors":"Kirk, N","date_accessed":"2021-10-08T00:00:00Z","date_published":"2018-06-18T00:00:00Z","owner_name":null,"tidal_id":"d8af5094-e589-5396-a465-ece363cf6d76","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431903Z"},{"id":"7b25e3af-cc51-5158-ab2e-299828e563a6","name":"TheSun-FaceID","description":"Sean Keach. (2018, February 15). Brit mates BREAK Apple’s face unlock and vow to never buy iPhone again. Retrieved September","url":"https://www.thesun.co.uk/tech/5584082/iphone-x-face-unlock-tricked-broken/","source":"Mobile","title":"Brit mates BREAK Apple’s face unlock and vow to never buy iPhone again","authors":"Sean Keach","date_accessed":"1978-09-01T00:00:00Z","date_published":"2018-02-15T00:00:00Z","owner_name":null,"tidal_id":"dc374fb9-a6ea-5ead-a5a0-e79ac5b07da6","created":"2026-01-28T13:08:10.046285Z","modified":"2026-01-28T13:08:10.046288Z"},{"id":"fdc0d5d9-8321-5c8d-a937-bedde5707d8e","name":"Android Changes to System Broadcasts","description":"Google. (2019, December 27). Broadcasts Overview. Retrieved January","url":"https://developer.android.com/guide/components/broadcasts#changes-system-broadcasts","source":"Mobile","title":"Broadcasts Overview","authors":"Google","date_accessed":"1978-01-01T00:00:00Z","date_published":"2019-12-27T00:00:00Z","owner_name":null,"tidal_id":"b3f7ecc7-97e5-5320-8399-3f95d34bbe71","created":"2026-01-28T13:08:10.043468Z","modified":"2026-01-28T13:08:10.043471Z"},{"id":"fa0eac56-45ea-4628-88cf-b843874b4a4d","name":"Comparitech Leak","description":"Bischoff, P. (2020, October 15). Broadvoice database of more than 350 million customer records exposed online. Retrieved October 20, 2020.","url":"https://www.comparitech.com/blog/vpn-privacy/350-million-customer-records-exposed-online/","source":"MITRE","title":"Broadvoice database of more than 350 million customer records exposed online","authors":"Bischoff, P","date_accessed":"2020-10-20T00:00:00Z","date_published":"2020-10-15T00:00:00Z","owner_name":null,"tidal_id":"69a9c863-7a90-57d0-a91a-bdf0ea5e778a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425466Z"},{"id":"91d20979-d4e7-4372-8a83-1e1512c8d3a9","name":"ThreatPost Broadvoice Leak","description":"Seals, T. (2020, October 15). Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts. Retrieved October 20, 2020.","url":"https://threatpost.com/broadvoice-leaks-350m-records-voicemail-transcripts/160158/","source":"MITRE","title":"Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts","authors":"Seals, T","date_accessed":"2020-10-20T00:00:00Z","date_published":"2020-10-15T00:00:00Z","owner_name":null,"tidal_id":"96793d4f-d952-54f2-babd-356a2d59a50a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426335Z"},{"id":"c62d8d1a-cd1b-4b39-95b6-68f3f063dacf","name":"Secureworks BRONZE BUTLER Oct 2017","description":"Counter Threat Unit Research Team. (2017, October 12). BRONZE BUTLER Targets Japanese Enterprises. Retrieved January 4, 2018.","url":"https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses","source":"MITRE, Tidal Cyber","title":"BRONZE BUTLER Targets Japanese Enterprises","authors":"Counter Threat Unit Research Team","date_accessed":"2018-01-04T00:00:00Z","date_published":"2017-10-12T00:00:00Z","owner_name":null,"tidal_id":"df88d7bb-68d1-52ff-9791-75b5dadc80f2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.261773Z"},{"id":"4fbb113c-94b4-56fd-b292-1ccf84e1c8f3","name":"Secureworks BRONZE FLEETWOOD Profile","description":"Secureworks CTU. (n.d.). BRONZE FLEETWOOD. Retrieved February 5, 2024.","url":"https://www.secureworks.com/research/threat-profiles/bronze-fleetwood","source":"MITRE","title":"BRONZE FLEETWOOD","authors":"Secureworks CTU","date_accessed":"2024-02-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"51898b3a-8112-5cde-96df-f59953b7af16","created":"2024-04-25T13:28:45.819586Z","modified":"2025-12-17T15:08:36.438375Z"},{"id":"9558ebc5-4de3-4b1d-b32c-a170adbc3451","name":"Secureworks BRONZE HUNTLEY","description":"Secureworks. (2021, January 1). BRONZE HUNTLEY Threat Profile. Retrieved May 5, 2021.","url":"https://www.secureworks.com/research/threat-profiles/bronze-huntley","source":"MITRE","title":"BRONZE HUNTLEY Threat Profile","authors":"Secureworks","date_accessed":"2021-05-05T00:00:00Z","date_published":"2021-01-01T00:00:00Z","owner_name":null,"tidal_id":"df43c34b-8842-5416-9fbd-bb3c75985151","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439112Z"},{"id":"7d629729-53fd-5831-8f39-485ebd551898","name":"Sophos Mustang Panda PLUGX","description":"Secureworks Counter Threat Unit Research Team. (2022, September 8). BRONZE PRESIDENT Targets Government Officials. Retrieved September 9, 2025.","url":"https://www.secureworks.com/blog/bronze-president-targets-government-officials","source":"MITRE","title":"BRONZE PRESIDENT Targets Government Officials","authors":"Secureworks Counter Threat Unit Research Team","date_accessed":"2025-09-09T00:00:00Z","date_published":"2022-09-08T00:00:00Z","owner_name":null,"tidal_id":"284a332c-0ee7-54c7-aa14-44949c2cfa53","created":"2025-10-29T21:08:48.166926Z","modified":"2025-12-17T15:08:36.438609Z"},{"id":"019889e0-a2ce-476f-9a31-2fc394de2821","name":"Secureworks BRONZE PRESIDENT December 2019","description":"Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021.","url":"https://www.secureworks.com/research/bronze-president-targets-ngos","source":"MITRE, Tidal Cyber","title":"BRONZE PRESIDENT Targets NGOs","authors":"Counter Threat Unit Research Team","date_accessed":"2021-04-13T00:00:00Z","date_published":"2019-12-29T00:00:00Z","owner_name":null,"tidal_id":"deea7483-caf2-5af2-8310-118ee191ab8e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.256848Z"},{"id":"fe21fcdf-ddd9-5a92-9b49-c4e536703460","name":"Sophos PlugX September 2022","description":"Secureworks Counter Threat Unit Research Team. (2022, April 27). BRONZE PRESIDENT Targets Russian Speakers with Updated PlugX. Retrieved September 9, 2025.","url":"https://www.secureworks.com/blog/bronze-president-targets-russian-speakers-with-updated-plugx","source":"MITRE","title":"BRONZE PRESIDENT Targets Russian Speakers with Updated PlugX","authors":"Secureworks Counter Threat Unit Research Team","date_accessed":"2025-09-09T00:00:00Z","date_published":"2022-04-27T00:00:00Z","owner_name":null,"tidal_id":"0633c409-de09-533a-ac22-5e5218276f23","created":"2025-10-29T21:08:48.166912Z","modified":"2025-12-17T15:08:36.438602Z"},{"id":"d2e8cd95-fcd5-58e4-859a-c4724ec94ab4","name":"Dell SecureWorks BRONZE STARLIGHT Profile","description":"SecureWorks. (n.d.). BRONZE STARLIGHT. Retrieved December 6, 2023.","url":"https://www.secureworks.com/research/threat-profiles/bronze-starlight","source":"MITRE","title":"BRONZE STARLIGHT","authors":"SecureWorks","date_accessed":"2023-12-06T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f5b0dddf-5849-545b-9f89-6e321bfe61ab","created":"2024-04-25T13:28:45.342152Z","modified":"2025-12-17T15:08:36.437970Z"},{"id":"0b275cf9-a885-58cc-b859-112090a711e3","name":"SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022","description":"Counter Threat Unit Research Team . (2022, June 23). BRONZE STARLIGHT RANSOMWARE OPERATIONS USE HUI LOADER. Retrieved December 7, 2023.","url":"https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader","source":"MITRE","title":"BRONZE STARLIGHT RANSOMWARE OPERATIONS USE HUI LOADER","authors":"Counter Threat Unit Research Team","date_accessed":"2023-12-07T00:00:00Z","date_published":"2022-06-23T00:00:00Z","owner_name":null,"tidal_id":"97c7977f-f704-5212-ac28-bab32d5ed602","created":"2024-04-25T13:28:43.582514Z","modified":"2025-12-17T15:08:36.418644Z"},{"id":"42adda47-f5d6-4d34-9b3d-3748a782f886","name":"SecureWorks BRONZE UNION June 2017","description":"Counter Threat Unit Research Team. (2017, June 27). BRONZE UNION Cyberespionage Persists Despite Disclosures. Retrieved July 13, 2017.","url":"https://www.secureworks.com/research/bronze-union","source":"MITRE, Tidal Cyber","title":"BRONZE UNION Cyberespionage Persists Despite Disclosures","authors":"Counter Threat Unit Research Team","date_accessed":"2017-07-13T00:00:00Z","date_published":"2017-06-27T00:00:00Z","owner_name":null,"tidal_id":"9c303009-7ef7-518a-ba70-273e2b096f02","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279711Z"},{"id":"52aef082-3f8e-41b4-af95-6631ce4c9e91","name":"Wikipedia Browser Extension","description":"Wikipedia. (2017, October 8). Browser Extension. Retrieved January 11, 2018.","url":"https://en.wikipedia.org/wiki/Browser_extension","source":"MITRE","title":"Browser Extension","authors":"Wikipedia","date_accessed":"2018-01-11T00:00:00Z","date_published":"2017-10-08T00:00:00Z","owner_name":null,"tidal_id":"1f015f3e-aff4-5523-9524-4ff86ed2f3f5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426525Z"},{"id":"447f6b34-ac3a-58d9-af96-aa1d947a3e0e","name":"Mr. D0x BitB 2022","description":"mr.d0x. (2022, March 15). Browser In The Browser (BITB) Attack. Retrieved March 8, 2023.","url":"https://mrd0x.com/browser-in-the-browser-phishing-attack/","source":"MITRE","title":"Browser In The Browser (BITB) Attack","authors":"mr.d0x","date_accessed":"2023-03-08T00:00:00Z","date_published":"2022-03-15T00:00:00Z","owner_name":null,"tidal_id":"05676852-2a1b-5fa0-ac03-76878f4bf7be","created":"2023-05-26T01:21:03.408362Z","modified":"2025-12-17T15:08:36.426865Z"},{"id":"0c1dd453-7281-4ee4-9c8f-bdc401cf48d7","name":"Cobalt Strike Browser Pivot","description":"Mudge, R. (n.d.). Browser Pivoting. Retrieved January 10, 2018.","url":"https://www.cobaltstrike.com/help-browser-pivoting","source":"MITRE","title":"Browser Pivoting","authors":"Mudge, R","date_accessed":"2018-01-10T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c2a90f16-4eb3-5b9c-af97-ae2ea28aa7ee","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429653Z"},{"id":"3863f365-810b-5f60-aed0-36646d855ac7","name":"push notifications - malwarebytes","description":"Pieter Arntz. (2019, January 22). Browser push notifications: a feature asking to be abused. Retrieved March 14, 2025.","url":"https://www.malwarebytes.com/blog/news/2019/01/browser-push-notifications-feature-asking-abused","source":"MITRE","title":"Browser push notifications: a feature asking to be abused","authors":"Pieter Arntz","date_accessed":"2025-03-14T00:00:00Z","date_published":"2019-01-22T00:00:00Z","owner_name":null,"tidal_id":"35065c83-b579-5c1e-9f1f-13090c687de6","created":"2025-04-22T20:47:19.838209Z","modified":"2025-12-17T15:08:36.435302Z"},{"id":"1b050712-7710-55f4-b9bd-ff52440f0bb8","name":"Bruce Schneier January 2008","description":"Bruce Schneier 2008, January 17 Hacking Polish Trams. Retrieved 2019/10/17","url":"https://www.schneier.com/blog/archives/2008/01/hacking_the_pol.html","source":"ICS","title":"Bruce Schneier January 2008","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"60246b02-98b6-56bc-8d7b-63b989f88ec5","created":"2026-01-28T13:08:18.176462Z","modified":"2026-01-28T13:08:18.176465Z"},{"id":"69674467-7feb-5bc6-9fe2-66689db93af9","name":"XDA Bubbles","description":"Rahman, M. (2019, May 8). Bubbles in Android Q will fully replace the overlay API in a future Android version. Retrieved September","url":"https://www.xda-developers.com/android-q-system-alert-window-deprecate-bubbles/","source":"Mobile","title":"Bubbles in Android Q will fully replace the overlay API in a future Android version","authors":"Rahman, M","date_accessed":"1978-09-01T00:00:00Z","date_published":"2019-05-08T00:00:00Z","owner_name":null,"tidal_id":"52b9164d-c594-52ba-b6f2-3bb8eed7767f","created":"2026-01-28T13:08:10.043746Z","modified":"2026-01-28T13:08:10.043750Z"},{"id":"dbf3ce3e-bcf2-4e47-ad42-839e51967395","name":"Symantec Buckeye","description":"Symantec Security Response. (2016, September 6). Buckeye cyberespionage group shifts gaze from US to Hong Kong. Retrieved September 26, 2016.","url":"http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong","source":"MITRE, Tidal Cyber","title":"Buckeye cyberespionage group shifts gaze from US to Hong Kong","authors":"Symantec Security Response","date_accessed":"2016-09-26T00:00:00Z","date_published":"2016-09-06T00:00:00Z","owner_name":null,"tidal_id":"81cafc20-91f0-50dc-a5ac-95d70a0fd8dd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.258747Z"},{"id":"e308a957-fb5c-44e8-a846-be6daef4b940","name":"ESET Buhtrap and Buran April 2019","description":"ESET Research. (2019, April 30). Buhtrap backdoor and Buran ransomware distributed via major advertising platform. Retrieved May 11, 2020.","url":"https://www.welivesecurity.com/2019/04/30/buhtrap-backdoor-ransomware-advertising-platform/","source":"MITRE","title":"Buhtrap backdoor and Buran ransomware distributed via major advertising platform","authors":"ESET Research","date_accessed":"2020-05-11T00:00:00Z","date_published":"2019-04-30T00:00:00Z","owner_name":null,"tidal_id":"10a44860-ecae-5d23-a3c8-dce9bf69d4a4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439860Z"},{"id":"b2b32b28-6977-5a9b-9051-d835b31e7983","name":"Android-Build","description":"Android. (n.d.). Build. Retrieved December","url":"https://developer.android.com/reference/android/os/Build","source":"Mobile","title":"Build","authors":"Android","date_accessed":"1978-12-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"56d3b018-20ec-5db3-a5d3-9e386fc1f081","created":"2026-01-28T13:08:10.044937Z","modified":"2026-01-28T13:08:10.044940Z"},{"id":"f49bfd00-48d5-4d84-a7b7-cb23fcdf861b","name":"S1 Custom Shellcode Tool","description":"Bunce, D. (2019, October 31). Building A Custom Tool For Shellcode Analysis. Retrieved October 4, 2021.","url":"https://www.sentinelone.com/blog/building-a-custom-tool-for-shellcode-analysis/","source":"MITRE","title":"Building A Custom Tool For Shellcode Analysis","authors":"Bunce, D","date_accessed":"2021-10-04T00:00:00Z","date_published":"2019-10-31T00:00:00Z","owner_name":null,"tidal_id":"c06b4fe8-3086-5222-ab68-707fc4de17bb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428914Z"},{"id":"c92fb2ec-c144-42d4-bd42-179d3d737db0","name":"Data Driven Security DGA","description":"Jacobs, J. (2014, October 2). Building a DGA Classifier: Part 2, Feature Engineering. Retrieved February 18, 2019.","url":"https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/","source":"MITRE","title":"Building a DGA Classifier: Part 2, Feature Engineering","authors":"Jacobs, J","date_accessed":"2019-02-18T00:00:00Z","date_published":"2014-10-02T00:00:00Z","owner_name":null,"tidal_id":"479070f3-9211-5525-a9ed-b91838734e00","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425181Z"},{"id":"b06b72ba-dbd6-4190-941a-0cdd3d659ab6","name":"CTD PPID Spoofing Macro Mar 2019","description":"Tafani-Dereeper, C. (2019, March 12). Building an Office macro to spoof parent processes and command line arguments. Retrieved June 3, 2019.","url":"https://blog.christophetd.fr/building-an-office-macro-to-spoof-process-parent-and-command-line/","source":"MITRE","title":"Building an Office macro to spoof parent processes and command line arguments","authors":"Tafani-Dereeper, C","date_accessed":"2019-06-03T00:00:00Z","date_published":"2019-03-12T00:00:00Z","owner_name":null,"tidal_id":"ca535c0f-3661-582c-859e-f0ff251c22d3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432728Z"},{"id":"acb25abb-23c7-4b5d-849b-346388dde15c","name":"Trend Micro September 02 2022","description":"Trend Micro. (2022, September 2). BumbleBee a New Modular Backdoor Evolved From BookWorm. Retrieved May 7, 2023.","url":"https://www.trendmicro.com/en_us/research/22/i/buzzing-in-the-background-bumblebee-a-new-modular-backdoor-evolv.html","source":"Tidal Cyber","title":"BumbleBee a New Modular Backdoor Evolved From BookWorm","authors":"Trend Micro","date_accessed":"2023-05-07T00:00:00Z","date_published":"2022-09-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7e966c7f-87da-5b71-bcd2-7506e7203e99","created":"2024-06-13T20:10:07.867232Z","modified":"2024-06-13T20:10:08.262265Z"},{"id":"643968ec-bc01-4317-ba91-b2bafeb421c9","name":"Proofpoint 2 12 2024","description":"Axel F; Selena Larson; The Proofpoint Threat Research Team. (2024, February 12). Bumblebee Buzzes Back in Black . Retrieved February 14, 2024.","url":"https://www.proofpoint.com/us/blog/threat-insight/bumblebee-buzzes-back-black","source":"Tidal Cyber","title":"Bumblebee Buzzes Back in Black","authors":"Axel F; Selena Larson; The Proofpoint Threat Research Team","date_accessed":"2024-02-14T00:00:00Z","date_published":"2024-02-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9fc50227-cf18-5a86-82f0-ae3a3e88dd0b","created":"2024-06-13T20:10:51.258700Z","modified":"2024-06-13T20:10:51.449828Z"},{"id":"8404527a-9197-47ea-8bdf-c824b66ffede","name":"Toxin Labs 3 4 2023","description":"Toxin Labs. (2023, March 4). BumbleBee DocuSign Campaign. Retrieved February 19, 2024.","url":"https://0xtoxin.github.io/malware%20analysis/Bumblebee-DocuSign-Campaign/","source":"Tidal Cyber","title":"BumbleBee DocuSign Campaign","authors":"Toxin Labs","date_accessed":"2024-02-19T00:00:00Z","date_published":"2023-03-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"decc539a-4552-5af4-8fd7-ef37dd1268dc","created":"2024-06-13T20:10:50.871125Z","modified":"2024-06-13T20:10:51.069225Z"},{"id":"c4cdaaeb-5776-4899-bdcf-8daf9d6ea615","name":"SEC Consult Bumblebee April 11 2023","description":"Angelo Violetti. (2023, April 11). BumbleBee hunting with a Velociraptor. Retrieved May 6, 2023.","url":"https://sec-consult.com/blog/detail/bumblebee-hunting-with-a-velociraptor/","source":"Tidal Cyber","title":"BumbleBee hunting with a Velociraptor","authors":"Angelo Violetti","date_accessed":"2023-05-06T00:00:00Z","date_published":"2023-04-11T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b59c8f99-7407-5cab-b402-ba859bccb901","created":"2024-06-13T20:10:06.920415Z","modified":"2024-06-13T20:10:07.133203Z"},{"id":"64bfb605-af69-4df0-ae56-32fa997516bc","name":"Cybereason Bumblebee August 2022","description":"Cybereason. (2022, August 17). Bumblebee Loader – The High Road to Enterprise Domain Control. Retrieved August 29, 2022.","url":"https://www.cybereason.com/blog/threat-analysis-report-bumblebee-loader-the-high-road-to-enterprise-domain-control","source":"MITRE","title":"Bumblebee Loader – The High Road to Enterprise Domain Control","authors":"Cybereason","date_accessed":"2022-08-29T00:00:00Z","date_published":"2022-08-17T00:00:00Z","owner_name":null,"tidal_id":"6d898bd7-2014-5167-a3a7-6b0733b76d41","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440127Z"},{"id":"ac31c45d-ba78-4158-b163-723ab22c4dc4","name":"Secureworks Bumblebee April 20 2023","description":"Counter Threat Unit Research Team. (2023, April 20). Bumblebee Malware Distributed Via Trojanized Installer Downloads. Retrieved May 6, 2023.","url":"https://www.secureworks.com/blog/bumblebee-malware-distributed-via-trojanized-installer-downloads","source":"Tidal Cyber","title":"Bumblebee Malware Distributed Via Trojanized Installer Downloads","authors":"Counter Threat Unit Research Team","date_accessed":"2023-05-06T00:00:00Z","date_published":"2023-04-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9ae827e0-b7aa-5030-9a39-afd5d96a16a1","created":"2024-06-13T20:10:06.170707Z","modified":"2024-06-13T20:10:06.722919Z"},{"id":"81bfabad-b5b3-4e45-ac1d-1e2e829fca33","name":"Symantec Bumblebee June 2022","description":"Kamble, V. (2022, June 28). Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem. Retrieved August 24, 2022.","url":"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bumblebee-loader-cybercrime","source":"MITRE","title":"Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem","authors":"Kamble, V","date_accessed":"2022-08-24T00:00:00Z","date_published":"2022-06-28T00:00:00Z","owner_name":null,"tidal_id":"0e09ef9a-b448-5876-b65c-1169ec3e2fe5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416596Z"},{"id":"9d194526-2d01-4f92-9055-39e66d26081a","name":"Cyble September 07 2022","description":"Cybleinc. (2022, September 7). Bumblebee Returns with New Infection Technique. Retrieved May 7, 2023.","url":"https://blog.cyble.com/2022/09/07/bumblebee-returns-with-new-infection-technique/","source":"Tidal Cyber","title":"Bumblebee Returns with New Infection Technique","authors":"Cybleinc","date_accessed":"2023-05-07T00:00:00Z","date_published":"2022-09-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2238c04f-e2ad-55d4-84a1-6dec29f8517a","created":"2024-06-13T20:10:08.449500Z","modified":"2024-06-13T20:10:08.814613Z"},{"id":"8b51d35c-7a2a-4f03-95b1-c0b319f73c05","name":"The DFIR Report Bumblebee September 26 2022","description":"The DFIR Report. (2022, September 26). BumbleBee: Round Two. Retrieved May 7, 2023.","url":"https://thedfirreport.com/2022/09/26/bumblebee-round-two/","source":"Tidal Cyber","title":"BumbleBee: Round Two","authors":"The DFIR Report","date_accessed":"2023-05-07T00:00:00Z","date_published":"2022-09-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"41817e8a-4bae-5c68-87c7-2e67fdeaa78c","created":"2024-06-13T20:10:09.006025Z","modified":"2024-06-13T20:10:09.217731Z"},{"id":"831e1b4e-6edd-498f-863c-606d2392b622","name":"The DFIR Report Bumblebee November 14 2022","description":"The DFIR Report. (2022, November 14). BumbleBee Zeros in on Meterpreter. Retrieved May 7, 2023.","url":"https://thedfirreport.com/2022/11/14/bumblebee-zeros-in-on-meterpreter/","source":"Tidal Cyber","title":"BumbleBee Zeros in on Meterpreter","authors":"The DFIR Report","date_accessed":"2023-05-07T00:00:00Z","date_published":"2022-11-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"189c8419-e7a6-51d5-831b-3df338d9f350","created":"2024-06-13T20:10:07.479093Z","modified":"2024-06-13T20:10:07.675327Z"},{"id":"866c5305-8629-4f09-8dfe-192c8573ffb0","name":"objsee netwire backdoor 2019","description":"Patrick Wardle. (2019, June 20). Burned by Fire(fox). Retrieved October 1, 2021.","url":"https://objective-see.com/blog/blog_0x44.html","source":"MITRE","title":"Burned by Fire(fox)","authors":"Patrick Wardle","date_accessed":"2021-10-01T00:00:00Z","date_published":"2019-06-20T00:00:00Z","owner_name":null,"tidal_id":"bb6a3c00-7bcc-5d64-a4ae-0fe69cfd52eb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432077Z"},{"id":"e3f1f2e4-dc1c-4d9c-925d-47013f44a69f","name":"401 TRG Winnti Umbrella May 2018","description":"Hegel, T. (2018, May 3). Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers. Retrieved July 8, 2018.","url":"https://401trg.github.io/pages/burning-umbrella.html","source":"MITRE","title":"Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers","authors":"Hegel, T","date_accessed":"2018-07-08T00:00:00Z","date_published":"2018-05-03T00:00:00Z","owner_name":null,"tidal_id":"00af3430-58ee-509a-bf5b-e5e86b7b3645","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421747Z"},{"id":"7cc64109-8b40-4075-9637-46c0de35df7d","name":"Fortinet Ivanti Vulnerabilities January 22 2025","description":"Fortinet. (2024, October 11). Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA. Retrieved January 27, 2025.","url":"https://www.fortinet.com/blog/threat-research/burning-zero-days-suspected-nation-state-adversary-targets-ivanti-csa","source":"Tidal Cyber","title":"Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA","authors":"Fortinet","date_accessed":"2025-01-27T00:00:00Z","date_published":"2024-10-11T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1f4c6249-1678-5d21-8ad1-5952cd03474c","created":"2025-01-28T15:53:31.779578Z","modified":"2025-01-28T15:53:32.138756Z"},{"id":"ae614b34-2fd8-4fc3-9b19-d2f6b635d7da","name":"Busybox.net September 27 2024","description":"Busybox.net. (2024, September 27). BusyBox. Retrieved December 19, 2024.","url":"https://busybox.net/","source":"Tidal Cyber","title":"BusyBox","authors":"Busybox.net","date_accessed":"2024-12-19T00:00:00Z","date_published":"2024-09-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"24c3e977-7d1d-569c-85bc-1e17e54e3ec5","created":"2025-04-11T15:06:15.970389Z","modified":"2025-04-11T15:06:16.118388Z"},{"id":"7140c3c1-91f8-502a-8679-973068955fbf","name":"SecureList BusyGasper","description":"Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October","url":"https://securelist.com/busygasper-the-unfriendly-spy/87627/","source":"Mobile","title":"BusyGasper – the unfriendly spy","authors":"Alexey Firsh","date_accessed":"1978-10-01T00:00:00Z","date_published":"2018-08-29T00:00:00Z","owner_name":null,"tidal_id":"0d3b949a-4511-5982-9d76-1d214d572e9e","created":"2026-01-28T13:08:10.042001Z","modified":"2026-01-28T13:08:10.042004Z"},{"id":"957a0916-614e-4c7b-a6dd-1baa4fc6f93e","name":"Bypassing Gatekeeper","description":"Thomas Reed. (2016, March 31). Bypassing Apple's Gatekeeper. Retrieved July 5, 2017.","url":"https://blog.malwarebytes.com/cybercrime/2015/10/bypassing-apples-gatekeeper/","source":"MITRE","title":"Bypassing Apple's Gatekeeper","authors":"Thomas Reed","date_accessed":"2017-07-05T00:00:00Z","date_published":"2016-03-31T00:00:00Z","owner_name":null,"tidal_id":"6f47a4cf-7785-58fc-ac6c-ddbe7605de62","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431105Z"},{"id":"e0186f1d-100d-4e52-b6f7-0a7e1c1a35f0","name":"engima0x3 DNX Bypass","description":"Nelson, M. (2017, November 17). Bypassing Application Whitelisting By Using dnx.exe. Retrieved May 25, 2017.","url":"https://enigma0x3.net/2016/11/17/bypassing-application-whitelisting-by-using-dnx-exe/","source":"MITRE","title":"Bypassing Application Whitelisting By Using dnx.exe","authors":"Nelson, M","date_accessed":"2017-05-25T00:00:00Z","date_published":"2017-11-17T00:00:00Z","owner_name":null,"tidal_id":"dce043f4-10d7-53c5-948e-08f2cae86f9e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436850Z"},{"id":"0b815bd9-6c7f-4bd8-9031-667fa6252f89","name":"engima0x3 RCSI Bypass","description":"Nelson, M. (2016, November 21). Bypassing Application Whitelisting By Using rcsi.exe. Retrieved May 26, 2017.","url":"https://enigma0x3.net/2016/11/21/bypassing-application-whitelisting-by-using-rcsi-exe/","source":"MITRE","title":"Bypassing Application Whitelisting By Using rcsi.exe","authors":"Nelson, M","date_accessed":"2017-05-26T00:00:00Z","date_published":"2016-11-21T00:00:00Z","owner_name":null,"tidal_id":"a65998b8-912e-53d9-bfc8-df3c4952d204","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436844Z"},{"id":"abd5f871-e12e-4355-af72-d4be79cb0291","name":"Exploit Monday WinDbg","description":"Graeber, M. (2016, August 15). Bypassing Application Whitelisting by using WinDbg/CDB as a Shellcode Runner. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20160816135945/http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html","source":"MITRE","title":"Bypassing Application Whitelisting by using WinDbg/CDB as a Shellcode Runner","authors":"Graeber, M","date_accessed":"2024-11-17T00:00:00Z","date_published":"2016-08-15T00:00:00Z","owner_name":null,"tidal_id":"f2a81e51-dcb4-5fe2-8ba0-6c1d8a8aa99e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436824Z"},{"id":"82a762d0-c59f-456d-a7d3-1cab3fa02526","name":"SubTee MSBuild","description":"Smith, C. (2016, September 13). Bypassing Application Whitelisting using MSBuild.exe - Device Guard Example and Mitigations. Retrieved September 13, 2016.","url":"","source":"MITRE","title":"Bypassing Application Whitelisting using MSBuild.exe - Device Guard Example and Mitigations","authors":"Smith, C","date_accessed":"2016-09-13T00:00:00Z","date_published":"2016-09-13T00:00:00Z","owner_name":null,"tidal_id":"a7686333-4f70-5f92-87ed-698b263c5619","created":"2022-12-14T20:06:32.013016Z","modified":"2025-04-22T20:47:33.363569Z"},{"id":"de50bd67-96bb-537c-b91d-e541a717b7a1","name":"Bypassing CloudTrail in AWS Service Catalog","description":"Nick Frichette. (2023, March 20). Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research. Retrieved September 18, 2023.","url":"https://securitylabs.datadoghq.com/articles/bypass-cloudtrail-aws-service-catalog-and-other/","source":"MITRE","title":"Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research","authors":"Nick Frichette","date_accessed":"2023-09-18T00:00:00Z","date_published":"2023-03-20T00:00:00Z","owner_name":null,"tidal_id":"0d4d5471-071e-52b6-beab-78526c4900ea","created":"2023-11-07T00:36:09.881827Z","modified":"2025-12-17T15:08:36.436811Z"},{"id":"832841a1-92d1-4fcc-90f7-afbabad84aec","name":"AADInternals - Conditional Access Bypass","description":"Dr. Nestori Syynimaa. (2020, September 6). Bypassing conditional access by faking device compliance. Retrieved March 4, 2022.","url":"https://o365blog.com/post/mdm","source":"MITRE","title":"Bypassing conditional access by faking device compliance","authors":"Dr. Nestori Syynimaa","date_accessed":"2022-03-04T00:00:00Z","date_published":"2020-09-06T00:00:00Z","owner_name":null,"tidal_id":"da4b66c7-01a6-5a74-87cd-e4361e99d492","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431661Z"},{"id":"d4e4cc8a-3246-463f-ba06-d68459d907d4","name":"MsitPros CHM Aug 2017","description":"Moe, O. (2017, August 13). Bypassing Device guard UMCI using CHM – CVE-2017-8625. Retrieved October 3, 2018.","url":"https://oddvar.moe/2017/08/13/bypassing-device-guard-umci-using-chm-cve-2017-8625/","source":"MITRE","title":"Bypassing Device guard UMCI using CHM – CVE-2017-8625","authors":"Moe, O","date_accessed":"2018-10-03T00:00:00Z","date_published":"2017-08-13T00:00:00Z","owner_name":null,"tidal_id":"5a570dda-f7c8-565a-b8f6-d3cf4e88d398","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433304Z"},{"id":"4fc68e85-cd7a-5a15-84e3-8fbea0b28fd5","name":"TCC macOS bypass","description":"Phil Stokes. (2021, July 1). Bypassing macOS TCC User Privacy Protections By Accident and Design. Retrieved March 21, 2024.","url":"https://www.sentinelone.com/labs/bypassing-macos-tcc-user-privacy-protections-by-accident-and-design/","source":"MITRE","title":"Bypassing macOS TCC User Privacy Protections By Accident and Design","authors":"Phil Stokes","date_accessed":"2024-03-21T00:00:00Z","date_published":"2021-07-01T00:00:00Z","owner_name":null,"tidal_id":"25de54eb-d8b5-5adf-804f-bb36feaf5270","created":"2024-04-25T13:28:40.945983Z","modified":"2025-12-17T15:08:36.435975Z"},{"id":"2e69a4a7-dc7f-4b7d-99b2-190c60d7efd1","name":"enigma0x3 sdclt app paths","description":"Nelson, M. (2017, March 14). Bypassing UAC using App Paths. Retrieved May 25, 2017.","url":"https://enigma0x3.net/2017/03/14/bypassing-uac-using-app-paths/","source":"MITRE","title":"Bypassing UAC using App Paths","authors":"Nelson, M","date_accessed":"2017-05-25T00:00:00Z","date_published":"2017-03-14T00:00:00Z","owner_name":null,"tidal_id":"01713f9d-0357-5f15-8fb2-ce94ac512b45","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425253Z"},{"id":"b461e226-1317-4ce4-a195-ba4c4957db99","name":"MDSec System Calls","description":"MDSec Research. (2020, December). Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams. Retrieved September 29, 2021.","url":"https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams/","source":"MITRE","title":"Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams","authors":"MDSec Research","date_accessed":"2021-09-29T00:00:00Z","date_published":"2020-12-01T00:00:00Z","owner_name":null,"tidal_id":"85a41dcb-9b04-53bc-bd6e-1e281379bfd3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427853Z"},{"id":"74df644a-06b8-4331-85a3-932358d65b62","name":"Hybrid Analysis Icacls1 June 2018","description":"Hybrid Analysis. (2018, June 12). c9b65b764985dfd7a11d3faf599c56b8.exe. Retrieved August 19, 2018.","url":"https://www.hybrid-analysis.com/sample/ef0d2628823e8e0a0de3b08b8eacaf41cf284c086a948bdfd67f4e4373c14e4d?environmentId=100","source":"MITRE","title":"c9b65b764985dfd7a11d3faf599c56b8.exe","authors":"Hybrid Analysis","date_accessed":"2018-08-19T00:00:00Z","date_published":"2018-06-12T00:00:00Z","owner_name":null,"tidal_id":"576faf28-4110-5bd8-a00b-bb16aff0439a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424312Z"},{"id":"c949a29b-bb31-4bd7-a967-ddd48c7efb8e","name":"Microsoft Credential Manager store","description":"Microsoft. (2016, August 31). Cached and Stored Credentials Technical Overview. Retrieved November 24, 2020.","url":"https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh994565(v=ws.11)#credential-manager-store","source":"MITRE","title":"Cached and Stored Credentials Technical Overview","authors":"Microsoft","date_accessed":"2020-11-24T00:00:00Z","date_published":"2016-08-31T00:00:00Z","owner_name":null,"tidal_id":"4ef3a6e3-94f0-58d7-a49c-ecd7b5155b14","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435060Z"},{"id":"590ea63f-f800-47e4-8d39-df11a184ba84","name":"Microsoft - Cached Creds","description":"Microsoft. (2016, August 21). Cached and Stored Credentials Technical Overview. Retrieved February 21, 2020.","url":"https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh994565(v%3Dws.11)","source":"MITRE","title":"Cached and Stored Credentials Technical Overview","authors":"Microsoft","date_accessed":"2020-02-21T00:00:00Z","date_published":"2016-08-21T00:00:00Z","owner_name":null,"tidal_id":"23c6759c-3008-5836-97c1-0551a6f1d411","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430853Z"},{"id":"1c393964-e717-45ad-8eb6-5df5555d3c70","name":"Kaspersky CactusPete Aug 2020","description":"Zykov, K. (2020, August 13). CactusPete APT group’s updated Bisonal backdoor. Retrieved May 5, 2021.","url":"https://securelist.com/cactuspete-apt-groups-updated-bisonal-backdoor/97962/","source":"MITRE, Tidal Cyber","title":"CactusPete APT group’s updated Bisonal backdoor","authors":"Zykov, K","date_accessed":"2021-05-05T00:00:00Z","date_published":"2020-08-13T00:00:00Z","owner_name":null,"tidal_id":"275d07f6-7112-5873-bcde-6c64786f905c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279777Z"},{"id":"f50de2f6-465f-4cae-a79c-cc135ebfee4f","name":"Kroll CACTUS Ransomware May 10 2023","description":"Laurie Iacono, Stephen Green, Dave Truman. (2023, May 10). CACTUS Ransomware: Prickly New Variant Evades Detection. Retrieved August 10, 2023.","url":"https://www.kroll.com/en/insights/publications/cyber/cactus-ransomware-prickly-new-variant-evades-detection","source":"Tidal Cyber","title":"CACTUS Ransomware: Prickly New Variant Evades Detection","authors":"Laurie Iacono, Stephen Green, Dave Truman","date_accessed":"2023-08-10T00:00:00Z","date_published":"2023-05-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"44e650e5-85a4-59bd-b91c-d60724a5f71b","created":"2024-06-13T20:10:38.377268Z","modified":"2024-06-13T20:10:38.565712Z"},{"id":"9fa97444-311f-40c1-8728-c5f91634c750","name":"ESET CaddyWiper March 2022","description":"ESET. (2022, March 15). CaddyWiper: New wiper malware discovered in Ukraine. Retrieved March 23, 2022.","url":"https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine","source":"MITRE","title":"CaddyWiper: New wiper malware discovered in Ukraine","authors":"ESET","date_accessed":"2022-03-23T00:00:00Z","date_published":"2022-03-15T00:00:00Z","owner_name":null,"tidal_id":"8ce9a20a-3c56-55fb-8c3b-edd2eac40cad","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421212Z"},{"id":"7180c6a7-e6ea-54bf-bcd7-c5238bbc5f5b","name":"Cadet Blizzard emerges as novel threat actor","description":"Microsoft Threat Intelligence. (2023, June 14). Cadet Blizzard emerges as a novel and distinct Russian threat actor. Retrieved July 10, 2023.","url":"https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/","source":"MITRE","title":"Cadet Blizzard emerges as a novel and distinct Russian threat actor","authors":"Microsoft Threat Intelligence","date_accessed":"2023-07-10T00:00:00Z","date_published":"2023-06-14T00:00:00Z","owner_name":null,"tidal_id":"39a290da-3881-5fc8-b1ab-1c8d70dca111","created":"2023-11-07T00:36:05.570004Z","modified":"2025-12-17T15:08:36.432250Z"},{"id":"b276c28d-1488-4a21-86d1-7acdfd77794b","name":"Cado Denonia April 3 2022","description":"jbowen. (2022, April 3). Cado Discovers Denonia: The First Malware Specifically Targeting Lambda. Retrieved April 11, 2024.","url":"https://www.cadosecurity.com/blog/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda","source":"Tidal Cyber","title":"Cado Discovers Denonia: The First Malware Specifically Targeting Lambda","authors":"jbowen","date_accessed":"2024-04-11T00:00:00Z","date_published":"2022-04-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f7c8a512-8f8c-5e14-a7e3-2c57ac6799d8","created":"2024-06-13T20:10:55.245560Z","modified":"2024-06-13T20:10:55.436910Z"},{"id":"584e7ace-ef33-423b-9801-4728a447cb34","name":"Cado Security Denonia","description":"Matt Muir. (2022, April 6). Cado Discovers Denonia: The First Malware Specifically Targeting Lambda. Retrieved May 27, 2022.","url":"https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/","source":"MITRE","title":"Cado Discovers Denonia: The First Malware Specifically Targeting Lambda","authors":"Matt Muir","date_accessed":"2022-05-27T00:00:00Z","date_published":"2022-04-06T00:00:00Z","owner_name":null,"tidal_id":"b1f28a77-037a-53bd-8a78-57dffd56e70e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435949Z"},{"id":"6915c003-7c8b-451c-8fb1-3541f00c14fb","name":"Caesars Scattered Spider September 13 2023","description":"William Turton. (2023, September 13). Caesars Entertainment Paid Millions to Hackers in Attack. Retrieved September 14, 2023.","url":"https://www.bloomberg.com/news/articles/2023-09-13/caesars-entertainment-paid-millions-in-ransom-in-recent-attack","source":"Tidal Cyber","title":"Caesars Entertainment Paid Millions to Hackers in Attack","authors":"William Turton","date_accessed":"2023-09-14T00:00:00Z","date_published":"2023-09-13T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8b4dfd25-be13-599d-b703-6fcbafd0e4a9","created":"2023-09-14T20:17:58.062874Z","modified":"2023-09-14T20:17:58.154675Z"},{"id":"02fed1d1-b8a9-4bca-9e96-2cffe6f7ba89","name":"Sekoia Calisto December 5 2022","description":"Felix Aimé, Maxime A., Sekoia TDR. (2022, December 5). Calisto show interests into entities involved in Ukraine war support. Retrieved October 1, 2024.","url":"https://blog.sekoia.io/calisto-show-interests-into-entities-involved-in-ukraine-war-support/","source":"Tidal Cyber","title":"Calisto show interests into entities involved in Ukraine war support","authors":"Felix Aimé, Maxime A., Sekoia TDR","date_accessed":"2024-10-01T00:00:00Z","date_published":"2022-12-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c8ad7132-c922-5e73-9f88-8bfae9842c93","created":"2024-10-04T20:31:29.523457Z","modified":"2024-10-04T20:31:29.856026Z"},{"id":"a292d77b-9150-46ea-b217-f51e091fdb57","name":"Securelist Calisto July 2018","description":"Kuzin, M., Zelensky S. (2018, July 20). Calisto Trojan for macOS. Retrieved September 7, 2018.","url":"https://securelist.com/calisto-trojan-for-macos/86543/","source":"MITRE","title":"Calisto Trojan for macOS","authors":"Kuzin, M., Zelensky S","date_accessed":"2018-09-07T00:00:00Z","date_published":"2018-07-20T00:00:00Z","owner_name":null,"tidal_id":"ad3ab073-ec39-54f8-9bbe-6aee0306730a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421349Z"},{"id":"5365ac4c-fbb8-4389-989e-a64cb7693371","name":"CERTFR-2023-CTI-009","description":"CERT-FR. (2023, October 26). Campagnes d'attaques du mode opératoire APT28 depuis 2021. Retrieved October 26, 2023.","url":"https://www.cert.ssi.gouv.fr/uploads/CERTFR-2023-CTI-009.pdf","source":"Tidal Cyber","title":"Campagnes d'attaques du mode opératoire APT28 depuis 2021","authors":"CERT-FR","date_accessed":"2023-10-26T00:00:00Z","date_published":"2023-10-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fc3ccce4-5c1e-55be-b40d-63d75db09340","created":"2023-12-06T16:45:14.711714Z","modified":"2023-12-06T16:45:14.804279Z"},{"id":"bde61ee9-16f9-4bd9-a847-5cc9df21335c","name":"FSI Andariel Campaign Rifle July 2017","description":"FSI. (2017, July 27). Campaign Rifle - Andariel, the Maiden of Anguish. Retrieved September 12, 2024.","url":"https://fsiceat.tistory.com/2","source":"MITRE","title":"Campaign Rifle - Andariel, the Maiden of Anguish","authors":"FSI","date_accessed":"2024-09-12T00:00:00Z","date_published":"2017-07-27T00:00:00Z","owner_name":null,"tidal_id":"2bd8e322-69aa-5f7f-a5c5-7231aa159e17","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438211Z"},{"id":"1c0cad71-a540-5d75-a6fb-1e8175987d4a","name":"TinyPilot Detection","description":"TinyPilot. (n.d.). Can anyone detect when I'm using TinyPilot?. Retrieved March 26, 2025.","url":"https://tinypilotkvm.com/faq/target-detect-tinypilot/","source":"MITRE","title":"Can anyone detect when I'm using TinyPilot?","authors":"TinyPilot","date_accessed":"2025-03-26T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c3336688-6414-535d-9985-dd3eb892e911","created":"2025-04-22T20:47:32.428344Z","modified":"2025-04-22T20:47:32.428351Z"},{"id":"4a9361c5-3eb9-45bd-8f29-97f876b06c22","name":"Center for Threat-Informed Defense SharePoint Vulnerability August 4 2025","description":"Lex Crumpton, Allison Henao, Amy L. Robertson. (2025, August 4). Can You Detect What You Can’t Predict? Lessons from SharePoint Vulnerability CVE-2025-53770. Retrieved August 4, 2025.","url":"https://ctid.mitre.org/blog/2025/08/04/lessons-from-sharepoint-vulnerability-cve-2025-53770/","source":"Tidal Cyber","title":"Can You Detect What You Can’t Predict? Lessons from SharePoint Vulnerability CVE-2025-53770","authors":"Lex Crumpton, Allison Henao, Amy L. Robertson","date_accessed":"2025-08-04T12:00:00Z","date_published":"2025-08-04T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9b6f0e3d-2620-561a-8e73-59ffe360b4ed","created":"2025-08-06T14:56:43.255757Z","modified":"2025-08-06T14:56:43.394056Z"},{"id":"d26dfc4d-e563-4262-b527-0fffb7228234","name":"Check Point Research January 5 2022","description":"Check Point Research. (2022, January 5). Can You Trust a File's Digital Signature? New Zloader Campaign Exploits Microsoft's Signature Verification Putting Users at Risk. Retrieved May 11, 2023.","url":"https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/","source":"Tidal Cyber","title":"Can You Trust a File's Digital Signature? New Zloader Campaign Exploits Microsoft's Signature Verification Putting Users at Risk","authors":"Check Point Research","date_accessed":"2023-05-11T00:00:00Z","date_published":"2022-01-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"eb5b3717-d724-536e-8a03-706da0ef9ba9","created":"2024-06-13T20:10:23.685507Z","modified":"2024-06-13T20:10:23.870207Z"},{"id":"ab5872b0-a755-5d85-8750-0b22f00ccb37","name":"Polak NPPSPY 2004","description":"Sergey Polak. (2004, August). Capturing Windows Passwords using the Network Provider API. Retrieved May 17, 2024.","url":"https://www.blackhat.com/presentations/win-usa-04/bh-win-04-polak/bh-win-04-polak2.pdf","source":"MITRE","title":"Capturing Windows Passwords using the Network Provider API","authors":"Sergey Polak","date_accessed":"2024-05-17T00:00:00Z","date_published":"2004-08-01T00:00:00Z","owner_name":null,"tidal_id":"c007133b-3444-5179-9dce-1a90e7a7d392","created":"2024-10-31T16:28:38.492211Z","modified":"2025-12-17T15:08:36.422699Z"},{"id":"2f7e77db-fe39-4004-9945-3c8943708494","name":"Kaspersky Carbanak","description":"Kaspersky Lab's Global Research and Analysis Team. (2015, February). CARBANAK APT THE GREAT BANK ROBBERY. Retrieved August 23, 2018.","url":"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064518/Carbanak_APT_eng.pdf","source":"MITRE, Tidal Cyber","title":"CARBANAK APT THE GREAT BANK ROBBERY","authors":"Kaspersky Lab's Global Research and Analysis Team","date_accessed":"2018-08-23T00:00:00Z","date_published":"2015-02-01T00:00:00Z","owner_name":null,"tidal_id":"073c35b8-1fe8-50d3-a0a6-b814e708e99c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.259900Z"},{"id":"053a2bbb-5509-4aba-bbd7-ccc3d8074291","name":"KasperskyCarbanak","description":"Kaspersky Lab's Global Research & Analysis Team. (2015, February). CARBANAK APT THE GREAT BANK ROBBERY. Retrieved March 27, 2017.","url":"https://securelist.com/the-great-bank-robbery-the-carbanak-apt/68732/","source":"MITRE","title":"CARBANAK APT THE GREAT BANK ROBBERY","authors":"Kaspersky Lab's Global Research & Analysis Team","date_accessed":"2017-03-27T00:00:00Z","date_published":"2015-02-01T00:00:00Z","owner_name":null,"tidal_id":"30d532f0-685c-5ac4-ab1d-34bec3963081","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421404Z"},{"id":"3da6084f-5e12-4472-afb9-82efd3e22cf6","name":"Forcepoint Carbanak Google C2","description":"Griffin, N. (2017, January 17). CARBANAK GROUP USES GOOGLE FOR MALWARE COMMAND-AND-CONTROL. Retrieved February 15, 2017.","url":"https://blogs.forcepoint.com/security-labs/carbanak-group-uses-google-malware-command-and-control","source":"MITRE","title":"CARBANAK GROUP USES GOOGLE FOR MALWARE COMMAND-AND-CONTROL","authors":"Griffin, N","date_accessed":"2017-02-15T00:00:00Z","date_published":"2017-01-17T00:00:00Z","owner_name":null,"tidal_id":"7f3c096e-fb93-5972-92f4-27b278e30bc2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442528Z"},{"id":"069e458f-d780-47f9-8ebe-21b195fe9b33","name":"Trend Micro Carberp February 2014","description":"Trend Micro. (2014, February 27). CARBERP. Retrieved July 29, 2020.","url":"https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/carberp","source":"MITRE","title":"CARBERP","authors":"Trend Micro","date_accessed":"2020-07-29T00:00:00Z","date_published":"2014-02-27T00:00:00Z","owner_name":null,"tidal_id":"5c22f1c8-19cb-5586-8c4d-0621e52d5f19","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421417Z"},{"id":"8f95d81a-ea8c-44bf-950d-9eb868182d39","name":"Prevx Carberp March 2011","description":"Giuliani, M., Allievi, A. (2011, February 28). Carberp - a modular information stealing trojan. Retrieved September 12, 2024.","url":"https://web.archive.org/web/20231227000328/http://pxnow.prevx.com/content/blog/carberp-a_modular_information_stealing_trojan.pdf","source":"MITRE","title":"Carberp - a modular information stealing trojan","authors":"Giuliani, M., Allievi, A","date_accessed":"2024-09-12T00:00:00Z","date_published":"2011-02-28T00:00:00Z","owner_name":null,"tidal_id":"5fcc5021-4b5a-5ada-972a-49c013a12a65","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440317Z"},{"id":"f7af5be2-0cb4-4b41-9d08-2f652b6bac3c","name":"Trusteer Carberp October 2010","description":"Trusteer Fraud Prevention Center. (2010, October 7). Carberp Under the Hood of Carberp: Malware & Configuration Analysis. Retrieved July 15, 2020.","url":"https://web.archive.org/web/20111004014029/http://www.trusteer.com/sites/default/files/Carberp_Analysis.pdf","source":"MITRE","title":"Carberp Under the Hood of Carberp: Malware & Configuration Analysis","authors":"Trusteer Fraud Prevention Center","date_accessed":"2020-07-15T00:00:00Z","date_published":"2010-10-07T00:00:00Z","owner_name":null,"tidal_id":"07c1ea12-adca-5580-a428-674cddc9aa65","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440921Z"},{"id":"5d2a3a81-e7b7-430d-b748-b773f89d3c77","name":"ESET Carbon Mar 2017","description":"ESET. (2017, March 30). Carbon Paper: Peering into Turla’s second stage backdoor. Retrieved November 7, 2018.","url":"https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/","source":"MITRE","title":"Carbon Paper: Peering into Turla’s second stage backdoor","authors":"ESET","date_accessed":"2018-11-07T00:00:00Z","date_published":"2017-03-30T00:00:00Z","owner_name":null,"tidal_id":"1f68b2d0-760d-53fa-b7f7-d1495edf1bff","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421315Z"},{"id":"36f0ddb0-94af-494c-ad10-9d3f75d1d810","name":"CrowdStrike Carbon Spider August 2021","description":"Loui, E. and Reynolds, J. (2021, August 30). CARBON SPIDER Embraces Big Game Hunting, Part 1. Retrieved September 20, 2021.","url":"https://www.crowdstrike.com/blog/carbon-spider-embraces-big-game-hunting-part-1/","source":"MITRE","title":"CARBON SPIDER Embraces Big Game Hunting, Part 1","authors":"Loui, E. and Reynolds, J","date_accessed":"2021-09-20T00:00:00Z","date_published":"2021-08-30T00:00:00Z","owner_name":null,"tidal_id":"5024a4e4-6cfe-5ce6-be8e-ddcb0f95b3ed","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422436Z"},{"id":"48491bca-ee0f-557a-8855-22310a330991","name":"Crowdstrike_CarbonSpider_Part2_Nov2024","description":"Loui, E., Reynolds, J. (2021, November 4). CARBON SPIDER Embraces Big Game Hunting, Part 2. Retrieved May 7, 2025.","url":"https://www.crowdstrike.com/en-us/blog/carbon-spider-embraces-big-game-hunting-part-2/","source":"MITRE","title":"CARBON SPIDER Embraces Big Game Hunting, Part 2","authors":"Loui, E., Reynolds, J","date_accessed":"2025-05-07T00:00:00Z","date_published":"2021-11-04T00:00:00Z","owner_name":null,"tidal_id":"5c90976b-f5c3-58c2-8c77-3195122441e0","created":"2025-10-29T21:08:48.167849Z","modified":"2025-12-17T15:08:36.442407Z"},{"id":"8d978b94-75c9-46a1-812a-bafe3396eda9","name":"PaloAlto CardinalRat Apr 2017","description":"Grunzweig, J.. (2017, April 20). Cardinal RAT Active for Over Two Years. Retrieved December 8, 2018.","url":"https://researchcenter.paloaltonetworks.com/2017/04/unit42-cardinal-rat-active-two-years/","source":"MITRE","title":"Cardinal RAT Active for Over Two Years","authors":"Grunzweig, J.","date_accessed":"2018-12-08T00:00:00Z","date_published":"2017-04-20T00:00:00Z","owner_name":null,"tidal_id":"247f4fa6-95aa-58bb-8193-f933249242bc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421335Z"},{"id":"8a4e28f9-b0ba-56ad-a957-b5913bf9a7d5","name":"Carl Hurd March 2019","description":"Carl Hurd. (2019, March 26) VPNFilter Deep Dive. Retrieved March 28, 2019","url":"https://www.youtube.com/watch?v=yuZazP22rpI","source":"MITRE","title":"Carl Hurd March 2019","authors":"","date_accessed":"2019-03-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"998cdbe6-6e08-542a-840d-6c49d8439563","created":"2024-10-31T16:28:33.210574Z","modified":"2025-12-17T15:08:36.419108Z"},{"id":"a5cb3ee6-9a0b-4e90-bf32-be7177a858b1","name":"ESET Casbaneiro Oct 2019","description":"ESET Research. (2019, October 3). Casbaneiro: peculiarities of this banking Trojan that affects Brazil and Mexico. Retrieved September 23, 2021.","url":"https://www.welivesecurity.com/2019/10/03/casbaneiro-trojan-dangerous-cooking/","source":"MITRE","title":"Casbaneiro: peculiarities of this banking Trojan that affects Brazil and Mexico","authors":"ESET Research","date_accessed":"2021-09-23T00:00:00Z","date_published":"2019-10-03T00:00:00Z","owner_name":null,"tidal_id":"6ff8f926-a2af-5caa-8e9f-060cc1264532","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419910Z"},{"id":"6fa5edb0-52c7-5a4c-b186-7f3db37e241b","name":"Catalin Cimpanu April 2016","description":"Catalin Cimpanu 2016, April 26 Malware Shuts Down German Nuclear Power Plant on Chernobyl's 30th Anniversary. Retrieved 2019/10/14","url":"https://news.softpedia.com/news/on-chernobyl-s-30th-anniversary-malware-shuts-down-german-nuclear-power-plant-503429.shtml","source":"ICS","title":"Catalin Cimpanu April 2016","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"91289e0a-f859-5dd6-b184-0ff27c749267","created":"2026-01-28T13:08:18.177912Z","modified":"2026-01-28T13:08:18.177915Z"},{"id":"5b6ae460-a1cf-4afe-a0c8-d6ea24741ebe","name":"Microsoft Catalog Files and Signatures April 2017","description":"Hudek, T. (2017, April 20). Catalog Files and Digital Signatures. Retrieved January 31, 2018.","url":"https://docs.microsoft.com/windows-hardware/drivers/install/catalog-files","source":"MITRE","title":"Catalog Files and Digital Signatures","authors":"Hudek, T","date_accessed":"2018-01-31T00:00:00Z","date_published":"2017-04-20T00:00:00Z","owner_name":null,"tidal_id":"45478f76-c1e5-59b2-a36c-aacc3aff0a84","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429610Z"},{"id":"eddd2ea8-89c1-40f9-b6e3-37cbdebd210e","name":"Catch All Chrome Extension","description":"Marinho, R. (n.d.). \"Catch-All\" Google Chrome Malicious Extension Steals All Posted Data. Retrieved November 16, 2017.","url":"https://isc.sans.edu/forums/diary/CatchAll+Google+Chrome+Malicious+Extension+Steals+All+Posted+Data/22976/https:/threatpost.com/malicious-chrome-extension-steals-data-posted-to-any-website/128680/)","source":"MITRE","title":"\"Catch-All\" Google Chrome Malicious Extension Steals All Posted Data","authors":"Marinho, R","date_accessed":"2017-11-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5412d476-b58c-51a0-8927-1bcb1848d92b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426493Z"},{"id":"7ef12e36-a65f-467d-86f8-adab7f3d3c1d","name":"Fortinet Blog December 30 2024","description":"Chris Hall. (2024, December 30). Catching EC2 Grouper- No Indicators Required! . Retrieved August 15, 2025.","url":"https://www.fortinet.com/blog/threat-research/catching-ec2-grouper-no-indicators-required","source":"Tidal Cyber","title":"Catching EC2 Grouper- No Indicators Required!","authors":"Chris Hall","date_accessed":"2025-08-15T12:00:00Z","date_published":"2024-12-30T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1a780e5a-9fe0-52b8-90c5-6d61ea64af49","created":"2025-08-28T19:35:14.535762Z","modified":"2025-08-28T19:35:14.697808Z"},{"id":"379a177b-0c31-5840-ad54-3fdfc9904a88","name":"Akamai JS","description":"Katz, O. (2020, October 26). Catch Me if You Can—JavaScript Obfuscation. Retrieved March 17, 2023.","url":"https://www.akamai.com/blog/security/catch-me-if-you-can-javascript-obfuscation","source":"MITRE","title":"Catch Me if You Can—JavaScript Obfuscation","authors":"Katz, O","date_accessed":"2023-03-17T00:00:00Z","date_published":"2020-10-26T00:00:00Z","owner_name":null,"tidal_id":"31830f7e-ee68-52b4-99a2-6536658cd6cd","created":"2023-05-26T01:21:10.183390Z","modified":"2025-12-17T15:08:36.435252Z"},{"id":"3c320f38-e691-46f7-a20d-58b024ea2fa2","name":"Categorisation_not_boundary","description":"MDSec Research. (2017, July). Categorisation is not a Security Boundary. Retrieved September 20, 2019.","url":"https://www.mdsec.co.uk/2017/07/categorisation-is-not-a-security-boundary/","source":"MITRE","title":"Categorisation is not a Security Boundary","authors":"MDSec Research","date_accessed":"2019-09-20T00:00:00Z","date_published":"2017-07-01T00:00:00Z","owner_name":null,"tidal_id":"8d49116d-2e3a-5197-8d40-1bb8a55ec73a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428473Z"},{"id":"ab669ded-e659-4313-b5ab-8c5362562f39","name":"CrowdStrike Flying Kitten","description":"Dahl, M.. (2014, May 13). Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN. Retrieved May 27, 2020.","url":"https://www.crowdstrike.com/blog/cat-scratch-fever-crowdstrike-tracks-newly-reported-iranian-actor-flying-kitten/","source":"MITRE","title":"Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN","authors":"Dahl, M.","date_accessed":"2020-05-27T00:00:00Z","date_published":"2014-05-13T00:00:00Z","owner_name":null,"tidal_id":"394da09f-9a62-5264-a64b-160aacdd08c8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438488Z"},{"id":"0b46ec32-fa74-4d0a-8816-0dab60e575cb","name":"The DFIR Report November 17 2025","description":"None Identified. (2025, November 17). Cat’s Got Your Files: Lynx Ransomware – The DFIR Report. Retrieved November 19, 2025.","url":"https://thedfirreport.com/2025/11/17/cats-got-your-files-lynx-ransomware/","source":"Tidal Cyber","title":"Cat’s Got Your Files: Lynx Ransomware – The DFIR Report","authors":"None Identified","date_accessed":"2025-11-19T12:00:00Z","date_published":"2025-11-17T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fc90be21-dd65-57a8-b70c-a063d89090a3","created":"2025-11-19T17:44:52.195197Z","modified":"2025-11-19T17:44:52.335962Z"},{"id":"289fd3fe-8810-445e-bc6f-2a6ec7a4c7b7","name":"Group-IB Lynx Ransomware January 28 2025","description":"Nikolay Kichatov, Sharmine Low, Pietro Albuquerque. (2025, January 28). Cat’s out of the bag: Lynx Ransomware-as-a-Service. Retrieved January 31, 2025.","url":"https://www.group-ib.com/blog/cat-s-out-of-the-bag-lynx-ransomware/","source":"Tidal Cyber","title":"Cat’s out of the bag: Lynx Ransomware-as-a-Service","authors":"Nikolay Kichatov, Sharmine Low, Pietro Albuquerque","date_accessed":"2025-01-31T00:00:00Z","date_published":"2025-01-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b1823944-7f74-5f2f-ad9c-b695d6bd41ef","created":"2025-02-03T21:08:24.245176Z","modified":"2025-02-03T21:08:24.550492Z"},{"id":"fc7bbaac-b10a-4cc2-aa69-cc717b91aa44","name":"Wikimedia Foundation Inc. May 3 2003","description":"Wikimedia Foundation Inc.. (2003, May 3). cat (Unix) - Wikipedia. Retrieved December 19, 2024.","url":"https://en.wikipedia.org/wiki/Cat_(Unix)","source":"Tidal Cyber","title":"cat (Unix) - Wikipedia","authors":"Wikimedia Foundation Inc.","date_accessed":"2024-12-19T00:00:00Z","date_published":"2003-05-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"71da062c-ed01-598a-aa4d-e0fbb5d82bf6","created":"2025-04-11T15:06:11.699277Z","modified":"2025-04-11T15:06:11.855326Z"},{"id":"9670da7b-0600-4072-9ecc-65a918b89ac5","name":"Telephone Attack Delivery","description":"Selena Larson, Sam Scholten, Timothy Kromphardt. (2021, November 4). Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery. Retrieved January 5, 2022.","url":"https://www.proofpoint.com/us/blog/threat-insight/caught-beneath-landline-411-telephone-oriented-attack-delivery","source":"MITRE","title":"Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery","authors":"Selena Larson, Sam Scholten, Timothy Kromphardt","date_accessed":"2022-01-05T00:00:00Z","date_published":"2021-11-04T00:00:00Z","owner_name":null,"tidal_id":"736c9fa7-17d8-521e-ae65-76453ff9ab2a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432458Z"},{"id":"a6ef0302-7bf4-4c5c-a6fc-4bd1c3d67d50","name":"Tetra Defense Sodinokibi March 2020","description":"Tetra Defense. (2020, March). CAUSE AND EFFECT: SODINOKIBI RANSOMWARE ANALYSIS. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20210414101816/https://tetradefense.com/incident-response-services/cause-and-effect-sodinokibi-ransomware-analysis/","source":"MITRE","title":"CAUSE AND EFFECT: SODINOKIBI RANSOMWARE ANALYSIS","authors":"Tetra Defense","date_accessed":"2024-11-17T00:00:00Z","date_published":"2020-03-01T00:00:00Z","owner_name":null,"tidal_id":"e8de7dc3-d1d3-51d1-9bfe-1c2b3f91dfd1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421082Z"},{"id":"cb9e49fa-253a-447a-9c88-c6e507bae0bb","name":"CarbonBlack RobbinHood May 2019","description":"Lee, S. (2019, May 17). CB TAU Threat Intelligence Notification: RobbinHood Ransomware Stops 181 Windows Services Before Encryption. Retrieved July 29, 2019.","url":"https://www.carbonblack.com/2019/05/17/cb-tau-threat-intelligence-notification-robbinhood-ransomware-stops-181-windows-services-before-encryption/","source":"MITRE","title":"CB TAU Threat Intelligence Notification: RobbinHood Ransomware Stops 181 Windows Services Before Encryption","authors":"Lee, S","date_accessed":"2019-07-29T00:00:00Z","date_published":"2019-05-17T00:00:00Z","owner_name":null,"tidal_id":"20e53938-1a35-5993-960a-5767a25d4811","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416853Z"},{"id":"f2522cf4-dc65-4dc5-87e3-9e88212fcfe9","name":"Talos CCleanup 2017","description":"Brumaghin, E. et al. (2017, September 18). CCleanup: A Vast Number of Machines at Risk. Retrieved March 9, 2018.","url":"http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html","source":"MITRE","title":"CCleanup: A Vast Number of Machines at Risk","authors":"Brumaghin, E. et al","date_accessed":"2018-03-09T00:00:00Z","date_published":"2017-09-18T00:00:00Z","owner_name":null,"tidal_id":"0d20ff30-ee18-5b20-9b8b-dd2a0a23bcd7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421138Z"},{"id":"e61b035f-6247-47e3-918c-2892815dfddf","name":"Cdb.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Cdb.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Cdb/","source":"Tidal Cyber","title":"Cdb.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9280255e-f785-5045-86c6-04bff8c80dce","created":"2024-01-12T14:47:18.657366Z","modified":"2024-01-12T14:47:18.843011Z"},{"id":"8caa1e92-66ab-507c-ad65-01865879adaa","name":"Centre for the Protection of National Infrastructure February 2005","description":"Centre for the Protection of National Infrastructure 2005, February FIREWALL DEPLOYMENT FOR SCADA AND PROCESS CONTROL NETWORKS. Retrieved 2020/09/17","url":"https://www.energy.gov/sites/prod/files/Good%20Practices%20Guide%20for%20Firewall%20Deployment.pdf","source":"ICS","title":"Centre for the Protection of National Infrastructure February 2005","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"51519c22-d021-535e-ba3c-6c35c261e101","created":"2026-01-28T13:08:18.174869Z","modified":"2026-01-28T13:08:18.174878Z"},{"id":"3a71a7a2-4eee-5fb6-b890-33be619b7f40","name":"Centre for the Protection of National Infrastructure November 2010","description":"Centre for the Protection of National Infrastructure 2010, November Configuring and Managing Remote Access for Industrial Control Systems. Retrieved 2020/09/25","url":"https://us-cert.cisa.gov/sites/default/files/recommended_practices/RP_Managing_Remote_Access_S508NC.pdf","source":"ICS","title":"Centre for the Protection of National Infrastructure November 2010","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b799dcf0-7d29-5671-bd85-38e1aeb77e8f","created":"2026-01-28T13:08:18.175007Z","modified":"2026-01-28T13:08:18.175011Z"},{"id":"e1753588-bc53-5265-935e-cbbaf3e13a82","name":"Slowik Sandworm 2021","description":"Joseph Slowik, DomainTools. (2021, March 3). Centreon to Exim and Back: On the Trail of Sandworm. Retrieved April 6, 2024.","url":"https://www.domaintools.com/resources/blog/centreon-to-exim-and-back-on-the-trail-of-sandworm/","source":"MITRE","title":"Centreon to Exim and Back: On the Trail of Sandworm","authors":"Joseph Slowik, DomainTools","date_accessed":"2024-04-06T00:00:00Z","date_published":"2021-03-03T00:00:00Z","owner_name":null,"tidal_id":"ee7e2c11-dee9-5963-8d85-7993de01e15e","created":"2024-04-25T13:28:51.274421Z","modified":"2025-12-17T15:08:36.440721Z"},{"id":"ff3cc4e2-ff9b-40e5-a5e1-af6fc14ccb67","name":"huntress.com August 21 2025","description":"Harlan Carvey, Lindsey O'Donnell-Welch. (2025, August 21). Cephalus Ransomware Don't Lose Your Head . Retrieved September 12, 2025.","url":"https://www.huntress.com/blog/cephalus-ransomware","source":"Tidal Cyber","title":"Cephalus Ransomware Don't Lose Your Head","authors":"Harlan Carvey, Lindsey O'Donnell-Welch","date_accessed":"2025-09-12T12:00:00Z","date_published":"2025-08-21T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"74d7b9f0-efe3-51fe-b634-dbd9286507c9","created":"2025-09-15T19:13:21.672991Z","modified":"2025-09-15T19:13:21.846889Z"},{"id":"79f8d86f-fca0-4bed-99ee-424d0ab83856","name":"Fortra Cephalus August 27 2025","description":"Graham Cluley. (2025, August 27). Cephalus ransomware: What you need to know. Retrieved October 3, 2025.","url":"https://www.fortra.com/blog/cephalus-ransomware-what-you-need-know","source":"Tidal Cyber","title":"Cephalus ransomware: What you need to know","authors":"Graham Cluley","date_accessed":"2025-10-03T12:00:00Z","date_published":"2025-08-27T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"812825e4-44eb-5036-8033-78f89bd118e9","created":"2025-10-07T14:06:55.188294Z","modified":"2025-10-07T14:06:55.320292Z"},{"id":"715d9ed5-8e85-5072-93e8-9513b35a4ca4","name":"ThreatFabric Cerberus","description":"ThreatFabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved September","url":"https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html","source":"Mobile","title":"Cerberus - A new banking Trojan from the underworld","authors":"ThreatFabric","date_accessed":"1978-09-01T00:00:00Z","date_published":"2019-08-01T00:00:00Z","owner_name":null,"tidal_id":"b5675503-2f94-5bb3-a110-070dd1b59076","created":"2026-01-28T13:08:10.043798Z","modified":"2026-01-28T13:08:10.043801Z"},{"id":"848b34c7-ea21-58da-8a9c-f22dc116e9de","name":"Threat Fabric Cerberus","description":"Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June","url":"https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html","source":"Mobile","title":"Cerberus - A new banking Trojan from the underworld","authors":"Threat Fabric","date_accessed":"1978-06-01T00:00:00Z","date_published":"2019-08-01T00:00:00Z","owner_name":null,"tidal_id":"f07f42b3-befe-5120-bc8c-03f38fa508c7","created":"2026-01-28T13:08:10.038751Z","modified":"2026-01-28T13:08:10.038754Z"},{"id":"2c28640d-e4ee-47db-a8f1-b34def7d2e9a","name":"ESET PLEAD Malware July 2018","description":"Cherepanov, A.. (2018, July 9). Certificates stolen from Taiwanese tech‑companies misused in Plead malware campaign. Retrieved May 6, 2020.","url":"https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/","source":"MITRE","title":"Certificates stolen from Taiwanese tech‑companies misused in Plead malware campaign","authors":"Cherepanov, A.","date_accessed":"2020-05-06T00:00:00Z","date_published":"2018-07-09T00:00:00Z","owner_name":null,"tidal_id":"60cdd25f-292c-5783-be78-ba58020a8910","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441842Z"},{"id":"ce92580a-66f0-431c-9ee8-7efec2bd4585","name":"Expel October 31 2025","description":"Aaron Walton. (2025, October 31). Certified OysterLoader: Tracking Rhysida ransomware gang activity via code-signing certificates | Expel. Retrieved November 13, 2025.","url":"https://expel.com/blog/certified-oysterloader-tracking-rhysida-ransomware-gang-activity-via-code-signing-certificates/","source":"Tidal Cyber","title":"Certified OysterLoader: Tracking Rhysida ransomware gang activity via code-signing certificates | Expel","authors":"Aaron Walton","date_accessed":"2025-11-13T12:00:00Z","date_published":"2025-10-31T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"95150326-2f5a-538c-9f1c-5eae1298f20d","created":"2025-11-19T17:44:49.989073Z","modified":"2025-11-19T17:44:50.166466Z"},{"id":"04e53c69-3f29-4bb4-83c9-ff3a2db1526b","name":"Medium Certified Pre Owned","description":"Schroeder, W. (2021, June 17). Certified Pre-Owned. Retrieved August 2, 2022.","url":"https://posts.specterops.io/certified-pre-owned-d95910965cd2","source":"MITRE","title":"Certified Pre-Owned","authors":"Schroeder, W","date_accessed":"2022-08-02T00:00:00Z","date_published":"2021-06-17T00:00:00Z","owner_name":null,"tidal_id":"1b9d1713-56d8-57eb-89c4-c6b939c19c1a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431615Z"},{"id":"73b6a6a6-c2b8-4aed-9cbc-d3bdcbb97698","name":"SpecterOps Certified Pre Owned","description":"Schroeder, W. & Christensen, L. (2021, June 22). Certified Pre-Owned - Abusing Active Directory Certificate Services. Retrieved August 2, 2022.","url":"https://web.archive.org/web/20220818094600/https://specterops.io/assets/resources/Certified_Pre-Owned.pdf","source":"MITRE","title":"Certified Pre-Owned - Abusing Active Directory Certificate Services","authors":"Schroeder, W. & Christensen, L","date_accessed":"2022-08-02T00:00:00Z","date_published":"2021-06-22T00:00:00Z","owner_name":null,"tidal_id":"9a8c978f-9a0d-5d94-a7d8-0c9553e871a7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431621Z"},{"id":"27fce38b-07d6-43ed-a3da-174458c4acbe","name":"GitHub Certify","description":"HarmJ0y et al. (2021, June 9). Certify. Retrieved August 4, 2022.","url":"https://github.com/GhostPack/Certify/","source":"MITRE","title":"Certify","authors":"HarmJ0y et al","date_accessed":"2022-08-04T00:00:00Z","date_published":"2021-06-09T00:00:00Z","owner_name":null,"tidal_id":"20e0be64-5ccc-5f52-9cb7-0819f4e86d92","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442761Z"},{"id":"b906498e-2773-419b-8c6d-3e974925ac18","name":"CertOC.exe - LOLBAS Project","description":"LOLBAS. (2021, October 7). CertOC.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Certoc/","source":"Tidal Cyber","title":"CertOC.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-10-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a2a62b05-7b7c-56cf-977c-1633b9abccec","created":"2024-01-12T14:46:32.794859Z","modified":"2024-01-12T14:46:33.024880Z"},{"id":"be446484-8ecc-486e-8940-658c147f6978","name":"CertReq.exe - LOLBAS Project","description":"LOLBAS. (2020, July 7). CertReq.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Certreq/","source":"Tidal Cyber","title":"CertReq.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-07-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"baa023e2-affb-54e9-ae29-34acfe3f0e9a","created":"2024-01-12T14:46:33.224955Z","modified":"2024-01-12T14:46:33.434015Z"},{"id":"da06ce8f-f950-4ae8-a62a-b59b236e91a3","name":"GitHub CertStealer","description":"TheWover. (2021, April 21). CertStealer. Retrieved August 2, 2022.","url":"https://github.com/TheWover/CertStealer","source":"MITRE","title":"CertStealer","authors":"TheWover","date_accessed":"2022-08-02T00:00:00Z","date_published":"2021-04-21T00:00:00Z","owner_name":null,"tidal_id":"f6ce7593-89ca-575b-92a1-e1cdb504159e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431634Z"},{"id":"bc4a5dc2-fc7c-451f-a69f-b153a8279e0b","name":"cert.gov.ua 09 30 2025","description":"No author. (2025, September 30). CERT-UA 09 30 2025. Retrieved October 3, 2025.","url":"https://cert.gov.ua/article/6285549","source":"Tidal Cyber","title":"CERT-UA 09 30 2025","authors":"No author","date_accessed":"2025-10-03T12:00:00Z","date_published":"2025-09-30T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a0b5f3af-a228-56cc-a967-a0f592e4ec36","created":"2025-10-07T14:06:56.004134Z","modified":"2025-10-07T14:06:56.134046Z"},{"id":"8d095aeb-c72c-49c1-8482-dbf4ce9203ce","name":"TechNet Certutil","description":"Microsoft. (2012, November 14). Certutil. Retrieved July 3, 2017.","url":"https://technet.microsoft.com/library/cc732443.aspx","source":"MITRE","title":"Certutil","authors":"Microsoft","date_accessed":"2017-07-03T00:00:00Z","date_published":"2012-11-14T00:00:00Z","owner_name":null,"tidal_id":"6429f0ae-6bf2-50a7-8067-a697f621a9e4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422726Z"},{"id":"4c875710-9b5d-47b5-bc9e-69ef95797c8f","name":"LOLBAS Certutil","description":"LOLBAS. (n.d.). Certutil.exe. Retrieved July 31, 2019.","url":"https://lolbas-project.github.io/lolbas/Binaries/Certutil/","source":"MITRE","title":"Certutil.exe","authors":"LOLBAS","date_accessed":"2019-07-31T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a95a802e-3047-5cfe-b0f2-1d819599f0d4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440378Z"},{"id":"6108ab77-e4fd-43f2-9d49-8ce9c219ca9c","name":"FireEye CFR Watering Hole 2012","description":"Kindlund, D. (2012, December 30). CFR Watering Hole Attack Details. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20201024230407/https://www.fireeye.com/blog/threat-research/2012/12/council-foreign-relations-water-hole-attack-details.html","source":"MITRE","title":"CFR Watering Hole Attack Details","authors":"Kindlund, D","date_accessed":"2024-11-17T00:00:00Z","date_published":"2012-12-30T00:00:00Z","owner_name":null,"tidal_id":"2ed9d19f-95e8-5442-ac5e-164ed75a6f8d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426234Z"},{"id":"cfcb0839-0736-489f-9779-72e5c96cce3d","name":"Twitter Cglyer Status Update APT3 eml","description":"Glyer, C. (2018, April 14). @cglyer Status Update. Retrieved September 12, 2024.","url":"https://x.com/cglyer/status/985311489782374400","source":"MITRE","title":"@cglyer Status Update","authors":"Glyer, C","date_accessed":"2024-09-12T00:00:00Z","date_published":"2018-04-14T00:00:00Z","owner_name":null,"tidal_id":"a4be8957-e2a9-5f86-80b6-69fbd1e624af","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442751Z"},{"id":"aaefa162-82a8-4b6d-b7be-fd31fafd9246","name":"Cybereason Chaes Nov 2020","description":"Salem, E. (2020, November 17). CHAES: Novel Malware Targeting Latin American E-Commerce. Retrieved June 30, 2021.","url":"https://www.cybereason.com/hubfs/dam/collateral/reports/11-2020-Chaes-e-commerce-malware-research.pdf","source":"MITRE","title":"CHAES: Novel Malware Targeting Latin American E-Commerce","authors":"Salem, E","date_accessed":"2021-06-30T00:00:00Z","date_published":"2020-11-17T00:00:00Z","owner_name":null,"tidal_id":"a28cc575-329b-5b66-8b9b-6ae307c492cf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419757Z"},{"id":"3daaa402-5477-4868-b8f1-a2f6e38f04ef","name":"Symantec Chafer February 2018","description":"Symantec. (2018, February 28). Chafer: Latest Attacks Reveal Heightened Ambitions. Retrieved May 22, 2020.","url":"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/chafer-latest-attacks-reveal-heightened-ambitions","source":"MITRE","title":"Chafer: Latest Attacks Reveal Heightened Ambitions","authors":"Symantec","date_accessed":"2020-05-22T00:00:00Z","date_published":"2018-02-28T00:00:00Z","owner_name":null,"tidal_id":"5861f18e-21cf-5b2f-bf89-6a9e94b931c9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440323Z"},{"id":"07dfd8e7-4e51-4c6e-a4f6-aaeb74ff8845","name":"Securelist Remexi Jan 2019","description":"Legezo, D. (2019, January 30). Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities. Retrieved April 17, 2019.","url":"https://securelist.com/chafer-used-remexi-malware/89538/","source":"MITRE","title":"Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities","authors":"Legezo, D","date_accessed":"2019-04-17T00:00:00Z","date_published":"2019-01-30T00:00:00Z","owner_name":null,"tidal_id":"89cce281-48ad-57cc-9662-7de6c5096044","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422202Z"},{"id":"0453d07a-e6f5-496b-b90d-006d3c081fad","name":"Change.exe - LOLBAS Project","description":"LOLBAS. (2025, July 31). Change.exe. Retrieved December 30, 2025.","url":"https://lolbas-project.github.io/lolbas/Binaries/Change/","source":"Tidal Cyber","title":"Change.exe","authors":"LOLBAS","date_accessed":"2025-12-30T12:00:00Z","date_published":"2025-07-31T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5e4cad52-8797-5b33-bc38-156830bc171d","created":"2026-01-06T18:03:29.498349Z","modified":"2026-01-06T18:03:29.704355Z"},{"id":"c0deb077-6c26-52f1-9e7c-d1fb535a02a0","name":"change_rdp_port_conti","description":"The DFIR Report. (2022, March 1). \"Change RDP port\" #ContiLeaks. Retrieved September 12, 2024.","url":"https://x.com/TheDFIRReport/status/1498657772254240768","source":"MITRE","title":"\"Change RDP port\" #ContiLeaks","authors":"The DFIR Report","date_accessed":"2024-09-12T00:00:00Z","date_published":"2022-03-01T00:00:00Z","owner_name":null,"tidal_id":"262352cf-7710-5150-a952-48646020e595","created":"2023-05-26T01:21:05.770799Z","modified":"2025-12-17T15:08:36.429593Z"},{"id":"08e5e26c-0832-5bd1-ac57-1bf1499ac310","name":"Android-TrustedCA","description":"Chad Brubaker. (2016, July 7). Changes to Trusted Certificate Authorities in Android Nougat. Retrieved September","url":"https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html","source":"Mobile","title":"Changes to Trusted Certificate Authorities in Android Nougat","authors":"Chad Brubaker","date_accessed":"1978-09-01T00:00:00Z","date_published":"2016-07-07T00:00:00Z","owner_name":null,"tidal_id":"2a75b7f6-8f98-50b1-93eb-ee598a943f17","created":"2026-01-28T13:08:10.047361Z","modified":"2026-01-28T13:08:10.047364Z"},{"id":"76bf3ce1-b94c-4b3d-9707-aca8a1ae5555","name":"Microsoft Change Normal Template","description":"Microsoft. (n.d.). Change the Normal template (Normal.dotm). Retrieved July 3, 2017.","url":"https://support.office.com/article/Change-the-Normal-template-Normal-dotm-06de294b-d216-47f6-ab77-ccb5166f98ea","source":"MITRE","title":"Change the Normal template (Normal.dotm)","authors":"Microsoft","date_accessed":"2017-07-03T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2ce7d12c-b6ac-561c-bf4a-642309566204","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431443Z"},{"id":"de515277-a280-40e5-ba34-3e8f16a5c703","name":"Microsoft Change Default Programs","description":"Microsoft. (n.d.). Change which programs Windows 7 uses by default. Retrieved July 26, 2016.","url":"https://support.microsoft.com/en-us/help/18539/windows-7-change-default-programs","source":"MITRE","title":"Change which programs Windows 7 uses by default","authors":"Microsoft","date_accessed":"2016-07-26T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"125f1564-ee92-53cd-bb63-6cc36f0aa58b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430715Z"},{"id":"8e6916c1-f102-4b54-b6a5-a58fed825c2e","name":"Chaos Stolen Backdoor","description":"Sebastian Feldmann. (2018, February 14). Chaos: a Stolen Backdoor Rising Again. Retrieved March 5, 2018.","url":"http://gosecure.net/2018/02/14/chaos-stolen-backdoor-rising/","source":"MITRE","title":"Chaos: a Stolen Backdoor Rising Again","authors":"Sebastian Feldmann","date_accessed":"2018-03-05T00:00:00Z","date_published":"2018-02-14T00:00:00Z","owner_name":null,"tidal_id":"4b78728c-1ae6-589c-92f1-15aa12a0f28a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418919Z"},{"id":"6272b9a2-d704-43f3-9e25-6c434bb5d1ef","name":"Wardle Persistence Chapter","description":"Patrick Wardle. (n.d.). Chapter 0x2: Persistence. Retrieved April 13, 2022.","url":"https://taomm.org/PDFs/vol1/CH%200x02%20Persistence.pdf","source":"MITRE","title":"Chapter 0x2: Persistence","authors":"Patrick Wardle","date_accessed":"2022-04-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"183cec36-256e-5b89-9ade-b30dd8821849","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428605Z"},{"id":"132f387e-4ee3-51d3-a3b6-d61102ada152","name":"cisco_deploy_rsa_keys","description":"Cisco. (2023, February 17). Chapter: Deploying RSA Keys Within a PKI . Retrieved March 27, 2023.","url":"https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_pki/configuration/xe-17/sec-pki-xe-17-book/sec-deploy-rsa-pki.html#GUID-1CB802D8-9DE3-447F-BECE-CF22F5E11436","source":"MITRE","title":"Chapter: Deploying RSA Keys Within a PKI","authors":"Cisco","date_accessed":"2023-03-27T00:00:00Z","date_published":"2023-02-17T00:00:00Z","owner_name":null,"tidal_id":"417ceff5-39cc-5c0b-9b08-6a3d64d2f073","created":"2023-05-26T01:21:06.295018Z","modified":"2025-12-17T15:08:36.430179Z"},{"id":"3e7df20f-5d11-4102-851f-04e89c25d12f","name":"Wikipedia Character Encoding","description":"Wikipedia. (2017, February 19). Character Encoding. Retrieved March 1, 2017.","url":"https://en.wikipedia.org/wiki/Character_encoding","source":"MITRE","title":"Character Encoding","authors":"Wikipedia","date_accessed":"2017-03-01T00:00:00Z","date_published":"2017-02-19T00:00:00Z","owner_name":null,"tidal_id":"91bea467-7b65-5efb-b748-a5c3f381e70d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424159Z"},{"id":"96e3bfa6-84e5-597b-b61b-b3eb5c1a8fc1","name":"CheckPoint-Charger","description":"Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January","url":"http://blog.checkpoint.com/2017/01/24/charger-malware/","source":"Mobile","title":"Charger Malware Calls and Raises the Risk on Google Play","authors":"Oren Koriat and Andrey Polkovnichenko","date_accessed":"1978-01-01T00:00:00Z","date_published":"2017-01-24T00:00:00Z","owner_name":null,"tidal_id":"8e68d0ce-716c-5857-8588-4134294ce62e","created":"2026-01-28T13:08:10.041871Z","modified":"2026-01-28T13:08:10.041874Z"},{"id":"f97fd2f0-d265-5351-be6e-184611ac0025","name":"DOJ GRU Charges 2018","description":"U.S. Department of Justice. (2018, October 4). U.S. Charges Russian GRU Officers with International Hacking and Related Influence and Disinformation Operations. Retrieved February 25, 2025.","url":"https://www.justice.gov/archives/opa/pr/us-charges-russian-gru-officers-international-hacking-and-related-influence-and","source":"MITRE","title":"Charges Russian GRU Officers with International Hacking and Related Influence and Disinformation Operations","authors":"U.S. Department of Justice. (2018, October 4)","date_accessed":"2025-02-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"88a1eb9b-3993-5457-9ff2-bd7a0f4ba336","created":"2025-04-22T20:47:21.413989Z","modified":"2025-12-17T15:08:36.436797Z"},{"id":"ef19ad33-816a-422d-a3c9-b41048e65582","name":"Charles Carmakal LinkedIn December 19 2024","description":"Charles Carmakal. (2024, December 19). Charles Carmakal LinkedIn December 19 2024. Retrieved December 23, 2024.","url":"https://www.linkedin.com/feed/update/urn:li:activity:7275175889959542784/","source":"Tidal Cyber","title":"Charles Carmakal LinkedIn December 19 2024","authors":"Charles Carmakal","date_accessed":"2024-12-23T00:00:00Z","date_published":"2024-12-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"80c7a2d8-8bc8-5e60-b76f-6d6f4f862aeb","created":"2024-12-23T16:08:15.976613Z","modified":"2024-12-23T16:08:16.582642Z"},{"id":"23ab1ad2-e9d4-416a-926f-6220a59044ab","name":"ClearSky Charming Kitten Dec 2017","description":"ClearSky Cyber Security. (2017, December). Charming Kitten. Retrieved December 27, 2017.","url":"http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf","source":"MITRE","title":"Charming Kitten","authors":"ClearSky Cyber Security","date_accessed":"2017-12-27T00:00:00Z","date_published":"2017-12-01T00:00:00Z","owner_name":null,"tidal_id":"c18cc01c-ce18-5087-8036-03cb51987d7e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422101Z"},{"id":"c38a8af6-3f9b-40c3-8122-a2a51eb50664","name":"Certfa Charming Kitten January 2021","description":"Certfa Labs. (2021, January 8). Charming Kitten’s Christmas Gift. Retrieved May 3, 2021.","url":"https://blog.certfa.com/posts/charming-kitten-christmas-gift/","source":"MITRE","title":"Charming Kitten’s Christmas Gift","authors":"Certfa Labs","date_accessed":"2021-05-03T00:00:00Z","date_published":"2021-01-08T00:00:00Z","owner_name":null,"tidal_id":"e1f38408-6156-58e8-a7bd-211b1357f996","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438051Z"},{"id":"274b1104-e413-5313-9445-93c286b4b13b","name":"Volexity","description":"Ankur Saini, Charlie Gardner. (2023, June 28). Charming Kitten Updates POWERSTAR with an InterPlanetary Twist. Retrieved September 25, 2025.","url":"https://www.volexity.com/blog/2023/06/28/charming-kitten-updates-powerstar-with-an-interplanetary-twist/","source":"MITRE","title":"Charming Kitten Updates POWERSTAR with an InterPlanetary Twist","authors":"Ankur Saini, Charlie Gardner","date_accessed":"2025-09-25T00:00:00Z","date_published":"2023-06-28T00:00:00Z","owner_name":null,"tidal_id":"625d214c-5ee2-5404-a563-0732dee3ec0b","created":"2025-10-29T21:08:48.166593Z","modified":"2025-12-17T15:08:36.436370Z"},{"id":"db0b1425-8bd7-51b5-bae3-53c5ccccb8da","name":"Proofpoint TA2541 February 2022","description":"Larson, S. and Wise, J. (2022, February 15). Charting TA2541's Flight. Retrieved September 12, 2023.","url":"https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight","source":"MITRE","title":"Charting TA2541's Flight","authors":"Larson, S. and Wise, J","date_accessed":"2023-09-12T00:00:00Z","date_published":"2022-02-15T00:00:00Z","owner_name":null,"tidal_id":"4c87ae02-61ac-5f6a-921d-cf01aca177d0","created":"2023-11-07T00:36:12.333607Z","modified":"2025-12-17T15:08:36.438668Z"},{"id":"657b43aa-ead2-41d3-911a-d714d9b28e19","name":"JPCERT ChChes Feb 2017","description":"Nakamura, Y.. (2017, February 17). ChChes - Malware that Communicates with C&C Servers Using Cookie Headers. Retrieved November 17, 2024.","url":"https://blogs.jpcert.or.jp/en/2017/02/chches-malware--93d6.html","source":"MITRE","title":"ChChes - Malware that Communicates with C&C Servers Using Cookie Headers","authors":"Nakamura, Y.","date_accessed":"2024-11-17T00:00:00Z","date_published":"2017-02-17T00:00:00Z","owner_name":null,"tidal_id":"af64ddaf-7be7-5295-9b0b-5d7bed945222","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421907Z"},{"id":"60432d84-8f46-4934-951f-df8e0f297ff0","name":"Check Point Iranian Proxies December 4 2023","description":"Check Point Research. (2023, December 4). Check Point Research Report: Iranian Hacktivist Proxies Escalate Activities Beyond Israel. Retrieved August 8, 2024.","url":"https://blog.checkpoint.com/research/check-point-research-report-shift-in-cyber-warfare-tactics-iranian-hacktivist-proxies-extend-activities-beyond-israel/","source":"Tidal Cyber","title":"Check Point Research Report: Iranian Hacktivist Proxies Escalate Activities Beyond Israel","authors":"Check Point Research","date_accessed":"2024-08-08T00:00:00Z","date_published":"2023-12-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8f5925c5-9aa2-5d41-91ec-ba5fdfaba922","created":"2024-08-09T14:50:32.571196Z","modified":"2024-08-09T14:50:32.951899Z"},{"id":"2885db46-4f8c-4c35-901c-7641c7701293","name":"EclecticLightChecksonEXECodeSigning","description":"Howard Oakley. (2020, November 16). Checks on executable code in Catalina and Big Sur: a first draft. Retrieved September 21, 2022.","url":"https://eclecticlight.co/2020/11/16/checks-on-executable-code-in-catalina-and-big-sur-a-first-draft/","source":"MITRE","title":"Checks on executable code in Catalina and Big Sur: a first draft","authors":"Howard Oakley","date_accessed":"2022-09-21T00:00:00Z","date_published":"2020-11-16T00:00:00Z","owner_name":null,"tidal_id":"367993d5-d4cd-50d8-9373-dd0d31c86a99","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427388Z"},{"id":"0760480c-97be-5fc9-a6aa-f1df91a314a3","name":"Mandiant Pulse Secure Zero-Day April 2021","description":"Perez, D. et al. (2021, April 20). Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day. Retrieved February 5, 2024.","url":"https://www.mandiant.com/resources/blog/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day","source":"MITRE","title":"Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day","authors":"Perez, D. et al","date_accessed":"2024-02-05T00:00:00Z","date_published":"2021-04-20T00:00:00Z","owner_name":null,"tidal_id":"7cb8e3b8-7277-5c0c-bb5f-edcafb170418","created":"2024-04-25T13:28:45.808708Z","modified":"2025-12-17T15:08:36.419214Z"},{"id":"70277fa4-60a8-475e-993a-c74241b76127","name":"Anomali MUSTANG PANDA October 2019","description":"Anomali Threat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021.","url":"https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations","source":"MITRE, Tidal Cyber","title":"China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations","authors":"Anomali Threat Research","date_accessed":"2021-04-12T00:00:00Z","date_published":"2019-10-07T00:00:00Z","owner_name":null,"tidal_id":"78b011a8-f297-5bc8-864d-827479c08dcc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279187Z"},{"id":"f3470275-9652-440e-914d-ad4fc5165413","name":"FireEye admin@338","description":"FireEye Threat Intelligence. (2015, December 1). China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets. Retrieved December 4, 2015.","url":"https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html","source":"MITRE, Tidal Cyber","title":"China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets","authors":"FireEye Threat Intelligence","date_accessed":"2015-12-04T00:00:00Z","date_published":"2015-12-01T00:00:00Z","owner_name":null,"tidal_id":"a4cb0dcc-b0d4-58c9-b7f0-d6fa8ad1aaf9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.257357Z"},{"id":"98b2d114-4246-409d-934a-238682fd5ae6","name":"IronNet BlackTech Oct 2021","description":"Demboski, M., et al. (2021, October 26). China cyber attacks: the current threat landscape. Retrieved March 25, 2022.","url":"https://www.ironnet.com/blog/china-cyber-attacks-the-current-threat-landscape","source":"MITRE","title":"China cyber attacks: the current threat landscape","authors":"Demboski, M., et al","date_accessed":"2022-03-25T00:00:00Z","date_published":"2021-10-26T00:00:00Z","owner_name":null,"tidal_id":"4212f29d-a144-55e5-9202-e7681c820538","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437728Z"},{"id":"644fa2c1-ed3e-5203-96d5-27acfc1947a0","name":"RecordedFuture RedEcho 2021","description":"Recorded Future Insikt Group. (2021, February). China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions. Retrieved November 21, 2024.","url":"https://go.recordedfuture.com/hubfs/reports/cta-2021-0228.pdf","source":"MITRE","title":"China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions","authors":"Recorded Future Insikt Group","date_accessed":"2024-11-21T00:00:00Z","date_published":"2021-02-01T00:00:00Z","owner_name":null,"tidal_id":"702737ec-1861-5b3b-ab13-1a966892ab60","created":"2025-04-22T20:47:21.735117Z","modified":"2025-12-17T15:08:36.438879Z"},{"id":"6da7eb8a-aab4-41ea-a0b7-5313d88cbe91","name":"Recorded Future RedEcho Feb 2021","description":"Insikt Group. (2021, February 28). China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions. Retrieved March 22, 2021.","url":"https://go.recordedfuture.com/hubfs/reports/cta-2021-0228.pdf","source":"MITRE","title":"China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions","authors":"Insikt Group","date_accessed":"2021-03-22T00:00:00Z","date_published":"2021-02-28T00:00:00Z","owner_name":null,"tidal_id":"713e94e1-7a5e-52b2-b75e-3d6103a051b8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422188Z"},{"id":"15b4c5c3-edf2-4f6b-b398-62767cfabf5a","name":"WSJ Salt Typhoon September 26 2024","description":"Sarah Krouse, Robert McMillan, Dustin Volz. (2024, September 26). China-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ Cyberattack. Retrieved October 24, 2024.","url":"https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835","source":"Tidal Cyber","title":"China-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ Cyberattack","authors":"Sarah Krouse, Robert McMillan, Dustin Volz","date_accessed":"2024-10-24T00:00:00Z","date_published":"2024-09-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4f761b6e-c8ba-570f-8d0c-5d30afc5df81","created":"2024-10-25T19:42:14.138633Z","modified":"2024-10-25T19:42:14.649172Z"},{"id":"30d35163-9d01-498d-aa49-7e302579c5ab","name":"Amazon Web Services December 04 2025","description":"None Identified. (2025, December 4). China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) | AWS Security Blog. Retrieved December 6, 2025.","url":"https://aws.amazon.com/blogs/security/china-nexus-cyber-threat-groups-rapidly-exploit-react2shell-vulnerability-cve-2025-55182/","source":"Tidal Cyber","title":"China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) | AWS Security Blog","authors":"None Identified","date_accessed":"2025-12-06T12:00:00Z","date_published":"2025-12-04T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7e3da1f4-a55e-5e18-8df2-7ecd341c8f3f","created":"2025-12-10T14:13:47.517027Z","modified":"2025-12-10T14:13:47.679895Z"},{"id":"4773c05c-c463-4d4a-aeae-c20836ccc35f","name":"EclecticIQ CVE-2025-31324 May 13 2025","description":"Arda Büyükkaya. (2025, May 13). China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures. Retrieved June 2, 2025.","url":"https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures","source":"Tidal Cyber","title":"China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures","authors":"Arda Büyükkaya","date_accessed":"2025-06-02T00:00:00Z","date_published":"2025-05-13T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0a58c01d-6ae2-55fa-b5d7-105a65d34835","created":"2025-06-03T14:14:13.542014Z","modified":"2025-06-03T14:14:13.712230Z"},{"id":"daa0360d-8a50-5256-8c95-cf68a3e7bb90","name":"Sygnia VelvetAnt 2024A","description":"Sygnia Team. (2024, June 3). China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence. Retrieved March 14, 2025.","url":"https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/","source":"MITRE","title":"China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence","authors":"Sygnia Team","date_accessed":"2025-03-14T00:00:00Z","date_published":"2024-06-03T00:00:00Z","owner_name":null,"tidal_id":"506f8477-edb0-53d0-85b0-bbd88e4697d2","created":"2025-04-22T20:47:25.558097Z","modified":"2025-12-17T15:08:36.437423Z"},{"id":"f4a036fd-4adf-564f-a401-5e5fc2866364","name":"Sygnia VelvetAnt 2024B","description":"Sygnia Team. (2024, July 1). China-Nexus Threat Group ‘Velvet Ant’ Exploits Cisco Zero-Day (CVE-2024-20399) to Compromise Nexus Switch Devices – Advisory for Mitigation and Response. Retrieved March 14, 2025.","url":"https://www.sygnia.co/threat-reports-and-advisories/china-nexus-threat-group-velvet-ant-exploits-cisco-0-day/","source":"MITRE","title":"China-Nexus Threat Group ‘Velvet Ant’ Exploits Cisco Zero-Day (CVE-2024-20399) to Compromise Nexus Switch Devices – Advisory for Mitigation and Response","authors":"Sygnia Team","date_accessed":"2025-03-14T00:00:00Z","date_published":"2024-07-01T00:00:00Z","owner_name":null,"tidal_id":"edfadf9e-149b-5d13-89f0-6f36cfb4e3d0","created":"2025-04-22T20:47:25.550206Z","modified":"2025-12-17T15:08:36.437416Z"},{"id":"5c313af4-61a8-449d-a6c7-f7ead6c72e19","name":"Sygnia Velvet Ant June 17 2024","description":"Sygnia Team. (2024, June 17). China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence. Retrieved June 20, 2024.","url":"https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/","source":"Tidal Cyber","title":"China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence","authors":"Sygnia Team","date_accessed":"2024-06-20T00:00:00Z","date_published":"2024-06-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8b7def67-23cd-57b6-acf8-4c8f1a6408d2","created":"2024-07-03T15:42:40.307586Z","modified":"2024-07-03T15:42:40.498955Z"},{"id":"a0cfeeb6-4617-4dea-80d2-290eaf2bcf5b","name":"Sygnia Velvet Ant July 1 2024","description":"Sygnia. (2024, July 1). China-Nexus Threat Group ‘Velvet Ant’ Exploits Cisco Zero-Day (CVE-2024-20399) to Compromise Nexus Switch Devices. Retrieved July 3, 2024.","url":"https://www.sygnia.co/threat-reports-and-advisories/china-nexus-threat-group-velvet-ant-exploits-cisco-0-day/","source":"Tidal Cyber","title":"China-Nexus Threat Group ‘Velvet Ant’ Exploits Cisco Zero-Day (CVE-2024-20399) to Compromise Nexus Switch Devices","authors":"Sygnia","date_accessed":"2024-07-03T00:00:00Z","date_published":"2024-07-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d0c6c971-bb20-5d07-82c4-7fa2a2ac341a","created":"2024-07-03T15:42:42.361294Z","modified":"2024-07-03T15:42:42.554580Z"},{"id":"b8405628-6366-5cc9-a9af-b97d5c9176dd","name":"EFF China GitHub Attack","description":"Budington, B. (2015, April 2). China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack. Retrieved September 1, 2023.","url":"https://www.eff.org/deeplinks/2015/04/china-uses-unencrypted-websites-to-hijack-browsers-in-github-attack","source":"MITRE","title":"China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack","authors":"Budington, B","date_accessed":"2023-09-01T00:00:00Z","date_published":"2015-04-02T00:00:00Z","owner_name":null,"tidal_id":"9dcb8c2b-1147-58cf-91f5-f21557b0d57a","created":"2023-11-07T00:36:01.504738Z","modified":"2025-12-17T15:08:36.428617Z"},{"id":"db340043-43a7-4b16-a570-92a0d879b2bf","name":"PaloAlto 3102 Sept 2015","description":"Falcone, R. & Miller-Osborn, J. (2015, September 23). Chinese Actors Use ‘3102’ Malware in Attacks on US Government and EU Media. Retrieved March 19, 2018.","url":"https://researchcenter.paloaltonetworks.com/2015/09/chinese-actors-use-3102-malware-in-attacks-on-us-government-and-eu-media/","source":"MITRE","title":"Chinese Actors Use ‘3102’ Malware in Attacks on US Government and EU Media","authors":"Falcone, R. & Miller-Osborn, J","date_accessed":"2018-03-19T00:00:00Z","date_published":"2015-09-23T00:00:00Z","owner_name":null,"tidal_id":"43198ebb-4f5b-5508-9ba4-6d86c0546603","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419564Z"},{"id":"0e5e4e62-a242-4299-ae88-346aef200858","name":"Unit 42 September 6 2024","description":"Tom Fakterman. (2024, September 6). Chinese APT Abuses VSCode to Target Government in Asia. Retrieved September 6, 2024.","url":"https://unit42.paloaltonetworks.com/stately-taurus-abuses-vscode-southeast-asian-espionage/","source":"Tidal Cyber","title":"Chinese APT Abuses VSCode to Target Government in Asia","authors":"Tom Fakterman","date_accessed":"2024-09-06T00:00:00Z","date_published":"2024-09-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ac247b14-8081-5796-bc4d-246ac46df575","created":"2025-02-03T21:08:27.759526Z","modified":"2025-02-03T21:08:28.050785Z"},{"id":"2157f860-0a64-50a1-b368-be96d5228bf3","name":"Unit42 Chinese VSCode 06 September 2024","description":"Tom Fakterman. (2024, September 6). Chinese APT Abuses VSCode to Target Government in Asia. Retrieved March 24, 2025.","url":"https://unit42.paloaltonetworks.com/stately-taurus-abuses-vscode-southeast-asian-espionage/","source":"MITRE","title":"Chinese APT Abuses VSCode to Target Government in Asia","authors":"Tom Fakterman","date_accessed":"2025-03-24T00:00:00Z","date_published":"2024-09-06T00:00:00Z","owner_name":null,"tidal_id":"5d8706eb-a709-5f6a-9cb7-d34724f1b097","created":"2025-04-22T20:47:15.997058Z","modified":"2025-12-17T15:08:36.431370Z"},{"id":"83e6ab22-1f01-4c9b-90e5-0279af487805","name":"ZScaler Hacking Team","description":"Desai, D.. (2015, August 14). Chinese cyber espionage APT group leveraging recently leaked Hacking Team exploits to target a Financial Services Firm. Retrieved January 26, 2016.","url":"http://research.zscaler.com/2015/08/chinese-cyber-espionage-apt-group.html","source":"MITRE","title":"Chinese cyber espionage APT group leveraging recently leaked Hacking Team exploits to target a Financial Services Firm","authors":"Desai, D.","date_accessed":"2016-01-26T00:00:00Z","date_published":"2015-08-14T00:00:00Z","owner_name":null,"tidal_id":"1d85fb9f-ec56-587f-ade0-88b20927366b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440690Z"},{"id":"47a47a46-5cac-4513-a950-156486ae2eb9","name":"SecurityWeek APT24 November 21 2025","description":"Ionut Arghire. (2025, November 21). Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks. Retrieved November 21, 2025.","url":"https://www.securityweek.com/chinese-cyberspies-deploy-badaudio-malware-via-supply-chain-attacks/","source":"Tidal Cyber","title":"Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks","authors":"Ionut Arghire","date_accessed":"2025-11-21T12:00:00Z","date_published":"2025-11-21T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c047155d-dc65-5c70-9712-815e69d82ea5","created":"2025-12-10T14:13:42.622818Z","modified":"2025-12-10T14:13:43.007451Z"},{"id":"de78446a-cb46-4422-820b-9ddf07557b1a","name":"Hacker News LuckyMouse June 2018","description":"Khandelwal, S. (2018, June 14). Chinese Hackers Carried Out Country-Level Watering Hole Attack. Retrieved August 18, 2018.","url":"https://thehackernews.com/2018/06/chinese-watering-hole-attack.html","source":"MITRE","title":"Chinese Hackers Carried Out Country-Level Watering Hole Attack","authors":"Khandelwal, S","date_accessed":"2018-08-18T00:00:00Z","date_published":"2018-06-14T00:00:00Z","owner_name":null,"tidal_id":"26937985-3949-5f2d-b8ad-3aa55cfaec79","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419031Z"},{"id":"e3949201-c949-4126-9e02-34bfad4713c0","name":"The Hacker News Velvet Ant Cisco July 2 2024","description":"Newsroom. (2024, July 2). Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware. Retrieved July 3, 2024.","url":"https://thehackernews.com/2024/07/chinese-hackers-exploiting-cisco.html","source":"Tidal Cyber","title":"Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware","authors":"Newsroom","date_accessed":"2024-07-03T00:00:00Z","date_published":"2024-07-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f8b158cb-60b2-5bf3-8f6e-849ae4ab2a14","created":"2024-07-03T15:42:41.527246Z","modified":"2024-07-03T15:42:41.859207Z"},{"id":"40774c9c-daca-4ea0-a504-ca73b11e4f29","name":"BleepingComputer Mustang Panda September 9 2024","description":"Bill Toulas. (2024, September 9). Chinese hackers use new data theft malware in govt attacks. Retrieved September 13, 2024.","url":"https://www.bleepingcomputer.com/news/security/chinese-hackers-use-new-data-theft-malware-in-govt-attacks/","source":"Tidal Cyber","title":"Chinese hackers use new data theft malware in govt attacks","authors":"Bill Toulas","date_accessed":"2024-09-13T00:00:00Z","date_published":"2024-09-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"218b90b4-39f4-5296-999d-2d9c739a35fe","created":"2024-09-13T19:19:50.299230Z","modified":"2024-09-13T19:19:50.592315Z"},{"id":"41fc3724-85a0-4ad0-9494-47f89f3b079b","name":"The Record APT31 Router Hacks","description":"Catalin Cimpanu. (2021, July 20). Chinese hacking group APT31 uses mesh of home routers to disguise attacks. Retrieved April 25, 2024.","url":"https://therecord.media/chinese-hacking-group-apt31-uses-mesh-of-home-routers-to-disguise-attacks","source":"Tidal Cyber","title":"Chinese hacking group APT31 uses mesh of home routers to disguise attacks","authors":"Catalin Cimpanu","date_accessed":"2024-04-25T00:00:00Z","date_published":"2021-07-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0fad3fbd-92dc-5587-acf6-60893c77f4c0","created":"2024-04-25T14:10:45.678490Z","modified":"2024-04-25T14:10:45.897622Z"},{"id":"67b5e2ef-21cc-52f6-95c9-88a8cdcbe74e","name":"ORB APT31","description":"Cimpanu, Catalin. (2021, July 20). Chinese hacking group APT31 uses mesh of home routers to disguise attacks. Retrieved July 8, 2024.","url":"https://therecord.media/chinese-hacking-group-apt31-uses-mesh-of-home-routers-to-disguise-attacks","source":"MITRE","title":"Chinese hacking group APT31 uses mesh of home routers to disguise attacks","authors":"Cimpanu, Catalin","date_accessed":"2024-07-08T00:00:00Z","date_published":"2021-07-20T00:00:00Z","owner_name":null,"tidal_id":"eab45b80-b205-582d-9c06-907a8419d292","created":"2024-10-31T16:28:36.448254Z","modified":"2025-12-17T15:08:36.440994Z"},{"id":"c24035b1-2021-44ae-b01e-651e44526737","name":"Dark Reading Codoso Feb 2015","description":"Chickowski, E. (2015, February 10). Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole. Retrieved September 13, 2018.","url":"https://www.darkreading.com/attacks-breaches/chinese-hacking-group-codoso-team-uses-forbescom-as-watering-hole-/d/d-id/1319059","source":"MITRE","title":"Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole","authors":"Chickowski, E","date_accessed":"2018-09-13T00:00:00Z","date_published":"2015-02-10T00:00:00Z","owner_name":null,"tidal_id":"21e7f8b6-49a1-5296-af23-47ee5e84aaf6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438770Z"},{"id":"9ef5e50a-4680-4177-a4aa-b06f5f76c75d","name":"DarkReading Treasury Breach December 30 2024","description":"Becky Bracken. (2024, December 30). Chinese State Hackers Breach US Treasury Department. Retrieved January 6, 2024.","url":"https://www.darkreading.com/cyberattacks-data-breaches/chinese-state-hackers-breach-us-treasury-department","source":"Tidal Cyber","title":"Chinese State Hackers Breach US Treasury Department","authors":"Becky Bracken","date_accessed":"2024-01-06T00:00:00Z","date_published":"2024-12-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"06277377-2d8d-5e5d-9db7-2c61d4726d37","created":"2025-01-06T19:39:12.554264Z","modified":"2025-01-06T19:39:12.768587Z"},{"id":"258433e7-f829-4365-adbb-c5690159070f","name":"Recorded Future TAG-22 July 2021","description":"INSIKT GROUP. (2021, July 8). Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling. Retrieved September 16, 2024.","url":"https://www.recordedfuture.com/research/chinese-group-tag-22-targets-nepal-philippines-taiwan","source":"MITRE","title":"Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling","authors":"INSIKT GROUP","date_accessed":"2024-09-16T00:00:00Z","date_published":"2021-07-08T00:00:00Z","owner_name":null,"tidal_id":"245f7b7d-0cde-5cfb-ba76-b1f43916c444","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437748Z"},{"id":"0809db3b-81a8-475d-920a-cb913b30f42e","name":"Recorded Future Chinese Activity in Southeast Asia December 2021","description":"Insikt Group. (2021, December 8). Chinese State-Sponsored Cyber Espionage Activity Supports Expansion of Regional Power and Influence in Southeast Asia. Retrieved September 19, 2022.","url":"https://go.recordedfuture.com/hubfs/reports/cta-2021-1208.pdf","source":"MITRE","title":"Chinese State-Sponsored Cyber Espionage Activity Supports Expansion of Regional Power and Influence in Southeast Asia","authors":"Insikt Group","date_accessed":"2022-09-19T00:00:00Z","date_published":"2021-12-08T00:00:00Z","owner_name":null,"tidal_id":"5eed6ec8-e88c-5786-8e4a-b878b20868bd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437441Z"},{"id":"e2bc037e-d483-4670-8281-70e51b16effe","name":"Recorded Future REDDELTA July 2020","description":"Insikt Group. (2020, July 28). CHINESE STATE-SPONSORED GROUP ‘REDDELTA’ TARGETS THE VATICAN AND CATHOLIC ORGANIZATIONS. Retrieved April 13, 2021.","url":"https://go.recordedfuture.com/hubfs/reports/cta-2020-0728.pdf","source":"MITRE","title":"CHINESE STATE-SPONSORED GROUP ‘REDDELTA’ TARGETS THE VATICAN AND CATHOLIC ORGANIZATIONS","authors":"Insikt Group","date_accessed":"2021-04-13T00:00:00Z","date_published":"2020-07-28T00:00:00Z","owner_name":null,"tidal_id":"82bcf4aa-9a44-5c99-a287-ed87fc562d5d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438562Z"},{"id":"bd7ef51c-47e1-4322-98fd-5c5a475a0605","name":"Recorded Future RedDelta January 9 2025","description":"Insikt Group. (2025, January 9). Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain. Retrieved January 10, 2025.","url":"https://www.recordedfuture.com/research/reddelta-chinese-state-sponsored-group-targets-mongolia-taiwan-southeast-asia","source":"Tidal Cyber","title":"Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain","authors":"Insikt Group","date_accessed":"2025-01-10T00:00:00Z","date_published":"2025-01-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"cec13b21-bfb8-56cd-b42b-c0b9a2de3911","created":"2025-01-13T21:01:02.039749Z","modified":"2025-01-13T21:01:02.880709Z"},{"id":"47419c14-1c84-5c6a-9feb-b0e98948fd61","name":"Recorded Future RedDelta 2025","description":"Insikt Group. (2025, January 9). Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain. Retrieved January 14, 2025.","url":"https://go.recordedfuture.com/hubfs/reports/cta-cn-2025-0109.pdf","source":"MITRE","title":"Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain","authors":"Insikt Group","date_accessed":"2025-01-14T00:00:00Z","date_published":"2025-01-09T00:00:00Z","owner_name":null,"tidal_id":"6ee31234-ebc9-5ecb-a72e-f0c8f355a2c7","created":"2025-04-22T20:47:21.667430Z","modified":"2025-12-17T15:08:36.438649Z"},{"id":"79a1dd8e-5546-50b2-8c65-983210cd521d","name":"Microsoft Storm-0940","description":"Microsoft Threat Intelligence. (2024, October 31). Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network. Retrieved June 4, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/","source":"MITRE","title":"Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network","authors":"Microsoft Threat Intelligence","date_accessed":"2025-06-04T00:00:00Z","date_published":"2024-10-31T00:00:00Z","owner_name":null,"tidal_id":"757f6650-2906-5b05-84ac-3a9630f815cf","created":"2025-10-29T21:08:48.165973Z","modified":"2025-12-17T15:08:36.430775Z"},{"id":"09651ef7-0052-4ba0-b369-7990de978485","name":"Microsoft Storm-0940 October 31 2024","description":"Microsoft Threat Intelligence. (2024, October 31). Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network. Retrieved January 27, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/","source":"Tidal Cyber","title":"Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network","authors":"Microsoft Threat Intelligence","date_accessed":"2025-01-27T00:00:00Z","date_published":"2024-10-31T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5d5a012f-3051-5a99-a551-1ff8dc49caa4","created":"2025-01-28T15:53:33.313435Z","modified":"2025-01-28T15:53:33.517898Z"},{"id":"47501334-56cb-453b-a9e3-33990d88018b","name":"Github CHIPSEC","description":"Intel. (2017, March 18). CHIPSEC Platform Security Assessment Framework. Retrieved March 20, 2017.","url":"https://github.com/chipsec/chipsec","source":"MITRE","title":"CHIPSEC Platform Security Assessment Framework","authors":"Intel","date_accessed":"2017-03-20T00:00:00Z","date_published":"2017-03-18T00:00:00Z","owner_name":null,"tidal_id":"61f92bec-372e-5490-a265-8abf14563775","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425425Z"},{"id":"b65ed687-c279-4f64-9dd2-839164cd269c","name":"McAfee CHIPSEC Blog","description":"Beek, C., Samani, R. (2017, March 8). CHIPSEC Support Against Vault 7 Disclosure Scanning. Retrieved March 13, 2017.","url":"https://securingtomorrow.mcafee.com/business/chipsec-support-vault-7-disclosure-scanning/","source":"MITRE","title":"CHIPSEC Support Against Vault 7 Disclosure Scanning","authors":"Beek, C., Samani, R","date_accessed":"2017-03-13T00:00:00Z","date_published":"2017-03-08T00:00:00Z","owner_name":null,"tidal_id":"30106666-23d9-5a0e-b6e5-eac6cd00a335","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425404Z"},{"id":"828fb4b9-17a6-4a87-ac2a-631643adb18d","name":"Chkrootkit Main","description":"Murilo, N., Steding-Jessen, K. (2017, August 23). Chkrootkit. Retrieved April 9, 2018.","url":"http://www.chkrootkit.org/","source":"MITRE","title":"Chkrootkit","authors":"Murilo, N., Steding-Jessen, K","date_accessed":"2018-04-09T00:00:00Z","date_published":"2017-08-23T00:00:00Z","owner_name":null,"tidal_id":"86306874-8dc8-5183-b572-6016bf84cd1c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415689Z"},{"id":"0f41244c-ff31-4401-954b-701bfddae458","name":"Wikimedia Foundation Inc. April 27 2002","description":"Wikimedia Foundation Inc.. (2002, April 27). chmod - Wikipedia. Retrieved December 19, 2024.","url":"https://en.wikipedia.org/wiki/Chmod","source":"Tidal Cyber","title":"chmod - Wikipedia","authors":"Wikimedia Foundation Inc.","date_accessed":"2024-12-19T00:00:00Z","date_published":"2002-04-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9126cdbb-438c-5e5e-9c70-2a45127a9832","created":"2025-04-11T15:06:10.963226Z","modified":"2025-04-11T15:06:11.131894Z"},{"id":"b019406c-6e39-41a2-a8b4-97f8d6482147","name":"Azure AD Hybrid Identity","description":"Microsoft. (2022, August 26). Choose the right authentication method for your Azure Active Directory hybrid identity solution. Retrieved September 28, 2022.","url":"https://learn.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn","source":"MITRE","title":"Choose the right authentication method for your Azure Active Directory hybrid identity solution","authors":"Microsoft","date_accessed":"2022-09-28T00:00:00Z","date_published":"2022-08-26T00:00:00Z","owner_name":null,"tidal_id":"b2b1e9a8-2046-5582-98fb-4d9dc4e8bb02","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429718Z"},{"id":"76e804d9-bbc5-5357-ab5e-9cec61fb4b38","name":"Chris Bing May 2018","description":"Chris Bing 2018, May 24 Trisis masterminds have expanded operations to target U.S. industrial firms. Retrieved 2020/01/03","url":"https://www.cyberscoop.com/xenotime-ics-cyber-attacks-trisis-dragos/","source":"ICS","title":"Chris Bing May 2018","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"26d5ba50-1c77-520e-b4fe-4813fe32d81f","created":"2026-01-28T13:08:18.180399Z","modified":"2026-01-28T13:08:18.180402Z"},{"id":"9697f1b0-0034-54ec-b8e9-555b83057d51","name":"Christoph Steitz, Eric Auchard April 2016","description":"Christoph Steitz, Eric Auchard 2016, April 26 German nuclear plant infected with computer viruses, operator says. Retrieved 2019/10/14","url":"https://www.reuters.com/article/us-nuclearpower-cyber-germany/german-nuclear-plant-infected-with-computer-viruses-operator-says-idUSKCN0XN2OS","source":"ICS","title":"Christoph Steitz, Eric Auchard April 2016","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5b91627e-0148-52d4-84b6-b1a1d3825117","created":"2026-01-28T13:08:18.177937Z","modified":"2026-01-28T13:08:18.177940Z"},{"id":"bffc87ac-e51b-47e3-8a9f-547e762e95c2","name":"Red Canary May 25 2022","description":"Aedan Russell. (2022, May 25). ChromeLoader a pushy malvertiser. Retrieved September 26, 2024.","url":"https://redcanary.com/blog/threat-detection/chromeloader/","source":"Tidal Cyber","title":"ChromeLoader a pushy malvertiser","authors":"Aedan Russell","date_accessed":"2024-09-26T00:00:00Z","date_published":"2022-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4fbfe7f9-d8aa-5aec-b62f-f1c5a463e70b","created":"2024-09-27T16:59:17.166767Z","modified":"2024-09-27T16:59:17.665917Z"},{"id":"c1b2d0e9-2396-5080-aea3-58a99c027d20","name":"Chrome Remote Desktop","description":"Huntress. (n.d.). Retrieved March 14, 2024.","url":"https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708","source":"MITRE","title":"Chrome Remote Desktop","authors":"","date_accessed":"2024-03-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7b284acd-dbf8-541d-85d6-f714733454a8","created":"2024-04-25T13:28:33.373834Z","modified":"2025-12-17T15:08:36.428413Z"},{"id":"de2de0a9-17d2-41c2-838b-7850762b80ae","name":"Truesec AB August 30 2024","description":"Simon Hertzberg. (2024, August 30). Cicada 3301 - Ransomware-as-a-Service - Technical Analysis. Retrieved September 4, 2024.","url":"https://www.truesec.com/hub/blog/dissecting-the-cicada","source":"Tidal Cyber","title":"Cicada 3301 - Ransomware-as-a-Service - Technical Analysis","authors":"Simon Hertzberg","date_accessed":"2024-09-04T00:00:00Z","date_published":"2024-08-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"783e17b4-e504-51d3-894f-53743124b592","created":"2024-09-06T15:12:24.302939Z","modified":"2024-09-06T15:12:26.212710Z"},{"id":"0e5018a7-a3c4-5d89-aa08-a4f6e22ba7b2","name":"OWASP CICD-SEC-4","description":"OWASP. (n.d.). CICD-SEC-4: Poisoned Pipeline Execution (PPE). Retrieved May 22, 2025.","url":"https://owasp.org/www-project-top-10-ci-cd-security-risks/CICD-SEC-04-Poisoned-Pipeline-Execution","source":"MITRE","title":"CICD-SEC-4: Poisoned Pipeline Execution (PPE)","authors":"OWASP","date_accessed":"2025-05-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1fa5ad2b-3386-5b33-b68d-3a9112239595","created":"2025-10-29T21:08:48.165582Z","modified":"2025-12-17T15:08:36.425643Z"},{"id":"3c8f87b6-655c-4e3b-ab0b-f626aac2afad","name":"Cipher.exe - LOLBAS Project","description":"LOLBAS. (2024, November 22). Cipher.exe. Retrieved May 19, 2025.","url":"https://lolbas-project.github.io/lolbas/Binaries/Cipher/","source":"Tidal Cyber","title":"Cipher.exe","authors":"LOLBAS","date_accessed":"2025-05-19T00:00:00Z","date_published":"2024-11-22T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b58533fe-57d6-588d-a59c-856e9e35e9b2","created":"2025-05-20T16:19:04.306634Z","modified":"2025-05-20T16:19:04.458304Z"},{"id":"14ca40cd-e672-5385-9f0d-0a68531f428b","name":"cipher.exe","description":"Microsoft Support. (n.d.). Cipher.exe Security Tool for the Encrypting File System. Retrieved February 25, 2025.","url":"https://support.microsoft.com/en-us/topic/cipher-exe-security-tool-for-the-encrypting-file-system-56c85edd-85cf-ac07-f2f7-ca2d35dab7e4","source":"MITRE","title":"Cipher.exe Security Tool for the Encrypting File System","authors":"Microsoft Support","date_accessed":"2025-02-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"36e326d4-aba1-55db-8c4f-6f8cfe363936","created":"2025-04-22T20:47:33.031745Z","modified":"2025-12-17T15:08:36.423450Z"},{"id":"b2a2a477-12e1-501c-9605-d8957a9bb2df","name":"CISA June 2013","description":"CISA 2013, June Risks of Default Passwords on the Internet. Retrieved 2020/09/25","url":"https://us-cert.cisa.gov/ncas/alerts/TA13-175A","source":"ICS","title":"CISA June 2013","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"502d2e72-cce5-5758-9752-33c0c3f80a9b","created":"2026-01-28T13:08:18.179836Z","modified":"2026-01-28T13:08:18.179839Z"},{"id":"cd10a980-830a-5767-887c-09941919b83e","name":"CISA March 2010","description":"CISA 2010, March Securing Wireless Networks. Retrieved 2020/09/17","url":"https://us-cert.cisa.gov/ncas/tips/ST05-003","source":"ICS","title":"CISA March 2010","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b705c1a4-21ef-564f-9806-2f22d4c50983","created":"2026-01-28T13:08:18.175272Z","modified":"2026-01-28T13:08:18.175275Z"},{"id":"2c9a2355-02c5-4718-ad6e-b2fac9ad4096","name":"BleepingComputer Void Banshee September 16 2024","description":"Sergiu Gatlan. (2024, September 20). CISA warns of Windows flaw used in infostealer malware attacks. Retrieved September 19, 2024.","url":"https://www.bleepingcomputer.com/news/security/cisa-warns-of-windows-flaw-used-in-infostealer-malware-attacks/","source":"Tidal Cyber","title":"CISA warns of Windows flaw used in infostealer malware attacks","authors":"Sergiu Gatlan","date_accessed":"2024-09-19T00:00:00Z","date_published":"2024-09-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fa165b5a-5f2a-506c-bd6e-80fe71f6ccef","created":"2024-09-20T15:08:31.903031Z","modified":"2024-09-20T15:08:32.146817Z"},{"id":"11d34884-4559-57ad-8910-54e517c6493e","name":"show_ssh_users_cmd_cisco","description":"Cisco. (2023, March 7). Cisco IOS Security Command Reference: Commands S to Z . Retrieved July 13, 2022.","url":"https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-cr-book/sec-cr-s5.html","source":"MITRE","title":"Cisco IOS Security Command Reference: Commands S to Z","authors":"Cisco","date_accessed":"2022-07-13T00:00:00Z","date_published":"2023-03-07T00:00:00Z","owner_name":null,"tidal_id":"268152c0-6605-5707-a011-ad555fbe146e","created":"2023-05-26T01:21:00.513720Z","modified":"2025-12-17T15:08:36.423963Z"},{"id":"55a45f9b-7be4-4f1b-8b19-a0addf9da8d8","name":"Cisco IOS Shellcode","description":"George Nosenko. (2015). CISCO IOS SHELLCODE: ALL-IN-ONE. Retrieved October 21, 2020.","url":"http://2015.zeronights.org/assets/files/05-Nosenko.pdf","source":"MITRE","title":"CISCO IOS SHELLCODE: ALL-IN-ONE","authors":"George Nosenko","date_accessed":"2020-10-21T00:00:00Z","date_published":"2015-01-01T00:00:00Z","owner_name":null,"tidal_id":"120daecc-954f-5a20-90c1-8b0657f42623","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434973Z"},{"id":"2d1b5021-91ad-43c9-8527-4978fa779168","name":"Cisco IOS Software Integrity Assurance - AAA","description":"Cisco. (n.d.). Cisco IOS Software Integrity Assurance - AAA. Retrieved October 19, 2020.","url":"https://tools.cisco.com/security/center/resources/integrity_assurance.html#38","source":"MITRE","title":"Cisco IOS Software Integrity Assurance - AAA","authors":"Cisco","date_accessed":"2020-10-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e20f4c34-4fbc-502b-997e-1f7a0263b3eb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441768Z"},{"id":"5349863a-00c1-42bf-beac-4e7d053d6311","name":"Cisco IOS Software Integrity Assurance - Boot Information","description":"Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Boot Information. Retrieved October 21, 2020.","url":"https://tools.cisco.com/security/center/resources/integrity_assurance.html#26","source":"MITRE","title":"Cisco IOS Software Integrity Assurance - Boot Information","authors":"Cisco","date_accessed":"2020-10-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"25b3a6a8-5f69-5008-8bb7-8abddf08197b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426639Z"},{"id":"8fb532f2-c730-4b86-b8d2-2314ce559289","name":"Cisco IOS Software Integrity Assurance - Change Control","description":"Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Change Control. Retrieved October 21, 2020.","url":"https://tools.cisco.com/security/center/resources/integrity_assurance.html#31","source":"MITRE","title":"Cisco IOS Software Integrity Assurance - Change Control","authors":"Cisco","date_accessed":"2020-10-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"648ce231-290f-50f3-8b27-b506996484e1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442571Z"},{"id":"f1d736cb-63c1-43e8-a83b-ed86b7c27606","name":"Cisco IOS Software Integrity Assurance - Image File Verification","description":"Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Cisco IOS Image File Verification. Retrieved October 19, 2020.","url":"https://tools.cisco.com/security/center/resources/integrity_assurance.html#7","source":"MITRE","title":"Cisco IOS Software Integrity Assurance - Cisco IOS Image File Verification","authors":"Cisco","date_accessed":"2020-10-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7de4b4f5-858e-5553-82fd-7faae264028f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426620Z"},{"id":"284608ea-3769-470e-950b-cbd67796b20f","name":"Cisco IOS Software Integrity Assurance - Run-Time Memory Verification","description":"Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Cisco IOS Run-Time Memory Integrity Verification. Retrieved October 19, 2020.","url":"https://tools.cisco.com/security/center/resources/integrity_assurance.html#13","source":"MITRE","title":"Cisco IOS Software Integrity Assurance - Cisco IOS Run-Time Memory Integrity Verification","authors":"Cisco","date_accessed":"2020-10-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"25544109-9e2a-5fd8-8f95-fe96ae2e17f0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426627Z"},{"id":"dbca06dd-1184-4d52-9ee8-b059e368033c","name":"Cisco IOS Software Integrity Assurance - Command History","description":"Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Command History. Retrieved October 21, 2020.","url":"https://tools.cisco.com/security/center/resources/integrity_assurance.html#23","source":"MITRE","title":"Cisco IOS Software Integrity Assurance - Command History","authors":"Cisco","date_accessed":"2020-10-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f08293d6-b15d-59f3-97d7-f19c7660adb6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426632Z"},{"id":"9a7428e3-bd77-4c3e-ac90-c4e30d504ba6","name":"Cisco IOS Software Integrity Assurance - Credentials Management","description":"Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Credentials Management. Retrieved October 19, 2020.","url":"https://tools.cisco.com/security/center/resources/integrity_assurance.html#40","source":"MITRE","title":"Cisco IOS Software Integrity Assurance - Credentials Management","authors":"Cisco","date_accessed":"2020-10-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"fdc6c009-b95c-5654-a66f-c66dd1f1a417","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442082Z"},{"id":"71ea5591-6e46-4c58-a4e8-c629eba1b6c5","name":"Cisco IOS Software Integrity Assurance - Deploy Signed IOS","description":"Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Deploy Signed IOS. Retrieved October 21, 2020.","url":"https://tools.cisco.com/security/center/resources/integrity_assurance.html#34","source":"MITRE","title":"Cisco IOS Software Integrity Assurance - Deploy Signed IOS","authors":"Cisco","date_accessed":"2020-10-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"71d31418-068c-5788-9b91-29f2fdaf8078","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442076Z"},{"id":"90909bd4-15e8-48ee-8067-69f04736c583","name":"Cisco IOS Software Integrity Assurance - Image File Integrity","description":"Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Image File Integrity. Retrieved October 21, 2020.","url":"https://tools.cisco.com/security/center/resources/integrity_assurance.html#30","source":"MITRE","title":"Cisco IOS Software Integrity Assurance - Image File Integrity","authors":"Cisco","date_accessed":"2020-10-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f4f11012-e74c-5141-89e6-dd7e50b4da59","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442565Z"},{"id":"4f6f686e-bcda-480a-88a1-ad7b00084c13","name":"Cisco IOS Software Integrity Assurance - Secure Boot","description":"Cisco. (n.d.). Cisco IOS Software Integrity Assurance - Secure Boot. Retrieved October 19, 2020.","url":"https://tools.cisco.com/security/center/resources/integrity_assurance.html#35","source":"MITRE","title":"Cisco IOS Software Integrity Assurance - Secure Boot","authors":"Cisco","date_accessed":"2020-10-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"bbf1956e-6391-5a4a-bf72-6b2268a84b5a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426613Z"},{"id":"54506dc2-6496-4edb-a5bf-fe64bf235ac0","name":"Cisco IOS Software Integrity Assurance - TACACS","description":"Cisco. (n.d.). Cisco IOS Software Integrity Assurance - TACACS. Retrieved October 19, 2020.","url":"https://tools.cisco.com/security/center/resources/integrity_assurance.html#39","source":"MITRE","title":"Cisco IOS Software Integrity Assurance - TACACS","authors":"Cisco","date_accessed":"2020-10-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3d1bef56-688f-5e50-b43b-037cb5632ef2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441293Z"},{"id":"1a5c86ad-d3b1-408b-a6b4-14ca0e572020","name":"Cisco Traffic Mirroring","description":"Cisco. (n.d.). Cisco IOS XR Interface and Hardware Component Configuration Guide for the Cisco CRS Router, Release 5.1.x. Retrieved October 19, 2020.","url":"https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r5-1/interfaces/configuration/guide/hc51xcrsbook/hc51span.html","source":"MITRE","title":"Cisco IOS XR Interface and Hardware Component Configuration Guide for the Cisco CRS Router, Release 5.1.x","authors":"Cisco","date_accessed":"2020-10-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f5054cff-13ac-5b0d-bb63-13a3a891d1d0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431550Z"},{"id":"8cd85b2c-2cee-56f4-a371-e66a2b1f37c2","name":"CISCO Nexus 900 Config","description":"CISCO. (2021, September 14). Cisco Nexus 9000 Series NX-OS Fundamentals Configuration Guide, Release 7.x. Retrieved June 5, 2025.","url":"https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/fundamentals/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Fundamentals_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_Fundamentals_Configuration_Guide_7x_chapter_01000.html","source":"MITRE","title":"Cisco Nexus 9000 Series NX-OS Fundamentals Configuration Guide, Release 7.x","authors":"CISCO","date_accessed":"2025-06-05T00:00:00Z","date_published":"2021-09-14T00:00:00Z","owner_name":null,"tidal_id":"537a3e9c-7a27-575c-a846-8f386d2b5fc2","created":"2025-10-29T21:08:48.165357Z","modified":"2025-12-17T15:08:36.423838Z"},{"id":"143182ad-6a16-5a0d-a5c4-7dae721a9e26","name":"Talos - Cisco Attack 2022","description":"Nick Biasini. (2022, August 10). Cisco Talos shares insights related to recent cyber attack on Cisco. Retrieved March 9, 2023.","url":"https://blog.talosintelligence.com/recent-cyber-attack/","source":"MITRE","title":"Cisco Talos shares insights related to recent cyber attack on Cisco","authors":"Nick Biasini","date_accessed":"2023-03-09T00:00:00Z","date_published":"2022-08-10T00:00:00Z","owner_name":null,"tidal_id":"f601d3b0-58f0-5f9b-9a68-cb94a60c849c","created":"2023-05-26T01:21:09.976995Z","modified":"2025-12-17T15:08:36.435022Z"},{"id":"245ef1b7-778d-4df2-99a9-b51c95c57580","name":"Citrix Bulletin CVE-2023-3519","description":"Citrix. (2023, July 18). Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467. Retrieved July 24, 2023.","url":"https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467","source":"Tidal Cyber","title":"Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467","authors":"Citrix","date_accessed":"2023-07-24T00:00:00Z","date_published":"2023-07-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c9f0658b-ab10-5120-b324-9d5e9d025c04","created":"2023-07-28T16:33:34.090260Z","modified":"2023-07-28T16:33:34.208647Z"},{"id":"fdc86cea-0015-48d1-934f-b22244de6306","name":"Malwarebytes Citrix Bleed November 24 2023","description":"Pieter Arntz. (2023, November 24). Citrix Bleed widely exploited, warn government agencies. Retrieved November 30, 2023.","url":"https://www.malwarebytes.com/blog/news/2023/11/citrix-bleed-widely-exploitated-warn-government-agencies","source":"Tidal Cyber","title":"Citrix Bleed widely exploited, warn government agencies","authors":"Pieter Arntz","date_accessed":"2023-11-30T00:00:00Z","date_published":"2023-11-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"87779336-9b5f-5181-b08c-9cd06b956271","created":"2023-12-01T14:42:09.332029Z","modified":"2023-12-01T14:42:09.469283Z"},{"id":"2d6bea2c-cc19-4ff7-873f-151f1ff354cb","name":"Cyble April 28 2023","description":"Cybleinc. (2023, April 28). Citrix Users at Risk: AresLoader Spreading Through Disguised GitLab Repo. Retrieved May 7, 2023.","url":"https://blog.cyble.com/2023/04/28/citrix-users-at-risk-aresloader-spreading-through-disguised-gitlab-repo/","source":"Tidal Cyber","title":"Citrix Users at Risk: AresLoader Spreading Through Disguised GitLab Repo","authors":"Cybleinc","date_accessed":"2023-05-07T00:00:00Z","date_published":"2023-04-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e16c54ba-4353-5e28-b5a9-b75ac6c361e6","created":"2024-06-13T20:10:10.613870Z","modified":"2024-06-13T20:10:10.809206Z"},{"id":"8c7815c4-ed8d-47c3-84af-b7cdabd49652","name":"Cyble April 03 2023","description":"Cybleinc. (2023, April 3). Cl0p Ransomware: Active Threat Plaguing Businesses Worldwide. Retrieved May 25, 2023.","url":"https://blog.cyble.com/2023/04/03/cl0p-ransomware-active-threat-plaguing-businesses-worldwide/","source":"Tidal Cyber","title":"Cl0p Ransomware: Active Threat Plaguing Businesses Worldwide","authors":"Cybleinc","date_accessed":"2023-05-25T00:00:00Z","date_published":"2023-04-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"489d2876-aa34-5e90-8689-6e19ba4e470e","created":"2024-06-13T20:10:32.627833Z","modified":"2024-06-13T20:10:32.815673Z"},{"id":"51144a8a-0cd4-4d5d-826b-21c2dc8422be","name":"Talent-Jump Clambling February 2020","description":"Chen, T. and Chen, Z. (2020, February 17). CLAMBLING - A New Backdoor Base On Dropbox. Retrieved November 12, 2021.","url":"https://www.talent-jump.com/article/2020/02/17/CLAMBLING-A-New-Backdoor-Base-On-Dropbox-en/","source":"MITRE","title":"CLAMBLING - A New Backdoor Base On Dropbox","authors":"Chen, T. and Chen, Z","date_accessed":"2021-11-12T00:00:00Z","date_published":"2020-02-17T00:00:00Z","owner_name":null,"tidal_id":"f9435b5c-78f8-55fb-ac97-333ac8c6b6f7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440030Z"},{"id":"82500741-984d-4039-8f53-b303845c2849","name":"FireEye Clandestine Fox Part 2","description":"Scott, M.. (2014, June 10). Clandestine Fox, Part Deux. Retrieved January 14, 2016.","url":"https://www.fireeye.com/blog/threat-research/2014/06/clandestine-fox-part-deux.html","source":"MITRE","title":"Clandestine Fox, Part Deux","authors":"Scott, M.","date_accessed":"2016-01-14T00:00:00Z","date_published":"2014-06-10T00:00:00Z","owner_name":null,"tidal_id":"cfb62444-3527-5dc5-9f61-0e89115069d9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418764Z"},{"id":"35944ff0-2bbd-4055-8e8a-cfff27241a8a","name":"Microsoft Clear-EventLog","description":"Microsoft. (n.d.). Clear-EventLog. Retrieved July 2, 2018.","url":"https://docs.microsoft.com/powershell/module/microsoft.powershell.management/clear-eventlog","source":"MITRE","title":"Clear-EventLog","authors":"Microsoft","date_accessed":"2018-07-02T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"725a29bc-550a-54d9-8d46-b215091c98c6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430434Z"},{"id":"4115ab53-751c-4016-9151-a55eab7d6ddf","name":"Clearing quarantine attribute","description":"Rich Trouton. (2012, November 20). Clearing the quarantine extended attribute from downloaded applications. Retrieved July 5, 2017.","url":"https://derflounder.wordpress.com/2012/11/20/clearing-the-quarantine-extended-attribute-from-downloaded-applications/","source":"MITRE","title":"Clearing the quarantine extended attribute from downloaded applications","authors":"Rich Trouton","date_accessed":"2017-07-05T00:00:00Z","date_published":"2012-11-20T00:00:00Z","owner_name":null,"tidal_id":"a7b0eba5-e84c-5cd4-abb6-2384cd0890ff","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431098Z"},{"id":"833c22ac-4f65-521a-9eda-8d22e255577e","name":"Huntress NPPSPY 2022","description":"Dray Agha. (2022, August 16). Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY. Retrieved May 17, 2024.","url":"https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy","source":"MITRE","title":"Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY","authors":"Dray Agha","date_accessed":"2024-05-17T00:00:00Z","date_published":"2022-08-16T00:00:00Z","owner_name":null,"tidal_id":"02c4a33f-8704-5f97-802e-4fbab3dd379a","created":"2024-10-31T16:28:37.331428Z","modified":"2025-12-17T15:08:36.422692Z"},{"id":"df1f7379-38c3-5ca9-8333-d684022c000c","name":"NPPSPY - Huntress","description":"Dray Agha. (2022, August 16). Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY. Retrieved March 30, 2023.","url":"https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy","source":"MITRE","title":"Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY","authors":"Dray Agha","date_accessed":"2023-03-30T00:00:00Z","date_published":"2022-08-16T00:00:00Z","owner_name":null,"tidal_id":"32a5a024-9ce9-57b0-8084-4119e9d5403c","created":"2023-05-26T01:21:08.148582Z","modified":"2025-12-17T15:08:36.432540Z"},{"id":"3fc33142-b596-46e9-b829-5c62734cdc3e","name":"Binary Defense December 10 2024","description":"John Dwyer. (2024, December 10). Cleo MFT Mass Exploitation Payload Analysis . Retrieved December 13, 2024.","url":"https://www.binarydefense.com/resources/blog/cleo-mft-mass-exploitation-payload-analysis/","source":"Tidal Cyber","title":"Cleo MFT Mass Exploitation Payload Analysis","authors":"John Dwyer","date_accessed":"2024-12-13T00:00:00Z","date_published":"2024-12-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7c21bc72-bed8-5ab2-a087-dae860053447","created":"2024-12-17T14:33:53.433918Z","modified":"2024-12-17T14:33:53.548319Z"},{"id":"7b450552-7407-4cf1-9bd8-7e04ca683d0f","name":"Arctic Wolf Networks December 12 2024","description":"Stefan Hostetler; Julian Tuin; Aaron Diaz; Jon Grimm; Cole Bosma. (2024, December 12). Cleopatra's Shadow A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software - Arctic Wolf. Retrieved December 23, 2024.","url":"https://arcticwolf.com/resources/blog/cleopatras-shadow-a-mass-exploitation-campaign/","source":"Tidal Cyber","title":"Cleopatra's Shadow A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software - Arctic Wolf","authors":"Stefan Hostetler; Julian Tuin; Aaron Diaz; Jon Grimm; Cole Bosma","date_accessed":"2024-12-23T00:00:00Z","date_published":"2024-12-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"74356a1e-3198-5e59-bd71-a281dd0cc44a","created":"2024-12-23T16:08:14.978341Z","modified":"2024-12-23T16:08:15.575631Z"},{"id":"23f0739f-9245-4585-98c3-d0a89bb163a4","name":"Www.huntress.com December 1 2024","description":"Team Huntress. (2024, December 1). Cleo Software Actively Being Exploited in the Wild CVE-2024-50623 . Retrieved December 11, 2024.","url":"https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild","source":"Tidal Cyber","title":"Cleo Software Actively Being Exploited in the Wild CVE-2024-50623","authors":"Team Huntress","date_accessed":"2024-12-11T00:00:00Z","date_published":"2024-12-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"24614f7d-570d-5c87-a8b6-873afdb73d80","created":"2024-12-17T14:33:52.918872Z","modified":"2024-12-17T14:33:53.192638Z"},{"id":"3fc9f3dd-3c22-4a40-951c-4c52058d2b86","name":"www.huntress.com December 1 2024","description":"Team Huntress. (2024, December 1). Cleo Software Actively Being Exploited in the Wild CVE-2024-50623. Retrieved December 11, 2024.","url":"https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild","source":"Tidal Cyber","title":"Cleo Software Actively Being Exploited in the Wild CVE-2024-50623","authors":"Team Huntress","date_accessed":"2024-12-11T12:00:00Z","date_published":"2024-12-01T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"22dec444-4846-5792-9a7b-93ff31ff9a8f","created":"2026-01-23T20:29:32.985189Z","modified":"2026-01-23T20:29:33.134486Z"},{"id":"5e5c02cf-02fe-591a-b597-778999ab31c4","name":"Microsoft Learn ClickOnce and Authenticode","description":"Microsoft. (2023, March 9). ClickOnce and Authenticode. Retrieved September 9, 2024.","url":"https://learn.microsoft.com/en-us/visualstudio/deployment/clickonce-and-authenticode?view=vs-2022","source":"MITRE","title":"ClickOnce and Authenticode","authors":"Microsoft","date_accessed":"2024-09-09T00:00:00Z","date_published":"2023-03-09T00:00:00Z","owner_name":null,"tidal_id":"b1a19e32-f233-58f5-a363-edb2bdf4207a","created":"2024-10-31T16:28:38.448936Z","modified":"2025-12-17T15:08:36.442931Z"},{"id":"5a1b4ee9-1c22-5f12-9fd9-723cc0055f4b","name":"Burke/CISA ClickOnce BlackHat","description":"William Joseph Burke III. (2019, August 7). CLICKONCE AND YOU’RE IN: When .appref-ms abuse is operating as intended. Retrieved September 9, 2024.","url":"https://i.blackhat.com/USA-19/Wednesday/us-19-Burke-ClickOnce-And-Youre-In-When-Appref-Ms-Abuse-Is-Operating-As-Intended.pdf?_gl=1*16njas6*_gcl_au*NjAyMzkzMjc3LjE3MjQ4MDk4OTQ.*_ga*MTk5OTA3ODkwMC4xNzI0ODA5ODk0*_ga_K4JK67TFYV*MTcyNDgwOTg5NC4xLjEuMTcyNDgwOTk1Ny4wLjAuMA..&_ga=2.253743689.1512103758.1724809895-1999078900.1724809894","source":"MITRE","title":"CLICKONCE AND YOU’RE IN: When .appref-ms abuse is operating as intended","authors":"William Joseph Burke III","date_accessed":"2024-09-09T00:00:00Z","date_published":"2019-08-07T00:00:00Z","owner_name":null,"tidal_id":"7408c3d8-7f93-5260-b20b-f36bc4a0bd0b","created":"2024-10-31T16:28:25.735082Z","modified":"2025-12-17T15:08:36.434786Z"},{"id":"2e91b430-81e7-54e1-8e8c-763f71146e0c","name":"Microsoft Learn ClickOnce","description":"Microsoft. (2023, September 14). ClickOnce security and deployment. Retrieved September 9, 2024.","url":"https://learn.microsoft.com/en-us/visualstudio/deployment/clickonce-security-and-deployment?view=vs-2022","source":"MITRE","title":"ClickOnce security and deployment","authors":"Microsoft","date_accessed":"2024-09-09T00:00:00Z","date_published":"2023-09-14T00:00:00Z","owner_name":null,"tidal_id":"8c5933eb-43b5-557f-85b8-3f6e77c6ae3e","created":"2024-10-31T16:28:25.706465Z","modified":"2025-12-17T15:08:36.434761Z"},{"id":"33effb32-5c39-4bde-953d-12dc7be4db07","name":"NCC Group Everest Ransomware July 13 2022","description":"Michael Mullen, Nikolaos Pantazopoulos. (2022, July 13). Climbing Mount Everest: Black-Byte Bytes Back?. Retrieved June 9, 2025.","url":"https://research.nccgroup.com/2022/07/13/climbing-mount-everest-black-byte-bytes-back/","source":"Tidal Cyber","title":"Climbing Mount Everest: Black-Byte Bytes Back?","authors":"Michael Mullen, Nikolaos Pantazopoulos","date_accessed":"2025-06-09T00:00:00Z","date_published":"2022-07-13T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2da22a52-3954-5f2a-b166-98c96ccd8e2d","created":"2025-06-10T15:50:18.413249Z","modified":"2025-06-10T15:50:18.616745Z"},{"id":"a53e093a-973c-491d-91e3-bc7804d87b8b","name":"CL_Invocation.ps1 - LOLBAS Project","description":"LOLBAS. (2018, May 25). CL_Invocation.ps1. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Scripts/Cl_invocation/","source":"Tidal Cyber","title":"CL_Invocation.ps1","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"87638611-11f9-50aa-9b47-b76508d13361","created":"2024-01-12T14:47:37.177057Z","modified":"2024-01-12T14:47:37.349348Z"},{"id":"8a961fa1-def0-5efe-8599-62e884d4ea22","name":"clip_win_server","description":"Microsoft, JasonGerend, et al. (2023, February 3). clip. Retrieved June 21, 2022.","url":"https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/clip","source":"MITRE","title":"clip","authors":"Microsoft, JasonGerend, et al","date_accessed":"2022-06-21T00:00:00Z","date_published":"2023-02-03T00:00:00Z","owner_name":null,"tidal_id":"faf2cbb4-e468-587c-a8dd-792c950a9344","created":"2023-05-26T01:21:03.595586Z","modified":"2025-12-17T15:08:36.427129Z"},{"id":"f08a856d-6c3e-49e2-b7ba-399831c637e5","name":"Red Canary Silver Sparrow Feb2021","description":"Tony Lambert. (2021, February 18). Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight. Retrieved April 20, 2021.","url":"https://redcanary.com/blog/clipping-silver-sparrows-wings/","source":"MITRE","title":"Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight","authors":"Tony Lambert","date_accessed":"2021-04-20T00:00:00Z","date_published":"2021-02-18T00:00:00Z","owner_name":null,"tidal_id":"3f023ee0-bc15-5830-8794-2264505db61a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424898Z"},{"id":"31a14027-1181-49b9-87bf-78a65a551312","name":"CL_LoadAssembly.ps1 - LOLBAS Project","description":"LOLBAS. (2021, September 26). CL_LoadAssembly.ps1. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Scripts/CL_LoadAssembly/","source":"Tidal Cyber","title":"CL_LoadAssembly.ps1","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-09-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2a685fe4-0d1f-5fbd-babb-7070bc08b677","created":"2024-01-12T14:47:36.450419Z","modified":"2024-01-12T14:47:36.629458Z"},{"id":"75b89502-21ed-4920-95cc-212eaf17f281","name":"CL_Mutexverifiers.ps1 - LOLBAS Project","description":"LOLBAS. (2018, May 25). CL_Mutexverifiers.ps1. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Scripts/CL_mutexverifiers/","source":"Tidal Cyber","title":"CL_Mutexverifiers.ps1","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"26057719-4bce-5f4f-92be-8d2f72758f93","created":"2024-01-12T14:47:36.814116Z","modified":"2024-01-12T14:47:36.989076Z"},{"id":"6eddf1ee-1afc-5ab3-8af8-261480a31efe","name":"Cloak and Dagger","description":"Fratantonio, Y., et al. (2017). Cloak & Dagger. Retrieved September","url":"http://cloak-and-dagger.org/","source":"Mobile","title":"Cloak & Dagger","authors":"Fratantonio, Y., et al","date_accessed":"1978-09-01T00:00:00Z","date_published":"2017-01-01T00:00:00Z","owner_name":null,"tidal_id":"39179f13-137e-5420-b5a9-f766c6e4e82e","created":"2026-01-28T13:08:10.043647Z","modified":"2026-01-28T13:08:10.043650Z"},{"id":"6dcd59f6-135b-497a-a277-ddc6c77c53ee","name":"Google Cloud June 18 2024","description":"Mandiant. (2024, June 18). Cloaked and Covert Uncovering UNC3886 Espionage Operations . Retrieved June 25, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations/","source":"Tidal Cyber","title":"Cloaked and Covert Uncovering UNC3886 Espionage Operations","authors":"Mandiant","date_accessed":"2024-06-25T00:00:00Z","date_published":"2024-06-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"43a1510a-de51-5d33-9b03-26b002096734","created":"2025-04-11T15:06:01.676238Z","modified":"2025-04-11T15:06:01.890689Z"},{"id":"77b32efe-b936-5541-b0fb-aa442a7d11b7","name":"Google Cloud Mandiant UNC3886 2024","description":"Punsaen Boonyakarn, Shawn Chew, Logeswaran Nadarajan, Mathew Potaczek, Jakub Jozwiak, and Alex Marvi. (2024, June 18). Cloaked and Covert: Uncovering UNC3886 Espionage Operations. Retrieved September 24, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations","source":"MITRE","title":"Cloaked and Covert: Uncovering UNC3886 Espionage Operations","authors":"Punsaen Boonyakarn, Shawn Chew, Logeswaran Nadarajan, Mathew Potaczek, Jakub Jozwiak, and Alex Marvi","date_accessed":"2024-09-24T00:00:00Z","date_published":"2024-06-18T00:00:00Z","owner_name":null,"tidal_id":"fad8a2b0-3e2c-5949-94b8-cacff9309035","created":"2024-10-31T16:28:19.609422Z","modified":"2025-12-17T15:08:36.416868Z"},{"id":"dc31e537-b5d8-40ad-b1f6-2fed76a8a87f","name":"Halcyon Cloak Ransomware December 12 2024","description":"Halcyon RISE Team. (2024, December 12). Cloak Ransomware Variant Exhibits Advanced Persistence, Evasion and VHD Extraction Capabilities. Retrieved January 20, 2026.","url":"https://www.halcyon.ai/blog/cloak-ransomware-variant-exhibits-advanced-persistence-evasion-and-vhd-extraction-capabilities","source":"Tidal Cyber","title":"Cloak Ransomware Variant Exhibits Advanced Persistence, Evasion and VHD Extraction Capabilities","authors":"Halcyon RISE Team","date_accessed":"2026-01-20T12:00:00Z","date_published":"2024-12-12T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"af97d5b7-9d41-5e8a-a465-84a39a072c93","created":"2026-01-23T20:29:40.133594Z","modified":"2026-01-23T20:29:40.285549Z"},{"id":"458141bd-7dd2-41fd-82e8-7ea2e4a477ab","name":"Mcafee Clop Aug 2019","description":"Mundo, A. (2019, August 1). Clop Ransomware. Retrieved May 10, 2021.","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clop-ransomware/","source":"MITRE","title":"Clop Ransomware","authors":"Mundo, A","date_accessed":"2021-05-10T00:00:00Z","date_published":"2019-08-01T00:00:00Z","owner_name":null,"tidal_id":"ecafffe3-af0c-5781-8f73-200afd54e92e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421554Z"},{"id":"f54d682d-100e-41bb-96be-6a79ea422066","name":"Cybereason Clop Dec 2020","description":"Cybereason Nocturnus. (2020, December 23). Cybereason vs. Clop Ransomware. Retrieved May 11, 2021.","url":"https://www.cybereason.com/blog/cybereason-vs.-clop-ransomware","source":"MITRE","title":"Clop Ransomware","authors":"Cybereason Nocturnus. (2020, December 23)","date_accessed":"2021-05-11T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b17b2b89-8a98-55dd-a06e-a9739624641d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421560Z"},{"id":"ccfa7e78-1ee9-4d46-9f03-137eb12cf474","name":"Bleeping Computer Clop February 2023","description":"Sergiu Gatlan. (2023, February 10). Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day. Retrieved May 8, 2023.","url":"https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-it-breached-130-orgs-using-goanywhere-zero-day/","source":"Tidal Cyber","title":"Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day","authors":"Sergiu Gatlan","date_accessed":"2023-05-08T00:00:00Z","date_published":"2023-02-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"88c30631-ab59-5693-b27f-a753ba00e3c2","created":"2024-06-13T20:10:19.543209Z","modified":"2024-06-13T20:10:19.734213Z"},{"id":"41a9b3e3-0953-4bde-9e1d-c2f51de1120e","name":"Kaspersky Cloud Atlas December 2014","description":"GReAT. (2014, December 10). Cloud Atlas: RedOctober APT is back in style. Retrieved May 8, 2020.","url":"https://securelist.com/cloud-atlas-redoctober-apt-is-back-in-style/68083/","source":"MITRE","title":"Cloud Atlas: RedOctober APT is back in style","authors":"GReAT","date_accessed":"2020-05-08T00:00:00Z","date_published":"2014-12-10T00:00:00Z","owner_name":null,"tidal_id":"b25be6dc-c619-58fa-899d-cffac17965d8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437721Z"},{"id":"f2e74613-f578-4408-bc76-144ec671808b","name":"Kandji 4 8 2024","description":"Adam Kohler; Christopher Lopez. (2024, April 8). CloudChat Infostealer How It Works, What It Does. Retrieved April 19, 2024.","url":"https://blog.kandji.io/cloudchat-infostealer","source":"Tidal Cyber","title":"CloudChat Infostealer How It Works, What It Does","authors":"Adam Kohler; Christopher Lopez","date_accessed":"2024-04-19T00:00:00Z","date_published":"2024-04-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"15f65401-e43f-5aa4-ae61-c3f8f28d9ff2","created":"2024-06-13T20:10:59.308385Z","modified":"2024-06-13T20:10:59.503332Z"},{"id":"ac31b781-dbe4-49c2-b7af-dfb23d435ce8","name":"Rhino Labs Cloud Backdoor September 2019","description":"Rhino Labs. (2019, September). Cloud Container Attack Tool (CCAT). Retrieved September 12, 2019.","url":"https://github.com/RhinoSecurityLabs/ccat","source":"MITRE","title":"Cloud Container Attack Tool (CCAT)","authors":"Rhino Labs","date_accessed":"2019-09-12T00:00:00Z","date_published":"2019-09-01T00:00:00Z","owner_name":null,"tidal_id":"7bf2dccb-795b-5e21-a68b-5fb2c594ea46","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429368Z"},{"id":"5fe51b4e-9b82-4e97-bb65-73708349538a","name":"Google Cloud Storage","description":"Google. (n.d.). Cloud Storage. Retrieved October 13, 2021.","url":"https://cloud.google.com/storage","source":"MITRE","title":"Cloud Storage","authors":"Google","date_accessed":"2021-10-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"008ee791-5333-52c5-aced-d7f83ecd0ead","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437097Z"},{"id":"dddf33ea-d074-4bc4-98d2-39b7e843e37d","name":"Office 265 Azure Domain Availability","description":"Microsoft. (2017, January 23). (Cloud) Tip of the Day: Advanced way to check domain availability for Office 365 and Azure. Retrieved May 27, 2022.","url":"https://docs.microsoft.com/en-us/archive/blogs/tip_of_the_day/cloud-tip-of-the-day-advanced-way-to-check-domain-availability-for-office-365-and-azure","source":"MITRE","title":"(Cloud) Tip of the Day: Advanced way to check domain availability for Office 365 and Azure","authors":"Microsoft","date_accessed":"2022-05-27T00:00:00Z","date_published":"2017-01-23T00:00:00Z","owner_name":null,"tidal_id":"3964bfbf-a73c-5ad3-a436-68c92999aa58","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435726Z"},{"id":"08efef52-40f6-5c76-a1b6-76ac1b7f423b","name":"Datadog S3 Lifecycle CloudTrail Logs","description":"Stratus Red Team. (n.d.). CloudTrail Logs Impairment Through S3 Lifecycle Rule. Retrieved September 25, 2024.","url":"https://stratus-red-team.cloud/attack-techniques/AWS/aws.defense-evasion.cloudtrail-lifecycle-rule/","source":"MITRE","title":"CloudTrail Logs Impairment Through S3 Lifecycle Rule","authors":"Stratus Red Team","date_accessed":"2024-09-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"26029dab-b2f2-5dc9-9344-8bea34aa9be3","created":"2024-10-31T16:28:16.760918Z","modified":"2025-12-17T15:08:36.425007Z"},{"id":"a9835fe9-8227-5310-a728-1d09f19342b3","name":"Mandiant Cloudy Logs 2023","description":"Pany, D. & Hanley, C. (2023, May 3). Cloudy with a Chance of Bad Logs: Cloud Platform Log Configurations to Consider in Investigations. Retrieved October 16, 2023.","url":"https://www.mandiant.com/resources/blog/cloud-bad-log-configurations","source":"MITRE","title":"Cloudy with a Chance of Bad Logs: Cloud Platform Log Configurations to Consider in Investigations","authors":"Pany, D. & Hanley, C","date_accessed":"2023-10-16T00:00:00Z","date_published":"2023-05-03T00:00:00Z","owner_name":null,"tidal_id":"5f4bc8e0-f587-5eb1-ac1e-c003f8781793","created":"2023-11-07T00:36:19.757341Z","modified":"2025-12-17T15:08:36.442339Z"},{"id":"239bb629-2733-4da3-87c2-47a7ab55433f","name":"win_clsid_key","description":"Microsoft. (2018, May 31). CLSID Key. Retrieved September 24, 2021.","url":"https://docs.microsoft.com/en-us/windows/win32/com/clsid-key-hklm","source":"MITRE","title":"CLSID Key","authors":"Microsoft","date_accessed":"2021-09-24T00:00:00Z","date_published":"2018-05-31T00:00:00Z","owner_name":null,"tidal_id":"f08e9a7e-da1f-555c-8560-50637bc8bdc8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436924Z"},{"id":"6c5f2465-1db3-46cc-8d2a-9763c21aa8cc","name":"Kube Cluster Admin","description":"kubernetes. (2021, January 16). Cluster Administration. Retrieved October 13, 2021.","url":"https://kubernetes.io/docs/concepts/cluster-administration/","source":"MITRE","title":"Cluster Administration","authors":"kubernetes","date_accessed":"2021-10-13T00:00:00Z","date_published":"2021-01-16T00:00:00Z","owner_name":null,"tidal_id":"09f0f4a1-96a7-5d88-85de-c0603bfc2afa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437225Z"},{"id":"0f8b5d79-2393-45a2-b6d4-df394e513e39","name":"Kube Cluster Info","description":"kubernetes. (n.d.). cluster-info. Retrieved October 13, 2021.","url":"https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#cluster-info","source":"MITRE","title":"cluster-info","authors":"kubernetes","date_accessed":"2021-10-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"98b0bd8b-3af4-5f6b-9989-234996e7a98c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437231Z"},{"id":"dbfc01fe-c300-4c27-ab9a-a20508c1e04b","name":"TechNet Cmd","description":"Microsoft. (n.d.). Cmd. Retrieved April 18, 2016.","url":"https://technet.microsoft.com/en-us/library/bb490880.aspx","source":"MITRE","title":"Cmd","authors":"Microsoft","date_accessed":"2016-04-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"fd3429b1-2c72-58bc-9d3b-f871c40db99c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423312Z"},{"id":"887aa9af-3f0e-42bb-8c40-39149f34b922","name":"Cmd.exe - LOLBAS Project","description":"LOLBAS. (2019, June 26). Cmd.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Cmd/","source":"Tidal Cyber","title":"Cmd.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2019-06-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0adf49f0-9bce-517b-87df-be48e9515809","created":"2024-01-12T14:46:33.627377Z","modified":"2024-01-12T14:46:33.807659Z"},{"id":"c9ca075a-8327-463d-96ec-adddf6f1a7bb","name":"Cmdkey.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Cmdkey.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Cmdkey/","source":"Tidal Cyber","title":"Cmdkey.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5a92163a-759f-513d-aab7-6a3b8cffa29f","created":"2024-01-12T14:46:33.989633Z","modified":"2024-01-12T14:46:34.192906Z"},{"id":"2628e452-caa1-4058-a405-7c4657fa3245","name":"cmdl32.exe - LOLBAS Project","description":"LOLBAS. (2021, August 26). cmdl32.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Cmdl32/","source":"Tidal Cyber","title":"cmdl32.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-08-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"35ea5778-6f75-5192-8a98-87dcd53fa16d","created":"2024-01-12T14:46:34.367011Z","modified":"2024-01-12T14:46:34.555089Z"},{"id":"86c21dcd-464a-4870-8aae-25fcaccc889d","name":"Cmstp.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Cmstp.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Cmstp/","source":"Tidal Cyber","title":"Cmstp.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"db2f2cf2-1257-5a20-b2f1-e4710df85fe3","created":"2024-01-12T14:46:34.729325Z","modified":"2024-01-12T14:46:34.919145Z"},{"id":"3847149c-1463-4d94-be19-0a8cf1db0b58","name":"Twitter CMSTP Jan 2018","description":"Tyrer, N. (2018, January 30). CMSTP.exe - remote .sct execution applocker bypass. Retrieved September 12, 2024.","url":"https://x.com/NickTyrer/status/958450014111633408","source":"MITRE","title":"CMSTP.exe - remote .sct execution applocker bypass","authors":"Tyrer, N","date_accessed":"2024-09-12T00:00:00Z","date_published":"2018-01-30T00:00:00Z","owner_name":null,"tidal_id":"2be70248-6646-575d-8702-11cf3fbb078e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429209Z"},{"id":"45815e4d-d678-4823-8315-583893e263e6","name":"Secureworks COBALT DICKENS September 2019","description":"Counter Threat Unit Research Team. (2019, September 11). COBALT DICKENS Goes Back to School…Again. Retrieved February 3, 2021.","url":"https://www.secureworks.com/blog/cobalt-dickens-goes-back-to-school-again","source":"MITRE","title":"COBALT DICKENS Goes Back to School…Again","authors":"Counter Threat Unit Research Team","date_accessed":"2021-02-03T00:00:00Z","date_published":"2019-09-11T00:00:00Z","owner_name":null,"tidal_id":"448c6093-0e89-51ce-83ca-a74131b5c518","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439489Z"},{"id":"0a0bdd4b-a680-4a38-967d-3ad92f04d619","name":"Morphisec Cobalt Gang Oct 2018","description":"Gorelik, M. (2018, October 08). Cobalt Group 2.0. Retrieved November 5, 2018.","url":"https://blog.morphisec.com/cobalt-gang-2.0","source":"MITRE","title":"Cobalt Group 2.0","authors":"Gorelik, M","date_accessed":"2018-11-05T00:00:00Z","date_published":"2018-10-08T00:00:00Z","owner_name":null,"tidal_id":"493aed12-7f00-5c8b-bdff-1827f0422454","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438173Z"},{"id":"f1c21834-7536-430b-8539-e68373718b4d","name":"Secureworks COBALT GYPSY Threat Profile","description":"Secureworks. (n.d.). COBALT GYPSY Threat Profile. Retrieved April 14, 2021.","url":"https://www.secureworks.com/research/threat-profiles/cobalt-gypsy","source":"MITRE","title":"COBALT GYPSY Threat Profile","authors":"Secureworks","date_accessed":"2021-04-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"dc448e7c-263d-58f1-9940-15fc4f0eb931","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437512Z"},{"id":"8d9a5b77-2516-4ad5-9710-4c8165df2882","name":"Secureworks COBALT ILLUSION Threat Profile","description":"Secureworks. (n.d.). COBALT ILLUSION Threat Profile. Retrieved April 14, 2021.","url":"https://www.secureworks.com/research/threat-profiles/cobalt-illusion","source":"MITRE","title":"COBALT ILLUSION Threat Profile","authors":"Secureworks","date_accessed":"2021-04-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"082084e8-321f-5a03-b576-82b73cc37821","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438088Z"},{"id":"2de4d38f-c99d-4149-89e6-0349a4902aa2","name":"PTSecurity Cobalt Dec 2016","description":"Positive Technologies. (2016, December 16). Cobalt Snatch. Retrieved October 9, 2018.","url":"https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-Snatch-eng.pdf","source":"MITRE","title":"Cobalt Snatch","authors":"Positive Technologies","date_accessed":"2018-10-09T00:00:00Z","date_published":"2016-12-16T00:00:00Z","owner_name":null,"tidal_id":"a5d3d54b-51b8-56f1-ad68-de3dd997c17d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435849Z"},{"id":"056ef3cd-885d-41d6-9547-a2a575b03662","name":"CobaltStrike Daddy May 2017","description":"Mudge, R. (2017, May 23). Cobalt Strike 3.8 – Who’s Your Daddy?. Retrieved June 4, 2019.","url":"https://blog.cobaltstrike.com/2017/05/23/cobalt-strike-3-8-whos-your-daddy/","source":"MITRE","title":"Cobalt Strike 3.8 – Who’s Your Daddy?","authors":"Mudge, R","date_accessed":"2019-06-04T00:00:00Z","date_published":"2017-05-23T00:00:00Z","owner_name":null,"tidal_id":"b64845ef-7b28-5491-bc05-627263f435e5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440422Z"},{"id":"eb7abdb2-b270-46ae-a950-5a93d09b3565","name":"Cobalt Strike Manual 4.3 November 2020","description":"Strategic Cyber LLC. (2020, November 5). Cobalt Strike: Advanced Threat Tactics for Penetration Testers. Retrieved April 13, 2021.","url":"https://web.archive.org/web/20210708035426/https://www.cobaltstrike.com/downloads/csmanual43.pdf","source":"MITRE","title":"Cobalt Strike: Advanced Threat Tactics for Penetration Testers","authors":"Strategic Cyber LLC","date_accessed":"2021-04-13T00:00:00Z","date_published":"2020-11-05T00:00:00Z","owner_name":null,"tidal_id":"c3817d47-289a-599d-867a-9f575020b826","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439639Z"},{"id":"49cf201e-d3da-5ba9-98df-edc50514a612","name":"Malleable-C2-U42","description":"Chris Navarrete Durgesh Sangvikar Andrew Guan Yu Fu Yanhui Jia Siddhart Shibiraj. (2022, March 16). Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect. Retrieved September 24, 2024.","url":"https://unit42.paloaltonetworks.com/cobalt-strike-malleable-c2-profile/","source":"MITRE","title":"Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect","authors":"Chris Navarrete Durgesh Sangvikar Andrew Guan Yu Fu Yanhui Jia Siddhart Shibiraj","date_accessed":"2024-09-24T00:00:00Z","date_published":"2022-03-16T00:00:00Z","owner_name":null,"tidal_id":"ebd312b7-a7a7-5e7e-a6c9-9290961ddec1","created":"2024-10-31T16:28:25.344037Z","modified":"2025-12-17T15:08:36.434366Z"},{"id":"43277d05-0aa4-4cee-ac41-6f03a49851a9","name":"cobaltstrike manual","description":"Strategic Cyber LLC. (2017, March 14). Cobalt Strike Manual. Retrieved May 24, 2017.","url":"https://web.archive.org/web/20210825130434/https://cobaltstrike.com/downloads/csmanual38.pdf","source":"MITRE","title":"Cobalt Strike Manual","authors":"Strategic Cyber LLC","date_accessed":"2017-05-24T00:00:00Z","date_published":"2017-03-14T00:00:00Z","owner_name":null,"tidal_id":"3c168939-2f3c-5ab2-850e-0b7a16546605","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420962Z"},{"id":"81847e06-fea0-4d90-8a9e-5bc99a2bf3f0","name":"TrendMicro Cobalt Group Nov 2017","description":"Giagone, R., Bermejo, L., and Yarochkin, F. (2017, November 20). Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks. Retrieved March 7, 2019.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/","source":"MITRE","title":"Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks","authors":"Giagone, R., Bermejo, L., and Yarochkin, F","date_accessed":"2019-03-07T00:00:00Z","date_published":"2017-11-20T00:00:00Z","owner_name":null,"tidal_id":"88c2e7c3-0ab5-5050-965c-e49877e6fc34","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431013Z"},{"id":"f4ce1b4d-4f01-4083-8bc6-931cbac9ac38","name":"PTSecurity Cobalt Group Aug 2017","description":"Positive Technologies. (2017, August 16). Cobalt Strikes Back: An Evolving Multinational Threat to Finance. Retrieved September 5, 2018.","url":"https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-2017-eng.pdf","source":"MITRE, Tidal Cyber","title":"Cobalt Strikes Back: An Evolving Multinational Threat to Finance","authors":"Positive Technologies","date_accessed":"2018-09-05T00:00:00Z","date_published":"2017-08-16T00:00:00Z","owner_name":null,"tidal_id":"cb97408b-34f1-5c63-86cc-588b372a7e7f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.278815Z"},{"id":"46541bb9-15cb-4a7c-a624-48a1c7e838e3","name":"Zscaler Cobian Aug 2017","description":"Yadav, A., et al. (2017, August 31). Cobian RAT – A backdoored RAT. Retrieved November 13, 2018.","url":"https://www.zscaler.com/blogs/research/cobian-rat-backdoored-rat","source":"MITRE","title":"Cobian RAT – A backdoored RAT","authors":"Yadav, A., et al","date_accessed":"2018-11-13T00:00:00Z","date_published":"2017-08-31T00:00:00Z","owner_name":null,"tidal_id":"2f6bfd11-6130-57d9-8a01-3a201a1b68d1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420995Z"},{"id":"6a67f91a-e2f7-4950-aa26-a63388be59c5","name":"therecord.media April 26 2022","description":"therecord.media. (2022, April 26). Coca-Cola investigating claims of hack after ransomware group hawks stolen data. Retrieved April 4, 2025.","url":"https://therecord.media/coca-cola-investigating-claims-of-hack-after-ransomware-group-hawks-stolen-data","source":"Tidal Cyber","title":"Coca-Cola investigating claims of hack after ransomware group hawks stolen data","authors":"therecord.media","date_accessed":"2025-04-04T00:00:00Z","date_published":"2022-04-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7a776c4f-db85-594f-b689-58673735707d","created":"2025-04-08T16:38:24.639639Z","modified":"2025-04-08T16:38:25.081337Z"},{"id":"6ada4c6a-23dc-4469-a3a1-1d3b4935db97","name":"MACOS Cocoa","description":"Apple. (2015, September 16). Cocoa Application Layer. Retrieved June 25, 2020.","url":"https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/OSX_Technology_Overview/CocoaApplicationLayer/CocoaApplicationLayer.html#//apple_ref/doc/uid/TP40001067-CH274-SW1","source":"MITRE","title":"Cocoa Application Layer","authors":"Apple","date_accessed":"2020-06-25T00:00:00Z","date_published":"2015-09-16T00:00:00Z","owner_name":null,"tidal_id":"3b125b81-b36c-51ca-9a43-ee814e629b21","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427790Z"},{"id":"4a93063b-f3a3-4726-870d-b8f744651363","name":"code.exe - LOLBAS Project","description":"LOLBAS. (2023, February 1). code.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/HonorableMentions/Code/","source":"Tidal Cyber","title":"code.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2023-02-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0bc90491-044e-5e71-94f8-9289a4c566b1","created":"2024-01-12T14:47:09.902782Z","modified":"2024-01-12T14:47:10.090404Z"},{"id":"838e7a7d-ed1e-59bb-b81f-e9e407dc9e38","name":"Ars Technica VMWare Code Execution Vulnerability 2021","description":"Dan Goodin . (2021, February 25). Code-execution flaw in VMware has a severity rating of 9.8 out of 10. Retrieved April 8, 2025.","url":"https://arstechnica.com/information-technology/2021/02/armed-with-exploits-hackers-on-the-prowl-for-a-critical-vmware-vulnerability/","source":"MITRE","title":"Code-execution flaw in VMware has a severity rating of 9.8 out of 10","authors":"Dan Goodin","date_accessed":"2025-04-08T00:00:00Z","date_published":"2021-02-25T00:00:00Z","owner_name":null,"tidal_id":"98fafdc9-b295-5447-8622-48aaf7446efb","created":"2025-04-22T20:47:12.905541Z","modified":"2025-12-17T15:08:36.428330Z"},{"id":"e5a3028a-f4cc-537c-9ddd-769792ab33be","name":"Dark Reading Code Spaces Cyber Attack","description":"Brian Prince. (2014, June 20). Code Hosting Service Shuts Down After Cyber Attack. Retrieved March 21, 2023.","url":"https://www.darkreading.com/attacks-breaches/code-hosting-service-shuts-down-after-cyber-attack","source":"MITRE","title":"Code Hosting Service Shuts Down After Cyber Attack","authors":"Brian Prince","date_accessed":"2023-03-21T00:00:00Z","date_published":"2014-06-20T00:00:00Z","owner_name":null,"tidal_id":"192d8cd1-9bb0-50d3-9a08-8558bbf683dc","created":"2023-05-26T01:21:11.111845Z","modified":"2025-12-17T15:08:36.436617Z"},{"id":"6dbfe4b5-9430-431b-927e-e8e775874cd9","name":"Medium Ptrace JUL 2018","description":"Jain, S. (2018, July 25). Code injection in running process using ptrace. Retrieved February 21, 2020.","url":"https://medium.com/@jain.sm/code-injection-in-running-process-using-ptrace-d3ea7191a4be","source":"MITRE","title":"Code injection in running process using ptrace","authors":"Jain, S","date_accessed":"2020-02-21T00:00:00Z","date_published":"2018-07-25T00:00:00Z","owner_name":null,"tidal_id":"91f284cf-5611-5e34-87d3-edbaefecd410","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435995Z"},{"id":"363e860d-e14c-4fcd-985f-f76353018908","name":"Wikipedia Code Signing","description":"Wikipedia. (2015, November 10). Code Signing. Retrieved March 31, 2016.","url":"https://en.wikipedia.org/wiki/Code_signing","source":"MITRE","title":"Code Signing","authors":"Wikipedia","date_accessed":"2016-03-31T00:00:00Z","date_published":"2015-11-10T00:00:00Z","owner_name":null,"tidal_id":"0a302422-46af-5c97-9faf-948154251c26","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425819Z"},{"id":"3efc5ae9-c63a-4a07-bbbd-d7324acdbaf5","name":"SpectorOps Code Signing Dec 2017","description":"Graeber, M. (2017, December 22). Code Signing Certificate Cloning Attacks and Defenses. Retrieved April 3, 2018.","url":"https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec","source":"MITRE","title":"Code Signing Certificate Cloning Attacks and Defenses","authors":"Graeber, M","date_accessed":"2018-04-03T00:00:00Z","date_published":"2017-12-22T00:00:00Z","owner_name":null,"tidal_id":"f23e8028-85f7-5338-a6c7-193f85dbfdc2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415578Z"},{"id":"83469ab3-0199-5679-aa25-7b6885019552","name":"CoinLoader: A Sophisticated Malware Loader Campaign","description":"Avira. (2019, November 28). CoinLoader: A Sophisticated Malware Loader Campaign. Retrieved June 5, 2023.","url":"https://www.avira.com/en/blog/coinloader-a-sophisticated-malware-loader-campaign","source":"MITRE","title":"CoinLoader: A Sophisticated Malware Loader Campaign","authors":"Avira","date_accessed":"2023-06-05T00:00:00Z","date_published":"2019-11-28T00:00:00Z","owner_name":null,"tidal_id":"9fc68df9-8d7c-5b83-8821-97c67232ba47","created":"2023-11-07T00:36:08.939557Z","modified":"2025-12-17T15:08:36.436014Z"},{"id":"1bbd4454-7db9-52b9-8367-42eac88d7da8","name":"Ahn Lab CoinMiner 2023","description":"Ahn Lab. (2023, April 24). CoinMiner (KONO DIO DA) Distributed to Linux SSH Servers. Retrieved April 4, 2025.","url":"https://asec.ahnlab.com/en/51908/","source":"MITRE","title":"CoinMiner (KONO DIO DA) Distributed to Linux SSH Servers","authors":"Ahn Lab","date_accessed":"2025-04-04T00:00:00Z","date_published":"2023-04-24T00:00:00Z","owner_name":null,"tidal_id":"03f82282-caf5-5ef4-9bd8-5192d5210452","created":"2025-04-22T20:47:14.705390Z","modified":"2025-12-17T15:08:36.430121Z"},{"id":"131bdea1-7255-5dbf-8b1a-8e328585cac5","name":"The DFIR Report AutoHotKey 2023","description":"The DFIR Report. (2023, February 6). Collect, Exfiltrate, Sleep, Repeat. Retrieved April 3, 2025.","url":"https://thedfirreport.com/2023/02/06/collect-exfiltrate-sleep-repeat/","source":"MITRE","title":"Collect, Exfiltrate, Sleep, Repeat","authors":"The DFIR Report","date_accessed":"2025-04-03T00:00:00Z","date_published":"2023-02-06T00:00:00Z","owner_name":null,"tidal_id":"d50c34ab-59cb-5fe8-ba7f-30f7324dedbb","created":"2025-04-22T20:47:18.684798Z","modified":"2025-12-17T15:08:36.434108Z"},{"id":"0d4aea26-56ac-48cf-9b5a-d878bf30c503","name":"TrendMicro Tropic Trooper December 14 2021","description":"Nick Dai, Ted Lee, Vickie Su. (2021, December 14). Collecting In the Dark: Tropic Trooper Targets Transportation and Government. Retrieved March 26, 2025.","url":"https://www.trendmicro.com/en_us/research/21/l/collecting-in-the-dark-tropic-trooper-targets-transportation-and-government-organizations.html","source":"Tidal Cyber","title":"Collecting In the Dark: Tropic Trooper Targets Transportation and Government","authors":"Nick Dai, Ted Lee, Vickie Su","date_accessed":"2025-03-26T00:00:00Z","date_published":"2021-12-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"28060625-a14d-5293-ae8f-123ad9ec32aa","created":"2025-03-31T15:01:16.830204Z","modified":"2025-03-31T15:01:17.199988Z"},{"id":"eb2544c4-03da-56dc-bc6d-e6a7db5b8e91","name":"Colonial Pipeline Company May 2021","description":"Colonial Pipeline Company 2021, May Media Statement Update: Colonial Pipeline System Disruption. Retrieved 2021/10/08","url":"https://www.colpipe.com/news/press-releases/media-statement-colonial-pipeline-system-disruption","source":"ICS","title":"Colonial Pipeline Company May 2021","authors":"","date_accessed":"2021-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b3f0c387-2872-57e7-8e80-7c9e37b7011a","created":"2026-01-28T13:08:18.177109Z","modified":"2026-01-28T13:08:18.177112Z"},{"id":"58900911-ab4b-5157-968c-67fa69cc122d","name":"NYT-Colonial","description":"Nicole Perlroth. (2021, May 13). Colonial Pipeline paid 75 Bitcoin, or roughly $5 million, to hackers.. Retrieved August 18, 2023.","url":"https://www.nytimes.com/2021/05/13/technology/colonial-pipeline-ransom.html","source":"MITRE","title":"Colonial Pipeline paid 75 Bitcoin, or roughly $5 million, to hackers.","authors":"Nicole Perlroth","date_accessed":"2023-08-18T00:00:00Z","date_published":"2021-05-13T00:00:00Z","owner_name":null,"tidal_id":"1f66d31b-be20-59ef-9319-d00d21452f97","created":"2023-11-07T00:36:05.538910Z","modified":"2025-12-17T15:08:36.432204Z"},{"id":"53ff662d-a0b3-41bd-ab9e-a9bb8bbdea25","name":"Colorcpl.exe - LOLBAS Project","description":"LOLBAS. (2023, June 26). Colorcpl.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Colorcpl/","source":"Tidal Cyber","title":"Colorcpl.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2023-06-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"62a8c776-8d05-53e3-b856-0da54552e7f3","created":"2024-01-12T14:46:35.115119Z","modified":"2024-01-12T14:46:35.330736Z"},{"id":"3568b09c-7368-5fc2-85b3-d16ee9b9c686","name":"mod_rewrite","description":"Bluescreenofjeff.com. (2015, April 12). Combatting Incident Responders with Apache mod_rewrite. Retrieved February 13, 2024.","url":"https://bluescreenofjeff.com/2016-04-12-combatting-incident-responders-with-apache-mod_rewrite/","source":"MITRE","title":"Combatting Incident Responders with Apache mod_rewrite","authors":"Bluescreenofjeff.com","date_accessed":"2024-02-13T00:00:00Z","date_published":"2015-04-12T00:00:00Z","owner_name":null,"tidal_id":"2760ddd5-7872-5e39-81a8-8d102d7eafdd","created":"2024-04-25T13:28:41.090207Z","modified":"2025-12-17T15:08:36.436121Z"},{"id":"17277b12-af29-475a-bc9a-0731bbe0bae2","name":"sentinelone shlayer to zshlayer","description":"Phil Stokes. (2020, September 8). Coming Out of Your Shell: From Shlayer to ZShlayer. Retrieved September 13, 2021.","url":"https://www.sentinelone.com/blog/coming-out-of-your-shell-from-shlayer-to-zshlayer/","source":"MITRE","title":"Coming Out of Your Shell: From Shlayer to ZShlayer","authors":"Phil Stokes","date_accessed":"2021-09-13T00:00:00Z","date_published":"2020-09-08T00:00:00Z","owner_name":null,"tidal_id":"7d887d34-ca13-5a0e-9398-41af1fede119","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422343Z"},{"id":"113ce14e-147f-4a86-8b83-7b49b43a4e88","name":"University of Birmingham C2","description":"Gardiner, J., Cova, M., Nagaraja, S. (2014, February). Command & Control Understanding, Denying and Detecting. Retrieved April 20, 2016.","url":"https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf","source":"MITRE","title":"Command & Control Understanding, Denying and Detecting","authors":"Gardiner, J., Cova, M., Nagaraja, S","date_accessed":"2016-04-20T00:00:00Z","date_published":"2014-02-01T00:00:00Z","owner_name":null,"tidal_id":"c8fbdc61-f2a4-51c2-8fcc-be2366af01f4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415546Z"},{"id":"4a58170b-906c-4df4-ad1e-0e5bc15366fa","name":"Microsoft Command-line Logging","description":"Mathers, B. (2017, March 7). Command line process auditing. Retrieved April 21, 2017.","url":"https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-ds/manage/component-updates/command-line-process-auditing","source":"MITRE","title":"Command line process auditing","authors":"Mathers, B","date_accessed":"2017-04-21T00:00:00Z","date_published":"2017-03-07T00:00:00Z","owner_name":null,"tidal_id":"f80fad46-914f-5e1b-9ff4-68d9e7464aa0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430669Z"},{"id":"380dc9fe-d490-4914-9595-05d765b27a85","name":"Microsoft Netdom Trust Sept 2012","description":"Microsoft. (2012, September 11). Command-Line Reference - Netdom Trust. Retrieved November 30, 2017.","url":"https://technet.microsoft.com/library/cc835085.aspx","source":"MITRE","title":"Command-Line Reference - Netdom Trust","authors":"Microsoft","date_accessed":"2017-11-30T00:00:00Z","date_published":"2012-09-11T00:00:00Z","owner_name":null,"tidal_id":"e16b92eb-3489-5e68-9412-2db7a20251f3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416212Z"},{"id":"a25d664c-d109-466f-9b6a-7e9ea8c57895","name":"Microsoft msxsl.exe","description":"Microsoft. (n.d.). Command Line Transformation Utility (msxsl.exe). Retrieved July 3, 2018.","url":"https://www.microsoft.com/download/details.aspx?id=21714","source":"MITRE","title":"Command Line Transformation Utility (msxsl.exe)","authors":"Microsoft","date_accessed":"2018-07-03T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"eb6bbcc2-1759-5379-8010-1df4a2a38d7d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436202Z"},{"id":"2badfb63-19a3-4829-bbb5-7c3dfab877d5","name":"Kettle CSV DDE Aug 2014","description":"Kettle, J. (2014, August 29). Comma Separated Vulnerabilities. Retrieved November 22, 2017.","url":"https://www.contextis.com/blog/comma-separated-vulnerabilities","source":"MITRE","title":"Comma Separated Vulnerabilities","authors":"Kettle, J","date_accessed":"2017-11-22T00:00:00Z","date_published":"2014-08-29T00:00:00Z","owner_name":null,"tidal_id":"17d6fd77-1e54-5b77-90d0-3846380b9bc8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426300Z"},{"id":"83fc7522-5eb1-4710-8391-090389948686","name":"Microsoft CLR Integration 2017","description":"Microsoft. (2017, June 19). Common Language Runtime Integration. Retrieved July 8, 2019.","url":"https://docs.microsoft.com/en-us/sql/relational-databases/clr-integration/common-language-runtime-integration-overview?view=sql-server-2017","source":"MITRE","title":"Common Language Runtime Integration","authors":"Microsoft","date_accessed":"2019-07-08T00:00:00Z","date_published":"2017-06-19T00:00:00Z","owner_name":null,"tidal_id":"649c5425-ac9b-513e-9eb2-94d74bf8ba4c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436688Z"},{"id":"e48b756f-7029-5106-bc0c-e3d60e274cce","name":"Common Weakness Enumeration January 2019","description":"Common Weakness Enumeration 2019, January 03 CWE-400: Uncontrolled Resource Consumption. Retrieved 2019/03/14","url":"http://cwe.mitre.org/data/definitions/400.html","source":"ICS","title":"Common Weakness Enumeration January 2019","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5ca59d5a-4a77-51aa-bfcb-3e23f01f6be9","created":"2026-01-28T13:08:18.176534Z","modified":"2026-01-28T13:08:18.176537Z"},{"id":"ff3cc105-2798-45de-8561-983bf57eb9d9","name":"Palo Alto Comnie","description":"Grunzweig, J. (2018, January 31). Comnie Continues to Target Organizations in East Asia. Retrieved June 7, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-target-organizations-east-asia/","source":"MITRE","title":"Comnie Continues to Target Organizations in East Asia","authors":"Grunzweig, J","date_accessed":"2018-06-07T00:00:00Z","date_published":"2018-01-31T00:00:00Z","owner_name":null,"tidal_id":"b793c66f-bd9b-59f8-9c5b-2778bfe2eecf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422416Z"},{"id":"98e88505-b916-430d-aef6-616ba7ddd88e","name":"GDATA COM Hijacking","description":"G DATA. (2014, October). COM Object hijacking: the discreet way of persistence. Retrieved August 13, 2016.","url":"https://blog.gdatasoftware.com/2014/10/23941-com-object-hijacking-the-discreet-way-of-persistence","source":"MITRE","title":"COM Object hijacking: the discreet way of persistence","authors":"G DATA","date_accessed":"2016-08-13T00:00:00Z","date_published":"2014-10-01T00:00:00Z","owner_name":null,"tidal_id":"205a8809-8270-552d-9ae4-4972b992f63a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432882Z"},{"id":"7f1af58a-33fd-538f-b092-789a8776780c","name":"AP-NotPetya","description":"FRANK BAJAK AND RAPHAEL SATTER. (2017, June 30). Companies still hobbled from fearsome cyberattack. Retrieved August 18, 2023.","url":"https://apnews.com/article/russia-ukraine-technology-business-europe-hacking-ce7a8aca506742ab8e8873e7f9f229c2","source":"MITRE","title":"Companies still hobbled from fearsome cyberattack","authors":"FRANK BAJAK AND RAPHAEL SATTER","date_accessed":"2023-08-18T00:00:00Z","date_published":"2017-06-30T00:00:00Z","owner_name":null,"tidal_id":"a2364f2d-8b89-5158-a6e6-3995ef5972e3","created":"2023-11-07T00:36:05.516216Z","modified":"2025-12-17T15:08:36.432178Z"},{"id":"edcd917d-ca5b-4e5c-b3be-118e828abe97","name":"Microsoft COM","description":"Microsoft. (n.d.). Component Object Model (COM). Retrieved November 22, 2017.","url":"https://msdn.microsoft.com/library/windows/desktop/ms680573.aspx","source":"MITRE","title":"Component Object Model (COM)","authors":"Microsoft","date_accessed":"2017-11-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"600e9be1-e215-594d-be90-4cd415a18945","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427013Z"},{"id":"e7a4a0cf-ffa2-48cc-9b21-a2333592c773","name":"Unit 42 12 8 2022","description":"Dror Alon. (2022, December 8). Compromised Cloud Compute Credentials Case Studies From the Wild. Retrieved April 17, 2024.","url":"https://unit42.paloaltonetworks.com/compromised-cloud-compute-credentials/","source":"Tidal Cyber","title":"Compromised Cloud Compute Credentials Case Studies From the Wild","authors":"Dror Alon","date_accessed":"2024-04-17T00:00:00Z","date_published":"2022-12-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ee60f176-0cc6-55fe-a0d5-4b1cf690f1ce","created":"2024-06-13T20:10:55.990344Z","modified":"2024-06-13T20:10:56.174501Z"},{"id":"af755ba2-97c2-5152-ab00-2e24740f69f3","name":"Palo Alto Unit 42 Compromised Cloud Compute Credentials 2022","description":"Dror Alon. (2022, December 8). Compromised Cloud Compute Credentials: Case Studies From the Wild. Retrieved March 9, 2023.","url":"https://unit42.paloaltonetworks.com/compromised-cloud-compute-credentials/","source":"MITRE","title":"Compromised Cloud Compute Credentials: Case Studies From the Wild","authors":"Dror Alon","date_accessed":"2023-03-09T00:00:00Z","date_published":"2022-12-08T00:00:00Z","owner_name":null,"tidal_id":"b4aab8d1-905e-5ddd-b383-58bb4a1a4926","created":"2023-05-26T01:21:01.965098Z","modified":"2025-12-17T15:08:36.425487Z"},{"id":"61ceb0c4-62f6-46cd-b42b-5736c869421f","name":"US-CERT Alert TA15-314A Web Shells","description":"US-CERT. (2015, November 13). Compromised Web Servers and Web Shells - Threat Awareness and Guidance. Retrieved June 8, 2016.","url":"https://www.us-cert.gov/ncas/alerts/TA15-314A","source":"MITRE","title":"Compromised Web Servers and Web Shells - Threat Awareness and Guidance","authors":"US-CERT","date_accessed":"2016-06-08T00:00:00Z","date_published":"2015-11-13T00:00:00Z","owner_name":null,"tidal_id":"c6772933-dc64-5a4c-a406-0bb0b0c306b5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416226Z"},{"id":"48a081b8-18ff-43b8-ba95-5856aacc6afa","name":"ComputerDefaults.exe - LOLBAS Project","description":"LOLBAS. (2024, September 24). ComputerDefaults.exe. Retrieved May 19, 2025.","url":"https://lolbas-project.github.io/lolbas/Binaries/ComputerDefaults/","source":"Tidal Cyber","title":"ComputerDefaults.exe","authors":"LOLBAS","date_accessed":"2025-05-19T00:00:00Z","date_published":"2024-09-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8e1966f2-6c77-5511-adcd-1c7de9790cc5","created":"2025-05-20T16:19:04.608865Z","modified":"2025-05-20T16:19:04.762675Z"},{"id":"2eb2756d-5a49-4df3-9e2f-104c41c645cd","name":"Comsvcs.dll - LOLBAS Project","description":"LOLBAS. (2019, August 30). Comsvcs.dll. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Libraries/comsvcs/","source":"Tidal Cyber","title":"Comsvcs.dll","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2019-08-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"dca13f8c-d2cd-5f1c-921c-dc3f08c48cd8","created":"2024-01-12T14:47:16.391286Z","modified":"2024-01-12T14:47:16.567388Z"},{"id":"a92b0d6c-b3e8-56a4-b1b4-1d117e59db84","name":"Condi-Botnet-binaries","description":"Joie Salvio and Roy Tay. (2023, June 20). Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389. Retrieved September 5, 2023.","url":"https://www.fortinet.com/blog/threat-research/condi-ddos-botnet-spreads-via-tp-links-cve-2023-1389","source":"MITRE","title":"Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389","authors":"Joie Salvio and Roy Tay","date_accessed":"2023-09-05T00:00:00Z","date_published":"2023-06-20T00:00:00Z","owner_name":null,"tidal_id":"d94cd7d3-851d-57f6-90d3-7771377d2256","created":"2023-11-07T00:36:08.956853Z","modified":"2025-12-17T15:08:36.436040Z"},{"id":"c914578c-dcc2-539e-bb3d-50bf7a0e7101","name":"Okta Conditional Access Policies","description":"Okta. (2023, November 30). Conditional Access Based on Device Security Posture. Retrieved January 2, 2024.","url":"https://support.okta.com/help/s/article/Conditional-access-based-on-device-security-posture?language=en_US","source":"MITRE","title":"Conditional Access Based on Device Security Posture","authors":"Okta","date_accessed":"2024-01-02T00:00:00Z","date_published":"2023-11-30T00:00:00Z","owner_name":null,"tidal_id":"5be3405d-1111-5bcb-9e98-a3a827495138","created":"2024-04-25T13:28:39.871874Z","modified":"2025-12-17T15:08:36.434853Z"},{"id":"9ed9870b-d09a-511d-96f9-4956f26d46bf","name":"Microsoft Common Conditional Access Policies","description":"Microsoft. (2022, December 14). Conditional Access templates. Retrieved February 21, 2023.","url":"https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common","source":"MITRE","title":"Conditional Access templates","authors":"Microsoft","date_accessed":"2023-02-21T00:00:00Z","date_published":"2022-12-14T00:00:00Z","owner_name":null,"tidal_id":"81282ded-32f9-5903-abc7-4858f030fa99","created":"2023-05-26T01:21:19.790103Z","modified":"2025-12-17T15:08:36.441593Z"},{"id":"aa4629cf-f11f-5921-9f72-5a8d3f752603","name":"Microsoft Token Protection 2023","description":"Microsoft. (2023, October 23). Conditional Access: Token protection (preview). Retrieved January 2, 2024.","url":"https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-token-protection","source":"MITRE","title":"Conditional Access: Token protection (preview)","authors":"Microsoft","date_accessed":"2024-01-02T00:00:00Z","date_published":"2023-10-23T00:00:00Z","owner_name":null,"tidal_id":"646ac955-7cdd-5ede-9d2e-f31ec47453fb","created":"2024-04-25T13:28:53.047492Z","modified":"2025-12-17T15:08:36.442413Z"},{"id":"62cf7f3a-9011-45eb-a7d9-91c76a2177e9","name":"Trend Micro Conficker","description":"Trend Micro. (2014, March 18). Conficker. Retrieved February 18, 2021.","url":"https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/conficker","source":"MITRE","title":"Conficker","authors":"Trend Micro","date_accessed":"2021-02-18T00:00:00Z","date_published":"2014-03-18T00:00:00Z","owner_name":null,"tidal_id":"7571d0b0-5278-5332-a128-bb5cc72316eb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440623Z"},{"id":"30b8a5d8-596c-4ab3-b3db-b799cc8923e1","name":"ConfigSecurityPolicy.exe - LOLBAS Project","description":"LOLBAS. (2020, September 4). ConfigSecurityPolicy.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/ConfigSecurityPolicy/","source":"Tidal Cyber","title":"ConfigSecurityPolicy.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-09-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"82e5e9a8-57c8-53eb-9aaf-d2bddd17d8a9","created":"2024-01-12T14:46:35.511379Z","modified":"2024-01-12T14:46:35.712515Z"},{"id":"8b810f7c-1f26-420b-9014-732f1469f145","name":"Microsoft SAML Token Lifetimes","description":"Microsoft. (2020, December 14). Configurable token lifetimes in Microsoft Identity Platform. Retrieved December 22, 2020.","url":"https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes","source":"MITRE","title":"Configurable token lifetimes in Microsoft Identity Platform","authors":"Microsoft","date_accessed":"2020-12-22T00:00:00Z","date_published":"2020-12-14T00:00:00Z","owner_name":null,"tidal_id":"c8a8c376-a56f-5cf7-8064-60b4be211a3f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426062Z"},{"id":"8453f06d-5007-4e53-a9a2-1c0edb99be3d","name":"Apple Developer Configuration Profile","description":"Apple. (2019, May 3). Configuration Profile Reference. Retrieved September 23, 2021.","url":"https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf","source":"MITRE","title":"Configuration Profile Reference","authors":"Apple","date_accessed":"2021-09-23T00:00:00Z","date_published":"2019-05-03T00:00:00Z","owner_name":null,"tidal_id":"7b3c6a12-1223-5601-9c43-a82becd072a1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433098Z"},{"id":"a7078eee-5478-4a93-9a7e-8db1d020e1da","name":"MDMProfileConfigMacOS","description":"Apple. (2019, May 3). Configuration Profile Reference, Developer. Retrieved April 15, 2022.","url":"https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf","source":"MITRE","title":"Configuration Profile Reference, Developer","authors":"Apple","date_accessed":"2022-04-15T00:00:00Z","date_published":"2019-05-03T00:00:00Z","owner_name":null,"tidal_id":"2e16528a-9421-5d64-8706-9f745b955525","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441824Z"},{"id":"7ac4c481-7798-53b3-b7ad-bc09a40f99b7","name":"Azure Storage Lifecycles","description":"Microsoft Azure. (2024, July 3). Configure a lifecycle management policy. Retrieved September 25, 2024.","url":"https://learn.microsoft.com/en-us/azure/storage/blobs/lifecycle-management-policy-configure?tabs=azure-portal","source":"MITRE","title":"Configure a lifecycle management policy","authors":"Microsoft Azure","date_accessed":"2024-09-25T00:00:00Z","date_published":"2024-07-03T00:00:00Z","owner_name":null,"tidal_id":"25a441d2-0d56-5bb4-816f-6c37e8d01770","created":"2024-10-31T16:28:16.746346Z","modified":"2025-12-17T15:08:36.424993Z"},{"id":"ee35e13f-ca39-5faf-81ae-230d33329a28","name":"Azure Just in Time Access 2023","description":"Microsoft. (2023, August 29). Configure and approve just-in-time access for Azure Managed Applications. Retrieved September 21, 2023.","url":"https://learn.microsoft.com/en-us/azure/azure-resource-manager/managed-applications/approve-just-in-time-access","source":"MITRE","title":"Configure and approve just-in-time access for Azure Managed Applications","authors":"Microsoft","date_accessed":"2023-09-21T00:00:00Z","date_published":"2023-08-29T00:00:00Z","owner_name":null,"tidal_id":"40a2e8f9-9e6f-58b9-acbe-93eacc10dcb9","created":"2023-11-07T00:36:04.368746Z","modified":"2025-12-17T15:08:36.431066Z"},{"id":"5d973180-a28a-5c8f-b13a-45d21331700f","name":"capture_embedded_packet_on_software","description":"Cisco. (2022, August 17). Configure and Capture Embedded Packet on Software. Retrieved July 13, 2022.","url":"https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-embedded-packet-capture/116045-productconfig-epc-00.html","source":"MITRE","title":"Configure and Capture Embedded Packet on Software","authors":"Cisco","date_accessed":"2022-07-13T00:00:00Z","date_published":"2022-08-17T00:00:00Z","owner_name":null,"tidal_id":"467c4a31-03a6-5e17-bd44-92c2357a44b0","created":"2023-05-26T01:21:03.750038Z","modified":"2025-12-17T15:08:36.427355Z"},{"id":"27221a52-6a65-5fd8-9ca1-3b7e4fb4278e","name":"Microsoft Dev Tunnels Group Policy Mitigation","description":"Derek Bekoe, Carolina Uribe. (2023, March 28). Configure and deploy Group Policy Administrative Templates for Dev Tunnels. Retrieved March 24, 2025.","url":"https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/policies","source":"MITRE","title":"Configure and deploy Group Policy Administrative Templates for Dev Tunnels","authors":"Derek Bekoe, Carolina Uribe","date_accessed":"2025-03-24T00:00:00Z","date_published":"2023-03-28T00:00:00Z","owner_name":null,"tidal_id":"36652049-fb6f-5d41-95c5-92f10fafeb5c","created":"2025-04-22T20:47:29.441232Z","modified":"2025-12-17T15:08:36.439810Z"},{"id":"bd91ec00-95bb-572f-9452-8040ec633e00","name":"Kubernetes Security Context","description":"Kubernetes. (n.d.). Configure a Security Context for a Pod or Container. Retrieved March 8, 2023.","url":"https://kubernetes.io/docs/tasks/configure-pod-container/security-context/","source":"MITRE","title":"Configure a Security Context for a Pod or Container","authors":"Kubernetes","date_accessed":"2023-03-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"39e57d1d-9d74-58e4-af2d-01cc3d9dcf5f","created":"2023-05-26T01:21:19.539319Z","modified":"2025-12-17T15:08:36.441310Z"},{"id":"9a6a08c0-94f2-4dbc-a0b3-01d5234e7753","name":"Microsoft SharePoint Logging","description":"Microsoft. (2017, July 19). Configure audit settings for a site collection. Retrieved April 4, 2018.","url":"https://support.office.com/en-us/article/configure-audit-settings-for-a-site-collection-a9920c97-38c0-44f2-8bcb-4cf1e2ae22d2","source":"MITRE","title":"Configure audit settings for a site collection","authors":"Microsoft","date_accessed":"2018-04-04T00:00:00Z","date_published":"2017-07-19T00:00:00Z","owner_name":null,"tidal_id":"1bb11826-7891-5d3a-8925-490fb2e4bed0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424523Z"},{"id":"05ccb66b-b4fc-52f2-aa39-d1608458b8e4","name":"Microsoft Entra Configure OAuth Consent","description":"Microsoft Entra. (2024, September 16). Configure how users consent to applications. Retrieved March 20, 2025.","url":"https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-user-consent?pivots=portal","source":"MITRE","title":"Configure how users consent to applications","authors":"Microsoft Entra","date_accessed":"2025-03-20T00:00:00Z","date_published":"2024-09-16T00:00:00Z","owner_name":null,"tidal_id":"58513d02-49f5-5183-b024-76951445317f","created":"2025-04-22T20:47:29.490038Z","modified":"2025-12-17T15:08:36.439854Z"},{"id":"39e28cae-a35a-4cf2-a281-c35f4ebd16ba","name":"TechNet RDP NLA","description":"Microsoft. (n.d.). Configure Network Level Authentication for Remote Desktop Services Connections. Retrieved June 6, 2016.","url":"https://technet.microsoft.com/en-us/library/cc732713.aspx","source":"MITRE","title":"Configure Network Level Authentication for Remote Desktop Services Connections","authors":"Microsoft","date_accessed":"2016-06-06T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6939f084-909b-5a94-bdac-e3cca76ecb75","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416247Z"},{"id":"7bde8cd2-6c10-5342-9a4b-a45e84a861b6","name":"Microsoft Security Alerts for Azure AD Roles","description":"Microsoft. (2022, November 14). Configure security alerts for Azure AD roles in Privileged Identity Management. Retrieved February 21, 2023.","url":"https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/aad-security-baseline","source":"MITRE","title":"Configure security alerts for Azure AD roles in Privileged Identity Management","authors":"Microsoft","date_accessed":"2023-02-21T00:00:00Z","date_published":"2022-11-14T00:00:00Z","owner_name":null,"tidal_id":"f81a0864-b3c2-5000-8b5d-5ed5106c707d","created":"2023-05-26T01:21:19.807307Z","modified":"2025-12-17T15:08:36.441624Z"},{"id":"a74ffa28-8a2e-4bfd-bc66-969b463bebd9","name":"Kubernetes Service Accounts","description":"Kubernetes. (2022, February 26). Configure Service Accounts for Pods. Retrieved April 1, 2022.","url":"https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/","source":"MITRE","title":"Configure Service Accounts for Pods","authors":"Kubernetes","date_accessed":"2022-04-01T00:00:00Z","date_published":"2022-02-26T00:00:00Z","owner_name":null,"tidal_id":"af789f0f-c505-5a68-af01-b4d5644d3675","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432316Z"},{"id":"3a75c7d6-b3f3-5f25-bbcb-e0a18982dfed","name":"Microsoft Learn ClickOnce Config","description":"Microsoft. (2023, August 4). Configure the ClickOnce trust prompt behavior. Retrieved September 9, 2024.","url":"https://learn.microsoft.com/en-us/visualstudio/deployment/how-to-configure-the-clickonce-trust-prompt-behavior?view=vs-2022&tabs=csharp","source":"MITRE","title":"Configure the ClickOnce trust prompt behavior","authors":"Microsoft","date_accessed":"2024-09-09T00:00:00Z","date_published":"2023-08-04T00:00:00Z","owner_name":null,"tidal_id":"8f6ffb64-ca55-5834-8e47-4ab66375ee49","created":"2024-10-31T16:28:36.765149Z","modified":"2025-12-17T15:08:36.441257Z"},{"id":"ccd0d241-4ff7-4a15-b2b4-06945980c6bf","name":"Windows RDP Sessions","description":"Microsoft. (n.d.). Configure Timeout and Reconnection Settings for Remote Desktop Services Sessions. Retrieved December 11, 2017.","url":"https://technet.microsoft.com/en-us/library/cc754272(v=ws.11).aspx","source":"MITRE","title":"Configure Timeout and Reconnection Settings for Remote Desktop Services Sessions","authors":"Microsoft","date_accessed":"2017-12-11T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"64807fa1-b801-552e-ac77-86f7cd8bd722","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415728Z"},{"id":"c76b9d10-5bb9-5869-abc2-82218f2c3696","name":"Broadcom VMCI Firewall","description":"Broadcom. (2025, March 24). Configure Virtual Machine Communication Interface Firewall. Retrieved March 31, 2025.","url":"https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/vsphere-virtual-machine-administration-guide-7-0/configuring-virtual-machine-hardwarevm-admin/virtual-machine-network-configurationvm-admin/serial-port-configurationvm-admin/configure-the-virtual-machine-communication-interface-firewallvm-admin.html","source":"MITRE","title":"Configure Virtual Machine Communication Interface Firewall","authors":"Broadcom","date_accessed":"2025-03-31T00:00:00Z","date_published":"2025-03-24T00:00:00Z","owner_name":null,"tidal_id":"503cb3ed-bf74-5bd8-ae50-51403a67aa87","created":"2025-04-22T20:47:32.267369Z","modified":"2025-12-17T15:08:36.442395Z"},{"id":"4adfc72b-cd32-46a6-bdf4-a4c2c6cffa73","name":"Microsoft Configure LSA","description":"Microsoft. (2013, July 31). Configuring Additional LSA Protection. Retrieved June 24, 2015.","url":"https://technet.microsoft.com/en-us/library/dn408187.aspx","source":"MITRE","title":"Configuring Additional LSA Protection","authors":"Microsoft","date_accessed":"2015-06-24T00:00:00Z","date_published":"2013-07-31T00:00:00Z","owner_name":null,"tidal_id":"2e2e9f70-d0fa-5be7-956b-68c8b34fc760","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416010Z"},{"id":"da3f1d7d-188f-4500-9bc6-3299ba043b5c","name":"Microsoft LSA Protection Mar 2014","description":"Microsoft. (2014, March 12). Configuring Additional LSA Protection. Retrieved November 27, 2017.","url":"https://technet.microsoft.com/library/dn408187.aspx","source":"MITRE","title":"Configuring Additional LSA Protection","authors":"Microsoft","date_accessed":"2017-11-27T00:00:00Z","date_published":"2014-03-12T00:00:00Z","owner_name":null,"tidal_id":"a3791fb8-b5e3-56f4-bc89-36bb20606ce1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415850Z"},{"id":"3ad49746-4e42-4663-a49e-ae64152b9463","name":"Microsoft LSA","description":"Microsoft. (2013, July 31). Configuring Additional LSA Protection. Retrieved February 13, 2015.","url":"https://technet.microsoft.com/en-us/library/dn408187.aspx","source":"MITRE","title":"Configuring Additional LSA Protection","authors":"Microsoft","date_accessed":"2015-02-13T00:00:00Z","date_published":"2013-07-31T00:00:00Z","owner_name":null,"tidal_id":"e6a3b79a-9497-53f6-9b45-e6c06a18d569","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416133Z"},{"id":"bd310606-f472-4eda-a696-50a3a25f07b3","name":"Configuring Data Access audit logs","description":"Google. (n.d.). Configuring Data Access audit logs. Retrieved October 16, 2020.","url":"https://cloud.google.com/logging/docs/audit/configure-data-access","source":"MITRE","title":"Configuring Data Access audit logs","authors":"Google","date_accessed":"2020-10-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7b9082ca-50c2-5232-a689-3bc025944c43","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434693Z"},{"id":"cc5eda1b-5e64-52e8-b98f-8df2f3e10475","name":"cisco dhcp snooping","description":"Cisco. (n.d.). Configuring DHCP Snooping. Retrieved September 17, 2024.","url":"https://www.cisco.com/en/US/docs/general/Test/dwerblo/broken_guide/snoodhcp.html#wp1120427","source":"MITRE","title":"Configuring DHCP Snooping","authors":"Cisco","date_accessed":"2024-09-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3a632561-da48-58f7-a4f9-a8144f79eebf","created":"2024-10-31T16:28:38.403886Z","modified":"2025-04-22T20:47:32.825100Z"},{"id":"134169f1-7bd3-4d04-81a8-f01e1407a4b6","name":"Microsoft SID Filtering Quarantining Jan 2009","description":"Microsoft. (n.d.). Configuring SID Filter Quarantining on External Trusts. Retrieved November 30, 2017.","url":"https://technet.microsoft.com/library/cc794757.aspx","source":"MITRE","title":"Configuring SID Filter Quarantining on External Trusts","authors":"Microsoft","date_accessed":"2017-11-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4bffe6b8-20a2-5722-87d2-f1e1df47c441","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416205Z"},{"id":"be3c3d52-f3bc-5001-bfac-5360a5fbe83d","name":"Broadcom Configuring syslog on ESXi","description":"Broadcom. (n.d.). Configuring syslog on ESXi. Retrieved March 27, 2025.","url":"https://knowledge.broadcom.com/external/article/318939/configuring-syslog-on-esxi.html","source":"MITRE","title":"Configuring syslog on ESXi","authors":"Broadcom","date_accessed":"2025-03-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"68bf5676-c4a0-58f6-9e67-76966c563c31","created":"2025-04-22T20:47:15.900601Z","modified":"2025-12-17T15:08:36.431269Z"},{"id":"b62415f8-76bd-4585-ae81-a4d04ccfc703","name":"TechRepublic Wireless GPO FEB 2009","description":"Schauland, D. (2009, February 24). Configuring Wireless settings via Group Policy. Retrieved July 26, 2018.","url":"https://www.techrepublic.com/blog/data-center/configuring-wireless-settings-via-group-policy/","source":"MITRE","title":"Configuring Wireless settings via Group Policy","authors":"Schauland, D","date_accessed":"2018-07-26T00:00:00Z","date_published":"2009-02-24T00:00:00Z","owner_name":null,"tidal_id":"0b417ab7-1097-5350-8139-9f9e9a2daebc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416096Z"},{"id":"6e6e02da-b805-47d7-b410-343a1b5da042","name":"ZDNet Dtrack","description":"Catalin Cimpanu. (2019, October 30). Confirmed: North Korean malware found on Indian nuclear plant's network. Retrieved January 20, 2021.","url":"https://www.zdnet.com/article/confirmed-north-korean-malware-found-on-indian-nuclear-plants-network/","source":"MITRE","title":"Confirmed: North Korean malware found on Indian nuclear plant's network","authors":"Catalin Cimpanu","date_accessed":"2021-01-20T00:00:00Z","date_published":"2019-10-30T00:00:00Z","owner_name":null,"tidal_id":"e8972150-e40a-5667-8fa4-3b6434a210b8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422469Z"},{"id":"d74f2c25-cd53-4587-b087-7ba0b8427dc4","name":"Uptycs Confucius APT Jan 2021","description":"Uptycs Threat Research Team. (2021, January 12). Confucius APT deploys Warzone RAT. Retrieved December 17, 2021.","url":"https://www.uptycs.com/blog/confucius-apt-deploys-warzone-rat","source":"MITRE","title":"Confucius APT deploys Warzone RAT","authors":"Uptycs Threat Research Team","date_accessed":"2021-12-17T00:00:00Z","date_published":"2021-01-12T00:00:00Z","owner_name":null,"tidal_id":"b171cb97-7fb9-5aba-a3d1-9d72d406bea6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439073Z"},{"id":"5c16aae9-d253-463b-8bbc-f14402ce77e4","name":"TrendMicro Confucius APT Aug 2021","description":"Lunghi, D. (2021, August 17). Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military. Retrieved December 26, 2021.","url":"https://www.trendmicro.com/en_us/research/21/h/confucius-uses-pegasus-spyware-related-lures-to-target-pakistani.html","source":"MITRE, Tidal Cyber","title":"Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military","authors":"Lunghi, D","date_accessed":"2021-12-26T00:00:00Z","date_published":"2021-08-17T00:00:00Z","owner_name":null,"tidal_id":"a0fb89de-cbb5-5233-813e-4f0da65e023b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279691Z"},{"id":"5ed807c1-15d1-48aa-b497-8cd74fe5b299","name":"Conhost.exe - LOLBAS Project","description":"LOLBAS. (2022, April 5). Conhost.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Conhost/","source":"Tidal Cyber","title":"Conhost.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-04-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5901efbc-83e4-5030-99be-4065e045a631","created":"2024-01-12T14:46:35.878165Z","modified":"2024-01-12T14:46:36.059525Z"},{"id":"deefa5b7-5a28-524c-b500-bc5574aa9920","name":"EC2 Instance Connect","description":"AWS. (2023, June 2). Connect using EC2 Instance Connect. Retrieved June 2, 2023.","url":"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-methods.html","source":"MITRE","title":"Connect using EC2 Instance Connect","authors":"AWS","date_accessed":"2023-06-02T00:00:00Z","date_published":"2023-06-02T00:00:00Z","owner_name":null,"tidal_id":"7bae5aa4-132d-5383-b0d9-9d8cec3f8f8a","created":"2023-11-07T00:36:01.691753Z","modified":"2025-12-17T15:08:36.428730Z"},{"id":"3d342acf-a451-4473-82ac-8afee61bc984","name":"Sophos News 2 23 2024","description":"Andrew Brandt. (2024, February 23). ConnectWise ScreenConnect attacks deliver malware. Retrieved February 23, 2024.","url":"https://news.sophos.com/en-us/2024/02/23/connectwise-screenconnect-attacks-deliver-malware/","source":"Tidal Cyber","title":"ConnectWise ScreenConnect attacks deliver malware","authors":"Andrew Brandt","date_accessed":"2024-02-23T00:00:00Z","date_published":"2024-02-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"cd1a7c03-8c61-5efd-b8ef-91af29eb483e","created":"2024-06-13T20:10:48.626274Z","modified":"2024-06-13T20:10:48.814320Z"},{"id":"4a5fd7d3-1124-42af-ac0c-5e0e0f6fddb3","name":"Push Security December 11 2025","description":"Luke Jennings. (2025, December 11). ConsentFix: Browser-native ClickFix hijacks OAuth grants. Retrieved December 15, 2025.","url":"https://pushsecurity.com/blog/consentfix","source":"Tidal Cyber","title":"ConsentFix: Browser-native ClickFix hijacks OAuth grants","authors":"Luke Jennings","date_accessed":"2025-12-15T12:00:00Z","date_published":"2025-12-11T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"df707a42-05b6-5363-872a-916c3ad7f254","created":"2025-12-17T14:17:44.114423Z","modified":"2025-12-17T14:17:44.271301Z"},{"id":"a323ff4a-3708-4f53-b3bf-5e7be6197388","name":"Arctic Wolf FortiGate Exploit Campaign January 10 2025","description":"Stefan Hostetler, Julian Tuin, Trevor Daher, Jon Grimm, Alyssa Newbury, Joe Wedderspoon, Markus Neis. (2025, January 10). Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls. Retrieved January 27, 2025.","url":"https://arcticwolf.com/resources/blog/console-chaos-targets-fortinet-fortigate-firewalls/","source":"Tidal Cyber","title":"Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls","authors":"Stefan Hostetler, Julian Tuin, Trevor Daher, Jon Grimm, Alyssa Newbury, Joe Wedderspoon, Markus Neis","date_accessed":"2025-01-27T00:00:00Z","date_published":"2025-01-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"04ca098c-c63f-5c24-bbf6-b7aa51c47f6f","created":"2025-01-28T15:53:34.362728Z","modified":"2025-01-28T15:53:34.922842Z"},{"id":"f298523a-6f0e-4699-8dd2-cd1d6b48297c","name":"NVISO Labs November 13 2025","description":"None Identified. (2025, November 13). Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery – NVISO Labs. Retrieved November 13, 2025.","url":"https://blog.nviso.eu/2025/11/13/contagious-interview-actors-now-utilize-json-storage-services-for-malware-delivery/","source":"Tidal Cyber","title":"Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery – NVISO Labs","authors":"None Identified","date_accessed":"2025-11-13T12:00:00Z","date_published":"2025-11-13T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ee07ad10-a634-568f-8929-a1d33dbc153c","created":"2025-11-19T17:44:50.835217Z","modified":"2025-11-19T17:44:50.973221Z"},{"id":"e6c60330-0147-5709-8f2a-693aca8ca10c","name":"Socket BeaverTail XORIndex HexEval Contagious Interview July 2025","description":"Kirill Boychenko. (2025, July 14). Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader. Retrieved October 19, 2025.","url":"https://socket.dev/blog/contagious-interview-campaign-escalates-67-malicious-npm-packages","source":"MITRE","title":"Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader","authors":"Kirill Boychenko","date_accessed":"2025-10-19T00:00:00Z","date_published":"2025-07-14T00:00:00Z","owner_name":null,"tidal_id":"85a194a8-3726-5aaf-b595-cd49e78701aa","created":"2025-10-29T21:08:48.165072Z","modified":"2025-12-17T15:08:36.417958Z"},{"id":"7062304e-91e9-45bf-84b4-c42bdad99e23","name":"Silent Push Contagious Interview April 24 2025","description":"Silent Push. (2025, April 24). Contagious Interview (DPRK) Launches a New Campaign Creating Three Front Companies to Deliver a Trio of Malware: BeaverTail, InvisibleFerret, and OtterCookie. Retrieved May 23, 2025.","url":"https://www.silentpush.com/blog/contagious-interview-front-companies/","source":"Tidal Cyber","title":"Contagious Interview (DPRK) Launches a New Campaign Creating Three Front Companies to Deliver a Trio of Malware: BeaverTail, InvisibleFerret, and OtterCookie","authors":"Silent Push","date_accessed":"2025-05-23T00:00:00Z","date_published":"2025-04-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8c38a4a5-f331-56ba-ae28-8dc58fd9375a","created":"2025-06-03T14:14:04.497384Z","modified":"2025-06-03T14:14:05.031680Z"},{"id":"401f99c1-e451-4483-85fd-9f087b43ad88","name":"Unit 42 October 9 2024","description":"Unit 42. (2024, October 9). Contagious Interview DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware. Retrieved May 6, 2025.","url":"https://unit42.paloaltonetworks.com/north-korean-threat-actors-lure-tech-job-seekers-as-fake-recruiters/","source":"Tidal Cyber","title":"Contagious Interview DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware","authors":"Unit 42","date_accessed":"2025-05-06T00:00:00Z","date_published":"2024-10-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"60114fbf-3aef-5b82-9d5d-9d9ee4200bd7","created":"2025-05-06T16:28:40.778826Z","modified":"2025-05-06T16:28:40.964012Z"},{"id":"b8cd0275-a043-5ea9-9a8a-a3c8f5ea35e7","name":"PaloAlto Unit42 ContagiousInterview BeaverTail InvisibileFerret October 2024","description":"Unit42. (2024, October 9). Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware. Retrieved October 17, 2025.","url":"https://unit42.paloaltonetworks.com/north-korean-threat-actors-lure-tech-job-seekers-as-fake-recruiters/","source":"MITRE","title":"Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware","authors":"Unit42","date_accessed":"2025-10-17T00:00:00Z","date_published":"2024-10-09T00:00:00Z","owner_name":null,"tidal_id":"80e55c34-d44d-5528-a3f9-1088c6e15258","created":"2025-10-29T21:08:48.164824Z","modified":"2025-12-17T15:08:36.417284Z"},{"id":"a34fe621-79ff-5ef9-9bfc-db067dcf9033","name":"Sentinel One Contagious Interview ClickFix September 2025","description":"Aleksandar Milenkoski, Sreekar Madabushi, Kenneth Kinion. (2025, September 4). Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms. Retrieved October 20, 2025.","url":"https://www.sentinelone.com/labs/contagious-interview-threat-actors-scout-cyber-intel-platforms-reveal-plans-and-ops/","source":"MITRE","title":"Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms","authors":"Aleksandar Milenkoski, Sreekar Madabushi, Kenneth Kinion","date_accessed":"2025-10-20T00:00:00Z","date_published":"2025-09-04T00:00:00Z","owner_name":null,"tidal_id":"1c0a3703-6d32-59b2-b3b3-cd0084c262a7","created":"2025-10-29T21:08:48.165957Z","modified":"2025-12-17T15:08:36.430409Z"},{"id":"3475b705-3ab8-401d-bee6-e187c43ad3c2","name":"Docker Docs Container","description":"docker docs. (n.d.). Containers. Retrieved October 13, 2021.","url":"https://docs.docker.com/engine/api/v1.41/#tag/Container","source":"MITRE","title":"Containers","authors":"docker docs","date_accessed":"2021-10-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d7ab2a3a-3a0a-5e80-936e-d8b871dba855","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437017Z"},{"id":"183a070f-6c8c-46e3-915b-6edc58bb5e91","name":"DigitalShadows CDN","description":"Swisscom & Digital Shadows. (2017, September 6). Content Delivery Networks (CDNs) Can Leave You Exposed – How You Might Be Affected And What You Can Do About It. Retrieved October 20, 2020.","url":"https://www.digitalshadows.com/blog-and-research/content-delivery-networks-cdns-can-leave-you-exposed-how-you-might-be-affected-and-what-you-can-do-about-it/","source":"MITRE","title":"Content Delivery Networks (CDNs) Can Leave You Exposed – How You Might Be Affected And What You Can Do About It","authors":"Swisscom & Digital Shadows","date_accessed":"2020-10-20T00:00:00Z","date_published":"2017-09-06T00:00:00Z","owner_name":null,"tidal_id":"e3bfed9c-8bd6-5882-93df-46df5a2d4084","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429751Z"},{"id":"fcd211a1-ac81-4ebc-b395-c8fa2a4d614a","name":"Content trust in Azure Container Registry","description":"Microsoft. (2019, September 5). Content trust in Azure Container Registry. Retrieved October 16, 2019.","url":"https://docs.microsoft.com/en-us/azure/container-registry/container-registry-content-trust","source":"MITRE","title":"Content trust in Azure Container Registry","authors":"Microsoft","date_accessed":"2019-10-16T00:00:00Z","date_published":"2019-09-05T00:00:00Z","owner_name":null,"tidal_id":"8ce332a8-edc5-5c55-a141-07776a01e073","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440660Z"},{"id":"57691166-5a22-44a0-8724-6b3b19658c3b","name":"Content trust in Docker","description":"Docker. (2019, October 10). Content trust in Docker. Retrieved October 16, 2019.","url":"https://docs.docker.com/engine/security/trust/content_trust/","source":"MITRE","title":"Content trust in Docker","authors":"Docker","date_accessed":"2019-10-16T00:00:00Z","date_published":"2019-10-10T00:00:00Z","owner_name":null,"tidal_id":"6dbf5257-7b3b-5cb7-a171-fda7dcc776f3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440654Z"},{"id":"7a511f0d-8feb-5370-87db-b33b96ea2367","name":"Microsoft File Folder Exclusions","description":"Microsoft. (2024, February 27). Contextual file and folder exclusions. Retrieved March 29, 2024.","url":"https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-contextual-file-folder-exclusions-microsoft-defender-antivirus","source":"MITRE","title":"Contextual file and folder exclusions","authors":"Microsoft","date_accessed":"2024-03-29T00:00:00Z","date_published":"2024-02-27T00:00:00Z","owner_name":null,"tidal_id":"2e3fa5d5-14c5-526d-b78c-d6e4055ef0b3","created":"2024-04-25T13:28:29.387763Z","modified":"2025-12-17T15:08:36.424304Z"},{"id":"aa34f2a1-a398-5dc4-b898-cdc02afeca5d","name":"Arctic Wolf Akira 2023","description":"Steven Campbell, Akshay Suthar, & Connor Belfiorre. (2023, July 26). Conti and Akira: Chained Together. Retrieved February 20, 2024.","url":"https://arcticwolf.com/resources/blog/conti-and-akira-chained-together/","source":"MITRE","title":"Conti and Akira: Chained Together","authors":"Steven Campbell, Akshay Suthar, & Connor Belfiorre","date_accessed":"2024-02-20T00:00:00Z","date_published":"2023-07-26T00:00:00Z","owner_name":null,"tidal_id":"2f028e57-5459-5e2b-8a9b-207230305c9d","created":"2024-04-25T13:28:44.366032Z","modified":"2025-12-17T15:08:36.438512Z"},{"id":"72e1b75b-edf7-45b0-9c14-14776a146d0e","name":"Arctic Wolf Conti Akira July 26 2023","description":"Steven Campbell, Akshay Suthar, Connor Belfiore, Arctic Wolf Labs Team. (2023, July 26). Conti and Akira: Chained Together. Retrieved March 13, 2024.","url":"https://arcticwolf.com/resources/blog/conti-and-akira-chained-together/","source":"Tidal Cyber","title":"Conti and Akira: Chained Together","authors":"Steven Campbell, Akshay Suthar, Connor Belfiore, Arctic Wolf Labs Team","date_accessed":"2024-03-13T00:00:00Z","date_published":"2023-07-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fc74091a-0cb1-521d-8026-b56713044e0a","created":"2024-04-04T20:38:53.930172Z","modified":"2024-04-04T20:38:54.080761Z"},{"id":"3bd1c189-8cb8-5e87-9d3a-15d24a8df16f","name":"RecordedFuture RedEcho 2022","description":"Recorded Future Insikt Group. (2022, April 6). Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group. Retrieved November 21, 2024.","url":"https://go.recordedfuture.com/hubfs/reports/ta-2022-0406.pdf","source":"MITRE","title":"Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group","authors":"Recorded Future Insikt Group","date_accessed":"2024-11-21T00:00:00Z","date_published":"2022-04-06T00:00:00Z","owner_name":null,"tidal_id":"1797d8e4-9c9a-57aa-8d9a-d1f9b4e10f97","created":"2025-04-22T20:47:21.743309Z","modified":"2025-12-17T15:08:36.438886Z"},{"id":"a6f1a15d-448b-41d4-81f0-ee445cba83bd","name":"DFIR Conti Bazar Nov 2021","description":"DFIR Report. (2021, November 29). CONTInuing the Bazar Ransomware Story. Retrieved September 29, 2022.","url":"https://thedfirreport.com/2021/11/29/continuing-the-bazar-ransomware-story/","source":"MITRE","title":"CONTInuing the Bazar Ransomware Story","authors":"DFIR Report","date_accessed":"2022-09-29T00:00:00Z","date_published":"2021-11-29T00:00:00Z","owner_name":null,"tidal_id":"594167eb-229b-5829-8792-9a9afb674262","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422974Z"},{"id":"3c0e82a2-41ab-4e63-ac10-bd691c786234","name":"Cybereason Conti Jan 2021","description":"Rochberger, L. (2021, January 12). Cybereason vs. Conti Ransomware. Retrieved February 17, 2021.","url":"https://www.cybereason.com/blog/cybereason-vs.-conti-ransomware","source":"MITRE","title":"Conti Ransomware","authors":"Rochberger, L. (2021, January 12)","date_accessed":"2021-02-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9a92b4e0-74b9-51b8-b12b-6ddce59e119c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418399Z"},{"id":"5ef0ad9d-f34d-4771-a595-7ee4994f6c91","name":"Cybleinc Conti January 2020","description":"Cybleinc. (2021, January 21). Conti Ransomware Resurfaces, Targeting Government & Large Organizations. Retrieved April 13, 2021.","url":"https://cybleinc.com/2021/01/21/conti-ransomware-resurfaces-targeting-government-large-organizations/","source":"MITRE","title":"Conti Ransomware Resurfaces, Targeting Government & Large Organizations","authors":"Cybleinc","date_accessed":"2021-04-13T00:00:00Z","date_published":"2021-01-21T00:00:00Z","owner_name":null,"tidal_id":"c02f9192-6744-589d-a597-c3032cd14443","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418392Z"},{"id":"d198608c-2676-5f44-bbc8-5455c2b36cdb","name":"Microsoft Developer Support Power Apps Conditional Access","description":"Microsoft Developer Support. (2020, May 9). Control Access to Power Apps and Power Automate with Azure AD Conditional Access Policies. Retrieved July 1, 2024.","url":"https://devblogs.microsoft.com/premier-developer/control-access-to-power-apps-and-power-automate-with-azure-ad-conditional-access-policies/","source":"MITRE","title":"Control Access to Power Apps and Power Automate with Azure AD Conditional Access Policies","authors":"Microsoft Developer Support","date_accessed":"2024-07-01T00:00:00Z","date_published":"2020-05-09T00:00:00Z","owner_name":null,"tidal_id":"ef46bddd-8a89-59d5-8296-29099e384990","created":"2024-10-31T16:28:36.196370Z","modified":"2025-12-17T15:08:36.440709Z"},{"id":"d0c821b9-7d37-4158-89fa-0dabe6e06800","name":"Control.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Control.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Control/","source":"Tidal Cyber","title":"Control.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"83a162ef-4cba-5ece-92d5-217e4f4c67e0","created":"2024-01-12T14:46:36.234426Z","modified":"2024-01-12T14:46:36.415842Z"},{"id":"a9b2f525-d812-4dea-b4a6-c0d057d5f071","name":"Wikipedia Control Flow Integrity","description":"Wikipedia. (2018, January 11). Control-flow integrity. Retrieved March 12, 2018.","url":"https://en.wikipedia.org/wiki/Control-flow_integrity","source":"MITRE","title":"Control-flow integrity","authors":"Wikipedia","date_accessed":"2018-03-12T00:00:00Z","date_published":"2018-01-11T00:00:00Z","owner_name":null,"tidal_id":"51d56312-ee9a-59f3-8c9c-c0ec0f56242c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415430Z"},{"id":"4b803789-fb63-559e-8e7b-9d624e9cef58","name":"Control Global May 2019","description":"Control Global 2019, May 29 Yokogawa announcement warns of counterfeit transmitters. Retrieved 2021/04/09","url":"https://www.controlglobal.com/industrynews/2019/yokogawa-announcement-warns-of-counterfeit-transmitters/","source":"ICS","title":"Control Global May 2019","authors":"","date_accessed":"2021-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2b4e1bd0-3b7a-59de-bdf1-a47e08f70ca4","created":"2026-01-28T13:08:18.177080Z","modified":"2026-01-28T13:08:18.177088Z"},{"id":"fd4577b6-0085-44c0-b4c3-4d66dcb39fe7","name":"Kubernetes API Control Access","description":"The Kubernetes Authors. (n.d.). Controlling Access to The Kubernetes API. Retrieved March 29, 2021.","url":"https://kubernetes.io/docs/concepts/security/controlling-access/","source":"MITRE","title":"Controlling Access to The Kubernetes API","authors":"The Kubernetes Authors","date_accessed":"2021-03-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"fb6579b8-f096-578d-b51e-fb473e445caa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442445Z"},{"id":"fd38f1fd-37e9-4173-b319-3f92c2743055","name":"TrendMicro CPL Malware Dec 2013","description":"Bernardino, J. (2013, December 17). Control Panel Files Used As Malicious Attachments. Retrieved January 18, 2018.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/control-panel-files-used-as-malicious-attachments/","source":"MITRE","title":"Control Panel Files Used As Malicious Attachments","authors":"Bernardino, J","date_accessed":"2018-01-18T00:00:00Z","date_published":"2013-12-17T00:00:00Z","owner_name":null,"tidal_id":"3d35393b-4a4d-557d-99d5-a577da6fee02","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429401Z"},{"id":"4deb8c8e-2da1-4634-bf04-5ccf620a2143","name":"GitHub Conveigh","description":"Robertson, K. (2016, August 28). Conveigh. Retrieved November 17, 2017.","url":"https://github.com/Kevin-Robertson/Conveigh","source":"MITRE","title":"Conveigh","authors":"Robertson, K","date_accessed":"2017-11-17T00:00:00Z","date_published":"2016-08-28T00:00:00Z","owner_name":null,"tidal_id":"9fa6ee92-d7ed-5298-9243-abfdb6b69cdf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424741Z"},{"id":"55d139fe-f5e5-4b5e-9123-8133b459ea72","name":"MITRE Copernicus","description":"Butterworth, J. (2013, July 30). Copernicus: Question Your Assumptions about BIOS Security. Retrieved December 11, 2015.","url":"http://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/copernicus-question-your-assumptions-about","source":"MITRE","title":"Copernicus: Question Your Assumptions about BIOS Security","authors":"Butterworth, J","date_accessed":"2015-12-11T00:00:00Z","date_published":"2013-07-30T00:00:00Z","owner_name":null,"tidal_id":"f1c74c26-8a7d-5ea9-b1c3-309b66583c24","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425411Z"},{"id":"d7f5f154-3638-47c1-8e1e-a30a6504a735","name":"Secureworks COPPER FIELDSTONE Profile","description":"Secureworks. (n.d.). COPPER FIELDSTONE. Retrieved October 6, 2021.","url":"https://www.secureworks.com/research/threat-profiles/copper-fieldstone","source":"MITRE","title":"COPPER FIELDSTONE","authors":"Secureworks","date_accessed":"2021-10-06T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3ee85198-9a25-5734-9a05-609d38d38276","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438324Z"},{"id":"4e0d4b94-6b4c-4104-86e6-499b6aa7ba78","name":"TechNet Copy","description":"Microsoft. (n.d.). Copy. Retrieved April 26, 2016.","url":"https://technet.microsoft.com/en-us/library/bb490886.aspx","source":"MITRE","title":"Copy","authors":"Microsoft","date_accessed":"2016-04-26T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ddbd1935-f9ac-5c1c-ae04-7a1c24e8a5fa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423319Z"},{"id":"88138372-550f-5da5-be5e-b5ba0fe32f64","name":"copy_cmd_cisco","description":"Cisco. (2022, August 16). copy - Cisco IOS Configuration Fundamentals Command Reference . Retrieved July 13, 2022.","url":"https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/C_commands.html#wp1068167689","source":"MITRE","title":"copy - Cisco IOS Configuration Fundamentals Command Reference","authors":"Cisco","date_accessed":"2022-07-13T00:00:00Z","date_published":"2022-08-16T00:00:00Z","owner_name":null,"tidal_id":"49989a0d-f534-5bca-82d9-e0db099a03a6","created":"2023-05-26T01:21:11.180341Z","modified":"2025-12-17T15:08:36.436739Z"},{"id":"04e3ce40-5487-4931-98db-f55da83f412e","name":"CopyKittens Nov 2015","description":"Minerva Labs LTD and ClearSky Cyber Security. (2015, November 23). CopyKittens Attack Group. Retrieved November 17, 2024.","url":"https://cdn2.hubspot.net/hubfs/1903456/Whitepapers/CopyKittens.pdf","source":"MITRE","title":"CopyKittens Attack Group","authors":"Minerva Labs LTD and ClearSky Cyber Security","date_accessed":"2024-11-17T00:00:00Z","date_published":"2015-11-23T00:00:00Z","owner_name":null,"tidal_id":"d8c06f43-ac9b-5239-bcff-37bced6458f1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417211Z"},{"id":"f24d4cf5-9ca9-46bd-bd43-86b37e2a638a","name":"coregen.exe - LOLBAS Project","description":"LOLBAS. (2020, October 9). coregen.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Coregen/","source":"Tidal Cyber","title":"coregen.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-10-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d7380b2b-7de1-5260-804f-25cbdfb63836","created":"2024-01-12T14:47:19.041678Z","modified":"2024-01-12T14:47:19.230724Z"},{"id":"0ef05e47-1305-4715-a677-67f1b55b24a3","name":"Apple Core Services","description":"Apple. (n.d.). Core Services. Retrieved June 25, 2020.","url":"https://developer.apple.com/documentation/coreservices","source":"MITRE","title":"Core Services","authors":"Apple","date_accessed":"2020-06-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ea586603-830e-5404-b100-40d926f4c581","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427796Z"},{"id":"81c771f0-8baf-5185-8221-4d783e68f447","name":"TrendMicro Coronavirus Updates","description":"T. Bao, J. Lu. (2020, April 14). Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/","source":"Mobile","title":"Coronavirus Update App Leads to Project Spy Android and iOS Spyware","authors":"T. Bao, J. Lu","date_accessed":"1978-04-01T00:00:00Z","date_published":"2020-04-14T00:00:00Z","owner_name":null,"tidal_id":"1dab31d5-312b-5c3f-b387-01343c2139dd","created":"2026-01-28T13:08:10.040247Z","modified":"2026-01-28T13:08:10.040251Z"},{"id":"037ace78-e997-40f3-a891-916bc596a9c0","name":"Microsoft IoT Compromises August 05 2019","description":"MSRC Team. (2019, August 5). Corporate IoT - a path to intrusion. Retrieved August 24, 2023.","url":"https://msrc.microsoft.com/blog/2019/08/corporate-iot-a-path-to-intrusion/","source":"Tidal Cyber","title":"Corporate IoT - a path to intrusion","authors":"MSRC Team","date_accessed":"2023-08-24T00:00:00Z","date_published":"2019-08-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e7e26c06-e352-5c90-9c5e-b9a8d0ae20dc","created":"2024-06-13T20:10:39.875363Z","modified":"2024-06-13T20:10:40.082176Z"},{"id":"7efd3c8d-5e69-4b6f-8edb-9186abdf0e1a","name":"Microsoft STRONTIUM Aug 2019","description":"MSRC Team. (2019, August 5). Corporate IoT – a path to intrusion. Retrieved August 16, 2019.","url":"https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/","source":"MITRE","title":"Corporate IoT – a path to intrusion","authors":"MSRC Team","date_accessed":"2019-08-16T00:00:00Z","date_published":"2019-08-05T00:00:00Z","owner_name":null,"tidal_id":"a10a786b-b55d-5593-8a79-7232357907a8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437950Z"},{"id":"96ce4324-57d2-422b-8403-f5d4f3ce410c","name":"Palo Alto ARP","description":"Palo Alto Networks. (2021, November 24). Cortex XDR Analytics Alert Reference: Uncommon ARP cache listing via arp.exe. Retrieved December 7, 2021.","url":"https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-analytics-alert-reference/cortex-xdr-analytics-alert-reference/uncommon-arp-cache-listing-via-arp-exe.html","source":"MITRE","title":"Cortex XDR Analytics Alert Reference: Uncommon ARP cache listing via arp.exe","authors":"Palo Alto Networks","date_accessed":"2021-12-07T00:00:00Z","date_published":"2021-11-24T00:00:00Z","owner_name":null,"tidal_id":"f968169b-2210-5cc4-98af-06ef6a303885","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442648Z"},{"id":"8debba29-4d6d-41d2-8772-f97c7d49056b","name":"WeLiveSecurity CosmicBeetle September 10 2024","description":"Jakub Souček. (2024, September 10). CosmicBeetle steps up: Probation period at RansomHub. Retrieved September 13, 2024.","url":"https://www.welivesecurity.com/en/eset-research/cosmicbeetle-steps-up-probation-period-ransomhub/","source":"Tidal Cyber","title":"CosmicBeetle steps up: Probation period at RansomHub","authors":"Jakub Souček","date_accessed":"2024-09-13T00:00:00Z","date_published":"2024-09-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"292c0a09-881b-59b8-9b2b-d602c1f0211f","created":"2024-09-13T19:19:52.190712Z","modified":"2024-09-13T19:19:52.829157Z"},{"id":"d0d5ecbe-1051-4ceb-b558-b8b451178358","name":"F-Secure Cosmicduke","description":"F-Secure Labs. (2014, July). COSMICDUKE Cosmu with a twist of MiniDuke. Retrieved July 3, 2014.","url":"https://blog.f-secure.com/wp-content/uploads/2019/10/CosmicDuke.pdf","source":"MITRE","title":"COSMICDUKE Cosmu with a twist of MiniDuke","authors":"F-Secure Labs","date_accessed":"2014-07-03T00:00:00Z","date_published":"2014-07-01T00:00:00Z","owner_name":null,"tidal_id":"3442c862-46df-5da3-aaa7-783c7c182bc2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428104Z"},{"id":"2be88843-ed3a-460e-87c1-85aa50e827c8","name":"Costin Raiu IAmTheKing October 2020","description":"Costin Raiu. (2020, October 2). Costin Raiu Twitter IAmTheKing SlothfulMedia. Retrieved September 12, 2024.","url":"https://x.com/craiu/status/1311920398259367942","source":"MITRE","title":"Costin Raiu Twitter IAmTheKing SlothfulMedia","authors":"Costin Raiu","date_accessed":"2024-09-12T00:00:00Z","date_published":"2020-10-02T00:00:00Z","owner_name":null,"tidal_id":"c8c12d3e-1280-581e-b2b4-1535658cfb83","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422570Z"},{"id":"90d60b4c-7c10-4fb7-ac4b-3c2645f864e4","name":"Cybersecurity and Infrastructure Security Agency CISA August 27 2025","description":"Cybersecurity and Infrastructure Security Agency CISA. (2025, August 27). Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System . Retrieved August 28, 2025.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a","source":"Tidal Cyber","title":"Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System","authors":"Cybersecurity and Infrastructure Security Agency CISA","date_accessed":"2025-08-28T12:00:00Z","date_published":"2025-08-27T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e73cafba-e2cf-5245-884b-f6f5555517bb","created":"2025-09-04T13:57:50.801292Z","modified":"2025-09-04T13:57:50.934477Z"},{"id":"6d568141-eb54-5001-b880-ae8ac1156746","name":"Google Iran Threats October 2021","description":"Bash, A. (2021, October 14). Countering threats from Iran. Retrieved January 4, 2023.","url":"https://blog.google/threat-analysis-group/countering-threats-iran/","source":"MITRE","title":"Countering threats from Iran","authors":"Bash, A","date_accessed":"2023-01-04T00:00:00Z","date_published":"2021-10-14T00:00:00Z","owner_name":null,"tidal_id":"fe508c94-f902-520c-8c20-5e99aa0c5312","created":"2023-05-26T01:21:18.334443Z","modified":"2025-12-17T15:08:36.439920Z"},{"id":"b717c3ae-8ae0-53c9-90ba-a34cf7694f3c","name":"Github Covenant","description":"cobbr. (2021, April 21). Covenant. Retrieved September 4, 2024.","url":"https://github.com/cobbr/Covenant","source":"MITRE","title":"Covenant","authors":"cobbr","date_accessed":"2024-09-04T00:00:00Z","date_published":"2021-04-21T00:00:00Z","owner_name":null,"tidal_id":"91011b96-8deb-568b-a7ab-56c3c08f38e2","created":"2024-10-31T16:28:36.376640Z","modified":"2025-12-17T15:08:36.422684Z"},{"id":"49f22ba2-5aca-4204-858e-c2499a7050ae","name":"Cisco DNSMessenger March 2017","description":"Brumaghin, E. and Grady, C.. (2017, March 2). Covert Channels and Poor Decisions: The Tale of DNSMessenger. Retrieved March 8, 2017.","url":"http://blog.talosintelligence.com/2017/03/dnsmessenger.html","source":"MITRE","title":"Covert Channels and Poor Decisions: The Tale of DNSMessenger","authors":"Brumaghin, E. and Grady, C.","date_accessed":"2017-03-08T00:00:00Z","date_published":"2017-03-02T00:00:00Z","owner_name":null,"tidal_id":"e5a53071-716e-589d-b783-42a74173a521","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417155Z"},{"id":"426886d0-cdf2-4af7-a0e4-366c1b0a1942","name":"Juniper IcedID June 2020","description":"Kimayong, P. (2020, June 18). COVID-19 and FMLA Campaigns used to install new IcedID banking malware. Retrieved July 14, 2020.","url":"https://blogs.juniper.net/en-us/threat-research/covid-19-and-fmla-campaigns-used-to-install-new-icedid-banking-malware","source":"MITRE","title":"COVID-19 and FMLA Campaigns used to install new IcedID banking malware","authors":"Kimayong, P","date_accessed":"2020-07-14T00:00:00Z","date_published":"2020-06-18T00:00:00Z","owner_name":null,"tidal_id":"14b313cd-b652-5613-a3f3-1ec43c840ad6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418574Z"},{"id":"cf8f3d9c-0d21-4587-a707-46848a15bd46","name":"PTSecurity Higaisa 2020","description":"PT ESC Threat Intelligence. (2020, June 4). COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group. Retrieved March 2, 2021.","url":"https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/covid-19-and-new-year-greetings-the-higaisa-group/","source":"MITRE, Tidal Cyber","title":"COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group","authors":"PT ESC Threat Intelligence","date_accessed":"2021-03-02T00:00:00Z","date_published":"2020-06-04T00:00:00Z","owner_name":null,"tidal_id":"e53231da-3e02-5a27-bae9-07f88e8774b7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279665Z"},{"id":"08e1d233-0580-484e-b737-af091e2aa9ea","name":"F-Secure CozyDuke","description":"F-Secure Labs. (2015, April 22). CozyDuke: Malware Analysis. Retrieved December 10, 2015.","url":"https://www.f-secure.com/documents/996508/1030745/CozyDuke","source":"MITRE","title":"CozyDuke: Malware Analysis","authors":"F-Secure Labs","date_accessed":"2015-12-10T00:00:00Z","date_published":"2015-04-22T00:00:00Z","owner_name":null,"tidal_id":"cb108250-9361-596b-a70d-221b20631de3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434088Z"},{"id":"9549f9b6-b771-4500-bd82-426c7abdfd8f","name":"TrendMicro CPL Malware Jan 2014","description":"Mercês, F. (2014, January 27). CPL Malware - Malicious Control Panel Items. Retrieved January 18, 2018.","url":"https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-cpl-malware.pdf","source":"MITRE","title":"CPL Malware - Malicious Control Panel Items","authors":"Mercês, F","date_accessed":"2018-01-18T00:00:00Z","date_published":"2014-01-27T00:00:00Z","owner_name":null,"tidal_id":"298cba77-8cd1-566e-8654-519ffbea2493","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429395Z"},{"id":"d90a33aa-8f20-49cb-aa27-771249cb65eb","name":"Trend Micro CPL","description":"Merces, F. (2014). CPL Malware Malicious Control Panel Items. Retrieved November 1, 2017.","url":"https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-cpl-malware.pdf","source":"MITRE","title":"CPL Malware Malicious Control Panel Items","authors":"Merces, F","date_accessed":"2017-11-01T00:00:00Z","date_published":"2014-01-01T00:00:00Z","owner_name":null,"tidal_id":"5439af1b-63ec-57f8-b18b-61c72f13a13a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424083Z"},{"id":"9544e762-6f72-59e7-8384-5bbef13bfe96","name":"SANS Brute Ratel October 2022","description":"Thomas, W. (2022, October 5). Cracked Brute Ratel C4 framework proliferates across the cybercriminal underground. Retrieved February 6, 2023.","url":"https://www.sans.org/blog/cracked-brute-ratel-c4-framework-proliferates-across-the-cybercriminal-underground/","source":"MITRE","title":"Cracked Brute Ratel C4 framework proliferates across the cybercriminal underground","authors":"Thomas, W","date_accessed":"2023-02-06T00:00:00Z","date_published":"2022-10-05T00:00:00Z","owner_name":null,"tidal_id":"c1bb5190-c815-5010-8c35-0026087404a2","created":"2023-05-26T01:21:21.138418Z","modified":"2025-12-17T15:08:36.423063Z"},{"id":"3af06034-8384-4de8-9356-e9aaa35b95a2","name":"Stealthbits Cracking AS-REP Roasting Jun 2019","description":"Jeff Warren. (2019, June 27). Cracking Active Directory Passwords with AS-REP Roasting. Retrieved August 24, 2020.","url":"https://blog.stealthbits.com/cracking-active-directory-passwords-with-as-rep-roasting/","source":"MITRE","title":"Cracking Active Directory Passwords with AS-REP Roasting","authors":"Jeff Warren","date_accessed":"2020-08-24T00:00:00Z","date_published":"2019-06-27T00:00:00Z","owner_name":null,"tidal_id":"04388cc2-8104-5039-8e42-cb72032b1f4e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427953Z"},{"id":"1b018fc3-515a-4ec4-978f-6d5649ceb0c5","name":"AdSecurity Cracking Kerberos Dec 2015","description":"Metcalf, S. (2015, December 31). Cracking Kerberos TGS Tickets Using Kerberoast – Exploiting Kerberos to Compromise the Active Directory Domain. Retrieved March 22, 2018.","url":"https://adsecurity.org/?p=2293","source":"MITRE","title":"Cracking Kerberos TGS Tickets Using Kerberoast – Exploiting Kerberos to Compromise the Active Directory Domain","authors":"Metcalf, S","date_accessed":"2018-03-22T00:00:00Z","date_published":"2015-12-31T00:00:00Z","owner_name":null,"tidal_id":"29ea9147-b37c-5ef2-93d0-aa21e919fb48","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416081Z"},{"id":"ecfdd6e1-caa0-5611-a1f5-d96873cf2222","name":"Symantec Crambus OCT 2023","description":"Symantec Threat Hunter Team. (2023, October 19). Crambus: New Campaign Targets Middle Eastern Government. Retrieved November 27, 2024.","url":"https://www.security.com/threat-intelligence/crambus-middle-east-government","source":"MITRE","title":"Crambus: New Campaign Targets Middle Eastern Government","authors":"Symantec Threat Hunter Team","date_accessed":"2024-11-27T00:00:00Z","date_published":"2023-10-19T00:00:00Z","owner_name":null,"tidal_id":"c06a8102-a403-5592-83b1-1ce634ef8ea8","created":"2025-04-22T20:47:23.931795Z","modified":"2025-12-17T15:08:36.417543Z"},{"id":"c8f624e3-2ba2-4564-bd1c-f06b9a6a8bce","name":"Dragos Crashoverride 2017","description":"Dragos Inc.. (2017, June 13). CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Retrieved December 18, 2020.","url":"https://dragos.com/blog/crashoverride/CrashOverride-01.pdf","source":"MITRE","title":"CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations","authors":"Dragos Inc.","date_accessed":"2020-12-18T00:00:00Z","date_published":"2017-06-13T00:00:00Z","owner_name":null,"tidal_id":"603606be-7742-5661-93a2-ca2415ac6dcd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422087Z"},{"id":"75098b2c-4928-4e3f-9bcc-b4f6b8de96f8","name":"Unit 42 ATOM Crawling Taurus","description":"Unit 42. (n.d.). Crawling Taurus. Retrieved September 14, 2023.","url":"https://unit42.paloaltonetworks.com/atoms/crawling-taurus/","source":"Tidal Cyber","title":"Crawling Taurus","authors":"Unit 42","date_accessed":"2023-09-14T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"ade36936-97ce-5970-b66c-21f189ba46a0","created":"2023-09-14T20:17:59.442912Z","modified":"2023-09-14T20:17:59.541681Z"},{"id":"5317c625-d0be-45eb-9321-0cc9aa295cc9","name":"Microsoft Image","description":"Microsoft. (2021, August 23). Create a managed image of a generalized VM in Azure. Retrieved October 13, 2021.","url":"https://docs.microsoft.com/en-us/azure/virtual-machines/windows/capture-image-resource","source":"MITRE","title":"Create a managed image of a generalized VM in Azure","authors":"Microsoft","date_accessed":"2021-10-13T00:00:00Z","date_published":"2021-08-23T00:00:00Z","owner_name":null,"tidal_id":"0893ff5c-50e0-5b88-a6ed-60748faa5b6f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437049Z"},{"id":"91bc7156-3589-5f00-ba93-99da28c79bb0","name":"Android Geofencing API","description":"Google. (n.d.). Create and monitor geofences. Retrieved September","url":"https://developer.android.com/training/location/geofencing","source":"Mobile","title":"Create and monitor geofences","authors":"Google","date_accessed":"1978-09-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7aa4532a-decb-538d-a299-fce99f7eb873","created":"2026-01-28T13:08:10.044864Z","modified":"2026-01-28T13:08:10.044867Z"},{"id":"693549da-d9b9-4b67-a1bb-c8ea4a099842","name":"Microsoft Snapshot","description":"Microsoft. (2021, September 16). Create a snapshot of a virtual hard disk. Retrieved October 13, 2021.","url":"https://docs.microsoft.com/en-us/azure/virtual-machines/linux/snapshot-copy-managed-disk","source":"MITRE","title":"Create a snapshot of a virtual hard disk","authors":"Microsoft","date_accessed":"2021-10-13T00:00:00Z","date_published":"2021-09-16T00:00:00Z","owner_name":null,"tidal_id":"35b9340a-b94b-5490-98e5-eaeced3959d4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437153Z"},{"id":"d36d4f06-007e-4ff0-8660-4c65721d0b92","name":"Microsoft Create Token","description":"Brower, N., Lich, B. (2017, April 19). Create a token object. Retrieved December 19, 2017.","url":"https://docs.microsoft.com/windows/device-security/security-policy-settings/create-a-token-object","source":"MITRE","title":"Create a token object","authors":"Brower, N., Lich, B","date_accessed":"2017-12-19T00:00:00Z","date_published":"2017-04-19T00:00:00Z","owner_name":null,"tidal_id":"7c9f2edc-76f6-5436-97dc-8c401eb73d59","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416260Z"},{"id":"e91748b2-1432-4203-a1fe-100aa70458d2","name":"GCP Create Cloud Identity Users","description":"Google. (n.d.). Create Cloud Identity user accounts. Retrieved January 29, 2020.","url":"https://support.google.com/cloudidentity/answer/7332836?hl=en&ref_topic=7558554","source":"MITRE","title":"Create Cloud Identity user accounts","authors":"Google","date_accessed":"2020-01-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c1b9ad5e-e0fb-561a-b0d6-469cb84d763b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433024Z"},{"id":"f3ccacc1-3b42-4042-9a5c-f5b483a5e801","name":"Createdump.exe - LOLBAS Project","description":"LOLBAS. (2022, January 20). Createdump.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Createdump/","source":"Tidal Cyber","title":"Createdump.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-01-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ea0dbf93-08c9-595e-a25e-c07c6d3dd771","created":"2024-01-12T14:47:19.412069Z","modified":"2024-01-12T14:47:19.586958Z"},{"id":"e8ee3ac6-ae7c-5fd3-a339-b579a419dd96","name":"Google Cloud Kubernetes IAM","description":"Google Cloud. (n.d.). Create IAM policies. Retrieved July 14, 2023.","url":"https://cloud.google.com/kubernetes-engine/docs/how-to/iam","source":"MITRE","title":"Create IAM policies","authors":"Google Cloud","date_accessed":"2023-07-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2271d4a7-fbcb-5b86-82fe-0d4213096bc1","created":"2023-11-07T00:36:00.429572Z","modified":"2025-12-17T15:08:36.427600Z"},{"id":"20939374-30c1-515a-b672-28a030bf0c64","name":"Microsoft CreateMutexA","description":"Microsoft. (2023, February 8). CreateMutexA function (synchapi.h). Retrieved September 19, 2024.","url":"https://learn.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-createmutexa","source":"MITRE","title":"CreateMutexA function (synchapi.h)","authors":"Microsoft","date_accessed":"2024-09-19T00:00:00Z","date_published":"2023-02-08T00:00:00Z","owner_name":null,"tidal_id":"71c004b0-eb01-5a1d-a6e9-b48266b09816","created":"2024-10-31T16:28:36.520870Z","modified":"2025-04-22T20:47:30.763066Z"},{"id":"aa336e3a-464d-48ce-bebb-760b73764610","name":"Microsoft CreateProcess","description":"Microsoft. (n.d.). CreateProcess function. Retrieved December 5, 2014.","url":"http://msdn.microsoft.com/en-us/library/ms682425","source":"MITRE","title":"CreateProcess function","authors":"Microsoft","date_accessed":"2014-12-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"15fd5576-224c-5b0f-af90-711efbb56ad8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416348Z"},{"id":"1331b524-7d6f-59d9-a2bd-78ff7b3e371f","name":"Microsoft CLI Create Subscription","description":"Microsoft . (n.d.). Create subscription. Retrieved August 4, 2023.","url":"https://learn.microsoft.com/en-us/graph/api/subscription-post-subscriptions","source":"MITRE","title":"Create subscription","authors":"Microsoft","date_accessed":"2023-08-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5c24242b-14ec-58a3-a922-659ac25fbfdf","created":"2023-11-07T00:36:20.640731Z","modified":"2025-04-22T20:47:31.671472Z"},{"id":"06bfdf8f-8671-47f7-9d0c-baf234c7ae96","name":"create_sym_links","description":"Microsoft. (2021, October 28). Create symbolic links. Retrieved April 27, 2022.","url":"https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/create-symbolic-links","source":"MITRE","title":"Create symbolic links","authors":"Microsoft","date_accessed":"2022-04-27T00:00:00Z","date_published":"2021-10-28T00:00:00Z","owner_name":null,"tidal_id":"7fc425b8-d19e-533b-a02b-1563d66eb00f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442139Z"},{"id":"c1b87a56-115a-46d7-9117-80442091ac3c","name":"GCP - Creating and Starting a VM","description":"Google. (2020, April 23). Creating and Starting a VM instance. Retrieved May 1, 2020.","url":"https://cloud.google.com/compute/docs/instances/create-start-instance#api_2","source":"MITRE","title":"Creating and Starting a VM instance","authors":"Google","date_accessed":"2020-05-01T00:00:00Z","date_published":"2020-04-23T00:00:00Z","owner_name":null,"tidal_id":"a98e6a37-fded-57f6-8a16-8281bd508286","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436235Z"},{"id":"bb474e88-b7bb-4b92-837c-95fe7bdd03f7","name":"AWS Create IAM User","description":"AWS. (n.d.). Creating an IAM User in Your AWS Account. Retrieved January 29, 2020.","url":"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html","source":"MITRE","title":"Creating an IAM User in Your AWS Account","authors":"AWS","date_accessed":"2020-01-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2665eaf6-0098-5221-959a-4175ce25b66d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433006Z"},{"id":"c46331cb-328a-46e3-89c4-e43fa345d6e8","name":"GNU Fork","description":"Free Software Foundation, Inc.. (2020, June 18). Creating a Process. Retrieved June 25, 2020.","url":"https://www.gnu.org/software/libc/manual/html_node/Creating-a-Process.html","source":"MITRE","title":"Creating a Process","authors":"Free Software Foundation, Inc.","date_accessed":"2020-06-25T00:00:00Z","date_published":"2020-06-18T00:00:00Z","owner_name":null,"tidal_id":"a3a51572-1721-5cf5-ad42-5ab6f183966f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427822Z"},{"id":"310d18f8-6f9a-48b7-af12-6b921209d1ab","name":"AppleDocs Launch Agent Daemons","description":"Apple. (n.d.). Creating Launch Daemons and Agents. Retrieved July 10, 2017.","url":"https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html","source":"MITRE","title":"Creating Launch Daemons and Agents","authors":"Apple","date_accessed":"2017-07-10T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"07b5eef0-9756-58d3-ad86-8e6e27e0c042","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425034Z"},{"id":"896cf5dd-3fe7-44ab-bbaf-d8b2b9980dca","name":"TechNet Logon Scripts","description":"Microsoft. (2005, January 21). Creating logon scripts. Retrieved April 27, 2016.","url":"https://technet.microsoft.com/en-us/library/cc758918(v=ws.10).aspx","source":"MITRE","title":"Creating logon scripts","authors":"Microsoft","date_accessed":"2016-04-27T00:00:00Z","date_published":"2005-01-21T00:00:00Z","owner_name":null,"tidal_id":"6a419210-5d0b-5ee7-b2e4-9d7d75e687bd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436090Z"},{"id":"c4befa09-3c7f-49f3-bfcc-4fcbb7bace22","name":"Google Cloud Service Account Credentials","description":"Google Cloud. (2022, March 31). Creating short-lived service account credentials. Retrieved April 1, 2022.","url":"https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials","source":"MITRE","title":"Creating short-lived service account credentials","authors":"Google Cloud","date_accessed":"2022-04-01T00:00:00Z","date_published":"2022-03-31T00:00:00Z","owner_name":null,"tidal_id":"5397d298-abeb-5d67-93a0-67f36ea3efad","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436282Z"},{"id":"029acdee-95d6-47a7-86de-0f6b925cef9c","name":"creatingXPCservices","description":"Apple. (2016, September 9). Creating XPC Services. Retrieved April 19, 2022.","url":"https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingXPCServices.html#//apple_ref/doc/uid/10000172i-SW6-SW1","source":"MITRE","title":"Creating XPC Services","authors":"Apple","date_accessed":"2022-04-19T00:00:00Z","date_published":"2016-09-09T00:00:00Z","owner_name":null,"tidal_id":"407b23a5-f029-5c95-843a-b64f28ebd84d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431916Z"},{"id":"276975da-7b5f-49aa-975e-4ac9bc527cf2","name":"GitHub Creddump7","description":"Flathers, R. (2018, February 19). creddump7. Retrieved April 11, 2018.","url":"https://github.com/Neohapsis/creddump7","source":"MITRE","title":"creddump7","authors":"Flathers, R","date_accessed":"2018-04-11T00:00:00Z","date_published":"2018-02-19T00:00:00Z","owner_name":null,"tidal_id":"0f6dda4e-12e3-55c9-9fb6-16b283196c41","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425396Z"},{"id":"5af0008b-0ced-5d1d-bbc9-6c9d60835071","name":"Microsoft Midnight Blizzard Replay Attack","description":"Microsoft Threat Intelligence. (2023, June 21). Credential Attacks. Retrieved September 12, 2024.","url":"https://x.com/MsftSecIntel/status/1671579359994343425","source":"MITRE","title":"Credential Attacks","authors":"Microsoft Threat Intelligence","date_accessed":"2024-09-12T00:00:00Z","date_published":"2023-06-21T00:00:00Z","owner_name":null,"tidal_id":"f154fba6-10f7-5ba9-8459-4a0a8b0e6d0a","created":"2023-11-07T00:36:06.188282Z","modified":"2025-12-17T15:08:36.432917Z"},{"id":"3cdeb2a2-9582-4725-a132-6503dbe04e1d","name":"Anomali Template Injection MAR 2018","description":"Intel_Acquisition_Team. (2018, March 1). Credential Harvesting and Malicious File Delivery using Microsoft Office Template Injection. Retrieved July 20, 2018.","url":"https://forum.anomali.com/t/credential-harvesting-and-malicious-file-delivery-using-microsoft-office-template-injection/2104","source":"MITRE","title":"Credential Harvesting and Malicious File Delivery using Microsoft Office Template Injection","authors":"Intel_Acquisition_Team","date_accessed":"2018-07-20T00:00:00Z","date_published":"2018-03-01T00:00:00Z","owner_name":null,"tidal_id":"6c6db662-06d3-572a-8d5c-6af225b61315","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416282Z"},{"id":"77505354-bb08-464c-9176-d0015a62c7c9","name":"Microsoft Credential Locker","description":"Microsoft. (2013, October 23). Credential Locker Overview. Retrieved November 24, 2020.","url":"https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-8.1-and-8/jj554668(v=ws.11)?redirectedfrom=MSDN","source":"MITRE","title":"Credential Locker Overview","authors":"Microsoft","date_accessed":"2020-11-24T00:00:00Z","date_published":"2013-10-23T00:00:00Z","owner_name":null,"tidal_id":"becee266-33ad-5945-bd7f-1c220209ccdf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435054Z"},{"id":"3ca0c031-fb82-555a-aee5-b73ae6cbb91c","name":"Proofpoint-Marcher","description":"Proofpoint. (2017, November 3). Credential phishing and an Android banking Trojan combine in Austrian mobile attacks. Retrieved July","url":"https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks","source":"Mobile","title":"Credential phishing and an Android banking Trojan combine in Austrian mobile attacks","authors":"Proofpoint","date_accessed":"1978-07-01T00:00:00Z","date_published":"2017-11-03T00:00:00Z","owner_name":null,"tidal_id":"0d7d3449-ecc8-5609-8e19-3da8efbff473","created":"2026-01-28T13:08:10.042414Z","modified":"2026-01-28T13:08:10.042417Z"},{"id":"ec3e7b3f-99dd-4f2f-885b-09d66b01fe3e","name":"Microsoft CredEnumerate","description":"Microsoft. (2018, December 5). CredEnumarateA function (wincred.h). Retrieved November 24, 2020.","url":"https://docs.microsoft.com/en-us/windows/win32/api/wincred/nf-wincred-credenumeratea","source":"MITRE","title":"CredEnumarateA function (wincred.h)","authors":"Microsoft","date_accessed":"2020-11-24T00:00:00Z","date_published":"2018-12-05T00:00:00Z","owner_name":null,"tidal_id":"2fa77298-14b8-5a01-9f4b-01b50b761a56","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435066Z"},{"id":"09cae6de-e026-43a5-a8bc-7ff8e8205232","name":"SentinelLabs Intermittent Encryption September 08 2022","description":"Aleksandar Milenkoski, Jim Walter. (2022, September 8). Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection. Retrieved August 10, 2023.","url":"https://www.sentinelone.com/labs/crimeware-trends-ransomware-developers-turn-to-intermittent-encryption-to-evade-detection/","source":"Tidal Cyber","title":"Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection","authors":"Aleksandar Milenkoski, Jim Walter","date_accessed":"2023-08-10T00:00:00Z","date_published":"2022-09-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"439b98c1-18b5-5842-8967-ceba08c5b221","created":"2024-06-13T20:10:38.004254Z","modified":"2024-06-13T20:10:38.191887Z"},{"id":"527de869-3c76-447c-98c4-c37a2acf75e2","name":"TrendmicroHideoutsLease","description":"Max Goncharov. (2015, July 15). Criminal Hideouts for Lease: Bulletproof Hosting Services. Retrieved March 6, 2017.","url":"https://documents.trendmicro.com/assets/wp/wp-criminal-hideouts-for-lease.pdf","source":"MITRE","title":"Criminal Hideouts for Lease: Bulletproof Hosting Services","authors":"Max Goncharov","date_accessed":"2017-03-06T00:00:00Z","date_published":"2015-07-15T00:00:00Z","owner_name":null,"tidal_id":"030f367f-8871-5aac-a718-2e7dcd28b765","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424012Z"},{"id":"f8f6643d-26f3-5eb9-9074-ca9683fdbe71","name":"IC3-AI24","description":"IC3. (2024, December 3). Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud. Retrieved March 18, 2025.","url":"https://www.ic3.gov/PSA/2024/PSA241203","source":"MITRE","title":"Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud","authors":"IC3","date_accessed":"2025-03-18T00:00:00Z","date_published":"2024-12-03T00:00:00Z","owner_name":null,"tidal_id":"e2fe02c0-e3d8-5414-bc41-e03fe2dd9f1a","created":"2025-04-22T20:47:09.490393Z","modified":"2025-12-17T15:08:36.424570Z"},{"id":"4f936a29-51e4-4a28-b078-1a886284870f","name":"Rapid7 October 07 2025","description":"Rapid7. (2025, October 7). Crimson Collective: A New Threat Group Observed Operating in the Cloud | Rapid7 Labs. Retrieved October 10, 2025.","url":"https://www.rapid7.com/blog/post/tr-crimson-collective-a-new-threat-group-observed-operating-in-the-cloud/","source":"Tidal Cyber","title":"Crimson Collective: A New Threat Group Observed Operating in the Cloud | Rapid7 Labs","authors":"Rapid7","date_accessed":"2025-10-10T12:00:00Z","date_published":"2025-10-07T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bf5a4b3a-f12e-5779-a491-02a943a8853b","created":"2025-10-13T17:28:45.098850Z","modified":"2025-10-13T17:28:45.284703Z"},{"id":"2572c252-f3a7-4e0f-bf87-2c92f7379397","name":"BleepingComputer June 6 2025","description":"Sergiu Gatlan. (2025, June 6). Critical Fortinet flaws now exploited in Qilin ransomware attacks. Retrieved June 9, 2025.","url":"https://www.bleepingcomputer.com/news/security/critical-fortinet-flaws-now-exploited-in-qilin-ransomware-attacks/","source":"Tidal Cyber","title":"Critical Fortinet flaws now exploited in Qilin ransomware attacks","authors":"Sergiu Gatlan","date_accessed":"2025-06-09T00:00:00Z","date_published":"2025-06-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1f797098-1b82-579b-9bb2-f5547f81dc1f","created":"2025-06-10T15:50:21.196528Z","modified":"2025-06-10T15:50:21.708803Z"},{"id":"54b5d8af-21f0-4d1c-ada8-b87db85dd742","name":"doppelpaymer_crowdstrike","description":"Hurley, S. (2021, December 7). Critical Hit: How DoppelPaymer Hunts and Kills Windows Processes. Retrieved January 26, 2022.","url":"https://www.crowdstrike.com/blog/how-doppelpaymer-hunts-and-kills-windows-processes/","source":"MITRE","title":"Critical Hit: How DoppelPaymer Hunts and Kills Windows Processes","authors":"Hurley, S","date_accessed":"2022-01-26T00:00:00Z","date_published":"2021-12-07T00:00:00Z","owner_name":null,"tidal_id":"128e8df6-60cd-50c6-af12-48c54913cbd0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433401Z"},{"id":"bfa16dc6-f075-5bd3-9d9d-255df8789298","name":"CISA AA24-038A PRC Critical Infrastructure February 2024","description":"CISA et al.. (2024, February 7). PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure. Retrieved May 15, 2024.","url":"https://www.cisa.gov/sites/default/files/2024-03/aa24-038a_csa_prc_state_sponsored_actors_compromise_us_critical_infrastructure_3.pdf","source":"MITRE","title":"Critical Infrastructure","authors":"CISA et al.. (2024, February 7)","date_accessed":"2024-05-15T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e4863919-d7cc-509c-90fe-72f56f13eb05","created":"2024-10-31T16:28:28.802792Z","modified":"2025-12-17T15:08:36.438014Z"},{"id":"d76f6871-853d-4b68-a48d-edff193a9d58","name":"wiz.io December 03 2025","description":"None Identified. (2025, December 3). Critical RCE Vulnerabilities Discovered in React & Next.js | Wiz Blog. Retrieved December 5, 2025.","url":"https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182","source":"Tidal Cyber","title":"Critical RCE Vulnerabilities Discovered in React & Next.js | Wiz Blog","authors":"None Identified","date_accessed":"2025-12-05T12:00:00Z","date_published":"2025-12-03T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2722e136-a95c-5dbe-b907-887725aad4cd","created":"2025-12-10T14:13:46.605566Z","modified":"2025-12-10T14:13:46.764505Z"},{"id":"874f40f9-146d-4a52-93fd-9b2e7981b6da","name":"Critical Vulnerabilities in PaperCut Print Management Software","description":"Team Huntress. (2023, April 21). Critical Vulnerabilities in PaperCut Print Management Software. Retrieved May 8, 2023.","url":"https://www.huntress.com/blog/critical-vulnerabilities-in-papercut-print-management-software","source":"Tidal Cyber","title":"Critical Vulnerabilities in PaperCut Print Management Software","authors":"Team Huntress","date_accessed":"2023-05-08T00:00:00Z","date_published":"2023-04-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"414a320f-7777-5bc2-97d0-426f91d3017d","created":"2023-07-14T12:56:25.127358Z","modified":"2023-07-14T12:56:29.373345Z"},{"id":"b4945fc0-b89b-445c-abfb-14959deba3d0","name":"Security Affairs SILENTTRINITY July 2019","description":"Paganini, P. (2019, July 7). Croatia government agencies targeted with news SilentTrinity malware. Retrieved March 23, 2022.","url":"https://securityaffairs.co/wordpress/88021/apt/croatia-government-silenttrinity-malware.html","source":"MITRE","title":"Croatia government agencies targeted with news SilentTrinity malware","authors":"Paganini, P","date_accessed":"2022-03-23T00:00:00Z","date_published":"2019-07-07T00:00:00Z","owner_name":null,"tidal_id":"dcec5b38-8af6-5405-a395-fc5a61f0eae7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422761Z"},{"id":"0339c2ab-7a08-4976-90eb-1637c23c5644","name":"Die.net Linux crontab Man Page","description":"Paul Vixie. (n.d.). crontab(5) - Linux man page. Retrieved December 19, 2017.","url":"https://linux.die.net/man/5/crontab","source":"MITRE","title":"crontab(5) - Linux man page","authors":"Paul Vixie","date_accessed":"2017-12-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"21efcabf-c7f1-5e6d-ac9e-4c8457cc8214","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434197Z"},{"id":"c63826e8-608b-574c-83d9-e149e32d99b1","name":"Securonix CronTrap 2024","description":"Den Iuzvyk and Tim Peck. (2024, November 4). CRON#TRAP: Emulated Linux Environments as the Latest Tactic in Malware Staging. Retrieved May 22, 2025.","url":"https://www.securonix.com/blog/crontrap-emulated-linux-environments-as-the-latest-tactic-in-malware-staging/","source":"MITRE","title":"CRON#TRAP: Emulated Linux Environments as the Latest Tactic in Malware Staging","authors":"Den Iuzvyk and Tim Peck","date_accessed":"2025-05-22T00:00:00Z","date_published":"2024-11-04T00:00:00Z","owner_name":null,"tidal_id":"411f9b3b-17c1-5050-b3cf-941cb6cad2a2","created":"2025-10-29T21:08:48.166272Z","modified":"2025-12-17T15:08:36.433790Z"},{"id":"8d9f88be-9ddf-485b-9333-7e41704ec64f","name":"Symantec Frutas Feb 2013","description":"Bingham, J. (2013, February 11). Cross-Platform Frutas RAT Builder and Back Door. Retrieved April 23, 2019.","url":"https://www.symantec.com/connect/blogs/cross-platform-frutas-rat-builder-and-back-door","source":"MITRE","title":"Cross-Platform Frutas RAT Builder and Back Door","authors":"Bingham, J","date_accessed":"2019-04-23T00:00:00Z","date_published":"2013-02-11T00:00:00Z","owner_name":null,"tidal_id":"3ee47ab1-bed9-5adc-b523-f74752d48fd6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441636Z"},{"id":"51e67e37-2d61-4228-999b-bec6f80cf106","name":"Bishop Fox Sliver Framework August 2019","description":"Kervella, R. (2019, August 4). Cross-platform General Purpose Implant Framework Written in Golang. Retrieved July 30, 2021.","url":"https://labs.bishopfox.com/tech-blog/sliver","source":"MITRE","title":"Cross-platform General Purpose Implant Framework Written in Golang","authors":"Kervella, R","date_accessed":"2021-07-30T00:00:00Z","date_published":"2019-08-04T00:00:00Z","owner_name":null,"tidal_id":"db0058eb-a395-509d-a6bc-2fc491a2416e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422754Z"},{"id":"d54188b5-86eb-52a0-8384-823c45431762","name":"Okta Cross-Tenant Impersonation 2023","description":"Okta Defensive Cyber Operations. (2023, August 31). Cross-Tenant Impersonation: Prevention and Detection. Retrieved February 15, 2024.","url":"https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection","source":"MITRE","title":"Cross-Tenant Impersonation: Prevention and Detection","authors":"Okta Defensive Cyber Operations","date_accessed":"2024-02-15T00:00:00Z","date_published":"2023-08-31T00:00:00Z","owner_name":null,"tidal_id":"60403fe1-4568-5e6f-88f0-13fa0f3525bb","created":"2024-04-25T13:28:31.577493Z","modified":"2025-12-17T15:08:36.426393Z"},{"id":"77dbd22f-ce57-50f7-9c6b-8dc874a4d80d","name":"Okta Cross-Tenant Impersonation","description":"Okta Defensive Cyber Operations. (2023, August 31). Cross-Tenant Impersonation: Prevention and Detection. Retrieved March 4, 2024.","url":"https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection","source":"MITRE","title":"Cross-Tenant Impersonation: Prevention and Detection","authors":"Okta Defensive Cyber Operations","date_accessed":"2024-03-04T00:00:00Z","date_published":"2023-08-31T00:00:00Z","owner_name":null,"tidal_id":"7d08065b-c499-5be7-9587-e4f2bd0b2f8e","created":"2024-04-25T13:28:51.002417Z","modified":"2025-04-22T20:47:30.175520Z"},{"id":"2062a229-58b3-4610-99cb-8907e7fbb350","name":"Crowdstrike CrowdCast Oct 2013","description":"Crowdstrike. (2013, October 16). CrowdCasts Monthly: You Have an Adversary Problem. Retrieved November 17, 2024.","url":"https://www.slideshare.net/slideshow/crowd-casts-monthly-you-have-an-adversary-problem/27262315","source":"MITRE","title":"CrowdCasts Monthly: You Have an Adversary Problem","authors":"Crowdstrike","date_accessed":"2024-11-17T00:00:00Z","date_published":"2013-10-16T00:00:00Z","owner_name":null,"tidal_id":"59b733a3-6ad2-5ed9-8ae3-7af26c68c4e9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438686Z"},{"id":"6c1ace5b-66b2-4c56-9301-822aad2c3c16","name":"Crowdstrike Global Threat Report Feb 2018","description":"CrowdStrike. (2018, February 26). CrowdStrike 2018 Global Threat Report. Retrieved October 10, 2018.","url":"https://crowdstrike.lookbookhq.com/global-threat-report-2018-web/cs-2018-global-threat-report","source":"MITRE","title":"CrowdStrike 2018 Global Threat Report","authors":"CrowdStrike","date_accessed":"2018-10-10T00:00:00Z","date_published":"2018-02-26T00:00:00Z","owner_name":null,"tidal_id":"2087cc8c-6bca-5e58-b691-d53acf136f17","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437878Z"},{"id":"ec58e524-6de5-4cbb-a5d3-984b9b652f26","name":"CrowdStrike GTR 2021 June 2021","description":"CrowdStrike. (2021, June 7). CrowdStrike 2021 Global Threat Report. Retrieved September 29, 2021.","url":"https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf","source":"MITRE","title":"CrowdStrike 2021 Global Threat Report","authors":"CrowdStrike","date_accessed":"2021-09-29T00:00:00Z","date_published":"2021-06-07T00:00:00Z","owner_name":null,"tidal_id":"04e1a7b3-bc1d-577b-b782-7c7247f5104c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438286Z"},{"id":"de69b138-4b4d-4eef-98af-0fd96f8036a1","name":"CrowdStrike 2023 Threat Hunting Report","description":"CrowdStrike. (2023, September 8). CrowdStrike 2023 Threat Hunting Report. Retrieved March 10, 2025.","url":"https://go.crowdstrike.com/rs/281-OBQ-266/images/report-crowdstrike-2023-threat-hunting-report.pdf","source":"Tidal Cyber","title":"CrowdStrike 2023 Threat Hunting Report","authors":"CrowdStrike","date_accessed":"2025-03-10T00:00:00Z","date_published":"2023-09-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8a526926-13d4-5eed-bda7-de9aae28c1bc","created":"2025-03-10T18:05:47.540752Z","modified":"2025-03-10T18:05:47.984135Z"},{"id":"a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4","name":"CrowdStrike 2025 Global Threat Report","description":"CrowdStrike. (2025, February 27). CrowdStrike 2025 Global Threat Report. Retrieved February 27, 2025.","url":"https://www.securityweek.com/wp-content/uploads/2025/02/CrowdStrikeGlobalThreatReport2025.pdf","source":"Tidal Cyber","title":"CrowdStrike 2025 Global Threat Report","authors":"CrowdStrike","date_accessed":"2025-02-27T00:00:00Z","date_published":"2025-02-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"25966737-dc52-5a43-bc47-d243f693f26f","created":"2025-03-04T15:54:54.641406Z","modified":"2025-03-04T15:54:54.827673Z"},{"id":"9e28d375-c4a7-405f-9fff-7374c19f3af7","name":"CrowdStrike Adversary Carbon Spider","description":"CrowdStrike. (2022, June 01). CrowdStrike Adversary Carbon Spider. Retrieved June 01, 2022.","url":"https://adversary.crowdstrike.com/en-US/adversary/carbon-spider/","source":"Tidal Cyber","title":"CrowdStrike Adversary Carbon Spider","authors":"CrowdStrike","date_accessed":"2022-06-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ef68add3-c550-57c3-a24e-0c251e91aeab","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.283683Z"},{"id":"0998ad7a-b4aa-44af-a665-dc58a3a6f800","name":"CrowdStrike Adversary Cozy Bear","description":"CrowdStrike. (2022, May 4). CrowdStrike Adversary Cozy Bear. Retrieved May 4, 2022.","url":"https://adversary.crowdstrike.com/en-US/adversary/cozy-bear/","source":"Tidal Cyber","title":"CrowdStrike Adversary Cozy Bear","authors":"CrowdStrike","date_accessed":"2022-05-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"937afa37-cdd7-546d-9932-229ff8beb686","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.283677Z"},{"id":"ffe31bbf-a40d-4285-96a0-53c54298a680","name":"CrowdStrike Labyrinth Chollima Feb 2022","description":"CrowdStrike. (2022, February 1). CrowdStrike Adversary Labyrinth Chollima. Retrieved February 1, 2022.","url":"https://web.archive.org/web/20210723190317/https://adversary.crowdstrike.com/en-US/adversary/labyrinth-chollima/","source":"MITRE","title":"CrowdStrike Adversary Labyrinth Chollima","authors":"CrowdStrike","date_accessed":"2022-02-01T00:00:00Z","date_published":"2022-02-01T00:00:00Z","owner_name":null,"tidal_id":"62dbafa9-ff02-533b-aa5c-e892214fc53a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437581Z"},{"id":"466795cb-0269-4d0c-a48c-d71e9dfd9a3c","name":"CrowdStrike Adversary Ocean Buffalo","description":"CrowdStrike. (2022, June 25). CrowdStrike Adversary Ocean Bufallo. Retrieved June 25, 2022.","url":"https://adversary.crowdstrike.com/en-US/adversary/ocean-buffalo/","source":"Tidal Cyber","title":"CrowdStrike Adversary Ocean Buffalo","authors":"CrowdStrike","date_accessed":"2022-06-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5a497369-0e1b-5223-89ad-0e7c5a5d6da2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.283688Z"},{"id":"8c04f2b8-74ba-44a5-9580-96eabdbbcda9","name":"CrowdStrike Adversary Venomous Bear","description":"CrowdStrike. (2022, May 4). CrowdStrike Adversary Venomous Bear. Retrieved May 4, 2022.","url":"https://adversary.crowdstrike.com/en-US/adversary/venomous-bear/","source":"Tidal Cyber","title":"CrowdStrike Adversary Venomous Bear","authors":"CrowdStrike","date_accessed":"2022-05-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"058cd45e-15f3-5dd3-b12a-2de01d125481","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.283671Z"},{"id":"05f382c4-5163-49e0-a8a0-cf3a5992ef18","name":"CrowdStrike Adversary Wizard Spider","description":"CrowdStrike. (2022, June 23). CrowdStrike Adversary Wizard Spider. Retrieved June 23, 2022.","url":"https://adversary.crowdstrike.com/en-US/adversary/wizard-spider/","source":"Tidal Cyber","title":"CrowdStrike Adversary Wizard Spider","authors":"CrowdStrike","date_accessed":"2022-06-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"46092286-b0dc-549b-83c3-b79f6877e4bc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.283694Z"},{"id":"4f01e901-58f8-4fdb-ac8c-ef4b6bfd068e","name":"Crowdstrike DriveSlayer February 2022","description":"Thomas, W. et al. (2022, February 25). CrowdStrike Falcon Protects from New Wiper Malware Used in Ukraine Cyberattacks. Retrieved March 25, 2022.","url":"https://www.crowdstrike.com/blog/how-crowdstrike-falcon-protects-against-wiper-malware-used-in-ukraine-attacks/","source":"MITRE","title":"CrowdStrike Falcon Protects from New Wiper Malware Used in Ukraine Cyberattacks","authors":"Thomas, W. et al","date_accessed":"2022-03-25T00:00:00Z","date_published":"2022-02-25T00:00:00Z","owner_name":null,"tidal_id":"70dc5ed8-b088-573d-95ad-963cd480db55","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420811Z"},{"id":"b3c52328-3d7f-5faf-b58e-a319c220497d","name":"CrowdStrike Blog","description":"William Thomas, Adrian Liviu Arsene, Farid Hendi. (2022, February 25). CrowdStrike Falcon® Protects from New Wiper Malware Used in Ukraine Cyberattacks. Retrieved September 22, 2025.","url":"https://www.crowdstrike.com/en-us/blog/how-crowdstrike-falcon-protects-against-wiper-malware-used-in-ukraine-attacks/","source":"MITRE","title":"CrowdStrike Falcon® Protects from New Wiper Malware Used in Ukraine Cyberattacks","authors":"William Thomas, Adrian Liviu Arsene, Farid Hendi","date_accessed":"2025-09-22T00:00:00Z","date_published":"2022-02-25T00:00:00Z","owner_name":null,"tidal_id":"a1cebfc9-7d2b-5d16-b25c-8358bd226f03","created":"2025-10-29T21:08:48.166706Z","modified":"2025-12-17T15:08:36.436886Z"},{"id":"b5630f1e-ea9c-4b8a-b31a-08e977f0c8ab","name":"CrowdStrike.com 10 06 2025","description":"Counter Adversary Operations. (2025, October 6). CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability Tracked as CVE-2025-61882. Retrieved October 7, 2025.","url":"https://www.crowdstrike.com/en-us/blog/crowdstrike-identifies-campaign-targeting-oracle-e-business-suite-zero-day-CVE-2025-61882/","source":"Tidal Cyber","title":"CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability Tracked as CVE-2025-61882","authors":"Counter Adversary Operations","date_accessed":"2025-10-07T12:00:00Z","date_published":"2025-10-06T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f4111589-934e-5036-aadc-feed47e3fb0e","created":"2025-10-07T14:06:58.859404Z","modified":"2025-10-07T14:06:58.988253Z"},{"id":"413962d0-bd66-4000-a077-38c2677995d1","name":"CrowdStrike Putter Panda","description":"Crowdstrike Global Intelligence Team. (2014, June 9). CrowdStrike Intelligence Report: Putter Panda. Retrieved January 22, 2016.","url":"http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf","source":"MITRE, Tidal Cyber","title":"CrowdStrike Intelligence Report: Putter Panda","authors":"Crowdstrike Global Intelligence Team","date_accessed":"2016-01-22T00:00:00Z","date_published":"2014-06-09T00:00:00Z","owner_name":null,"tidal_id":"edb73604-d627-5026-ba85-270e5e4975a5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.260173Z"},{"id":"1112ac30-b1cc-5507-a1c1-35c6ac573b95","name":"CrowdStrike Scattered Spider JUL 2025","description":"Counter Adversary Operations. (2025, July 2). CrowdStrike Services Observes SCATTERED SPIDER Escalate Attacks Across Industries. Retrieved October 13, 2025.","url":"https://www.crowdstrike.com/en-us/blog/crowdstrike-services-observes-scattered-spider-escalate-attacks/","source":"MITRE","title":"CrowdStrike Services Observes SCATTERED SPIDER Escalate Attacks Across Industries","authors":"Counter Adversary Operations","date_accessed":"2025-10-13T00:00:00Z","date_published":"2025-07-02T00:00:00Z","owner_name":null,"tidal_id":"5621b0e1-cf55-5c72-a8d8-8941631cbfae","created":"2025-10-29T21:08:48.167434Z","modified":"2025-12-17T15:08:36.440440Z"},{"id":"f0023677-e862-5647-9863-a27c222bc641","name":"Checkpoint WannaCry 2017","description":"Pal, P. (2017, May 16). CRYING IS FUTILE: SandBlast Forensic Analysis of WannaCry. Retrieved November 22, 2024.","url":"https://blog.checkpoint.com/research/crying-futile-sandblast-forensic-analysis-wannacry/","source":"MITRE","title":"CRYING IS FUTILE: SandBlast Forensic Analysis of WannaCry","authors":"Pal, P","date_accessed":"2024-11-22T00:00:00Z","date_published":"2017-05-16T00:00:00Z","owner_name":null,"tidal_id":"ebd80c1b-7e10-5caf-adb2-c4a43cabbc20","created":"2025-04-22T20:47:32.398893Z","modified":"2025-12-17T15:08:36.442534Z"},{"id":"93a43526-0b6b-4201-a274-eb9a482c1d24","name":"ANYRUN CryptBot January 26 2023","description":"ANYRUN. (2023, January 26). CryptBot Infostealer: Malware Analysis. Retrieved February 13, 2025.","url":"https://any.run/cybersecurity-blog/cryptbot-infostealer-malware-analysis/","source":"Tidal Cyber","title":"CryptBot Infostealer: Malware Analysis","authors":"ANYRUN","date_accessed":"2025-02-13T00:00:00Z","date_published":"2023-01-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c874cbcc-6a3c-538a-ab20-b95b11de3c62","created":"2025-02-18T15:18:00.448432Z","modified":"2025-02-18T15:18:00.612434Z"},{"id":"087b9bf1-bd9e-4cd6-a386-d9d2c812c927","name":"Softpedia MinerC","description":"Cimpanu, C.. (2016, September 9). Cryptocurrency Mining Malware Discovered Targeting Seagate NAS Hard Drives. Retrieved September 12, 2024.","url":"https://news.softpedia.com/news/cryptocurrency-mining-malware-discovered-targeting-seagate-nas-hard-drives-508119.shtml","source":"MITRE","title":"Cryptocurrency Mining Malware Discovered Targeting Seagate NAS Hard Drives","authors":"Cimpanu, C.","date_accessed":"2024-09-12T00:00:00Z","date_published":"2016-09-09T00:00:00Z","owner_name":null,"tidal_id":"479bf3e8-30bf-5f5c-bbbe-b342c449f5bd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417147Z"},{"id":"e2dbc963-b913-5a44-bb61-88a3f0d8d8a3","name":"Microsoft Cryptojacking 2023","description":"Microsoft Threat Intelligence. (2023, July 25). Cryptojacking: Understanding and defending against cloud compute resource abuse. Retrieved September 5, 2023.","url":"https://www.microsoft.com/en-us/security/blog/2023/07/25/cryptojacking-understanding-and-defending-against-cloud-compute-resource-abuse/","source":"MITRE","title":"Cryptojacking: Understanding and defending against cloud compute resource abuse","authors":"Microsoft Threat Intelligence","date_accessed":"2023-09-05T00:00:00Z","date_published":"2023-07-25T00:00:00Z","owner_name":null,"tidal_id":"b23e5520-e82e-5d63-9756-9e18b5b3ce78","created":"2023-11-07T00:36:07.759100Z","modified":"2025-12-17T15:08:36.434650Z"},{"id":"258088ae-96c2-4520-8eb5-1a7e540a9a24","name":"Microsoft CryptUnprotectData April 2018","description":"Microsoft. (2018, April 12). CryptUnprotectData function. Retrieved June 18, 2019.","url":"https://docs.microsoft.com/en-us/windows/desktop/api/dpapi/nf-dpapi-cryptunprotectdata","source":"MITRE","title":"CryptUnprotectData function","authors":"Microsoft","date_accessed":"2019-06-18T00:00:00Z","date_published":"2018-04-12T00:00:00Z","owner_name":null,"tidal_id":"b9f203e9-399a-530e-8cdd-25b4264b275f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428762Z"},{"id":"276c9e55-4673-426d-8f49-06edee2e3b30","name":"Csc.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Csc.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Csc/","source":"Tidal Cyber","title":"Csc.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f1353ebd-3c2c-5b08-bd0b-b64e1109dbc1","created":"2024-01-12T14:46:36.606941Z","modified":"2024-01-12T14:46:36.786868Z"},{"id":"428b6223-63b7-497f-b13a-e472b4583a9f","name":"Cscript.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Cscript.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Cscript/","source":"Tidal Cyber","title":"Cscript.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"54926420-400e-5aef-b8f5-75d4dd067a47","created":"2024-01-12T14:46:36.973895Z","modified":"2024-01-12T14:46:37.171109Z"},{"id":"b810ee91-de4e-4c7b-8fa8-24dca95133e5","name":"csi.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). csi.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Csi/","source":"Tidal Cyber","title":"csi.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"47735d62-336c-5556-a950-7c352a6b7616","created":"2024-01-12T14:47:19.771691Z","modified":"2024-01-12T14:47:19.953449Z"},{"id":"ebc20299-83ed-5a8d-bdb4-e9e28d6eaa0f","name":"CSRIC-WG1-FinalReport","description":"CSRIC-WG1-FinalReport. (n.d.). CSRIC-WG1-FinalReport. Retrieved April","url":"","source":"Mobile","title":"CSRIC-WG1-FinalReport","authors":"CSRIC-WG1-FinalReport","date_accessed":"1978-04-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3196581b-6772-5392-a21f-c3298c961559","created":"2026-01-28T13:08:10.042970Z","modified":"2026-01-28T13:08:10.042973Z"},{"id":"0cdde66c-a7ae-48a2-8ade-067643de304d","name":"OWASP CSV Injection","description":"Albinowax Timo Goosen. (n.d.). CSV Injection. Retrieved February 7, 2022.","url":"https://owasp.org/www-community/attacks/CSV_Injection","source":"MITRE","title":"CSV Injection","authors":"Albinowax Timo Goosen","date_accessed":"2022-02-07T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a4b73fb0-a6a7-59c1-9c48-cf804107c181","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426273Z"},{"id":"79299d27-dbbf-56d0-87fd-15e3f9167cf8","name":"Elastic CUBA Ransomware 2022","description":"Daniel Stepanic, Derek Ditch, Seth Goodwin, Salim Bitam, Andrew Pease. (2022, September 7). CUBA Ransomware Campaign Analysis. Retrieved August 5, 2024.","url":"https://www.elastic.co/security-labs/cuba-ransomware-campaign-analysis","source":"MITRE","title":"CUBA Ransomware Campaign Analysis","authors":"Daniel Stepanic, Derek Ditch, Seth Goodwin, Salim Bitam, Andrew Pease","date_accessed":"2024-08-05T00:00:00Z","date_published":"2022-09-07T00:00:00Z","owner_name":null,"tidal_id":"209246da-f768-5cfe-a80b-9b7da2688d1e","created":"2024-10-31T16:28:26.000215Z","modified":"2025-12-17T15:08:36.435079Z"},{"id":"a995a1f3-8420-4bbf-91c6-0b11049138c0","name":"Elastic September 7 2022","description":"Daniel Stepanic, Derek Ditch, Seth Goodwin, Salim Bitam, Andrew Pease. (2022, September 7). CUBA Ransomware Campaign Analysis. Retrieved February 20, 2025.","url":"https://www.elastic.co/security-labs/cuba-ransomware-campaign-analysis","source":"Tidal Cyber","title":"CUBA Ransomware Campaign Analysis","authors":"Daniel Stepanic, Derek Ditch, Seth Goodwin, Salim Bitam, Andrew Pease","date_accessed":"2025-02-20T00:00:00Z","date_published":"2022-09-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c65466ee-29a8-5480-95bd-3be9607d8b44","created":"2025-02-24T20:28:33.435778Z","modified":"2025-02-24T20:28:33.809007Z"},{"id":"40d57c84-9cc9-49b4-a0cb-8884a2318ffd","name":"cybereason.com January 24 2024","description":"Cybereason Security Services Team. (2024, January 24). CUCKOO SPEAR Part 1 Analyzing NOOPDOOR from an IR Perspective. Retrieved September 14, 2024.","url":"https://www.cybereason.com/blog/cuckoo-spear-analyzing-noopdoor","source":"Tidal Cyber","title":"CUCKOO SPEAR Part 1 Analyzing NOOPDOOR from an IR Perspective","authors":"Cybereason Security Services Team","date_accessed":"2024-09-14T00:00:00Z","date_published":"2024-01-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"42ba131b-5318-5697-8e53-ff7c25cb033d","created":"2025-02-03T21:08:28.277098Z","modified":"2025-02-03T21:08:28.438776Z"},{"id":"7431df54-3d21-4d8f-9337-83d3e5ecb988","name":"CrowdStrike CURIOUS JACKAL Profile","description":"CrowdStrike. (2023, January 1). CURIOUS JACKAL Profile. Retrieved January 6, 2026.","url":"https://www.crowdstrike.com/adversaries/curious-jackal/","source":"Tidal Cyber","title":"CURIOUS JACKAL Profile","authors":"CrowdStrike","date_accessed":"2026-01-06T12:00:00Z","date_published":"2023-01-01T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0256ae6c-8f7b-5d2c-82a6-dbbd3db7ddd2","created":"2026-01-14T13:29:40.134118Z","modified":"2026-01-14T13:29:40.340110Z"},{"id":"be233077-7bb4-48be-aecf-03258931527d","name":"Microsoft Subkey","description":"Microsoft. (n.d.). CurrentControlSet\\Services Subkey Entries. Retrieved November 30, 2014.","url":"http://support.microsoft.com/KB/103000","source":"MITRE","title":"CurrentControlSet\\Services Subkey Entries","authors":"Microsoft","date_accessed":"2014-11-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"465446b3-3aa9-5394-bae0-5408f305b276","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434398Z"},{"id":"2257b29b-02f7-4e08-b43a-ae54c5ed1521","name":"Microsoft CVE-2025-53770 Guidance","description":"MSRC. (2025, July 19). Customer guidance for SharePoint vulnerability CVE-2025-53770. Retrieved July 21, 2025.","url":"https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/","source":"Tidal Cyber","title":"Customer guidance for SharePoint vulnerability CVE-2025-53770","authors":"MSRC","date_accessed":"2025-07-21T12:00:00Z","date_published":"2025-07-19T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d83f97bf-fc47-51ec-924d-908e04802d16","created":"2025-07-21T18:42:49.515801Z","modified":"2025-07-21T18:42:49.701336Z"},{"id":"47031992-841f-4ef4-87c6-bb4c077fb8dc","name":"Microsoft - Customer Guidance on Recent Nation-State Cyber Attacks","description":"MSRC. (2020, December 13). Customer Guidance on Recent Nation-State Cyber Attacks. Retrieved December 30, 2020.","url":"https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/","source":"MITRE","title":"Customer Guidance on Recent Nation-State Cyber Attacks","authors":"MSRC","date_accessed":"2020-12-30T00:00:00Z","date_published":"2020-12-13T00:00:00Z","owner_name":null,"tidal_id":"efd20b69-af75-529e-9900-7f2e89347853","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436178Z"},{"id":"b486ae40-a854-4998-bf1b-aaf6ea2047ed","name":"Microsoft SolarWinds Customer Guidance","description":"MSRC. (2020, December 13). Customer Guidance on Recent Nation-State Cyber Attacks. Retrieved December 17, 2020.","url":"https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/","source":"MITRE","title":"Customer Guidance on Recent Nation-State Cyber Attacks","authors":"MSRC","date_accessed":"2020-12-17T00:00:00Z","date_published":"2020-12-13T00:00:00Z","owner_name":null,"tidal_id":"1cc580f3-c7c5-5a25-8473-19216957731c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426069Z"},{"id":"027b281d-79d5-50aa-9ff3-d6f4e647d477","name":"Bleeping Computer Bank Hack 2020","description":"Ionut Ilascu. (2020, January 16). Customer-Owned Bank Informs 100k of Breach Exposing Account Balance, PII. Retrieved July 1, 2024.","url":"https://www.bleepingcomputer.com/news/security/customer-owned-bank-informs-100k-of-breach-exposing-account-balance-pii/","source":"MITRE","title":"Customer-Owned Bank Informs 100k of Breach Exposing Account Balance, PII","authors":"Ionut Ilascu","date_accessed":"2024-07-01T00:00:00Z","date_published":"2020-01-16T00:00:00Z","owner_name":null,"tidal_id":"4a59f196-4ae7-5790-a805-c6c6176aeadc","created":"2024-10-31T16:28:25.135906Z","modified":"2025-12-17T15:08:36.434036Z"},{"id":"9c0094b6-a8e3-4f4d-8d2e-33b408d44a06","name":"Login Scripts Apple Dev","description":"Apple. (2016, September 13). Customizing Login and Logout. Retrieved April 1, 2022.","url":"https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CustomLogin.html","source":"MITRE","title":"Customizing Login and Logout","authors":"Apple","date_accessed":"2022-04-01T00:00:00Z","date_published":"2016-09-13T00:00:00Z","owner_name":null,"tidal_id":"32ff9826-492d-502f-80f5-705f8b220392","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428593Z"},{"id":"7cf8056e-6d3b-4930-9d2c-160d7d9636ac","name":"TechNet Screensaver GP","description":"Microsoft. (n.d.). Customizing the Desktop. Retrieved December 5, 2017.","url":"https://technet.microsoft.com/library/cc938799.aspx","source":"MITRE","title":"Customizing the Desktop","authors":"Microsoft","date_accessed":"2017-12-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e7dd8f9f-f425-5d40-aa88-ac493b923c75","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416057Z"},{"id":"96324ab1-7eb8-42dc-b19a-fa1d9f85e239","name":"CustomShellHost.exe - LOLBAS Project","description":"LOLBAS. (2021, November 14). CustomShellHost.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/CustomShellHost/","source":"Tidal Cyber","title":"CustomShellHost.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-11-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"066d2647-780e-55a7-9169-220e85a683e4","created":"2024-01-12T14:46:37.351074Z","modified":"2024-01-12T14:46:37.538393Z"},{"id":"5209d259-4293-58c0-bbdc-f30ff77d57f7","name":"Mandiant Cutting Edge Part 2 January 2024","description":"Lin, M. et al. (2024, January 31). Cutting Edge, Part 2: Investigating Ivanti Connect Secure VPN Zero-Day Exploitation. Retrieved February 27, 2024.","url":"https://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitation","source":"MITRE","title":"Cutting Edge, Part 2: Investigating Ivanti Connect Secure VPN Zero-Day Exploitation","authors":"Lin, M. et al","date_accessed":"2024-02-27T00:00:00Z","date_published":"2024-01-31T00:00:00Z","owner_name":null,"tidal_id":"fa9c217e-306b-565c-b53d-8498e9b8e35e","created":"2024-04-25T13:28:42.250203Z","modified":"2025-12-17T15:08:36.417493Z"},{"id":"49e5b125-5503-5cb0-9a56-a93f82b55753","name":"Mandiant Cutting Edge Part 3 February 2024","description":"Lin, M. et al. (2024, February 27). Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts. Retrieved March 1, 2024.","url":"https://www.mandiant.com/resources/blog/investigating-ivanti-exploitation-persistence","source":"MITRE","title":"Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts","authors":"Lin, M. et al","date_accessed":"2024-03-01T00:00:00Z","date_published":"2024-02-27T00:00:00Z","owner_name":null,"tidal_id":"ae1f5e6e-7df1-5b8a-8df8-12829084c376","created":"2024-04-25T13:28:42.217663Z","modified":"2025-12-17T15:08:36.417162Z"},{"id":"5179ba93-fab1-48b9-81e7-c9a79cf9402f","name":"Google Cloud April 4 2024","description":"Mandiant. (2024, April 4). Cutting Edge, Part 4 Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies . Retrieved April 29, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement","source":"Tidal Cyber","title":"Cutting Edge, Part 4 Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies","authors":"Mandiant","date_accessed":"2024-04-29T00:00:00Z","date_published":"2024-04-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"dad2334f-6dd4-52b9-b079-b880c0e62a79","created":"2025-04-11T15:05:59.482816Z","modified":"2025-04-11T15:05:59.638231Z"},{"id":"9d9ec923-89c1-5155-ae6e-98d4776d4250","name":"Mandiant Cutting Edge January 2024","description":"McLellan, T. et al. (2024, January 12). Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation. Retrieved February 27, 2024.","url":"https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day","source":"MITRE","title":"Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation","authors":"McLellan, T. et al","date_accessed":"2024-02-27T00:00:00Z","date_published":"2024-01-12T00:00:00Z","owner_name":null,"tidal_id":"cb5636ba-a550-5644-b2fe-66245582cf46","created":"2024-04-25T13:28:42.288519Z","modified":"2025-12-17T15:08:36.418989Z"},{"id":"e1531171-709c-4043-9e3a-af9e37f3ac57","name":"Symantec Naid in the Wild June 2012","description":"Symantec Security Response. (2012, June 18). CVE-2012-1875 Exploited in the Wild - Part 1 (Trojan.Naid). Retrieved February 22, 2018.","url":"https://www.symantec.com/connect/blogs/cve-2012-1875-exploited-wild-part-1-trojannaid","source":"MITRE","title":"CVE-2012-1875 Exploited in the Wild - Part 1 (Trojan.Naid)","authors":"Symantec Security Response","date_accessed":"2018-02-22T00:00:00Z","date_published":"2012-06-18T00:00:00Z","owner_name":null,"tidal_id":"5bfd22d5-152e-56a6-9dc0-e2a2bd2ee8d4","created":"2022-12-14T20:06:32.013016Z","modified":"2024-10-31T16:28:38.901722Z"},{"id":"c3aab918-51c6-4773-8677-a89b27a00eb1","name":"NVD CVE-2014-7169","description":"National Vulnerability Database. (2017, September 24). CVE-2014-7169 Detail. Retrieved April 3, 2018.","url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7169","source":"MITRE","title":"CVE-2014-7169 Detail","authors":"National Vulnerability Database","date_accessed":"2018-04-03T00:00:00Z","date_published":"2017-09-24T00:00:00Z","owner_name":null,"tidal_id":"42ec7991-2cab-59f7-9e37-e63f30598068","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428349Z"},{"id":"1813c26d-da68-4a82-a959-27351dd5e51b","name":"NVD CVE-2016-6662","description":"National Vulnerability Database. (2017, February 2). CVE-2016-6662 Detail. Retrieved April 3, 2018.","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6662","source":"MITRE","title":"CVE-2016-6662 Detail","authors":"National Vulnerability Database","date_accessed":"2018-04-03T00:00:00Z","date_published":"2017-02-02T00:00:00Z","owner_name":null,"tidal_id":"d94e6da8-4f90-5baa-9547-72c237361659","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428343Z"},{"id":"82602351-0ab0-48d7-90dd-f4536b4d009b","name":"NVD CVE-2017-0176","description":"National Vulnerability Database. (2017, June 22). CVE-2017-0176 Detail. Retrieved April 3, 2018.","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-0176","source":"MITRE","title":"CVE-2017-0176 Detail","authors":"National Vulnerability Database","date_accessed":"2018-04-03T00:00:00Z","date_published":"2017-06-22T00:00:00Z","owner_name":null,"tidal_id":"a30b1776-eb9b-542f-88a9-7812f575f680","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432950Z"},{"id":"1876a476-b2ff-4605-a78b-89443d21b063","name":"FireEye Attacks Leveraging HTA","description":"Berry, A., Galang, L., Jiang, G., Leathery, J., Mohandas, R. (2017, April 11). CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler. Retrieved October 27, 2017.","url":"https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html","source":"MITRE","title":"CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler","authors":"Berry, A., Galang, L., Jiang, G., Leathery, J., Mohandas, R","date_accessed":"2017-10-27T00:00:00Z","date_published":"2017-04-11T00:00:00Z","owner_name":null,"tidal_id":"341375b7-8c31-5ba0-bef6-4b1228991170","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431993Z"},{"id":"402cb526-ef57-4d27-b96b-f98008abe716","name":"Microsoft CVE-2017-8625 Aug 2017","description":"Microsoft. (2017, August 8). CVE-2017-8625 - Internet Explorer Security Feature Bypass Vulnerability. Retrieved October 3, 2018.","url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8625","source":"MITRE","title":"CVE-2017-8625 - Internet Explorer Security Feature Bypass Vulnerability","authors":"Microsoft","date_accessed":"2018-10-03T00:00:00Z","date_published":"2017-08-08T00:00:00Z","owner_name":null,"tidal_id":"55823712-1ab1-531a-b21b-921a0ccf81ab","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433280Z"},{"id":"889b742e-7572-4aad-8944-7f071483b613","name":"NVD CVE-2019-3610","description":"National Vulnerability Database. (2019, October 9). CVE-2019-3610 Detail. Retrieved April 14, 2021.","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3610","source":"MITRE","title":"CVE-2019-3610 Detail","authors":"National Vulnerability Database","date_accessed":"2021-04-14T00:00:00Z","date_published":"2019-10-09T00:00:00Z","owner_name":null,"tidal_id":"3c74ad4d-f4cf-5567-adff-10fcd64aa1e3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427240Z"},{"id":"6f83da0c-d2ce-4923-ba32-c6886eb22587","name":"CVMServer Vuln","description":"Mickey Jin. (2021, June 3). CVE-2021-30724: CVMServer Vulnerability in macOS and iOS. Retrieved October 12, 2021.","url":"https://www.trendmicro.com/en_us/research/21/f/CVE-2021-30724_CVMServer_Vulnerability_in_macOS_and_iOS.html","source":"MITRE","title":"CVE-2021-30724: CVMServer Vulnerability in macOS and iOS","authors":"Mickey Jin","date_accessed":"2021-10-12T00:00:00Z","date_published":"2021-06-03T00:00:00Z","owner_name":null,"tidal_id":"1dfb1824-e0d1-56e5-9aaa-736d39543025","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431929Z"},{"id":"84d5f015-9014-417c-b2a9-f650fe19d448","name":"Crowdstrike Kubernetes Container Escape","description":"Manoj Ahuje. (2022, January 31). CVE-2022-0185: Kubernetes Container Escape Using Linux Kernel Exploit. Retrieved July 6, 2022.","url":"https://www.crowdstrike.com/blog/cve-2022-0185-kubernetes-container-escape-using-linux-kernel-exploit/","source":"MITRE","title":"CVE-2022-0185: Kubernetes Container Escape Using Linux Kernel Exploit","authors":"Manoj Ahuje","date_accessed":"2022-07-06T00:00:00Z","date_published":"2022-01-31T00:00:00Z","owner_name":null,"tidal_id":"dbef263c-9d9f-55aa-85b5-fd2c918ff51e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429080Z"},{"id":"0574a0a7-694b-4858-b053-8f7911c8ce54","name":"Trend Micro March 13 2024","description":"Peter Girnus; Aliakbar Zahravi; Simon Zuckerbraun Read time. (2024, March 13). CVE-2024-21412 DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign. Retrieved March 14, 2024.","url":"https://www.trendmicro.com/en_us/research/24/c/cve-2024-21412--darkgate-operators-exploit-microsoft-windows-sma.html","source":"Tidal Cyber","title":"CVE-2024-21412 DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign","authors":"Peter Girnus; Aliakbar Zahravi; Simon Zuckerbraun Read time","date_accessed":"2024-03-14T00:00:00Z","date_published":"2024-03-13T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"85d22500-8100-522d-b7d6-d8f63c743ba4","created":"2024-10-14T19:18:54.331287Z","modified":"2024-10-14T19:18:54.535243Z"},{"id":"385aae24-945a-5ce0-9728-670996e60126","name":"CVE-2024-55591 Detail","description":"NIST NVD. (2025, January 22). Retrieved September 22, 2025.","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55591","source":"MITRE","title":"CVE-2024-55591 Detail","authors":"","date_accessed":"2025-09-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3095f978-8c76-57f3-be19-997d784c166f","created":"2025-10-29T21:08:48.166138Z","modified":"2025-12-17T15:08:36.433068Z"},{"id":"b8970cef-ddda-4a72-94ed-e2c911a20e18","name":"AttackerKB December 16 2024","description":"AttackerKB. (2024, December 16). CVE-2024-55956 . Retrieved December 16, 2024.","url":"https://attackerkb.com/topics/geR0H8dgrE/cve-2024-55956/rapid7-analysis","source":"Tidal Cyber","title":"CVE-2024-55956","authors":"AttackerKB","date_accessed":"2024-12-16T00:00:00Z","date_published":"2024-12-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6c51378f-5c5a-51e9-9825-0a6c6e366dcb","created":"2024-12-17T14:33:53.809802Z","modified":"2024-12-17T14:33:53.921237Z"},{"id":"b7b77696-f0d8-4bbb-82b1-4e8a30807f33","name":"CVE-2025-53771 Vulnerability Update","description":"Microsoft. (2025, July 20). CVE-2025-53771 Vulnerability Update. Retrieved July 21, 2025.","url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771","source":"Tidal Cyber","title":"CVE-2025-53771 Vulnerability Update","authors":"Microsoft","date_accessed":"2025-07-21T12:00:00Z","date_published":"2025-07-20T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"32c99d50-7c43-5c23-b5f8-c3d179addffc","created":"2025-07-21T18:42:49.869437Z","modified":"2025-07-21T18:42:50.063879Z"},{"id":"788d77c2-ae2d-46af-9f65-d6ba59f2322d","name":"GreyNoise React2Shell December 05 2025","description":"boB Rudis. (2025, December 5). CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Far. Retrieved December 8, 2025.","url":"https://www.greynoise.io/blog/cve-2025-55182-react2shell-opportunistic-exploitation-in-the-wild-what-the-greynoise-observation-grid-is-seeing-so-far","source":"Tidal Cyber","title":"CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Far","authors":"boB Rudis","date_accessed":"2025-12-08T12:00:00Z","date_published":"2025-12-05T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0c342906-1f71-5c3b-86bb-bf975098d70a","created":"2025-12-10T14:13:47.866359Z","modified":"2025-12-10T14:13:48.023764Z"},{"id":"904b6c9a-8ab9-572e-aa9a-90f840c8ff82","name":"CCCS ArcaneDoor 2024","description":"Canadian Centre for Cyber Security. (2024, April 24). Cyber Activity Impacting CISCO ASA VPNs. Retrieved January 6, 2025.","url":"https://www.cyber.gc.ca/en/news-events/cyber-activity-impacting-cisco-asa-vpns","source":"MITRE","title":"Cyber Activity Impacting CISCO ASA VPNs","authors":"Canadian Centre for Cyber Security","date_accessed":"2025-01-06T00:00:00Z","date_published":"2024-04-24T00:00:00Z","owner_name":null,"tidal_id":"e77bc179-673e-53c9-abe4-b97a2d2614bc","created":"2025-04-22T20:47:21.959770Z","modified":"2025-12-17T15:08:36.418342Z"},{"id":"bd9c14dd-0e2a-447b-a245-f548734d2400","name":"CyberArk Labs Safe Mode 2016","description":"Naim, D.. (2016, September 15). CyberArk Labs: From Safe Mode to Domain Compromise. Retrieved June 23, 2021.","url":"https://www.cyberark.com/resources/blog/cyberark-labs-from-safe-mode-to-domain-compromise","source":"MITRE","title":"CyberArk Labs: From Safe Mode to Domain Compromise","authors":"Naim, D.","date_accessed":"2021-06-23T00:00:00Z","date_published":"2016-09-15T00:00:00Z","owner_name":null,"tidal_id":"110ab427-f658-5efd-b5f3-841119646fe9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426593Z"},{"id":"3e42ff96-fc7e-418e-8d8b-076a1a47981e","name":"PJ Cyber Army of Russia 2023","description":"PJ04857920. (2023, November 30). Cyber Army of Russia — DDoS Tool. Retrieved April 30, 2024.","url":"https://medium.com/@PJ04857920/cyber-army-of-russia-ddos-tool-3b3050419225","source":"Tidal Cyber","title":"Cyber Army of Russia — DDoS Tool","authors":"PJ04857920","date_accessed":"2024-04-30T00:00:00Z","date_published":"2023-11-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1640fadc-99b0-5912-a700-114decb04d1d","created":"2024-06-13T20:11:01.575898Z","modified":"2024-06-13T20:11:01.767082Z"},{"id":"f1db497b-a8df-4f24-bc17-35c7ec2b332c","name":"CERT-UA Alert June 20 2022","description":"CERT-UA. (2022, June 20). Cyberattack by the UAC-0098 group on critical infrastructure facilities in Ukraine. Retrieved February 14, 2025.","url":"https://cert.gov.ua/article/339662","source":"Tidal Cyber","title":"Cyberattack by the UAC-0098 group on critical infrastructure facilities in Ukraine","authors":"CERT-UA","date_accessed":"2025-02-14T00:00:00Z","date_published":"2022-06-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"53b79196-d2d7-5b3f-9ce6-c88499780591","created":"2025-02-18T15:18:03.451234Z","modified":"2025-02-18T15:18:03.627402Z"},{"id":"ebea04a5-d21b-4174-a12b-b398c8054a9f","name":"CERT-UA Alert April 28 2022","description":"CERT-UA. (2022, April 28). Cyberattack by the UAC-0098 group on Ukrainian government agencies using the Metasploit framework. Retrieved February 14, 2025.","url":"https://cert.gov.ua/article/39934","source":"Tidal Cyber","title":"Cyberattack by the UAC-0098 group on Ukrainian government agencies using the Metasploit framework","authors":"CERT-UA","date_accessed":"2025-02-14T00:00:00Z","date_published":"2022-04-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4596e06c-4fb5-50d7-9361-9783ec52054c","created":"2025-02-18T15:18:03.156743Z","modified":"2025-02-18T15:18:03.299763Z"},{"id":"583a01b6-cb4e-41e7-aade-ac2fd19bda4e","name":"Cyware Ngrok May 2019","description":"Cyware. (2019, May 29). Cyber attackers leverage tunneling service to drop Lokibot onto victims’ systems. Retrieved September 15, 2020.","url":"https://cyware.com/news/cyber-attackers-leverage-tunneling-service-to-drop-lokibot-onto-victims-systems-6f610e44","source":"MITRE","title":"Cyber attackers leverage tunneling service to drop Lokibot onto victims’ systems","authors":"Cyware","date_accessed":"2020-09-15T00:00:00Z","date_published":"2019-05-29T00:00:00Z","owner_name":null,"tidal_id":"3da9d6e5-2c13-5b40-8c7e-58e610f8d2b4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422857Z"},{"id":"1e474240-bd12-4472-8e69-1631b0e4c102","name":"The Record RansomHub June 3 2024","description":"Jonathan Greig. (2024, June 3). Cyberattack on telecom giant Frontier claimed by RansomHub. Retrieved June 7, 2024.","url":"https://therecord.media/frontier-communications-cyberattack-ransomhub","source":"Tidal Cyber","title":"Cyberattack on telecom giant Frontier claimed by RansomHub","authors":"Jonathan Greig","date_accessed":"2024-06-07T00:00:00Z","date_published":"2024-06-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"87c322fb-160b-583d-8760-599bf08ca4ba","created":"2024-06-13T20:11:06.824442Z","modified":"2024-06-13T20:11:07.010602Z"},{"id":"8986c21c-16a0-4a53-8e37-9935bbbfaa4b","name":"Microsoft Phosphorus Oct 2020","description":"Burt, T. (2020, October 28). Cyberattacks target international conference attendees. Retrieved March 8, 2021.","url":"https://blogs.microsoft.com/on-the-issues/2020/10/28/cyberattacks-phosphorus-t20-munich-security-conference/","source":"MITRE","title":"Cyberattacks target international conference attendees","authors":"Burt, T","date_accessed":"2021-03-08T00:00:00Z","date_published":"2020-10-28T00:00:00Z","owner_name":null,"tidal_id":"a1d1a46b-1359-5cf3-b4ea-f6ea42d1ca8c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438045Z"},{"id":"e929cd86-9903-481c-a841-ba387831cb77","name":"Check Point Mid-Year Report 2022","description":"Check Point Software. (2022, August 3). Cyber Attack Trends: Check Point's 2022 Mid-Year Report. Retrieved May 18, 2022.","url":"https://www.checkpoint.com/downloads/resources/cyber-attack-trends-report-mid-year-2022.pdf","source":"Tidal Cyber","title":"Cyber Attack Trends: Check Point's 2022 Mid-Year Report","authors":"Check Point Software","date_accessed":"2022-05-18T00:00:00Z","date_published":"2022-08-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"67829353-7608-5588-a828-645167fb0267","created":"2024-06-13T20:10:27.662062Z","modified":"2024-06-13T20:10:27.847921Z"},{"id":"2db77619-72df-461f-84bf-2d1c3499a5c0","name":"Talos Seduploader Oct 2017","description":"Mercer, W., et al. (2017, October 22). \"Cyber Conflict\" Decoy Document Used in Real Cyber Conflict. Retrieved November 2, 2018.","url":"https://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html","source":"MITRE","title":"\"Cyber Conflict\" Decoy Document Used in Real Cyber Conflict","authors":"Mercer, W., et al","date_accessed":"2018-11-02T00:00:00Z","date_published":"2017-10-22T00:00:00Z","owner_name":null,"tidal_id":"a0ab92fa-fb84-56ad-9f00-bece4a376a92","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420148Z"},{"id":"17685d5c-4255-445e-a546-e0dfb92378c2","name":"Google Cybercrime Report February 11 2025","description":"Google Threat Intelligence Group. (2025, February 11). Cybercrime: A Multifaceted National Security Threat. Retrieved February 11, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/cybercrime-multifaceted-national-security-threat","source":"Tidal Cyber","title":"Cybercrime: A Multifaceted National Security Threat","authors":"Google Threat Intelligence Group","date_accessed":"2025-02-11T00:00:00Z","date_published":"2025-02-11T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7b55bad0-9ab3-5473-ab06-afb6c03fce2d","created":"2025-02-18T15:17:57.963229Z","modified":"2025-02-18T15:17:58.580152Z"},{"id":"519603b4-3520-5879-9e16-7380915b87c3","name":"FBI Salesforce Data Theft SEP 2025","description":"FBI Cyber Division. (2025, September 12). Cyber Criminal Groups UNC6040 and UNC6395 Compromising Salesforce Instances for Data Theft and Extortion. Retrieved October 22, 2025.","url":"https://www.ic3.gov/CSA/2025/250912.pdf","source":"MITRE","title":"Cyber Criminal Groups UNC6040 and UNC6395 Compromising Salesforce Instances for Data Theft and Extortion","authors":"FBI Cyber Division","date_accessed":"2025-10-22T00:00:00Z","date_published":"2025-09-12T00:00:00Z","owner_name":null,"tidal_id":"0cea9bfc-6fa7-52a2-8a06-7027900b80f0","created":"2025-10-29T21:08:48.167180Z","modified":"2025-12-17T15:08:36.439285Z"},{"id":"eb3fc217-44b7-496f-b5d1-68b40f476ce3","name":"Resecurity Remote Access Compromise March 13 2024","description":"Resecurity. (2024, March 13). Cybercriminals Evolve Tooling for Remote Access Compromise. Retrieved April 9, 2025.","url":"https://www.resecurity.com/blog/article/cybercriminals-evolve-tooling-for-remote-access-compromise","source":"Tidal Cyber","title":"Cybercriminals Evolve Tooling for Remote Access Compromise","authors":"Resecurity","date_accessed":"2025-04-09T00:00:00Z","date_published":"2024-03-13T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"55ebc31a-3269-539e-8b2b-0cd1b22ffa0c","created":"2025-04-11T15:33:21.261271Z","modified":"2025-04-11T15:33:21.599459Z"},{"id":"deea5b42-bfab-50af-8d85-cc04fd317a82","name":"FBI-search","description":"FBI. (2022, December 21). Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users. Retrieved February 21, 2023.","url":"https://www.ic3.gov/Media/Y2022/PSA221221","source":"MITRE","title":"Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users","authors":"FBI","date_accessed":"2023-02-21T00:00:00Z","date_published":"2022-12-21T00:00:00Z","owner_name":null,"tidal_id":"d381793b-4c65-5ef7-8cdd-0e9db03af132","created":"2023-05-26T01:21:01.842967Z","modified":"2025-12-17T15:08:36.425348Z"},{"id":"6d55aa2c-3f52-4bff-8003-f78b386a4952","name":"Resecurity GXC Team January 3 2024","description":"Resecurity. (2024, January 3). Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud. Retrieved September 9, 2024.","url":"https://www.resecurity.com/blog/article/cybercriminals-implemented-artificial-intelligence-ai-for-invoice-fraud","source":"Tidal Cyber","title":"Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud","authors":"Resecurity","date_accessed":"2024-09-09T00:00:00Z","date_published":"2024-01-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"66837132-d1e8-5cf0-b86d-e56e0d7258b6","created":"2024-10-18T13:25:14.910728Z","modified":"2024-10-18T13:25:15.164340Z"},{"id":"87071160-b212-59fd-bffa-46e127917a60","name":"TrendMicro-Obad","description":"Veo Zhang. (2013, June 13). Cybercriminals Improve Android Malware Stealth Routines with OBAD. Retrieved December","url":"http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/","source":"Mobile","title":"Cybercriminals Improve Android Malware Stealth Routines with OBAD","authors":"Veo Zhang","date_accessed":"1978-12-01T00:00:00Z","date_published":"2013-06-13T00:00:00Z","owner_name":null,"tidal_id":"6f1ac2ff-5bc4-532e-b610-9b5952317ba0","created":"2026-01-28T13:08:10.041796Z","modified":"2026-01-28T13:08:10.041799Z"},{"id":"cda529b2-e152-4ff0-a6b3-d0305b09fef9","name":"Secureworks GOLD KINGSWOOD September 2018","description":"CTU. (2018, September 27). Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish. Retrieved September 20, 2021.","url":"https://www.secureworks.com/blog/cybercriminals-increasingly-trying-to-ensnare-the-big-financial-fish","source":"MITRE","title":"Cybercriminals Increasingly Trying to Ensnare the Big Financial Fish","authors":"CTU","date_accessed":"2021-09-20T00:00:00Z","date_published":"2018-09-27T00:00:00Z","owner_name":null,"tidal_id":"375c0fab-146a-5bfc-82db-4aa92ccab6f5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418840Z"},{"id":"ebdf09ed-6eec-450f-aaea-067504ec25ca","name":"Cybereason OSX Pirrit","description":"Amit Serper. (2016). Cybereason Lab Analysis OSX.Pirrit. Retrieved December 10, 2021.","url":"https://cdn2.hubspot.net/hubfs/3354902/Content%20PDFs/Cybereason-Lab-Analysis-OSX-Pirrit-4-6-16.pdf","source":"MITRE","title":"Cybereason Lab Analysis OSX.Pirrit","authors":"Amit Serper","date_accessed":"2021-12-10T00:00:00Z","date_published":"2016-01-01T00:00:00Z","owner_name":null,"tidal_id":"05e3f39e-b079-5ce8-ba5b-9073e418f65e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426259Z"},{"id":"19027620-216a-4921-8d78-f56377778a12","name":"Cybereason Quantum Ransomware May 9 2022","description":"Cybereason Nocturnus. (2022, May 9). Cybereason vs. Quantum Locker Ransomware. Retrieved June 28, 2024.","url":"https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware","source":"Tidal Cyber","title":"Cybereason vs. Quantum Locker Ransomware","authors":"Cybereason Nocturnus","date_accessed":"2024-06-28T00:00:00Z","date_published":"2022-05-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"632c2590-1f0c-5173-89fb-85eea5792721","created":"2024-06-28T17:22:20.049331Z","modified":"2024-06-28T17:22:20.505830Z"},{"id":"dc97908c-d8e5-5e5d-a1b3-8ee65894f53a","name":"Palo Alto Unit42 STATELY TAURUS TONESHELL September 2023","description":"Lior Rochberger, Tom Fakterman, Robert Falcone. (2023, September 22). Cyberespionage Attacks Against Southeast Asian Government Linked to Stately Taurus, Aka Mustang Panda. Retrieved September 9, 2025.","url":"https://unit42.paloaltonetworks.com/stately-taurus-attacks-se-asian-government/","source":"MITRE","title":"Cyberespionage Attacks Against Southeast Asian Government Linked to Stately Taurus, Aka Mustang Panda","authors":"Lior Rochberger, Tom Fakterman, Robert Falcone","date_accessed":"2025-09-09T00:00:00Z","date_published":"2023-09-22T00:00:00Z","owner_name":null,"tidal_id":"1acd04c3-9f4c-5f4e-94ce-a6b4ca65e4ed","created":"2025-10-29T21:08:48.164857Z","modified":"2025-12-17T15:08:36.417373Z"},{"id":"b17acdc3-0163-4c98-b5fb-a457a7e6b58d","name":"Zdnet Kimsuky Dec 2018","description":"Cimpanu, C.. (2018, December 5). Cyber-espionage group uses Chrome extension to infect victims. Retrieved August 26, 2019.","url":"https://www.zdnet.com/article/cyber-espionage-group-uses-chrome-extension-to-infect-victims/","source":"MITRE","title":"Cyber-espionage group uses Chrome extension to infect victims","authors":"Cimpanu, C.","date_accessed":"2019-08-26T00:00:00Z","date_published":"2018-12-05T00:00:00Z","owner_name":null,"tidal_id":"43793dfe-4496-562c-9eab-a04bfbe62810","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438401Z"},{"id":"b72d017b-a70f-4003-b3d9-90d79aca812d","name":"FireEye APT32 May 2017","description":"Carr, N.. (2017, May 14). Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations. Retrieved June 18, 2017.","url":"https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html","source":"MITRE, Tidal Cyber","title":"Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations","authors":"Carr, N.","date_accessed":"2017-06-18T00:00:00Z","date_published":"2017-05-14T00:00:00Z","owner_name":null,"tidal_id":"e81bc119-d13a-593f-925a-803d2800ff37","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.260207Z"},{"id":"cf531866-ac3c-4078-b847-5b4af7eb161f","name":"Shadowserver Strategic Web Compromise","description":"Adair, S., Moran, N. (2012, May 15). Cyber Espionage & Strategic Web Compromises – Trusted Websites Serving Dangerous Results. Retrieved March 13, 2018.","url":"http://blog.shadowserver.org/2012/05/15/cyber-espionage-strategic-web-compromises-trusted-websites-serving-dangerous-results/","source":"MITRE","title":"Cyber Espionage & Strategic Web Compromises – Trusted Websites Serving Dangerous Results","authors":"Adair, S., Moran, N","date_accessed":"2018-03-13T00:00:00Z","date_published":"2012-05-15T00:00:00Z","owner_name":null,"tidal_id":"0b935183-8c26-5280-b6ec-5de498fb8a09","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435284Z"},{"id":"7329cd8f-1fcf-5abb-b324-95610716dc1c","name":"ESET Gamaredon Sept2024","description":"Rusnák, Z. (2024, September 26). Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023. Retrieved October 30, 2024.","url":"https://web-assets.esetstatic.com/wls/en/papers/white-papers/cyberespionage-gamaredon-way.pdf","source":"MITRE","title":"Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023","authors":"Rusnák, Z","date_accessed":"2024-10-30T00:00:00Z","date_published":"2024-09-26T00:00:00Z","owner_name":null,"tidal_id":"ef551d3c-6671-5730-9ec5-ee449acd2c45","created":"2025-10-29T21:08:48.167386Z","modified":"2025-12-17T15:08:36.440158Z"},{"id":"a37564a4-ff83-4ce0-818e-80750172f302","name":"CyberKnow Tweet July 7 2022","description":"Cyberknow20. (2022, July 7). CyberKnow Tweet July 7 2022. Retrieved October 10, 2023.","url":"https://twitter.com/Cyberknow20/status/1545059177587871749","source":"Tidal Cyber","title":"CyberKnow Tweet July 7 2022","authors":"Cyberknow20","date_accessed":"2023-10-10T00:00:00Z","date_published":"2022-07-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"135b95d9-8c2e-533b-b2f5-342307625e1b","created":"2023-10-10T20:48:41.738048Z","modified":"2023-10-10T20:48:41.884734Z"},{"id":"4b713738-d767-5243-b9af-4d7ac7b0b349","name":"Cyber Safety Review Board: Lapsus","description":"CISA. (2023, August). Cyber Safety Review Board: Lapsus. Retrieved January 5, 2024.","url":"https://www.cisa.gov/sites/default/files/2023-08/CSRB_Lapsus%24_508c.pdf","source":"MITRE","title":"Cyber Safety Review Board: Lapsus","authors":"CISA","date_accessed":"2024-01-05T00:00:00Z","date_published":"2023-08-01T00:00:00Z","owner_name":null,"tidal_id":"1f95909b-3e11-5c00-807a-e9a480b4f181","created":"2024-04-25T13:28:52.956360Z","modified":"2025-12-17T15:08:36.442326Z"},{"id":"deae8b2c-39dd-5252-b846-88e1cab099c2","name":"CISA Scattered Spider Advisory November 2023","description":"CISA. (2023, November 16). Cybersecurity Advisory: Scattered Spider (AA23-320A). Retrieved March 18, 2024.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a","source":"MITRE","title":"Cybersecurity Advisory: Scattered Spider (AA23-320A)","authors":"CISA","date_accessed":"2024-03-18T00:00:00Z","date_published":"2023-11-16T00:00:00Z","owner_name":null,"tidal_id":"f884921e-379c-5dec-985e-a2b325a94be9","created":"2024-04-25T13:28:44.276278Z","modified":"2025-12-17T15:08:36.438893Z"},{"id":"3e86a807-5188-4278-9a58-babd23b86410","name":"NSA NCSC Turla OilRig","description":"NSA/NCSC. (2019, October 21). Cybersecurity Advisory: Turla Group Exploits Iranian APT To Expand Coverage Of Victims. Retrieved October 16, 2020.","url":"https://media.defense.gov/2019/Oct/18/2002197242/-1/-1/0/NSA_CSA_Turla_20191021%20ver%204%20-%20nsa.gov.pdf","source":"MITRE","title":"Cybersecurity Advisory: Turla Group Exploits Iranian APT To Expand Coverage Of Victims","authors":"NSA/NCSC","date_accessed":"2020-10-16T00:00:00Z","date_published":"2019-10-21T00:00:00Z","owner_name":null,"tidal_id":"bb99f9e1-8e4c-5630-8d10-178ab82e9cd7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427999Z"},{"id":"b67ed4e9-ed44-460a-bd59-c978bdfda32f","name":"OPM Leak","description":"Cybersecurity Resource Center. (n.d.). CYBERSECURITY INCIDENTS. Retrieved September 16, 2024.","url":"https://web.archive.org/web/20230602111604/https://www.opm.gov/cybersecurity/cybersecurity-incidents/","source":"MITRE","title":"CYBERSECURITY INCIDENTS","authors":"Cybersecurity Resource Center","date_accessed":"2024-09-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6d7576d5-6fad-5625-9325-372e371d7cb2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429507Z"},{"id":"300c4613-252a-58e3-aef3-1dcef7571fef","name":"Cybersecurity & Infrastructure Security Agency March 2018","description":"Cybersecurity & Infrastructure Security Agency 2018, March 15 Alert (TA18-074A) Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved 2019/10/11","url":"https://us-cert.cisa.gov/ncas/alerts/TA18-074A","source":"ICS","title":"Cybersecurity & Infrastructure Security Agency March 2018","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"09561846-62ad-5d96-b421-7d34235c67ef","created":"2026-01-28T13:08:18.176910Z","modified":"2026-01-28T13:08:18.176913Z"},{"id":"26096485-1dd6-512a-a2a1-27dbbfb6fde0","name":"ExpressVPN PATH env Windows 2021","description":"ExpressVPN Security Team. (2021, November 16). Cybersecurity lessons: A PATH vulnerability in Windows. Retrieved September 28, 2023.","url":"https://www.expressvpn.com/blog/cybersecurity-lessons-a-path-vulnerability-in-windows/","source":"MITRE","title":"Cybersecurity lessons: A PATH vulnerability in Windows","authors":"ExpressVPN Security Team","date_accessed":"2023-09-28T00:00:00Z","date_published":"2021-11-16T00:00:00Z","owner_name":null,"tidal_id":"34914876-e623-5e00-b0de-84cab95e006c","created":"2023-11-07T00:35:57.324446Z","modified":"2025-12-17T15:08:36.424502Z"},{"id":"c6948dfc-b133-556b-a8ac-b3a4dba09c0e","name":"SCILabs Malteiro 2021","description":"SCILabs. (2021, December 23). Cyber Threat Profile Malteiro. Retrieved March 13, 2024.","url":"https://blog.scilabs.mx/en/cyber-threat-profile-malteiro/","source":"MITRE","title":"Cyber Threat Profile Malteiro","authors":"SCILabs","date_accessed":"2024-03-13T00:00:00Z","date_published":"2021-12-23T00:00:00Z","owner_name":null,"tidal_id":"0088160b-00c1-52a3-89c1-3e162dbede08","created":"2024-04-25T13:28:45.775624Z","modified":"2025-12-17T15:08:36.418455Z"},{"id":"1f46872c-6255-4ce0-a6c3-2bfa9e767765","name":"Cyber Threat Profile MALTEIRO – Sciblog","description":"blog.scilabs.mx. (2021, December 23). Cyber Threat Profile MALTEIRO – Sciblog. Retrieved May 17, 2023.","url":"https://blog.scilabs.mx/en/cyber-threat-profile-malteiro/","source":"Tidal Cyber","title":"Cyber Threat Profile MALTEIRO – Sciblog","authors":"blog.scilabs.mx","date_accessed":"2023-05-17T00:00:00Z","date_published":"2021-12-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9377d923-989e-50a6-9937-d4a5a17681fd","created":"2024-06-13T20:10:25.744211Z","modified":"2024-06-13T20:10:25.944068Z"},{"id":"fbaaf8fc-f733-54fe-a01e-c571d5c99ace","name":"PWC UK MUSTANG PANDA RED LICH February 2021","description":"PWC UK. (2021, February 28). Cyber Threats 2020: A Year in Retrospect. Retrieved October 15, 2025.","url":"https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf","source":"MITRE","title":"Cyber Threats 2020: A Year in Retrospect","authors":"PWC UK","date_accessed":"2025-10-15T00:00:00Z","date_published":"2021-02-28T00:00:00Z","owner_name":null,"tidal_id":"6e15ec59-5544-50bf-9a65-dfbab7023db9","created":"2025-10-29T21:08:48.166897Z","modified":"2025-12-17T15:08:36.438589Z"},{"id":"aff0c17c-6f8d-43b4-bce8-9bdf844e0481","name":"QBE Legal and Professional Services Threats April 8 2025","description":"QBE. (2025, April 8). Cyber threats to the Legal and Professional Services sector. Retrieved July 30, 2025.","url":"https://www.qbe.com/my/newsroom/risk-insights-and-expertise/cyber-threats-to-the-legal-and-professional-services-sector","source":"Tidal Cyber","title":"Cyber threats to the Legal and Professional Services sector","authors":"QBE","date_accessed":"2025-07-30T12:00:00Z","date_published":"2025-04-08T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e87aef25-211a-5873-b77e-bad2cfb0ff24","created":"2025-08-06T14:56:42.102403Z","modified":"2025-08-06T14:56:42.281942Z"},{"id":"2fc1f6de-e01c-4225-bd29-8d547bf91e9e","name":"DoublePulsar Cyber Toufan","description":"Kevin Beaumont. (2023, December 28). Cyber Toufan goes Oprah mode with free Linux system wipes of over 100 organisations. Retrieved August 8, 2024.","url":"https://doublepulsar.com/cyber-toufan-goes-oprah-mode-with-free-linux-system-wipes-of-over-100-organisations-eaf249b042dc","source":"Tidal Cyber","title":"Cyber Toufan goes Oprah mode with free Linux system wipes of over 100 organisations","authors":"Kevin Beaumont","date_accessed":"2024-08-08T00:00:00Z","date_published":"2023-12-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"559bf2e3-a748-54a6-b3a9-1b84291467a2","created":"2024-08-09T14:50:34.132109Z","modified":"2024-08-09T14:50:34.556646Z"},{"id":"71c8e60c-a72a-4bff-aae3-f3f155fa22ee","name":"SentinelOne November 25 2024","description":"Jim Walter. (2024, November 25). CyberVolk . Retrieved April 9, 2025.","url":"https://www.sentinelone.com/labs/cybervolk-a-deep-dive-into-the-hacktivists-tools-and-ransomware-fueling-pro-russian-cyber-attacks/","source":"Tidal Cyber","title":"CyberVolk","authors":"Jim Walter","date_accessed":"2025-04-09T00:00:00Z","date_published":"2024-11-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"57790c95-dc7e-5571-aa27-977bdfebdbaf","created":"2025-04-11T15:33:24.431050Z","modified":"2025-04-11T15:33:24.618774Z"},{"id":"d8a5e49e-7d1c-54eb-92dc-273adb930c20","name":"Nozomi BUSTLEBERM 2024","description":"Nozomi Networks Labs. (2024, July 24). Cyberwarfare Targeting OT: Protecting Against FrostyGoop/BUSTLEBERM Malware. Retrieved November 20, 2024.","url":"https://www.nozominetworks.com/blog/protecting-against-frostygoop-bustleberm-malware","source":"MITRE","title":"Cyberwarfare Targeting OT: Protecting Against FrostyGoop/BUSTLEBERM Malware","authors":"Nozomi Networks Labs","date_accessed":"2024-11-20T00:00:00Z","date_published":"2024-07-24T00:00:00Z","owner_name":null,"tidal_id":"24cd535a-ab2a-5fdf-83a8-b0f201618836","created":"2025-04-22T20:47:21.654035Z","modified":"2025-12-17T15:08:36.439534Z"},{"id":"91ed6adf-f066-49e4-8ec7-1989bc6615a6","name":"NCSC Cyclops Blink February 2022","description":"NCSC. (2022, February 23). Cyclops Blink Malware Analysis Report. Retrieved March 3, 2022.","url":"https://www.ncsc.gov.uk/files/Cyclops-Blink-Malware-Analysis-Report.pdf","source":"MITRE","title":"Cyclops Blink Malware Analysis Report","authors":"NCSC","date_accessed":"2022-03-03T00:00:00Z","date_published":"2022-02-23T00:00:00Z","owner_name":null,"tidal_id":"463208cb-27a5-5365-9ae0-159ec9fec3c7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421233Z"},{"id":"64e9a24f-f386-4774-9874-063e0ebfb8e1","name":"Trend Micro Cyclops Blink March 2022","description":"Haquebord, F. et al. (2022, March 17). Cyclops Blink Sets Sights on Asus Routers. Retrieved March 17, 2022.","url":"https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--.html","source":"MITRE","title":"Cyclops Blink Sets Sights on Asus Routers","authors":"Haquebord, F. et al","date_accessed":"2022-03-17T00:00:00Z","date_published":"2022-03-17T00:00:00Z","owner_name":null,"tidal_id":"62f886c3-d070-51dc-bbce-b981a5e40f98","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421226Z"},{"id":"5a20c423-c4c0-4601-9e4d-028df0297568","name":"CYJAX Initial Access Broker Report June 2024","description":"CYJAX. (2024, June 1). CYJAX Initial Access Broker Report. Retrieved April 9, 2025.","url":"https://www.globalsecuritymag.fr/research-99-5-of-consumers-demand-protection-in-mobile-apps.html","source":"Tidal Cyber","title":"CYJAX Initial Access Broker Report","authors":"CYJAX","date_accessed":"2025-04-09T00:00:00Z","date_published":"2024-06-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"30e73294-4255-5969-b347-db99491a8049","created":"2025-04-11T15:33:22.240328Z","modified":"2025-04-11T15:33:22.407536Z"},{"id":"aeb637ea-0b83-42a0-8f68-9fdc59aa462a","name":"Cynet Ragnar Apr 2020","description":"Gold, B. (2020, April 27). Cynet Detection Report: Ragnar Locker Ransomware. Retrieved June 29, 2020.","url":"https://www.cynet.com/blog/cynet-detection-report-ragnar-locker-ransomware/","source":"MITRE","title":"Cynet Detection Report: Ragnar Locker Ransomware","authors":"Gold, B","date_accessed":"2020-06-29T00:00:00Z","date_published":"2020-04-27T00:00:00Z","owner_name":null,"tidal_id":"56afc903-4e86-5443-9d9d-dc137314f648","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418658Z"},{"id":"fee854bd-4deb-552a-892a-e2a7078cee10","name":"Daavid Hentunen, Antti Tikkanen June 2014","description":"Daavid Hentunen, Antti Tikkanen 2014, June 23 Havex Hunts For ICS/SCADA Systems. Retrieved 2019/04/01","url":"https://www.f-secure.com/weblog/archives/00002718.html","source":"ICS","title":"Daavid Hentunen, Antti Tikkanen June 2014","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c057db9a-5563-5043-bb82-1c8a070657dd","created":"2026-01-28T13:08:18.176682Z","modified":"2026-01-28T13:08:18.176686Z"},{"id":"32a250ca-a7eb-4d7f-af38-f3e6a09540e2","name":"Microsoft DACL May 2018","description":"Microsoft. (2018, May 30). DACLs and ACEs. Retrieved August 19, 2018.","url":"https://docs.microsoft.com/windows/desktop/secauthz/dacls-and-aces","source":"MITRE","title":"DACLs and ACEs","authors":"Microsoft","date_accessed":"2018-08-19T00:00:00Z","date_published":"2018-05-30T00:00:00Z","owner_name":null,"tidal_id":"0910e55a-a9fb-52c0-8915-cc5aaecaff0b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427487Z"},{"id":"41311827-3d81-422a-9b07-ee8ddc2fc7f1","name":"Apple Developer Doco Archive Launchd","description":"Apple. (2016, September 13). Daemons and Services Programming Guide - Creating Launch Daemons and Agents. Retrieved February 24, 2021.","url":"https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html","source":"MITRE","title":"Daemons and Services Programming Guide - Creating Launch Daemons and Agents","authors":"Apple","date_accessed":"2021-02-24T00:00:00Z","date_published":"2016-09-13T00:00:00Z","owner_name":null,"tidal_id":"2272ac26-88f6-5a63-851e-3d286d2c742f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435402Z"},{"id":"4e4668bd-9bef-597e-ad41-8afe1974b7f6","name":"Kubernetes DaemonSet","description":"Kubernetes. (n.d.). DaemonSet. Retrieved February 15, 2024.","url":"https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/","source":"MITRE","title":"DaemonSet","authors":"Kubernetes","date_accessed":"2024-02-15T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"982f87eb-c8a3-57be-bbea-1e3ae942ce5c","created":"2024-04-25T13:28:38.614420Z","modified":"2025-12-17T15:08:36.433536Z"},{"id":"cb0a51f5-fe5b-5dd0-8f55-4e7536cb61a4","name":"Symantec Daggerfly 2023","description":"Threat Hunter Team. (2023, April 20). Daggerfly: APT Actor Targets Telecoms Company in Africa. Retrieved July 25, 2024.","url":"https://symantec-enterprise-blogs.security.com/threat-intelligence/apt-attacks-telecoms-africa-mgbot","source":"MITRE","title":"Daggerfly: APT Actor Targets Telecoms Company in Africa","authors":"Threat Hunter Team","date_accessed":"2024-07-25T00:00:00Z","date_published":"2023-04-20T00:00:00Z","owner_name":null,"tidal_id":"ded7c62a-0746-57e9-afb2-c3af8ed18009","created":"2024-10-31T16:28:31.761719Z","modified":"2025-12-17T15:08:36.437650Z"},{"id":"1dadd09e-e7b0-50a1-ba3d-413780dbeb80","name":"Symantec Daggerfly 2024","description":"Threat Hunter Team. (2024, July 23). Daggerfly: Espionage Group Makes Major Update to Toolset. Retrieved July 25, 2024.","url":"https://symantec-enterprise-blogs.security.com/threat-intelligence/daggerfly-espionage-updated-toolset","source":"MITRE","title":"Daggerfly: Espionage Group Makes Major Update to Toolset","authors":"Threat Hunter Team","date_accessed":"2024-07-25T00:00:00Z","date_published":"2024-07-23T00:00:00Z","owner_name":null,"tidal_id":"1de189b2-143b-52b1-8a2f-31445ba15ca7","created":"2024-10-31T16:28:31.768855Z","modified":"2025-12-17T15:08:36.418603Z"},{"id":"eba3b1b9-d0a0-4c03-8c14-21f7bbcc8a02","name":"Picus Daixin Team October 24 2022","description":"Huseyin Can Yuceel. (2022, October 24). Daixin Team Targets Healthcare Organizations with Ransomware Attacks. Retrieved December 1, 2023.","url":"https://www.picussecurity.com/resource/blog/daixin-team-targets-healthcare-organizations-with-ransomware-attacks","source":"Tidal Cyber","title":"Daixin Team Targets Healthcare Organizations with Ransomware Attacks","authors":"Huseyin Can Yuceel","date_accessed":"2023-12-01T00:00:00Z","date_published":"2022-10-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"cf087492-86d3-53b2-9667-cafb5b826a76","created":"2023-12-01T14:42:09.854243Z","modified":"2023-12-01T14:42:09.982320Z"},{"id":"f1ff9d11-d59c-423b-aff0-5eb8e3545ffc","name":"Proofpoint January 26 2021","description":"Dennis Schwarz; Axel F; Brandon Murphy. (2021, January 26). DanaBot Malware New Year, New Version . Retrieved February 7, 2025.","url":"https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot","source":"Tidal Cyber","title":"DanaBot Malware New Year, New Version","authors":"Dennis Schwarz; Axel F; Brandon Murphy","date_accessed":"2025-02-07T00:00:00Z","date_published":"2021-01-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ec5beffd-2e2b-5478-9424-041e59a4e03d","created":"2025-02-11T18:20:00.546594Z","modified":"2025-02-11T18:20:01.392463Z"},{"id":"87c5e84a-b96d-489d-aa10-db95b78c5a93","name":"Medium Eli Salem GuLoader April 2021","description":"Salem, E. (2021, April 19). Dancing With Shellcodes: Cracking the latest version of Guloader. Retrieved July 7, 2021.","url":"https://elis531989.medium.com/dancing-with-shellcodes-cracking-the-latest-version-of-guloader-75083fb15cb4","source":"MITRE","title":"Dancing With Shellcodes: Cracking the latest version of Guloader","authors":"Salem, E","date_accessed":"2021-07-07T00:00:00Z","date_published":"2021-04-19T00:00:00Z","owner_name":null,"tidal_id":"cddb664d-9389-567b-ae3d-4414c071bc72","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418115Z"},{"id":"1f1f9dc5-1d88-5a16-9ea4-ea875237fb38","name":"IBTimes-ThirdParty","description":"A Prasad. (2016, February 19). Danger lurks in third-party Android app stores. Retrieved November","url":"https://www.ibtimes.co.uk/danger-lurks-third-party-android-app-stores-1544861","source":"Mobile","title":"Danger lurks in third-party Android app stores","authors":"A Prasad","date_accessed":"1978-11-01T00:00:00Z","date_published":"2016-02-19T00:00:00Z","owner_name":null,"tidal_id":"8d96ca06-dfb4-54ce-b1eb-81243660573b","created":"2026-01-28T13:08:10.043976Z","modified":"2026-01-28T13:08:10.043978Z"},{"id":"766e12b5-5336-49c8-9466-997cce7c47fe","name":"Volexity December 04 2025","description":"Kristel Faris. (2025, December 4). Dangerous Invitations: Russian Threat Actor Spoofs European Security Events in Targeted Phishing Attacks | Volexity. Retrieved December 5, 2025.","url":"https://www.volexity.com/blog/2025/12/04/dangerous-invitations-russian-threat-actor-spoofs-european-security-events-in-targeted-phishing-attacks/","source":"Tidal Cyber","title":"Dangerous Invitations: Russian Threat Actor Spoofs European Security Events in Targeted Phishing Attacks | Volexity","authors":"Kristel Faris","date_accessed":"2025-12-05T12:00:00Z","date_published":"2025-12-04T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a7be5829-e1c6-575c-bac3-84665bbc73ea","created":"2025-12-10T14:13:46.289542Z","modified":"2025-12-10T14:13:46.452908Z"},{"id":"8b3386a5-6186-5444-b4e9-b7d77241bfb5","name":"Dan Goodin March 2017","description":"Dan Goodin 2017, March Virtual machine escape fetches $105,000 at Pwn2Own hacking contest. Retrieved 2020/09/25","url":"https://arstechnica.com/information-technology/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/","source":"ICS","title":"Dan Goodin March 2017","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4df7504a-eed3-59f7-be12-644788a5da5a","created":"2026-01-28T13:08:18.179895Z","modified":"2026-01-28T13:08:18.179898Z"},{"id":"0b1cc685-d1df-5f73-953b-dd9f966fb52a","name":"Daniel Kapellmann Zafra, Keith Lunden, Nathan Brubaker, Jeremy Kennelly July 2020","description":"Daniel Kapellmann Zafra, Keith Lunden, Nathan Brubaker, Jeremy Kennelly 2020, July 15 Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT. Retrieved 2021/04/12","url":"https://www.fireeye.com/blog/threat-research/2020/02/ransomware-against-machine-learning-to-disrupt-industrial-production.html","source":"ICS","title":"Daniel Kapellmann Zafra, Keith Lunden, Nathan Brubaker, Jeremy Kennelly July 2020","authors":"","date_accessed":"2021-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a74559a4-e072-5cf8-b36a-d00bd91d1528","created":"2026-01-28T13:08:18.179178Z","modified":"2026-01-28T13:08:18.179181Z"},{"id":"60cdfeba-f359-5b1b-b915-ca74c1215f6b","name":"Daniel Oakley, Travis Smith, Tripwire","description":"Daniel Oakley, Travis Smith, Tripwire. (n.d.).. Retrieved 2018/05/30","url":"https://attack.mitre.org/wiki/Technique/T1133","source":"ICS","title":"Daniel Oakley, Travis Smith, Tripwire","authors":"","date_accessed":"2018-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"96cb61ba-305a-51c0-9304-5b55070006a1","created":"2026-01-28T13:08:18.177327Z","modified":"2026-01-28T13:08:18.177330Z"},{"id":"3a0fa392-27b9-5846-857d-1550193fce7a","name":"Daniel Peck, Dale Peterson January 2009","description":"Daniel Peck, Dale Peterson 2009, January 28 Leveraging Ethernet Card Vulnerabilities in Field Devices. Retrieved 2017/12/19","url":"https://www.researchgate.net/publication/228849043_Leveraging_ethernet_card_vulnerabilities_in_field_devices","source":"ICS","title":"Daniel Peck, Dale Peterson January 2009","authors":"","date_accessed":"2017-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8ae63346-22b1-5031-b314-8f8638b75a4d","created":"2026-01-28T13:08:18.178378Z","modified":"2026-01-28T13:08:18.178381Z"},{"id":"482d1d37-a78b-5479-b0ea-8d3e704dfee9","name":"Danny Yadron December 2015","description":"Danny Yadron 2015, December 20 Iranian Hackers Infiltrated New York Dam in. (2013).. Retrieved 2019/11/07","url":"https://www.wsj.com/articles/iranian-hackers-infiltrated-new-york-dam-in-2013-1450662559","source":"ICS","title":"Danny Yadron December 2015","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"20a0b18f-b7ad-5e12-bcf0-eaea900512d4","created":"2026-01-28T13:08:18.177500Z","modified":"2026-01-28T13:08:18.177504Z"},{"id":"c558f5db-a426-4041-b883-995ec56e7155","name":"Lookout Dark Caracal Jan 2018","description":"Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.","url":"https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf","source":"MITRE, Tidal Cyber","title":"Dark Caracal: Cyber-espionage at a Global Scale","authors":"Blaich, A., et al","date_accessed":"2018-04-11T00:00:00Z","date_published":"2018-01-18T00:00:00Z","owner_name":null,"tidal_id":"e98bad2c-665b-5e58-8a90-c64767a44fe4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.260347Z"},{"id":"ee5d2c9c-c704-4f35-baeb-055a35dd04b5","name":"Dark Clouds_Usenix_Mulazzani_08_2011","description":"Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, and Edgar Weippl. (2011, August). Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space. Retrieved July 14, 2022.","url":"https://www.usenix.org/conference/usenix-security-11/dark-clouds-horizon-using-cloud-storage-attack-vector-and-online-slack","source":"MITRE","title":"Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space","authors":"Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, and Edgar Weippl","date_accessed":"2022-07-14T00:00:00Z","date_published":"2011-08-01T00:00:00Z","owner_name":null,"tidal_id":"034fd9fb-6819-5113-99b8-9d48f0c3ad95","created":"2022-12-14T20:06:32.013016Z","modified":"2023-05-26T01:21:03.846284Z"},{"id":"fb365600-4961-43ed-8292-1c07cbc530ef","name":"TrendMicro DarkComet Sept 2014","description":"TrendMicro. (2014, September 03). DARKCOMET. Retrieved November 6, 2018.","url":"https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/DARKCOMET","source":"MITRE","title":"DARKCOMET","authors":"TrendMicro","date_accessed":"2018-11-06T00:00:00Z","date_published":"2014-09-03T00:00:00Z","owner_name":null,"tidal_id":"8af1be9f-24f5-57a3-9b50-42c402f9bd76","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418630Z"},{"id":"78bccfce-ac5c-4413-9f6b-3be2762d7882","name":"Splunk October 18 2022","description":"Splunk Threat Research Team. (2022, October 18). Dark Crystal RAT Agent Deep Dive . Retrieved February 12, 2025.","url":"https://www.splunk.com/en_us/blog/security/dark-crystal-rat-agent-deep-dive.html","source":"Tidal Cyber","title":"Dark Crystal RAT Agent Deep Dive","authors":"Splunk Threat Research Team","date_accessed":"2025-02-12T00:00:00Z","date_published":"2022-10-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d84a236b-c091-5eb6-a6cc-aeb76ac80e8c","created":"2025-02-18T15:17:59.061184Z","modified":"2025-02-18T15:17:59.233252Z"},{"id":"4222a06f-9528-4076-8037-a27012c2930c","name":"DarkGate Loader delivered via Teams - Truesec","description":"Jakob Nordenlund. (2023, September 6). DarkGate Loader delivered via Teams - Truesec. Retrieved October 20, 2023.","url":"https://www.truesec.com/hub/blog/darkgate-loader-delivered-via-teams","source":"Tidal Cyber","title":"DarkGate Loader delivered via Teams - Truesec","authors":"Jakob Nordenlund","date_accessed":"2023-10-20T00:00:00Z","date_published":"2023-09-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"99f957d4-d5c9-5aea-83e3-1eb7801151ce","created":"2024-01-26T18:00:34.942591Z","modified":"2024-01-26T18:00:35.073860Z"},{"id":"7c219b64-25e6-5f4e-b637-7eedaa6ccfe9","name":"gbhackers Darkgate Malware 2024","description":"Divya. (2024, April 30). Darkgate Malware Leveraging Autohotkey Following Teams. Retrieved November 22, 2024.","url":"https://gbhackers.com/darkgate-malware-leveraging/","source":"MITRE","title":"Darkgate Malware Leveraging Autohotkey Following Teams","authors":"Divya","date_accessed":"2024-11-22T00:00:00Z","date_published":"2024-04-30T00:00:00Z","owner_name":null,"tidal_id":"0d212fb0-862d-5af4-8992-85c5328627fe","created":"2025-04-22T20:47:32.630386Z","modified":"2025-12-17T15:08:36.442721Z"},{"id":"313e5558-d8f9-4457-9004-810d9fa5340c","name":"Bleeping Computer DarkGate October 14 2023","description":"Sergiu Gatlan. (2023, October 14). DarkGate malware spreads through compromised Skype accounts. Retrieved October 20, 2023.","url":"https://www.bleepingcomputer.com/news/security/darkgate-malware-spreads-through-compromised-skype-accounts/","source":"Tidal Cyber","title":"DarkGate malware spreads through compromised Skype accounts","authors":"Sergiu Gatlan","date_accessed":"2023-10-20T00:00:00Z","date_published":"2023-10-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9ddeedc5-3349-52d9-8392-614b1f0408ff","created":"2024-01-26T18:00:35.905853Z","modified":"2024-01-26T18:00:36.036387Z"},{"id":"81650f5b-628b-4e76-80d6-2c15cf70d37a","name":"Trend Micro DarkGate October 12 2023","description":"Trent Bessell, Ryan Maglaque, Aira Marcelo, Jack Walsh, David Walsh. (2023, October 12). DarkGate Opens Organizations for Attack via Skype, Teams. Retrieved October 20, 2023.","url":"https://www.trendmicro.com/en_us/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html","source":"Tidal Cyber","title":"DarkGate Opens Organizations for Attack via Skype, Teams","authors":"Trent Bessell, Ryan Maglaque, Aira Marcelo, Jack Walsh, David Walsh","date_accessed":"2023-10-20T00:00:00Z","date_published":"2023-10-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"80770569-41a8-5f2b-b9ea-b8ee5e047f29","created":"2024-01-26T18:00:35.667247Z","modified":"2024-01-26T18:00:35.789171Z"},{"id":"8a1ac4b8-05f6-4be9-a866-e3026bc92c7f","name":"DarkGate - Threat Breakdown Journey","description":"0xToxin. (n.d.). DarkGate - Threat Breakdown Journey. Retrieved October 20, 2023.","url":"https://0xtoxin.github.io/threat%20breakdown/DarkGate-Camapign-Analysis/","source":"Tidal Cyber","title":"DarkGate - Threat Breakdown Journey","authors":"0xToxin","date_accessed":"2023-10-20T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"68dfb440-b9e7-541f-9a5e-c0d0c7d43c30","created":"2024-01-26T18:00:35.433261Z","modified":"2024-01-26T18:00:35.556144Z"},{"id":"a881a7e4-a1df-4ad2-b67f-ef03caddb721","name":"Kaspersky Tomiris Sep 2021","description":"Kwiatkoswki, I. and Delcher, P. (2021, September 29). DarkHalo After SolarWinds: the Tomiris connection. Retrieved December 27, 2021.","url":"https://securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/","source":"MITRE","title":"DarkHalo After SolarWinds: the Tomiris connection","authors":"Kwiatkoswki, I. and Delcher, P","date_accessed":"2021-12-27T00:00:00Z","date_published":"2021-09-29T00:00:00Z","owner_name":null,"tidal_id":"63f34197-c936-5309-92c5-24405a20843f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417776Z"},{"id":"355cecf8-ef3e-4a6e-a652-3bf26fe46d88","name":"Volexity SolarWinds","description":"Cash, D. et al. (2020, December 14). Dark Halo Leverages SolarWinds Compromise to Breach Organizations. Retrieved December 29, 2020.","url":"https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/","source":"MITRE","title":"Dark Halo Leverages SolarWinds Compromise to Breach Organizations","authors":"Cash, D. et al","date_accessed":"2020-12-29T00:00:00Z","date_published":"2020-12-14T00:00:00Z","owner_name":null,"tidal_id":"498c624e-ebbe-5254-9da9-c78656838863","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428568Z"},{"id":"e120f0bc-e039-53fb-a82f-42cc4c31148c","name":"Kaspersky-DarkHotel","description":"Alex Drozhzhin. (2014, November 10). Darkhotel: a spy campaign in luxury Asian hotels. Retrieved December","url":"https://blog.kaspersky.com/darkhotel-apt/6613/","source":"Mobile","title":"Darkhotel: a spy campaign in luxury Asian hotels","authors":"Alex Drozhzhin","date_accessed":"1978-12-01T00:00:00Z","date_published":"2014-11-10T00:00:00Z","owner_name":null,"tidal_id":"d0001e3b-6a25-530b-a795-430e1fdb9f3d","created":"2026-01-28T13:08:10.044100Z","modified":"2026-01-28T13:08:10.044103Z"},{"id":"5a45be49-f5f1-4d5b-b7da-0a2f38194ec1","name":"Securelist Darkhotel Aug 2015","description":"Kaspersky Lab's Global Research & Analysis Team. (2015, August 10). Darkhotel's attacks in 2015. Retrieved November 2, 2018.","url":"https://securelist.com/darkhotels-attacks-in-2015/71713/","source":"MITRE, Tidal Cyber","title":"Darkhotel's attacks in 2015","authors":"Kaspersky Lab's Global Research & Analysis Team","date_accessed":"2018-11-02T00:00:00Z","date_published":"2015-08-10T00:00:00Z","owner_name":null,"tidal_id":"023d5f57-91e6-50aa-a4e5-0dfa0266a708","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.278536Z"},{"id":"eb235504-d142-4c6d-9ffd-3c0b0dd23e80","name":"Unit42 DarkHydrus Jan 2019","description":"Lee, B., Falcone, R. (2019, January 18). DarkHydrus delivers new Trojan that can use Google Drive for C2 communications. Retrieved April 17, 2019.","url":"https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/","source":"MITRE","title":"DarkHydrus delivers new Trojan that can use Google Drive for C2 communications","authors":"Lee, B., Falcone, R","date_accessed":"2019-04-17T00:00:00Z","date_published":"2019-01-18T00:00:00Z","owner_name":null,"tidal_id":"aa832bce-c694-58eb-b620-85c99bfe7357","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420357Z"},{"id":"ab9d59c1-8ea5-4f9c-b733-b16223ffe84a","name":"Unit 42 Phishery Aug 2018","description":"Falcone, R. (2018, August 07). DarkHydrus Uses Phishery to Harvest Credentials in the Middle East. Retrieved August 10, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/08/unit42-darkhydrus-uses-phishery-harvest-credentials-middle-east/","source":"MITRE","title":"DarkHydrus Uses Phishery to Harvest Credentials in the Middle East","authors":"Falcone, R","date_accessed":"2018-08-10T00:00:00Z","date_published":"2018-08-07T00:00:00Z","owner_name":null,"tidal_id":"b75b7fe4-876d-54d0-92e2-ab2eb6ee23f0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441201Z"},{"id":"1f354f40-3438-5cdb-97dd-5b2ad4c173ff","name":"Dark Reading Staff April 2016","description":"Dark Reading Staff 2016, April 28 German Nuclear Power Plant Infected With Malware. Retrieved 2019/10/14","url":"https://www.darkreading.com/endpoint/german-nuclear-power-plant-infected-with-malware/d/d-id/1325298","source":"ICS","title":"Dark Reading Staff April 2016","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d4ae3b91-310c-59ce-a90b-b8606e0e479d","created":"2026-01-28T13:08:18.177962Z","modified":"2026-01-28T13:08:18.177965Z"},{"id":"866a519a-f85f-5659-a68d-662faa78ece1","name":"TrendMicro","description":"Mina Naiim. (2021, May 28). DarkSide on Linux: Virtual Machines Targeted. Retrieved March 26, 2025.","url":"https://www.trendmicro.com/en_us/research/21/e/darkside-linux-vms-targeted.html","source":"MITRE","title":"DarkSide on Linux: Virtual Machines Targeted","authors":"Mina Naiim","date_accessed":"2025-03-26T00:00:00Z","date_published":"2021-05-28T00:00:00Z","owner_name":null,"tidal_id":"0b206b5b-f11b-5095-b108-c1d02167f88b","created":"2025-10-29T21:08:48.166649Z","modified":"2025-12-17T15:08:36.436394Z"},{"id":"eded380e-33e9-4fdc-8e1f-b51d650b9731","name":"Darkside Ransomware Cybereason","description":"Cybereason Nocturnus. (2021, April 1). Cybereason vs. Darkside Ransomware. Retrieved August 18, 2021.","url":"https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware","source":"MITRE","title":"Darkside Ransomware","authors":"Cybereason Nocturnus. (2021, April 1)","date_accessed":"2021-08-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a23cbb3e-2fdd-5e5b-863e-c787ba2bc3ae","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434229Z"},{"id":"5f8d49e8-22da-425f-b63b-a799b97ec2b5","name":"DarkSide Ransomware Gang","description":"Ramarcus Baylor. (2021, May 12). DarkSide Ransomware Gang: An Overview. Retrieved August 30, 2022.","url":"https://unit42.paloaltonetworks.com/darkside-ransomware/","source":"MITRE","title":"DarkSide Ransomware Gang: An Overview","authors":"Ramarcus Baylor","date_accessed":"2022-08-30T00:00:00Z","date_published":"2021-05-12T00:00:00Z","owner_name":null,"tidal_id":"b3d3cbf1-2c2e-5324-af31-4fb969acbc59","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422994Z"},{"id":"5da3facd-7bd9-4a02-843a-ad4b3fa273d7","name":"Www.koi.ai January 05 2026","description":"None Identified. (2026, January 5). DarkSpectre: Unmasking the Threat Actor Behind 8.8 Million Infected Browsers. Retrieved January 5, 2026.","url":"https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers","source":"Tidal Cyber","title":"DarkSpectre: Unmasking the Threat Actor Behind 8.8 Million Infected Browsers","authors":"None Identified","date_accessed":"2026-01-05T12:00:00Z","date_published":"2026-01-05T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"45248099-43d2-5172-9807-477d9de490f3","created":"2026-01-06T18:03:35.741356Z","modified":"2026-01-06T18:03:35.890783Z"},{"id":"2609d7c5-b1e6-4563-abc3-08fd1534f757","name":"www.koi.ai January 05 2026","description":"None Identified. (2026, January 5). DarkSpectre: Unmasking the Threat Actor Behind 8.8 Million Infected Browsers. Retrieved January 5, 2026.","url":"https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers","source":"Tidal Cyber","title":"DarkSpectre: Unmasking the Threat Actor Behind 8.8 Million Infected Browsers","authors":"None Identified","date_accessed":"2026-01-05T12:00:00Z","date_published":"2026-01-05T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"cdc35f0f-0141-5257-bd35-7f183f677d8e","created":"2026-01-23T20:29:33.558085Z","modified":"2026-01-23T20:29:33.707771Z"},{"id":"4b48cc22-55ac-5b61-b183-9008f7db37fd","name":"Secureworks DarkTortilla Aug 2022","description":"Secureworks Counter Threat Unit Research Team. (2022, August 17). DarkTortilla Malware Analysis. Retrieved November 3, 2022.","url":"https://www.secureworks.com/research/darktortilla-malware-analysis","source":"MITRE","title":"DarkTortilla Malware Analysis","authors":"Secureworks Counter Threat Unit Research Team","date_accessed":"2022-11-03T00:00:00Z","date_published":"2022-08-17T00:00:00Z","owner_name":null,"tidal_id":"57cbcc3f-d9a7-55d6-ad0f-f6c70be4e9b3","created":"2023-05-26T01:21:16.105885Z","modified":"2025-12-17T15:08:36.419066Z"},{"id":"c0cb0ea8-28af-45c0-9233-5deac85a7c46","name":"www.threatintelligence.com July 18 2024","description":"None Identified. (2024, July 18). DarkVault: A Rising Menace in the Ransomware Underworld. Retrieved January 20, 2026.","url":"https://www.threatintelligence.com/blog/darkvault-ransomware","source":"Tidal Cyber","title":"DarkVault: A Rising Menace in the Ransomware Underworld","authors":"None Identified","date_accessed":"2026-01-20T12:00:00Z","date_published":"2024-07-18T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4840dce7-98a6-5632-9eb4-a2d4635a152f","created":"2026-01-23T20:29:36.807817Z","modified":"2026-01-23T20:29:36.950796Z"},{"id":"da9ac5a7-c644-45fa-ab96-30ac6bfc9f81","name":"Securelist DarkVishnya Dec 2018","description":"Golovanov, S. (2018, December 6). DarkVishnya: Banks attacked through direct connection to local network. Retrieved May 15, 2020.","url":"https://securelist.com/darkvishnya/89169/","source":"MITRE, Tidal Cyber","title":"DarkVishnya: Banks attacked through direct connection to local network","authors":"Golovanov, S","date_accessed":"2020-05-15T00:00:00Z","date_published":"2018-12-06T00:00:00Z","owner_name":null,"tidal_id":"0d834775-c3fe-527f-bce0-117d4aad475c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279415Z"},{"id":"449e7b5c-7c62-4a63-a676-80026a597fc9","name":"Prevailion DarkWatchman 2021","description":"Smith, S., Stafford, M. (2021, December 14). DarkWatchman: A new evolution in fileless techniques. Retrieved January 10, 2022.","url":"https://web.archive.org/web/20220629230035/https://www.prevailion.com/darkwatchman-new-fileless-techniques/","source":"MITRE","title":"DarkWatchman: A new evolution in fileless techniques","authors":"Smith, S., Stafford, M","date_accessed":"2022-01-10T00:00:00Z","date_published":"2021-12-14T00:00:00Z","owner_name":null,"tidal_id":"d3d5c5d1-25f1-5126-947b-eb6291a91908","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419177Z"},{"id":"4678131f-7079-4a5f-ac47-06faa3052d8f","name":"Dark Web Informer LinkedIn Cat Scientist January 2025","description":"Dark Web Informer. (2025, January 9). Dark Web Informer LinkedIn Cat Scientist. Retrieved April 9, 2025.","url":"https://www.linkedin.com/posts/darkwebinformer_a-threat-actor-is-allegedly-selling-activity-7278801801926127616-1szZ","source":"Tidal Cyber","title":"Dark Web Informer LinkedIn Cat Scientist","authors":"Dark Web Informer","date_accessed":"2025-04-09T00:00:00Z","date_published":"2025-01-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"56ff306a-1e7d-5819-99ba-b13e8e24ec46","created":"2025-04-11T15:33:21.800310Z","modified":"2025-04-11T15:33:22.049851Z"},{"id":"6077faed-b162-4850-969a-2abedc842198","name":"SOCRadar APT42 December 12 2022","description":"SOCRadar Research. (2022, December 12). Dark Web Profile: APT42 – Iranian Cyber Espionage Group. Retrieved August 30, 2024.","url":"https://socradar.io/dark-web-profile-apt42-iranian-cyber-espionage-group/","source":"Tidal Cyber","title":"Dark Web Profile: APT42 – Iranian Cyber Espionage Group","authors":"SOCRadar Research","date_accessed":"2024-08-30T00:00:00Z","date_published":"2022-12-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"16ba179b-5420-5250-86d4-d3ae7d301550","created":"2024-08-30T18:11:23.492759Z","modified":"2024-08-30T18:11:23.847670Z"},{"id":"a9aa6361-8c4d-4456-bb3f-c64ca5260695","name":"SOCRadar Cyber Toufan Profile","description":"SOCRadar. (2023, December 20). Dark Web Profile: Cyber Toufan Al-aqsa. Retrieved August 8, 2024.","url":"https://socradar.io/dark-web-profile-cyber-toufan-al-aqsa/","source":"Tidal Cyber","title":"Dark Web Profile: Cyber Toufan Al-aqsa","authors":"SOCRadar","date_accessed":"2024-08-08T00:00:00Z","date_published":"2023-12-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e84d8010-4857-5d53-9315-1566d4c7bcaa","created":"2024-08-09T14:50:31.940374Z","modified":"2024-08-09T14:50:32.204203Z"},{"id":"d7337128-e4e1-43b0-a787-4d166b7cd8ab","name":"SocRadar Hunt3r Kill3rs May 24 2024","description":"SocRadar. (2024, May 24). Dark Web Profile: Hunt3r Kill3rs. Retrieved January 17, 2025.","url":"https://socradar.io/dark-web-profile-hunt3r-kill3rs/","source":"Tidal Cyber","title":"Dark Web Profile: Hunt3r Kill3rs","authors":"SocRadar","date_accessed":"2025-01-17T00:00:00Z","date_published":"2024-05-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b3f502ef-4bd7-56f1-9f95-6c2b5573d76f","created":"2025-01-28T15:53:28.197353Z","modified":"2025-01-28T15:53:28.878910Z"},{"id":"6c78b422-7d46-58a4-a403-421db0531147","name":"SOCRadar INC Ransom January 2024","description":"SOCRadar. (2024, January 24). Dark Web Profile: INC Ransom. Retrieved June 5, 2024.","url":"https://socradar.io/dark-web-profile-inc-ransom/","source":"MITRE","title":"Dark Web Profile: INC Ransom","authors":"SOCRadar","date_accessed":"2024-06-05T00:00:00Z","date_published":"2024-01-24T00:00:00Z","owner_name":null,"tidal_id":"d06f185e-5131-56a5-8181-0623757e31df","created":"2024-10-31T16:28:35.403502Z","modified":"2025-12-17T15:08:36.439945Z"},{"id":"9ca8207e-e543-4b67-8123-c1f8b2d78502","name":"SocRadar KillSec November 7 2024","description":"SocRadar. (2024, November 7). Dark Web Profile: KillSec. Retrieved November 24, 2024.","url":"https://socradar.io/dark-web-profile-killsec/","source":"Tidal Cyber","title":"Dark Web Profile: KillSec","authors":"SocRadar","date_accessed":"2024-11-24T00:00:00Z","date_published":"2024-11-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7577afa9-7feb-5cba-8bfe-035e436572dc","created":"2024-11-25T18:00:52.618491Z","modified":"2024-11-25T18:00:52.813882Z"},{"id":"15ef155b-7628-4b18-bc53-1d30be4eac5d","name":"Moran 2014","description":"Moran, N., Oppenheim, M., Engle, S., & Wartell, R.. (2014, September 3). Darwin’s Favorite APT Group [Blog]. Retrieved November 12, 2014.","url":"https://www.fireeye.com/blog/threat-research/2014/09/darwins-favorite-apt-group-2.html","source":"MITRE, Tidal Cyber","title":"Darwin’s Favorite APT Group [Blog]","authors":"Moran, N., Oppenheim, M., Engle, S., & Wartell, R.","date_accessed":"2014-11-12T00:00:00Z","date_published":"2014-09-03T00:00:00Z","owner_name":null,"tidal_id":"c31d8330-2d90-5b7a-bfe9-85ce1b62db65","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:10:13.333907Z"},{"id":"de628ad0-9608-5af0-8c93-21a1d5cd4998","name":"AWS Data Perimeters","description":"AWS. (n.d.). Data perimeters on AWS. Retrieved October 16, 2024.","url":"https://aws.amazon.com/identity/data-perimeters-on-aws/","source":"MITRE","title":"Data perimeters on AWS","authors":"AWS","date_accessed":"2024-10-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1ddb4c5b-a409-5d23-b8aa-a1a2bca6bf14","created":"2024-10-31T16:28:36.974998Z","modified":"2025-12-17T15:08:36.441480Z"},{"id":"0c373780-3202-4036-8c83-f3d468155b35","name":"DataSvcUtil.exe - LOLBAS Project","description":"LOLBAS. (2020, December 1). DataSvcUtil.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/DataSvcUtil/","source":"Tidal Cyber","title":"DataSvcUtil.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-12-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f0da98ed-b656-56e4-a9e6-e5aca76d32af","created":"2024-01-12T14:46:37.723524Z","modified":"2024-01-12T14:46:37.898369Z"},{"id":"afae10eb-5f18-5067-89cb-15444ef9b8c7","name":"Davey Winder June 2020","description":"Davey Winder 2020, June 10 Honda Hacked: Japanese Car Giant Confirms Cyber Attack On Global Operations. Retrieved 2021/04/12","url":"https://www.forbes.com/sites/daveywinder/2020/06/10/honda-hacked-japanese-car-giant-confirms-cyber-attack-on-global-operations-snake-ransomware/?sh=2725c35753ad","source":"ICS","title":"Davey Winder June 2020","authors":"","date_accessed":"2021-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6fead649-d142-5609-9159-92d7b248e4b7","created":"2026-01-28T13:08:18.180231Z","modified":"2026-01-28T13:08:18.180234Z"},{"id":"36443369-4fa9-4802-8b21-68cc382b949f","name":"Operation Emmental","description":"botconf eu. (2014, December 31). David Sancho - Finding Holes in Banking 2FA: Operation Emmental. Retrieved January 4, 2024.","url":"https://www.youtube.com/watch?v=gchKFumYHWc","source":"MITRE","title":"David Sancho - Finding Holes in Banking 2FA: Operation Emmental","authors":"botconf eu","date_accessed":"2024-01-04T00:00:00Z","date_published":"2014-12-31T00:00:00Z","owner_name":null,"tidal_id":"673b8f10-a930-5fe4-b7d1-0bde77414d63","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434456Z"},{"id":"ac6d899e-5797-5ebd-9c1b-bd26a7930be8","name":"David Voreacos, Katherine Chinglinsky, Riley Griffin December 2019","description":"David Voreacos, Katherine Chinglinsky, Riley Griffin 2019, December 03 Merck Cyberattacks $1.3 Billion Question: Was It an Act of War?. Retrieved 2019/12/06","url":"https://www.bloomberg.com/news/features/2019-12-03/merck-cyberattack-s-1-3-billion-question-was-it-an-act-of-war","source":"ICS","title":"David Voreacos, Katherine Chinglinsky, Riley Griffin December 2019","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"58b21344-562e-535c-a5c8-501b888cf3d9","created":"2026-01-28T13:08:18.179994Z","modified":"2026-01-28T13:08:18.179997Z"},{"id":"7a58938f-058b-4c84-aa95-9c37dcdda1fb","name":"Hijacking VNC","description":"Z3RO. (2019, March 10). Day 70: Hijacking VNC (Enum, Brute, Access and Crack). Retrieved September 20, 2021.","url":"https://int0x33.medium.com/day-70-hijacking-vnc-enum-brute-access-and-crack-d3d18a4601cc","source":"MITRE","title":"Day 70: Hijacking VNC (Enum, Brute, Access and Crack)","authors":"Z3RO","date_accessed":"2021-09-20T00:00:00Z","date_published":"2019-03-10T00:00:00Z","owner_name":null,"tidal_id":"8dae86f4-f1ab-5a30-ac64-fddb9139bd86","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423770Z"},{"id":"42ee2e91-4dac-41ce-b2ec-fde21c258a28","name":"DBatLoader Actively Distributing Malwares Targeting European Businesses","description":"Zscaler. (2023, March 27). DBatLoader Actively Distributing Malwares Targeting European Businesses. Retrieved May 7, 2023.","url":"https://www.zscaler.com/blogs/security-research/dbatloader-actively-distributing-malwares-targeting-european-businesses","source":"Tidal Cyber","title":"DBatLoader Actively Distributing Malwares Targeting European Businesses","authors":"Zscaler","date_accessed":"2023-05-07T00:00:00Z","date_published":"2023-03-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a115bc33-3ad3-58af-acfb-8b1ac5c33d9c","created":"2024-06-13T20:10:14.996975Z","modified":"2024-06-13T20:10:15.289698Z"},{"id":"88769217-57f1-46d4-977c-2cb2969db437","name":"Microsoft COM ACL","description":"Microsoft. (n.d.). DCOM Security Enhancements in Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1. Retrieved November 22, 2017.","url":"https://docs.microsoft.com/en-us/windows/desktop/com/dcom-security-enhancements-in-windows-xp-service-pack-2-and-windows-server-2003-service-pack-1","source":"MITRE","title":"DCOM Security Enhancements in Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1","authors":"Microsoft","date_accessed":"2017-11-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e651fbc4-e252-57b8-88b2-794a29832112","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415981Z"},{"id":"37514816-b8b3-499f-842b-2d8cce9e140b","name":"DCShadow Blog","description":"Delpy, B. & LE TOUX, V. (n.d.). DCShadow. Retrieved March 20, 2018.","url":"https://www.dcshadow.com/","source":"MITRE","title":"DCShadow","authors":"Delpy, B. & LE TOUX, V","date_accessed":"2018-03-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b60a6241-223f-557f-a38c-710c75241ba3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429808Z"},{"id":"be03c794-d9f3-4678-8198-257abf6dcdbd","name":"GitHub DCSYNCMonitor","description":"Spencer S. (2018, February 22). DCSYNCMonitor. Retrieved March 30, 2018.","url":"https://github.com/shellster/DCSYNCMonitor","source":"MITRE","title":"DCSYNCMonitor","authors":"Spencer S","date_accessed":"2018-03-30T00:00:00Z","date_published":"2018-02-22T00:00:00Z","owner_name":null,"tidal_id":"323d52e9-06b8-50a8-bc4d-0371a05c718e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429814Z"},{"id":"f64bee0d-e37d-45d5-9968-58e622e89bfe","name":"DD Man","description":"Kerrisk, M. (2020, February 2). DD(1) User Commands. Retrieved February 21, 2020.","url":"http://man7.org/linux/man-pages/man1/dd.1.html","source":"MITRE","title":"DD(1) User Commands","authors":"Kerrisk, M","date_accessed":"2020-02-21T00:00:00Z","date_published":"2020-02-02T00:00:00Z","owner_name":null,"tidal_id":"084cba6c-7294-50d7-be95-55113797318f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434934Z"},{"id":"ec2e5084-5e96-4fc9-936c-1595c0dfd5f6","name":"NETSCOUT October 17 2024","description":"Richard Hummel. (2024, October 17). DDoS Attacks Against Japan . Retrieved December 12, 2024.","url":"https://www.netscout.com/blog/asert/ddos-attacks-against-japan","source":"Tidal Cyber","title":"DDoS Attacks Against Japan","authors":"Richard Hummel","date_accessed":"2024-12-12T00:00:00Z","date_published":"2024-10-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a5833ac2-7bfa-594b-8871-3930b7e67d43","created":"2025-04-11T15:05:58.833829Z","modified":"2025-04-11T15:05:59.016100Z"},{"id":"b5de4376-0deb-45de-83a0-09df98480464","name":"Arbor SSLDoS April 2012","description":"ASERT Team, Netscout Arbor. (2012, April 24). DDoS Attacks on SSL: Something Old, Something New. Retrieved April 22, 2019.","url":"https://www.netscout.com/blog/asert/ddos-attacks-ssl-something-old-something-new","source":"MITRE","title":"DDoS Attacks on SSL: Something Old, Something New","authors":"ASERT Team, Netscout Arbor","date_accessed":"2019-04-22T00:00:00Z","date_published":"2012-04-24T00:00:00Z","owner_name":null,"tidal_id":"17acde5a-209b-5faf-b133-93822a56897a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427777Z"},{"id":"bf09f587-2c3f-4030-83fe-3cb6cc413c95","name":"Avast Threat Labs January 11 2023","description":"Martin Chlumecký. (2023, January 11). DDosia Project Volunteers Carrying out NoName(057)16’s Dirty Work - Avast Threat Labs. Retrieved December 12, 2024.","url":"https://decoded.avast.io/martinchlumecky/ddosia-project/","source":"Tidal Cyber","title":"DDosia Project Volunteers Carrying out NoName(057)16’s Dirty Work - Avast Threat Labs","authors":"Martin Chlumecký","date_accessed":"2024-12-12T00:00:00Z","date_published":"2023-01-11T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"163718af-1ef7-59b2-990b-d8eee2ebd5aa","created":"2025-04-11T15:05:58.198767Z","modified":"2025-04-11T15:05:58.349996Z"},{"id":"64341348-f448-4e56-bf78-442b92e6d435","name":"CERT-EU DDoS March 2017","description":"Meintanis, S., Revuelto, V., Socha, K.. (2017, March 10). DDoS Overview and Response Guide. Retrieved April 24, 2019.","url":"http://cert.europa.eu/static/WhitePapers/CERT-EU_Security_Whitepaper_DDoS_17-003.pdf","source":"MITRE","title":"DDoS Overview and Response Guide","authors":"Meintanis, S., Revuelto, V., Socha, K.","date_accessed":"2019-04-24T00:00:00Z","date_published":"2017-03-10T00:00:00Z","owner_name":null,"tidal_id":"80412c9a-12a4-5d26-8bfb-6725431084eb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415819Z"},{"id":"540c4c33-d4c2-4324-94cd-f57646666e32","name":"Unit42 Sofacy Dec 2018","description":"Lee, B., Falcone, R. (2018, December 12). Dear Joohn: The Sofacy Group’s Global Campaign. Retrieved April 19, 2019.","url":"https://unit42.paloaltonetworks.com/dear-joohn-sofacy-groups-global-campaign/","source":"MITRE","title":"Dear Joohn: The Sofacy Group’s Global Campaign","authors":"Lee, B., Falcone, R","date_accessed":"2019-04-19T00:00:00Z","date_published":"2018-12-12T00:00:00Z","owner_name":null,"tidal_id":"86685306-10c5-5f02-a05a-1d4738be6405","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420906Z"},{"id":"2ae99e9b-cd00-4e60-ba9e-bcc50e709e88","name":"Death by 1000 installers; it's all broken!","description":"Patrick Wardle. (2017). Death by 1000 installers; it's all broken!. Retrieved August 8, 2019.","url":"https://speakerdeck.com/patrickwardle/defcon-2017-death-by-1000-installers-its-all-broken?slide=8","source":"MITRE","title":"Death by 1000 installers; it's all broken!","authors":"Patrick Wardle","date_accessed":"2019-08-08T00:00:00Z","date_published":"2017-01-01T00:00:00Z","owner_name":null,"tidal_id":"3b6f9b2a-dd14-5692-a7fe-6d9d46d7e842","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425020Z"},{"id":"eb97d3d6-21cb-5f27-9a78-1e8576acecdc","name":"SpecterOps Lateral Movement from Azure to On-Prem AD 2020","description":"Andy Robbins. (2020, August 17). Death from Above: Lateral Movement from Azure to On-Prem AD. Retrieved March 13, 2023.","url":"https://posts.specterops.io/death-from-above-lateral-movement-from-azure-to-on-prem-ad-d18cb3959d4d","source":"MITRE","title":"Death from Above: Lateral Movement from Azure to On-Prem AD","authors":"Andy Robbins","date_accessed":"2023-03-13T00:00:00Z","date_published":"2020-08-17T00:00:00Z","owner_name":null,"tidal_id":"f631dc90-6daa-5a7d-b079-41fcb3470de0","created":"2023-05-26T01:21:10.225354Z","modified":"2025-12-17T15:08:36.432675Z"},{"id":"ece52a64-1c8d-547d-aedc-ff43d7418cd2","name":"Microsoft PowerShell SilentlyContinue","description":"Microsoft. (2023, March 2). $DebugPreference. Retrieved August 30, 2023.","url":"https://learn.microsoft.com/powershell/module/microsoft.powershell.core/about/about_preference_variables?view=powershell-7.3#debugpreference","source":"MITRE","title":"$DebugPreference","authors":"Microsoft","date_accessed":"2023-08-30T00:00:00Z","date_published":"2023-03-02T00:00:00Z","owner_name":null,"tidal_id":"08f66e05-cbae-55dc-8d17-b8d4efebee0c","created":"2023-11-07T00:36:01.938789Z","modified":"2025-12-17T15:08:36.429035Z"},{"id":"8ff8fb53-e468-4df7-b7e3-b344be1507ae","name":"virtualization.info 2006","description":"virtualization.info. (Interviewer) & Liguori, A. (Interviewee). (2006, August 11). Debunking Blue Pill myth [Interview transcript]. Retrieved November 13, 2014.","url":"http://virtualization.info/en/news/2006/08/debunking-blue-pill-myth.html","source":"MITRE","title":"Debunking Blue Pill myth [Interview transcript]","authors":"virtualization.info. (Interviewer) & Liguori, A. (Interviewee)","date_accessed":"2014-11-13T00:00:00Z","date_published":"2006-08-11T00:00:00Z","owner_name":null,"tidal_id":"7dfb5a3a-63c5-5938-b3e8-604725fafe87","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:10:01.118809Z"},{"id":"5fce4659-d82d-5498-a060-95b34984d66a","name":"Google Threat Intelligence Group MUSTANG PANDA PLUGX August 2025","description":"Patrick Whitsell. (2025, August 25). Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats. Retrieved September 9, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/prc-nexus-espionage-targets-diplomats","source":"MITRE","title":"Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats","authors":"Patrick Whitsell","date_accessed":"2025-09-09T00:00:00Z","date_published":"2025-08-25T00:00:00Z","owner_name":null,"tidal_id":"3a1a59da-c479-5211-a9a3-dca96cba2df7","created":"2025-10-29T21:08:48.165007Z","modified":"2025-12-17T15:08:36.417622Z"},{"id":"3a2ead89-2e03-5c4f-b59a-c75aec54da22","name":"Fortinet LummaStealer 2024","description":"Cara Lin, Fortinet. (2024, January 8). Deceptive Cracked Software Spreads Lumma Variant on YouTube. Retrieved March 22, 2025.","url":"https://www.fortinet.com/blog/threat-research/lumma-variant-on-youtube","source":"MITRE","title":"Deceptive Cracked Software Spreads Lumma Variant on YouTube","authors":"Cara Lin, Fortinet","date_accessed":"2025-03-22T00:00:00Z","date_published":"2024-01-08T00:00:00Z","owner_name":null,"tidal_id":"ef6f57c1-1bc4-5457-b1b3-0b868ae7f24e","created":"2025-04-22T20:47:27.372776Z","modified":"2025-12-17T15:08:36.419293Z"},{"id":"c6626322-dce8-5de9-aa92-5b29a09a6203","name":"ESET Contagious Interview BeaverTail InvisibleFerret February 2025","description":"Matej Havranek. (2025, February 20). DeceptiveDevelopment targets freelance developers. Retrieved October 17, 2025.","url":"https://www.welivesecurity.com/en/eset-research/deceptivedevelopment-targets-freelance-developers/","source":"MITRE","title":"DeceptiveDevelopment targets freelance developers","authors":"Matej Havranek","date_accessed":"2025-10-17T00:00:00Z","date_published":"2025-02-20T00:00:00Z","owner_name":null,"tidal_id":"c6a7b62b-8b63-58da-aee9-e0410c250486","created":"2025-10-29T21:08:48.164769Z","modified":"2025-12-17T15:08:36.417262Z"},{"id":"60710414-29ea-4778-b9b2-95eed436ede2","name":"ESET DeceptiveDevelopment February 20 2025","description":"Matěj Havránek. (2025, February 20). DeceptiveDevelopment targets freelance developers. Retrieved May 30, 2025.","url":"https://www.welivesecurity.com/en/eset-research/deceptivedevelopment-targets-freelance-developers/","source":"Tidal Cyber","title":"DeceptiveDevelopment targets freelance developers","authors":"Matěj Havránek","date_accessed":"2025-05-30T00:00:00Z","date_published":"2025-02-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"105c3788-c677-5766-b367-cf19a92915d8","created":"2025-06-03T14:14:10.251416Z","modified":"2025-06-03T14:14:10.433076Z"},{"id":"d1d5a708-75cb-4d41-b2a3-d035a14ac956","name":"TrendMicro Confucius APT Feb 2018","description":"Lunghi, D and Horejsi, J. (2018, February 13). Deciphering Confucius: A Look at the Group's Cyberespionage Operations. Retrieved December 26, 2021.","url":"https://www.trendmicro.com/en_us/research/18/b/deciphering-confucius-cyberespionage-operations.html","source":"MITRE, Tidal Cyber","title":"Deciphering Confucius: A Look at the Group's Cyberespionage Operations","authors":"Lunghi, D and Horejsi, J","date_accessed":"2021-12-26T00:00:00Z","date_published":"2018-02-13T00:00:00Z","owner_name":null,"tidal_id":"94743790-1a10-5c64-a913-fea8f869e695","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279684Z"},{"id":"f0158df3-24df-52e6-8957-066a89f2c3e3","name":"Elastic Security Labs Pumakit 2024","description":"Remco Sprooten and Ruben Groenewoud. (2024, December 11). Declawing PUMAKIT. Retrieved March 24, 2025.","url":"https://www.elastic.co/security-labs/declawing-pumakit","source":"MITRE","title":"Declawing PUMAKIT","authors":"Remco Sprooten and Ruben Groenewoud","date_accessed":"2025-03-24T00:00:00Z","date_published":"2024-12-11T00:00:00Z","owner_name":null,"tidal_id":"aef632bb-6000-55f3-bbf3-13b7a574a45b","created":"2025-04-22T20:47:14.959803Z","modified":"2025-12-17T15:08:36.430369Z"},{"id":"82d2451b-300f-4891-b1e7-ade53dff1126","name":"Ciberseguridad Decoding malicious RTF files","description":"Pedrero, R.. (2021, July). Decoding malicious RTF files. Retrieved November 16, 2021.","url":"https://ciberseguridad.blog/decodificando-ficheros-rtf-maliciosos/","source":"MITRE","title":"Decoding malicious RTF files","authors":"Pedrero, R.","date_accessed":"2021-11-16T00:00:00Z","date_published":"2021-07-01T00:00:00Z","owner_name":null,"tidal_id":"3d07d875-26d3-5c7e-a531-68a577d6faee","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435383Z"},{"id":"4476aa0a-b1ef-4ac6-9e44-5721a0b3e92b","name":"Nccgroup Gh0st April 2018","description":"Pantazopoulos, N. (2018, April 17). Decoding network data from a Gh0st RAT variant. Retrieved November 2, 2018.","url":"https://research.nccgroup.com/2018/04/17/decoding-network-data-from-a-gh0st-rat-variant/","source":"MITRE","title":"Decoding network data from a Gh0st RAT variant","authors":"Pantazopoulos, N","date_accessed":"2018-11-02T00:00:00Z","date_published":"2018-04-17T00:00:00Z","owner_name":null,"tidal_id":"a79b10e5-6eea-5ab7-bb13-e15fb59bc304","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420059Z"},{"id":"90549699-8815-45e8-820c-4f5a7fc584b8","name":"Morphisec September 3 2024","description":"Michael Gorelik. (2024, September 3). Decoding the Puzzle Cicada3301 Ransomware Threat Analysis. Retrieved September 5, 2024.","url":"https://blog.morphisec.com/cicada3301-ransomware-threat-analysis","source":"Tidal Cyber","title":"Decoding the Puzzle Cicada3301 Ransomware Threat Analysis","authors":"Michael Gorelik","date_accessed":"2024-09-05T00:00:00Z","date_published":"2024-09-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e1130d41-29bc-5014-8297-4a552704de12","created":"2024-09-06T15:12:26.970490Z","modified":"2024-09-06T15:12:27.869544Z"},{"id":"7ef0ab1f-c7d6-46fe-b489-fab4db623e0a","name":"MalwareBytes Template Injection OCT 2017","description":"Segura, J. (2017, October 13). Decoy Microsoft Word document delivers malware through a RAT. Retrieved July 21, 2018.","url":"https://blog.malwarebytes.com/threat-analysis/2017/10/decoy-microsoft-word-document-delivers-malware-through-rat/","source":"MITRE","title":"Decoy Microsoft Word document delivers malware through a RAT","authors":"Segura, J","date_accessed":"2018-07-21T00:00:00Z","date_published":"2017-10-13T00:00:00Z","owner_name":null,"tidal_id":"9633260f-2182-5067-aa81-60bc79688f03","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435371Z"},{"id":"8659fea7-7d65-4ee9-8ceb-cf41204b57e0","name":"Crowdstrike PartyTicket March 2022","description":"Crowdstrike. (2022, March 1). Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities. Retrieved March 1, 2022.","url":"https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine","source":"MITRE","title":"Decryptable PartyTicket Ransomware Reportedly Targeting Ukrainian Entities","authors":"Crowdstrike","date_accessed":"2022-03-01T00:00:00Z","date_published":"2022-03-01T00:00:00Z","owner_name":null,"tidal_id":"fca5b372-0155-591e-9d54-58e2e0d6b7bb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420775Z"},{"id":"2b8b6ab4-906f-4732-94f8-eaac5ec0151d","name":"Fortinet Emotet May 2017","description":"Xiaopeng Zhang. (2017, May 3). Deep Analysis of New Emotet Variant – Part 1. Retrieved April 1, 2019.","url":"https://www.fortinet.com/blog/threat-research/deep-analysis-of-new-emotet-variant-part-1.html","source":"MITRE","title":"Deep Analysis of New Emotet Variant – Part 1","authors":"Xiaopeng Zhang","date_accessed":"2019-04-01T00:00:00Z","date_published":"2017-05-03T00:00:00Z","owner_name":null,"tidal_id":"6a81f6be-9173-50b1-9f16-7f543a7aa03e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441562Z"},{"id":"ca10ad0d-1a47-4006-8f76-c2246aee7752","name":"Aqua TeamTNT August 2020","description":"Kol, Roi. Morag, A. (2020, August 25). Deep Analysis of TeamTNT Techniques Using Container Images to Attack. Retrieved September 22, 2021.","url":"https://blog.aquasec.com/container-security-tnt-container-attack","source":"MITRE","title":"Deep Analysis of TeamTNT Techniques Using Container Images to Attack","authors":"Kol, Roi. Morag, A","date_accessed":"2021-09-22T00:00:00Z","date_published":"2020-08-25T00:00:00Z","owner_name":null,"tidal_id":"2026bbbb-69e7-5fd4-9009-2c458a9fdfa5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437689Z"},{"id":"aee3179e-1536-40ab-9965-1c10bdaa6dff","name":"Bitdefender FIN8 July 2021","description":"Martin Zugec. (2021, July 27). Deep Dive Into a FIN8 Attack - A Forensic Investigation. Retrieved September 1, 2021.","url":"https://businessinsights.bitdefender.com/deep-dive-into-a-fin8-attack-a-forensic-investigation","source":"MITRE","title":"Deep Dive Into a FIN8 Attack - A Forensic Investigation","authors":"Martin Zugec","date_accessed":"2021-09-01T00:00:00Z","date_published":"2021-07-27T00:00:00Z","owner_name":null,"tidal_id":"540a77cb-0049-5f3f-a6fe-6ebf073b0b47","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441661Z"},{"id":"390b3063-8d7b-4dee-b5f7-bfd0804f2e30","name":"Cyble Ragnar Locker January 20 2022","description":"Cybleinc. (2022, January 20). Deep dive into Ragnar_locker Ransomware Gang. Retrieved September 29, 2023.","url":"https://cyble.com/blog/deep-dive-into-ragnar-locker-ransomware-gang/","source":"Tidal Cyber","title":"Deep dive into Ragnar_locker Ransomware Gang","authors":"Cybleinc","date_accessed":"2023-09-29T00:00:00Z","date_published":"2022-01-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1fca0e89-fd62-55fd-9645-08c776fc3407","created":"2024-06-13T20:10:42.230963Z","modified":"2024-06-13T20:10:42.426980Z"},{"id":"f10c37d8-2efe-4d9e-8987-8978beef7e9d","name":"Sophos Pikabot June 12 2023","description":"Karl Ackerman. (2023, June 12). Deep dive into the Pikabot cyber threat. Retrieved January 11, 2024.","url":"https://news.sophos.com/en-us/2023/06/12/deep-dive-into-the-pikabot-cyber-threat/","source":"Tidal Cyber","title":"Deep dive into the Pikabot cyber threat","authors":"Karl Ackerman","date_accessed":"2024-01-11T00:00:00Z","date_published":"2023-06-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0b8b9e33-d34d-5faa-b38f-f3dd894a30a9","created":"2024-01-26T18:00:32.692224Z","modified":"2024-01-26T18:00:32.817105Z"},{"id":"ddd70eef-ab94-45a9-af43-c396c9e3fbc6","name":"Microsoft Deep Dive Solorigate January 2021","description":"MSTIC, CDOC, 365 Defender Research Team. (2021, January 20). Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop . Retrieved January 22, 2021.","url":"https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/","source":"MITRE","title":"Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop","authors":"MSTIC, CDOC, 365 Defender Research Team","date_accessed":"2021-01-22T00:00:00Z","date_published":"2021-01-20T00:00:00Z","owner_name":null,"tidal_id":"e4ec9000-707e-53ca-9c2c-2e8bf2b5809e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417784Z"},{"id":"978b408d-f9e9-422c-b2d7-741f6cc298d4","name":"AADInternals - Device Registration","description":"Dr. Nestori Syynimaa. (2021, March 3). Deep-dive to Azure AD device join. Retrieved March 9, 2022.","url":"https://o365blog.com/post/devices/","source":"MITRE","title":"Deep-dive to Azure AD device join","authors":"Dr. Nestori Syynimaa","date_accessed":"2022-03-09T00:00:00Z","date_published":"2021-03-03T00:00:00Z","owner_name":null,"tidal_id":"e3deaa30-76ee-5724-b9b4-dc90b65876c8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431673Z"},{"id":"72e19be9-35dd-4199-bc07-bd9d0c664df6","name":"Alperovitch 2014","description":"Alperovitch, D. (2014, July 7). Deep in Thought: Chinese Targeting of National Security Think Tanks. Retrieved November 12, 2014.","url":"https://blog.crowdstrike.com/deep-thought-chinese-targeting-national-security-think-tanks/","source":"MITRE, Tidal Cyber","title":"Deep in Thought: Chinese Targeting of National Security Think Tanks","authors":"Alperovitch, D","date_accessed":"2014-11-12T00:00:00Z","date_published":"2014-07-07T00:00:00Z","owner_name":null,"tidal_id":"d1fd33d2-4f2d-5677-a6b8-49e15762e0fa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.272230Z"},{"id":"70f98f49-4b37-54c0-8f82-3de5fedbaa0d","name":"FortiGuard-FlexiSpy","description":"K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September","url":"https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf","source":"Mobile","title":"Deep Technical Analysis of the Spyware FlexiSpy for Android","authors":"K. Lu","date_accessed":"1978-09-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ac58808e-4e4c-553c-a13e-ec0401269911","created":"2026-01-28T13:08:10.042515Z","modified":"2026-01-28T13:08:10.042518Z"},{"id":"106efc3e-5816-44ae-a384-5e026e68ab89","name":"DefaultPack.EXE - LOLBAS Project","description":"LOLBAS. (2020, October 1). DefaultPack.EXE. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/DefaultPack/","source":"Tidal Cyber","title":"DefaultPack.EXE","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-10-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f2bed854-a234-5c74-94b8-1d7c2e881d6e","created":"2024-01-12T14:47:20.212765Z","modified":"2024-01-12T14:47:20.395168Z"},{"id":"3fefa436-f8b2-50f5-819d-1231b81c587c","name":"Wylie-22","description":"Jimmy Wylie. (2022, August). Analyzing PIPEDREAM: Challenges in Testing an ICS Attack Toolkit. Defcon 30. Retrieved August","url":"https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20presentations/Jimmy%20Wylie%20-%20Analyzing%20PIPEDREAM%20Challenges%20in%20testing%20an%20ICS%20attack%20toolkit.pdf","source":"ICS","title":"Defcon 30","authors":"Jimmy Wylie. (2022, August)","date_accessed":"1978-08-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1378d331-5bc5-5778-b5a5-fe0de7621dd1","created":"2026-01-28T13:08:18.176147Z","modified":"2026-01-28T13:08:18.176151Z"},{"id":"64ae5734-c8cc-41e0-ba24-79e1d6ebc475","name":"CrowdStrike.com November 18 2025","description":"None Identified. (2025, November 18). Defeating BLOCKADE SPIDER: Stopping Cross-Domain Attacks. Retrieved November 20, 2025.","url":"https://www.crowdstrike.com/en-us/blog/defeating-blockade-spider-how-crowdstrike-stops-cross-domain-attacks/","source":"Tidal Cyber","title":"Defeating BLOCKADE SPIDER: Stopping Cross-Domain Attacks","authors":"None Identified","date_accessed":"2025-11-20T12:00:00Z","date_published":"2025-11-18T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bdfed500-af05-5f5d-bb97-f5c8d20b387e","created":"2025-12-10T14:13:39.481218Z","modified":"2025-12-10T14:13:39.651647Z"},{"id":"e43341ae-178f-43ba-9d66-f4d0380d2c59","name":"Lastline DarkHotel Just In Time Decryption Nov 2015","description":"Arunpreet Singh, Clemens Kolbitsch. (2015, November 5). Defeating Darkhotel Just-In-Time Decryption. Retrieved April 15, 2021.","url":"https://www.lastline.com/labsblog/defeating-darkhotel-just-in-time-decryption/","source":"MITRE","title":"Defeating Darkhotel Just-In-Time Decryption","authors":"Arunpreet Singh, Clemens Kolbitsch","date_accessed":"2021-04-15T00:00:00Z","date_published":"2015-11-05T00:00:00Z","owner_name":null,"tidal_id":"48283dc6-5a4e-53f6-a4df-1c6ea1f5d416","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440513Z"},{"id":"8a3591f2-34b0-4914-bb42-d4621966faed","name":"piazza launch agent mitigation","description":"Antonio Piazza (4n7m4n). (2021, November 23). Defeating Malicious Launch Persistence. Retrieved April 19, 2022.","url":"https://antman1p-30185.medium.com/defeating-malicious-launch-persistence-156e2b40fc67","source":"MITRE","title":"Defeating Malicious Launch Persistence","authors":"Antonio Piazza (4n7m4n)","date_accessed":"2022-04-19T00:00:00Z","date_published":"2021-11-23T00:00:00Z","owner_name":null,"tidal_id":"17160f3b-67e7-5c62-b903-40725bd148f8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441955Z"},{"id":"48bc7943-0384-5b6e-a0c5-854b6a08203f","name":"Inversecos Timestomping 2022","description":"Lina Lau. (2022, April 28). Defence Evasion Technique: Timestomping Detection – NTFS Forensics. Retrieved September 30, 2024.","url":"https://www.inversecos.com/2022/04/defence-evasion-technique-timestomping.html","source":"MITRE","title":"Defence Evasion Technique: Timestomping Detection – NTFS Forensics","authors":"Lina Lau","date_accessed":"2024-09-30T00:00:00Z","date_published":"2022-04-28T00:00:00Z","owner_name":null,"tidal_id":"628ba038-f845-5c6f-8252-1867a01878df","created":"2024-10-31T16:28:20.333703Z","modified":"2025-12-17T15:08:36.428861Z"},{"id":"8088d15d-9512-4d12-a99a-c76ad9dc3390","name":"VectorSec ForFiles Aug 2017","description":"vector_sec. (2017, August 11). Defenders watching launches of cmd? What about forfiles?. Retrieved September 12, 2024.","url":"https://x.com/vector_sec/status/896049052642533376","source":"MITRE","title":"Defenders watching launches of cmd? What about forfiles?","authors":"vector_sec","date_accessed":"2024-09-12T00:00:00Z","date_published":"2017-08-11T00:00:00Z","owner_name":null,"tidal_id":"af7972aa-3ddd-5876-9293-94b9bc30b928","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428097Z"},{"id":"19e3cddb-b077-40cf-92e0-131b12efa4f7","name":"Black Hat 2015 App Shim","description":"Pierce, Sean. (2015, November). Defending Against Malicious Application Compatibility Shims. Retrieved June 22, 2017.","url":"https://www.blackhat.com/docs/eu-15/materials/eu-15-Pierce-Defending-Against-Malicious-Application-Compatibility-Shims-wp.pdf","source":"MITRE","title":"Defending Against Malicious Application Compatibility Shims","authors":"Pierce, Sean","date_accessed":"2017-06-22T00:00:00Z","date_published":"2015-11-01T00:00:00Z","owner_name":null,"tidal_id":"0726571a-05ef-51b3-960b-a76189f72c3f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428561Z"},{"id":"ec04a86b-c547-50d8-8979-519a56b1988a","name":"Defending Against Malicious Cyber Activity Originating from Tor","description":"CISA, FBI. (2020, July 1). Defending Against Malicious Cyber Activity Originating from Tor . Retrieved June 20, 2025.","url":"https://www.cisa.gov/sites/default/files/publications/AA20-183A_Defending_Against_Malicious_Cyber_Activity_Originating_from_Tor_S508C.pdf","source":"MITRE","title":"Defending Against Malicious Cyber Activity Originating from Tor","authors":"CISA, FBI","date_accessed":"2025-06-20T00:00:00Z","date_published":"2020-07-01T00:00:00Z","owner_name":null,"tidal_id":"bdfcc681-1ea7-5421-910a-a0725797e0f7","created":"2025-10-29T21:08:48.167784Z","modified":"2025-12-17T15:08:36.442071Z"},{"id":"c7f9bd2f-254a-4254-8a92-a3ab02455fcb","name":"TechNet O365 Outlook Rules","description":"Koeller, B.. (2018, February 21). Defending Against Rules and Forms Injection. Retrieved November 5, 2019.","url":"https://blogs.technet.microsoft.com/office365security/defending-against-rules-and-forms-injection/","source":"MITRE","title":"Defending Against Rules and Forms Injection","authors":"Koeller, B.","date_accessed":"2019-11-05T00:00:00Z","date_published":"2018-02-21T00:00:00Z","owner_name":null,"tidal_id":"e8288eb1-9bdf-5f80-b446-663a74c684a8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426805Z"},{"id":"111d21df-5531-4927-a173-fac9cd7672b3","name":"Defending Against Scheduled Task Attacks in Windows Environments","description":"Harshal Tupsamudre. (2022, June 20). Defending Against Scheduled Tasks. Retrieved July 5, 2022.","url":"https://blog.qualys.com/vulnerabilities-threat-research/2022/06/20/defending-against-scheduled-task-attacks-in-windows-environments","source":"MITRE","title":"Defending Against Scheduled Tasks","authors":"Harshal Tupsamudre","date_accessed":"2022-07-05T00:00:00Z","date_published":"2022-06-20T00:00:00Z","owner_name":null,"tidal_id":"8358da47-2eea-5ad5-902f-6e99d0b90c43","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423577Z"},{"id":"cf05d229-c2ba-54f2-a79d-4b7c9185c663","name":"Rapid7 HAFNIUM Mar 2021","description":"Eoin Miller. (2021, March 23). Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange. Retrieved October 27, 2022.","url":"https://www.rapid7.com/blog/post/2021/03/23/defending-against-the-zero-day-analyzing-attacker-behavior-post-exploitation-of-microsoft-exchange/","source":"MITRE","title":"Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange","authors":"Eoin Miller","date_accessed":"2022-10-27T00:00:00Z","date_published":"2021-03-23T00:00:00Z","owner_name":null,"tidal_id":"41e609dc-20dd-59ff-8ed4-16201adfee74","created":"2023-05-26T01:21:16.049705Z","modified":"2025-12-17T15:08:36.418877Z"},{"id":"ba2831ec-0f30-574b-afdc-e8a7ec12b1ea","name":"Mandiant UNC3944 May 2025","description":"Mandiant Incident Response. (2025, May 6). Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines. Retrieved October 13, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations","source":"MITRE","title":"Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines","authors":"Mandiant Incident Response","date_accessed":"2025-10-13T00:00:00Z","date_published":"2025-05-06T00:00:00Z","owner_name":null,"tidal_id":"a320dfcb-d842-5aa1-a9ad-e0ae14ad5ad4","created":"2025-10-29T21:08:48.167046Z","modified":"2025-12-17T15:08:36.438921Z"},{"id":"a904fde8-b8f9-5411-ab46-0dacf39cc81f","name":"Microsoft SQL Server","description":"Microsoft Threat Intelligence. (2023, October 3). Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement. Retrieved October 3, 2023.","url":"https://www.microsoft.com/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/","source":"MITRE","title":"Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement","authors":"Microsoft Threat Intelligence","date_accessed":"2023-10-03T00:00:00Z","date_published":"2023-10-03T00:00:00Z","owner_name":null,"tidal_id":"ec4525a3-23cc-5597-9218-89717700d525","created":"2023-11-07T00:36:01.597481Z","modified":"2025-12-17T15:08:36.428690Z"},{"id":"2a8948a9-f566-4ea0-898f-9b0734066d00","name":"TECHCOMMUNITY.MICROSOFT.COM November 17 2025","description":"None Identified. (2025, November 17). Defending the cloud: Azure neutralized a record-breaking 15 Tbps DDoS attack | Microsoft Community Hub. Retrieved November 19, 2025.","url":"https://techcommunity.microsoft.com/blog/azureinfrastructureblog/defending-the-cloud-azure-neutralized-a-record-breaking-15-tbps-ddos-attack/4470422","source":"Tidal Cyber","title":"Defending the cloud: Azure neutralized a record-breaking 15 Tbps DDoS attack | Microsoft Community Hub","authors":"None Identified","date_accessed":"2025-11-19T12:00:00Z","date_published":"2025-11-17T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6628ed16-6161-5223-b1cf-ce177a978e1a","created":"2025-11-19T17:44:52.471004Z","modified":"2025-11-19T17:44:52.609538Z"},{"id":"04cd2ec0-b21e-5e60-822d-3faf06b62915","name":"Defense Advanced Research Projects Agency","description":"Defense Advanced Research Projects Agency National Institute of Standards and Technology 2013, April Security and Privacy Controls for Federal Information Systems and Organizations. Retrieved 2020/09/17","url":"https://www.darpa.mil/program/rapid-attack-detection-isolation-and-characterization-systems","source":"ICS","title":"Defense Advanced Research Projects Agency","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5cde5cb2-2396-5392-97f2-50f5d5d85cca","created":"2026-01-28T13:08:18.175128Z","modified":"2026-01-28T13:08:18.175131Z"},{"id":"30f58736-50eb-5a94-ae8b-0cc9f39db31b","name":"hhs-email-bombing","description":"U.S. Department of Health and Human Services. (2024, March 12). Defense and Mitigations from E-mail Bombing. Retrieved January 31, 2025.","url":"https://www.hhs.gov/sites/default/files/email-bombing-sector-alert-tlpclear.pdf","source":"MITRE","title":"Defense and Mitigations from E-mail Bombing","authors":"U.S. Department of Health and Human Services","date_accessed":"2025-01-31T00:00:00Z","date_published":"2024-03-12T00:00:00Z","owner_name":null,"tidal_id":"cb2d02f8-8df9-5aa4-ad6d-0a89a1e614b6","created":"2025-04-22T20:47:18.736806Z","modified":"2025-12-17T15:08:36.434147Z"},{"id":"0f31f0ff-9ddb-4ea9-88d0-7b3b688764af","name":"rundll32.exe defense evasion","description":"Ariel silver. (2022, February 1). Defense Evasion Techniques. Retrieved April 8, 2022.","url":"https://www.cynet.com/attack-techniques-hands-on/defense-evasion-techniques/","source":"MITRE","title":"Defense Evasion Techniques","authors":"Ariel silver","date_accessed":"2022-04-08T00:00:00Z","date_published":"2022-02-01T00:00:00Z","owner_name":null,"tidal_id":"8a1db263-a71b-511c-ac7e-1af823ef46af","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424041Z"},{"id":"166e3a8a-047a-4798-b6cb-5aa36903a764","name":"def_ev_win_event_logging","description":"Chandel, R. (2021, April 22). Defense Evasion: Windows Event Logging (T1562.002). Retrieved September 14, 2021.","url":"https://www.hackingarticles.in/defense-evasion-windows-event-logging-t1562-002/","source":"MITRE","title":"Defense Evasion: Windows Event Logging (T1562.002)","authors":"Chandel, R","date_accessed":"2021-09-14T00:00:00Z","date_published":"2021-04-22T00:00:00Z","owner_name":null,"tidal_id":"2e3cee92-1bcd-5ef7-9116-504c6e20665f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429250Z"},{"id":"f6b43988-4d8b-455f-865e-3150e43d4f11","name":"Kaspersky DeftTorero October 3 2022","description":"Global Research & Analysis Team. (2022, October 3). DeftTorero: tactics, techniques and procedures of intrusions revealed. Retrieved October 25, 2023.","url":"https://securelist.com/defttorero-tactics-techniques-and-procedures/107610/","source":"Tidal Cyber","title":"DeftTorero: tactics, techniques and procedures of intrusions revealed","authors":"Global Research & Analysis Team","date_accessed":"2023-10-25T00:00:00Z","date_published":"2022-10-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"18e1096d-ec18-58cd-b2b8-ffb57b26f069","created":"2023-10-26T14:24:06.455374Z","modified":"2023-10-26T14:24:06.597052Z"},{"id":"01fc44b9-0eb3-4fd2-b755-d611825374ae","name":"TechNet Del","description":"Microsoft. (n.d.). Del. Retrieved April 22, 2016.","url":"https://technet.microsoft.com/en-us/library/cc771049.aspx","source":"MITRE","title":"Del","authors":"Microsoft","date_accessed":"2016-04-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"cf9f809e-3ad1-5a3a-8430-50d6fcfe1805","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423326Z"},{"id":"290cebe1-a2fd-5ccd-8ef6-afa9d4c3c9df","name":"Hunters Domain Wide Delegation Google Workspace 2023","description":"Yonatan Khanashvilli. (2023, November 28). DeleFriend: Severe design flaw in Domain Wide Delegation could leave Google Workspace vulnerable for takeover. Retrieved January 16, 2024.","url":"https://www.hunters.security/en/blog/delefriend-a-newly-discovered-design-flaw-in-domain-wide-delegation-could-leave-google-workspace-vulnerable-for-takeover","source":"MITRE","title":"DeleFriend: Severe design flaw in Domain Wide Delegation could leave Google Workspace vulnerable for takeover","authors":"Yonatan Khanashvilli","date_accessed":"2024-01-16T00:00:00Z","date_published":"2023-11-28T00:00:00Z","owner_name":null,"tidal_id":"c477b4b0-5a82-5d46-9f5a-8045317f2658","created":"2024-04-25T13:28:36.313217Z","modified":"2025-12-17T15:08:36.431079Z"},{"id":"f6ffe1ef-13f3-4225-b714-cfb89aaaf3fa","name":"Azure Shared Access Signature","description":"Delegate access with a shared access signature. (2019, December 18). Delegate access with a shared access signature. Retrieved March 2, 2022.","url":"https://docs.microsoft.com/en-us/rest/api/storageservices/delegate-access-with-shared-access-signature","source":"MITRE","title":"Delegate access with a shared access signature","authors":"Delegate access with a shared access signature","date_accessed":"2022-03-02T00:00:00Z","date_published":"2019-12-18T00:00:00Z","owner_name":null,"tidal_id":"4fe32803-5c15-5b76-8001-fe0736f5e943","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435148Z"},{"id":"e6b10687-8666-4c9c-ac77-1988378e096d","name":"Register Deloitte","description":"Thomson, I. (2017, September 26). Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked'. Retrieved October 19, 2020.","url":"https://www.theregister.com/2017/09/26/deloitte_leak_github_and_google/","source":"MITRE","title":"Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked'","authors":"Thomson, I","date_accessed":"2020-10-19T00:00:00Z","date_published":"2017-09-26T00:00:00Z","owner_name":null,"tidal_id":"d74abf06-f210-5fed-b521-8a8c91be3110","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429568Z"},{"id":"c727152c-079a-4ff9-a0e5-face919cf59b","name":"Talos Micropsia June 2017","description":"Rascagneres, P., Mercer, W. (2017, June 19). Delphi Used To Score Against Palestine. Retrieved November 13, 2018.","url":"https://blog.talosintelligence.com/2017/06/palestine-delphi.html","source":"MITRE","title":"Delphi Used To Score Against Palestine","authors":"Rascagneres, P., Mercer, W","date_accessed":"2018-11-13T00:00:00Z","date_published":"2017-06-19T00:00:00Z","owner_name":null,"tidal_id":"474c99aa-f7ef-5c4a-89e3-12853814fa4d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420169Z"},{"id":"f6e1bffd-e35b-4eae-b9bf-c16a82bf7004","name":"TrendMicro EarthLusca 2022","description":"Chen, J., et al. (2022). Delving Deep: An Analysis of Earth Lusca’s Operations. Retrieved July 1, 2022.","url":"https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf","source":"MITRE","title":"Delving Deep: An Analysis of Earth Lusca’s Operations","authors":"Chen, J., et al","date_accessed":"2022-07-01T00:00:00Z","date_published":"2022-01-01T00:00:00Z","owner_name":null,"tidal_id":"676cf845-4edc-517e-85d6-65d254179afb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435606Z"},{"id":"2e55d33a-fe75-4397-b6f0-a28d397b4c24","name":"Demiguise Guardrail Router Logo","description":"Warren, R. (2017, August 2). Demiguise: virginkey.js. Retrieved January 17, 2019.","url":"https://github.com/nccgroup/demiguise/blob/master/examples/virginkey.js","source":"MITRE","title":"Demiguise: virginkey.js","authors":"Warren, R","date_accessed":"2019-01-17T00:00:00Z","date_published":"2017-08-02T00:00:00Z","owner_name":null,"tidal_id":"1d1800a1-d905-57b3-bae4-4e2d4c33b7f5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436358Z"},{"id":"c1e798b8-6771-4ba7-af25-69c640321e40","name":"FireEye Hacking Team","description":"FireEye Threat Intelligence. (2015, July 13). Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak. Retrieved January 25, 2016.","url":"https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html","source":"MITRE","title":"Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak","authors":"FireEye Threat Intelligence","date_accessed":"2016-01-25T00:00:00Z","date_published":"2015-07-13T00:00:00Z","owner_name":null,"tidal_id":"f078ba36-7193-572b-9b7f-e0beca200951","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420052Z"},{"id":"3e285884-2191-4773-9243-74100ce177c8","name":"Demystifying Azure AD Service Principals","description":"Bellavance, Ned. (2019, July 16). Demystifying Azure AD Service Principals. Retrieved January 19, 2020.","url":"https://nedinthecloud.com/2019/07/16/demystifying-azure-ad-service-principals/","source":"MITRE","title":"Demystifying Azure AD Service Principals","authors":"Bellavance, Ned","date_accessed":"2020-01-19T00:00:00Z","date_published":"2019-07-16T00:00:00Z","owner_name":null,"tidal_id":"6178518b-7093-5eda-ad38-5f6df3bd233a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432388Z"},{"id":"3dc684c7-14de-4dc0-9f11-79160c4f5038","name":"demystifying_ryuk","description":"Tran, T. (2020, November 24). Demystifying Ransomware Attacks Against Microsoft Defender Solution. Retrieved January 26, 2022.","url":"https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947","source":"MITRE","title":"Demystifying Ransomware Attacks Against Microsoft Defender Solution","authors":"Tran, T","date_accessed":"2022-01-26T00:00:00Z","date_published":"2020-11-24T00:00:00Z","owner_name":null,"tidal_id":"5ef363f0-d5bb-57a1-868c-cd57c3add0ec","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433426Z"},{"id":"3b8bb522-5a1d-59d3-8a12-0f55b1a3d7c6","name":"Lookout-Dendroid","description":"Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December","url":"https://blog.lookout.com/blog/2014/03/06/dendroid/","source":"Mobile","title":"Dendroid malware can take over your camera, record audio, and sneak into Google Play","authors":"Marc Rogers","date_accessed":"1978-12-01T00:00:00Z","date_published":"2014-03-06T00:00:00Z","owner_name":null,"tidal_id":"7884c839-1090-548b-b685-641e6a5e04ec","created":"2026-01-28T13:08:10.040023Z","modified":"2026-01-28T13:08:10.040026Z"},{"id":"cbd91ec1-805f-583c-9764-6f5ee5c351c9","name":"Dennis L. Sloatman September 2016","description":"Dennis L. Sloatman 2016, September 16 Understanding PLC Programming Methods and the Tag Database System. Retrieved 2017/12/19","url":"https://www.radioworld.com/industry/understanding-plc-programming-methods-and-the-tag-database-system","source":"ICS","title":"Dennis L. Sloatman September 2016","authors":"","date_accessed":"2017-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"44fd0f7e-eb2b-5dfb-9adc-77e21f10e3e2","created":"2026-01-28T13:08:18.176656Z","modified":"2026-01-28T13:08:18.176661Z"},{"id":"48c800b5-f5fb-5a6f-9a4c-2b50c2af3e7e","name":"Department of Homeland Security October 2009","description":"Department of Homeland Security 2009, October Developing an Industrial Control Systems Cybersecurity Incident Response Capability. Retrieved 2020/09/17","url":"https://us-cert.cisa.gov/sites/default/files/recommended_practices/final-RP_ics_cybersecurity_incident_response_100609.pdf","source":"ICS","title":"Department of Homeland Security October 2009","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2d3cb022-d486-5b0f-8fc5-442c3b231ab3","created":"2026-01-28T13:08:18.175098Z","modified":"2026-01-28T13:08:18.175102Z"},{"id":"3b806da7-fd52-51f7-a783-d559098e2a37","name":"Department of Homeland Security September 2016","description":"Department of Homeland Security 2016, September. Retrieved 2020/09/25","url":"https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf","source":"ICS","title":"Department of Homeland Security September 2016","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c35a3ade-f186-5b7f-b5d9-b427cab7a07f","created":"2026-01-28T13:08:18.178863Z","modified":"2026-01-28T13:08:18.178866Z"},{"id":"f30a77dd-d1d0-41b8-b82a-461dd6cd126f","name":"DOJ Iran Indictments September 2020","description":"DOJ. (2020, September 17). Department of Justice and Partner Departments and Agencies Conduct Coordinated Actions to Disrupt and Deter Iranian Malicious Cyber Activities Targeting the United States and the Broader International Community. Retrieved December 10, 2020.","url":"https://www.justice.gov/opa/pr/department-justice-and-partner-departments-and-agencies-conduct-coordinated-actions-disrupt","source":"MITRE","title":"Department of Justice and Partner Departments and Agencies Conduct Coordinated Actions to Disrupt and Deter Iranian Malicious Cyber Activities Targeting the United States and the Broader International Community","authors":"DOJ","date_accessed":"2020-12-10T00:00:00Z","date_published":"2020-09-17T00:00:00Z","owner_name":null,"tidal_id":"65339c5a-6c0c-543d-978a-e223ba2f9fbd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438236Z"},{"id":"9646af1a-19fe-44c9-96ca-3c8ec097c3db","name":"Microsoft GitHub Device Guard CI Policies","description":"Microsoft. (2017, June 16). Deploy code integrity policies: steps. Retrieved June 28, 2017.","url":"https://github.com/Microsoft/windows-itpro-docs/blob/master/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md","source":"MITRE","title":"Deploy code integrity policies: steps","authors":"Microsoft","date_accessed":"2017-06-28T00:00:00Z","date_published":"2017-06-16T00:00:00Z","owner_name":null,"tidal_id":"36dfb1eb-9549-51e8-878e-0652ee34cfc3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-04-22T20:47:33.346139Z"},{"id":"beeb460e-4dba-42fb-8109-0861cd0df562","name":"Microsoft Deploying AD Federation","description":"Microsoft. (n.d.). Deploying Active Directory Federation Services in Azure. Retrieved March 13, 2020.","url":"https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/how-to-connect-fed-azure-adfs","source":"MITRE","title":"Deploying Active Directory Federation Services in Azure","authors":"Microsoft","date_accessed":"2020-03-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"0332cebe-07d2-51a5-8d08-ce2e76a0eefc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436319Z"},{"id":"86053c5a-f2dd-4eb3-9dc2-6a6a4e1c2ae5","name":"Apple Kernel Extension Deprecation","description":"Apple. (n.d.). Deprecated Kernel Extensions and System Extension Alternatives. Retrieved November 4, 2020.","url":"https://developer.apple.com/support/kernel-extensions/","source":"MITRE","title":"Deprecated Kernel Extensions and System Extension Alternatives","authors":"Apple","date_accessed":"2020-11-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"fb4267c3-3483-5b8a-a8bd-4629e43c9d80","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433104Z"},{"id":"21e26577-887b-4b8c-a3f8-4ab8868bed69","name":"Black Lotus Raptor Train September 18 2024","description":"Black Lotus Labs. (2024, September 18). Derailing the Raptor Train. Retrieved September 19, 2024.","url":"https://blog.lumen.com/derailing-the-raptor-train/","source":"Tidal Cyber","title":"Derailing the Raptor Train","authors":"Black Lotus Labs","date_accessed":"2024-09-19T00:00:00Z","date_published":"2024-09-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2c3b9539-093b-5529-82ec-2bb922e2b96a","created":"2024-09-20T15:08:30.084424Z","modified":"2024-09-20T15:08:30.435629Z"},{"id":"c0b6a8a4-0d94-414d-b5ab-cf5485240dee","name":"Amazon Describe Instance","description":"Amazon. (n.d.). describe-instance-information. Retrieved March 3, 2020.","url":"https://docs.aws.amazon.com/cli/latest/reference/ssm/describe-instance-information.html","source":"MITRE","title":"describe-instance-information","authors":"Amazon","date_accessed":"2020-03-03T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a64828e1-8d59-5d24-97c7-0e39ab4bb4d2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427533Z"},{"id":"95629746-43d2-4f41-87da-4bd44a43ef4a","name":"Amazon Describe Instances API","description":"Amazon. (n.d.). DescribeInstances. Retrieved May 26, 2020.","url":"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html","source":"MITRE","title":"DescribeInstances","authors":"Amazon","date_accessed":"2020-05-26T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3014ae5f-8845-56ad-a9fa-4f9c7c2765c0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430036Z"},{"id":"aa953df5-40b5-42d2-9e33-a227a093497f","name":"DescribeSecurityGroups - Amazon Elastic Compute Cloud","description":"Amazon Web Services, Inc. . (2022). DescribeSecurityGroups. Retrieved January 28, 2022.","url":"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html","source":"MITRE","title":"DescribeSecurityGroups","authors":"Amazon Web Services, Inc.","date_accessed":"2022-01-28T00:00:00Z","date_published":"2022-01-01T00:00:00Z","owner_name":null,"tidal_id":"633a51f9-dea9-5a2f-8601-976399e9d101","created":"2022-12-14T20:06:32.013016Z","modified":"2023-11-07T00:36:07.843377Z"},{"id":"f45ba9fb-602c-51f5-bcfe-7d3e086ce338","name":"AWS docs describe volumes","description":"AWS. (n.d.). describe-volumes. Retrieved October 20, 2025.","url":"https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-volumes.html","source":"MITRE","title":"describe-volumes","authors":"AWS","date_accessed":"2025-10-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"455eab03-59eb-56af-9f3c-aee7a18bf5b8","created":"2025-10-29T21:08:48.166607Z","modified":"2025-12-17T15:08:36.436376Z"},{"id":"f80bb86f-ce75-4778-bdee-777cf37a6de7","name":"Microsoft RunOnceEx APR 2018","description":"Microsoft. (2018, August 20). Description of the RunOnceEx Registry Key. Retrieved June 29, 2018.","url":"https://support.microsoft.com/help/310593/description-of-the-runonceex-registry-key","source":"MITRE","title":"Description of the RunOnceEx Registry Key","authors":"Microsoft","date_accessed":"2018-06-29T00:00:00Z","date_published":"2018-08-20T00:00:00Z","owner_name":null,"tidal_id":"ae02b6a3-d70b-5eb7-94d8-387361daffec","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432740Z"},{"id":"4baac228-1f6a-4c65-ae98-5a542600dfc6","name":"Designing Daemons Apple Dev","description":"Apple. (n.d.). Retrieved October 12, 2021.","url":"https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/DesigningDaemons.html","source":"MITRE","title":"Designing Daemons Apple Dev","authors":"","date_accessed":"2021-10-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9667a489-cb4a-5859-a44c-739ca464b2ea","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431923Z"},{"id":"487a54d9-9f90-478e-b305-bd041af55e12","name":"Desk.cpl - LOLBAS Project","description":"LOLBAS. (2022, April 21). Desk.cpl. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Libraries/Desk/","source":"Tidal Cyber","title":"Desk.cpl","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-04-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"62e614fe-06ff-5677-854c-23381a854c0e","created":"2024-01-12T14:47:11.014178Z","modified":"2024-01-12T14:47:11.186673Z"},{"id":"0885434e-3908-4425-9597-ce6abe531ca5","name":"Free Desktop Application Autostart Feb 2006","description":"Free Desktop. (2006, February 13). Desktop Application Autostart Specification. Retrieved September 12, 2019.","url":"https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html","source":"MITRE","title":"Desktop Application Autostart Specification","authors":"Free Desktop","date_accessed":"2019-09-12T00:00:00Z","date_published":"2006-02-13T00:00:00Z","owner_name":null,"tidal_id":"4f2b971d-7598-545c-b946-df4681f797d4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435586Z"},{"id":"1df3aacf-76c4-472a-92c8-2a85ae9e2860","name":"Desktopimgdownldr.exe - LOLBAS Project","description":"LOLBAS. (2020, June 28). Desktopimgdownldr.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Desktopimgdownldr/","source":"Tidal Cyber","title":"Desktopimgdownldr.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-06-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"034e9291-e4f3-5e82-8124-0bec0857fdb8","created":"2024-01-12T14:46:38.093897Z","modified":"2024-01-12T14:46:38.278720Z"},{"id":"18684085-c156-4610-8b1f-cc9646f2c06e","name":"CISA AA22-057A Destructive Malware February 2022","description":"CISA. (2022, February 26). Destructive Malware Targeting Organizations in Ukraine. Retrieved March 25, 2022.","url":"https://www.cisa.gov/uscert/ncas/alerts/aa22-057a","source":"MITRE","title":"Destructive Malware Targeting Organizations in Ukraine","authors":"CISA","date_accessed":"2022-03-25T00:00:00Z","date_published":"2022-02-26T00:00:00Z","owner_name":null,"tidal_id":"ebf4462b-de4a-531d-a16b-732859b2f469","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420769Z"},{"id":"e0c1fcd3-b7a8-42af-8984-873a6f969975","name":"Microsoft WhisperGate January 2022","description":"MSTIC. (2022, January 15). Destructive malware targeting Ukrainian organizations. Retrieved March 10, 2022.","url":"https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/","source":"MITRE","title":"Destructive malware targeting Ukrainian organizations","authors":"MSTIC","date_accessed":"2022-03-10T00:00:00Z","date_published":"2022-01-15T00:00:00Z","owner_name":null,"tidal_id":"8856f722-9752-5434-9d57-4cc8474c2f53","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418247Z"},{"id":"62d6a280-06df-4b96-85c8-13174e496256","name":"S2W DarkGate January 16 2024","description":"S2W. (2024, January 16). Detailed Analysis of DarkGate. Retrieved July 12, 2024.","url":"https://medium.com/s2wblog/detailed-analysis-of-darkgate-investigating-new-top-trend-backdoor-malware-0545ecf5f606","source":"Tidal Cyber","title":"Detailed Analysis of DarkGate","authors":"S2W","date_accessed":"2024-07-12T00:00:00Z","date_published":"2024-01-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2fd8c2ca-9eb8-58eb-add8-3f9f34d1d565","created":"2024-07-19T15:46:26.260956Z","modified":"2024-07-19T15:46:27.118823Z"},{"id":"e9a882a5-1a88-4fdf-9349-205f4fa167c9","name":"NSA and ASD Detect and Prevent Web Shells 2020","description":"NSA and ASD. (2020, April 3). Detect and Prevent Web Shell Malware. Retrieved July 23, 2021.","url":"https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF","source":"MITRE","title":"Detect and Prevent Web Shell Malware","authors":"NSA and ASD","date_accessed":"2021-07-23T00:00:00Z","date_published":"2020-04-03T00:00:00Z","owner_name":null,"tidal_id":"8371afb6-1166-5bf1-be07-2b7d985e3a14","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442661Z"},{"id":"b91963c4-07ea-5e36-9cc8-8a2149ee7473","name":"URI Unique","description":"Australian Cyber Security Centre. National Security Agency. (2020, April 21). Detect and Prevent Web Shell Malware. Retrieved February 9, 2024.","url":"https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF","source":"MITRE","title":"Detect and Prevent Web Shell Malware","authors":"Australian Cyber Security Centre. National Security Agency","date_accessed":"2024-02-09T00:00:00Z","date_published":"2020-04-21T00:00:00Z","owner_name":null,"tidal_id":"58d4f66e-a8f7-5691-bf4e-1b8298b2b6c1","created":"2024-04-25T13:28:33.385915Z","modified":"2025-12-17T15:08:36.428426Z"},{"id":"fd63775c-8482-477d-ab41-8c64ca17b602","name":"Microsoft Detect Outlook Forms","description":"Fox, C., Vangel, D. (2018, April 22). Detect and Remediate Outlook Rules and Custom Forms Injections Attacks in Office 365. Retrieved February 4, 2019.","url":"https://docs.microsoft.com/en-us/office365/securitycompliance/detect-and-remediate-outlook-rules-forms-attack","source":"MITRE","title":"Detect and Remediate Outlook Rules and Custom Forms Injections Attacks in Office 365","authors":"Fox, C., Vangel, D","date_accessed":"2019-02-04T00:00:00Z","date_published":"2018-04-22T00:00:00Z","owner_name":null,"tidal_id":"8248267b-56f2-5eae-a873-fbb8c38ef77e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426798Z"},{"id":"c1cd4767-b5a1-4821-8574-b5782a83920f","name":"ADDSecurity DCShadow Feb 2018","description":"Lucand,G. (2018, February 18). Detect DCShadow, impossible?. Retrieved March 30, 2018.","url":"https://adds-security.blogspot.fr/2018/02/detecter-dcshadow-impossible.html","source":"MITRE","title":"Detect DCShadow, impossible?","authors":"Lucand,G","date_accessed":"2018-03-30T00:00:00Z","date_published":"2018-02-18T00:00:00Z","owner_name":null,"tidal_id":"4bc9c491-373f-5a1c-a055-180258deb0fb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429826Z"},{"id":"4742569e-80ed-5d70-948b-9457d9371ca8","name":"Lacework LLMJacking 2024","description":"Lacework Labs. (2024, June 6). Detecting AI resource-hijacking with Composite Alerts. Retrieved September 25, 2024.","url":"https://www.lacework.com/blog/detecting-ai-resource-hijacking-with-composite-alerts","source":"MITRE","title":"Detecting AI resource-hijacking with Composite Alerts","authors":"Lacework Labs","date_accessed":"2024-09-25T00:00:00Z","date_published":"2024-06-06T00:00:00Z","owner_name":null,"tidal_id":"ca08a32a-0f7a-5114-aaa7-e90e74c2725b","created":"2024-10-31T16:28:23.806919Z","modified":"2025-12-17T15:08:36.432650Z"},{"id":"7a4e7e05-986b-4549-a021-8c3c729bd3cc","name":"Pace University Detecting DGA May 2017","description":"Chen, L., Wang, T.. (2017, May 5). Detecting Algorithmically Generated Domains Using Data Visualization and N-Grams Methods . Retrieved April 26, 2019.","url":"http://csis.pace.edu/~ctappert/srd2017/2017PDF/d4.pdf","source":"MITRE","title":"Detecting Algorithmically Generated Domains Using Data Visualization and N-Grams Methods","authors":"Chen, L., Wang, T.","date_accessed":"2019-04-26T00:00:00Z","date_published":"2017-05-05T00:00:00Z","owner_name":null,"tidal_id":"491dfe23-8cd1-54d7-a6de-96ea17a9a199","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425168Z"},{"id":"a7952f0e-6690-48de-ad93-9922d6d6989c","name":"MDSec Detecting DOTNET","description":"MDSec Research. (n.d.). Detecting and Advancing In-Memory .NET Tradecraft. Retrieved October 4, 2021.","url":"https://www.mdsec.co.uk/2020/06/detecting-and-advancing-in-memory-net-tradecraft/","source":"MITRE","title":"Detecting and Advancing In-Memory .NET Tradecraft","authors":"MDSec Research","date_accessed":"2021-10-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"32254625-4e84-55b5-8f0e-9b4c25fa9582","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428934Z"},{"id":"ce447063-ec9a-4729-aaec-64ec123077ce","name":"Cisco DoSdetectNetflow","description":"Cisco. (n.d.). Detecting and Analyzing Network Threats With NetFlow. Retrieved April 25, 2019.","url":"https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/15-mt/nf-15-mt-book/nf-detct-analy-thrts.pdf","source":"MITRE","title":"Detecting and Analyzing Network Threats With NetFlow","authors":"Cisco","date_accessed":"2019-04-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8e23cacc-d4e3-567e-a58b-08f0b8797017","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424474Z"},{"id":"005a276c-3369-4d29-bf0e-c7fa4e7d90bb","name":"RSA2017 Detect and Respond Adair","description":"Adair, S. (2017, February 17). Detecting and Responding to Advanced Threats within Exchange Environments. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20210803040540/https://published-prd.lanyonevents.com/published/rsaus17/sessionsFiles/5009/HTA-F02-Detecting-and-Responding-to-Advanced-Threats-within-Exchange-Environments.pdf","source":"MITRE","title":"Detecting and Responding to Advanced Threats within Exchange Environments","authors":"Adair, S","date_accessed":"2024-11-17T00:00:00Z","date_published":"2017-02-17T00:00:00Z","owner_name":null,"tidal_id":"e0bcd478-16fc-5737-b593-acfe3b73b515","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440836Z"},{"id":"c696ac8c-2c7a-4708-a369-0832a493e0a6","name":"Nmap Firewalls NIDS","description":"Nmap. (n.d.). Chapter 10. Detecting and Subverting Firewalls and Intrusion Detection Systems. Retrieved October 20, 2020.","url":"https://nmap.org/book/firewalls.html","source":"MITRE","title":"Detecting and Subverting Firewalls and Intrusion Detection Systems","authors":"Nmap. (n.d.)","date_accessed":"2020-10-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"76d33b6a-6e08-53fd-a4e6-eb0dafe8e134","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430980Z"},{"id":"63955204-3cf9-4628-88d2-361de4dae94f","name":"Medium Detecting Attempts to Steal Passwords from Memory","description":"French, D. (2018, October 2). Detecting Attempts to Steal Passwords from Memory. Retrieved October 11, 2019.","url":"https://medium.com/threatpunter/detecting-attempts-to-steal-passwords-from-memory-558f16dce4ea","source":"MITRE","title":"Detecting Attempts to Steal Passwords from Memory","authors":"French, D","date_accessed":"2019-10-11T00:00:00Z","date_published":"2018-10-02T00:00:00Z","owner_name":null,"tidal_id":"ac87efce-22ff-5137-a200-408ad8ccb28a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424366Z"},{"id":"bf4f5736-0506-5ecf-a73e-86ab18c2b71b","name":"Merces BPFDOOR 2023","description":"Fernando Merces. (2023, July 13). Detecting BPFDoor Backdoor Variants Abusing BPF Filters. Retrieved September 23, 2024.","url":"https://www.trendmicro.com/en_us/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters.html","source":"MITRE","title":"Detecting BPFDoor Backdoor Variants Abusing BPF Filters","authors":"Fernando Merces","date_accessed":"2024-09-23T00:00:00Z","date_published":"2023-07-13T00:00:00Z","owner_name":null,"tidal_id":"7754e051-8ce6-56a7-97ec-337d01a1e2af","created":"2024-10-31T16:28:33.709431Z","modified":"2025-12-17T15:08:36.420247Z"},{"id":"d67901a4-8774-42d3-98de-c20158f88eb6","name":"Endurant CMSTP July 2018","description":"Seetharaman, N. (2018, July 7). Detecting CMSTP-Enabled Code Execution and UAC Bypass With Sysmon.. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20190316220149/http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/","source":"MITRE","title":"Detecting CMSTP-Enabled Code Execution and UAC Bypass With Sysmon.","authors":"Seetharaman, N","date_accessed":"2024-11-17T00:00:00Z","date_published":"2018-07-07T00:00:00Z","owner_name":null,"tidal_id":"5060f671-d762-5492-9180-69f6204b362a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429203Z"},{"id":"3d8cb4d3-1cbe-416a-95b5-15003cbc2beb","name":"Red Canary COR_PROFILER May 2020","description":"Brown, J. (2020, May 7). Detecting COR_PROFILER manipulation for persistence. Retrieved June 24, 2020.","url":"https://redcanary.com/blog/cor_profiler-for-persistence/","source":"MITRE","title":"Detecting COR_PROFILER manipulation for persistence","authors":"Brown, J","date_accessed":"2020-06-24T00:00:00Z","date_published":"2020-05-07T00:00:00Z","owner_name":null,"tidal_id":"d6d1ca64-bf7a-5a46-a556-b18427cd7f91","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436980Z"},{"id":"75ccde9a-2d51-4492-9a8a-02fce30f9167","name":"NVisio Labs DDE Detection Oct 2017","description":"NVISO Labs. (2017, October 11). Detecting DDE in MS Office documents. Retrieved November 21, 2017.","url":"https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/","source":"MITRE","title":"Detecting DDE in MS Office documents","authors":"NVISO Labs","date_accessed":"2017-11-21T00:00:00Z","date_published":"2017-10-11T00:00:00Z","owner_name":null,"tidal_id":"72a56dca-2a19-5293-9618-2a926aeba079","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426307Z"},{"id":"29edb7ad-3b3a-4fdb-9c4e-bb99fc2a1c67","name":"Zhang 2013","description":"Zhang, H., Papadopoulos, C., & Massey, D. (2013, April). Detecting encrypted botnet traffic. Retrieved August 19, 2015.","url":"http://www.netsec.colostate.edu/~zhang/DetectingEncryptedBotnetTraffic.pdf","source":"MITRE","title":"Detecting encrypted botnet traffic","authors":"Zhang, H., Papadopoulos, C., & Massey, D","date_accessed":"2015-08-19T00:00:00Z","date_published":"2013-04-01T00:00:00Z","owner_name":null,"tidal_id":"0d05f521-82f2-503e-9aff-6ae851708e00","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435276Z"},{"id":"4c328a1a-6a83-4399-86c5-d6e1586da8a3","name":"ADSecurity Detecting Forged Tickets","description":"Metcalf, S. (2015, May 03). Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory. Retrieved December 23, 2015.","url":"https://adsecurity.org/?p=1515","source":"MITRE","title":"Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory","authors":"Metcalf, S","date_accessed":"2015-12-23T00:00:00Z","date_published":"2015-05-03T00:00:00Z","owner_name":null,"tidal_id":"54ce82ca-2e6e-54cf-93b1-6c5ef33ae70c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428368Z"},{"id":"b36d82a8-82ca-4f22-85c0-ee82be3b6940","name":"Microsoft Detecting Kerberoasting Feb 2018","description":"Bani, M. (2018, February 23). Detecting Kerberoasting activity using Azure Security Center. Retrieved March 23, 2018.","url":"https://blogs.technet.microsoft.com/motiba/2018/02/23/detecting-kerberoasting-activity-using-azure-security-center/","source":"MITRE","title":"Detecting Kerberoasting activity using Azure Security Center","authors":"Bani, M","date_accessed":"2018-03-23T00:00:00Z","date_published":"2018-02-23T00:00:00Z","owner_name":null,"tidal_id":"0d665a51-ece0-5741-8064-09415bdb4d2e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427941Z"},{"id":"91bea3c2-df54-424e-8667-035e6e15fe38","name":"Medium Detecting Lateral Movement","description":"French, D. (2018, September 30). Detecting Lateral Movement Using Sysmon and Splunk. Retrieved October 11, 2019.","url":"https://medium.com/threatpunter/detecting-lateral-movement-using-sysmon-and-splunk-318d3be141bc","source":"MITRE","title":"Detecting Lateral Movement Using Sysmon and Splunk","authors":"French, D","date_accessed":"2019-10-11T00:00:00Z","date_published":"2018-09-30T00:00:00Z","owner_name":null,"tidal_id":"5429c7b9-87b4-5af3-b3e4-43d48904f382","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430212Z"},{"id":"12779efe-2dd3-50b5-b0e6-9f356467a66d","name":"Inversecos Linux Timestomping","description":"inversecos. (2022, August 4). Detecting Linux Anti-Forensics: Timestomping. Retrieved March 26, 2025.","url":"https://www.inversecos.com/2022/08/detecting-linux-anti-forensics.html","source":"MITRE","title":"Detecting Linux Anti-Forensics: Timestomping","authors":"inversecos","date_accessed":"2025-03-26T00:00:00Z","date_published":"2022-08-04T00:00:00Z","owner_name":null,"tidal_id":"4a179223-7dcd-5de3-89d4-c3db7b5b98c2","created":"2025-04-22T20:47:13.404596Z","modified":"2025-12-17T15:08:36.428854Z"},{"id":"4dc6ea85-a41b-4218-a9ae-e1eea841f2f2","name":"macOS root VNC login without authentication","description":"Nick Miles. (2017, November 30). Detecting macOS High Sierra root account without authentication. Retrieved September 20, 2021.","url":"https://www.tenable.com/blog/detecting-macos-high-sierra-root-account-without-authentication","source":"MITRE","title":"Detecting macOS High Sierra root account without authentication","authors":"Nick Miles","date_accessed":"2021-09-20T00:00:00Z","date_published":"2017-11-30T00:00:00Z","owner_name":null,"tidal_id":"ca3c5891-8e2c-522f-b69a-b0565d95c23c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423716Z"},{"id":"5d3d567c-dc25-44c1-8d2a-71ae00b60dbe","name":"Sans Virtual Jan 2016","description":"Keragala, D. (2016, January 16). Detecting Malware and Sandbox Evasion Techniques. Retrieved April 17, 2019.","url":"https://www.sans.org/reading-room/whitepapers/forensics/detecting-malware-sandbox-evasion-techniques-36667","source":"MITRE","title":"Detecting Malware and Sandbox Evasion Techniques","authors":"Keragala, D","date_accessed":"2019-04-17T00:00:00Z","date_published":"2016-01-16T00:00:00Z","owner_name":null,"tidal_id":"e0accdcf-dcbc-5d08-9b50-70e2e51a2a74","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432618Z"},{"id":"7b4502ff-a45c-4ba7-b00e-ca9f6e9c2ac8","name":"Mandiant Azure AD Backdoors","description":"Mike Burns. (2020, September 30). Detecting Microsoft 365 and Azure Active Directory Backdoors. Retrieved September 28, 2022.","url":"https://www.mandiant.com/resources/detecting-microsoft-365-azure-active-directory-backdoors","source":"MITRE","title":"Detecting Microsoft 365 and Azure Active Directory Backdoors","authors":"Mike Burns","date_accessed":"2022-09-28T00:00:00Z","date_published":"2020-09-30T00:00:00Z","owner_name":null,"tidal_id":"f844837a-e0b3-5f71-8983-a2b17c092133","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429725Z"},{"id":"a1fdb8db-4c5f-4fb9-a013-b232cd8471f8","name":"CounterCept PPID Spoofing Dec 2018","description":"Loh, I. (2018, December 21). Detecting Parent PID Spoofing. Retrieved June 3, 2019.","url":"https://www.countercept.com/blog/detecting-parent-pid-spoofing/","source":"MITRE","title":"Detecting Parent PID Spoofing","authors":"Loh, I","date_accessed":"2019-06-03T00:00:00Z","date_published":"2018-12-21T00:00:00Z","owner_name":null,"tidal_id":"6a44c499-737e-5eb2-8c0e-ed7c26d71fce","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432696Z"},{"id":"b8fd5fe3-dbfa-4f28-a9b5-39f1d7db9e62","name":"CISA SolarWinds Cloud Detection","description":"CISA. (2021, January 8). Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments. Retrieved January 8, 2021.","url":"https://us-cert.cisa.gov/ncas/alerts/aa21-008a","source":"MITRE","title":"Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments","authors":"CISA","date_accessed":"2021-01-08T00:00:00Z","date_published":"2021-01-08T00:00:00Z","owner_name":null,"tidal_id":"7bb7a516-c141-5c8e-ba8b-6a7d4e9b6afc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426358Z"},{"id":"2e44290c-32f5-4e7f-96de-9874df79fe89","name":"Detecting Rclone","description":"Aaron Greetham. (2021, May 27). Detecting Rclone – An Effective Tool for Exfiltration. Retrieved August 30, 2022.","url":"https://research.nccgroup.com/2021/05/27/detecting-rclone-an-effective-tool-for-exfiltration/","source":"MITRE","title":"Detecting Rclone – An Effective Tool for Exfiltration","authors":"Aaron Greetham","date_accessed":"2022-08-30T00:00:00Z","date_published":"2021-05-27T00:00:00Z","owner_name":null,"tidal_id":"367d3455-5faa-5dac-99e6-ecf0bb69e458","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422967Z"},{"id":"539e7cd0-d1e9-46ba-96fe-d8a1061c857e","name":"Medium Detecting WMI Persistence","description":"French, D. (2018, October 9). Detecting & Removing an Attacker’s WMI Persistence. Retrieved October 11, 2019.","url":"https://medium.com/threatpunter/detecting-removing-wmi-persistence-60ccbb7dff96","source":"MITRE","title":"Detecting & Removing an Attacker’s WMI Persistence","authors":"French, D","date_accessed":"2019-10-11T00:00:00Z","date_published":"2018-10-09T00:00:00Z","owner_name":null,"tidal_id":"c851ae65-684d-538e-8a39-30d5d038f950","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429321Z"},{"id":"66d1b6e2-c069-5832-b549-fc5f0edeed40","name":"Okta Scatter Swine 2022","description":"Okta. (2022, August 25). Detecting Scatter Swine: Insights into a Relentless Phishing Campaign. Retrieved February 24, 2023.","url":"https://sec.okta.com/scatterswine","source":"MITRE","title":"Detecting Scatter Swine: Insights into a Relentless Phishing Campaign","authors":"Okta","date_accessed":"2023-02-24T00:00:00Z","date_published":"2022-08-25T00:00:00Z","owner_name":null,"tidal_id":"b34cf4bf-6cd1-5602-a563-4fb7580935ae","created":"2023-05-26T01:21:09.338778Z","modified":"2025-12-17T15:08:36.434076Z"},{"id":"7e43bda5-0978-46aa-b3b3-66ffb62b9fdb","name":"Splunk Supernova Jan 2021","description":"Stoner, J. (2021, January 21). Detecting Supernova Malware: SolarWinds Continued. Retrieved February 22, 2021.","url":"https://www.splunk.com/en_us/blog/security/detecting-supernova-malware-solarwinds-continued.html","source":"MITRE","title":"Detecting Supernova Malware: SolarWinds Continued","authors":"Stoner, J","date_accessed":"2021-02-22T00:00:00Z","date_published":"2021-01-21T00:00:00Z","owner_name":null,"tidal_id":"176e26e2-2e0c-504f-affe-f820a4fe5a8f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442009Z"},{"id":"6b63fac9-4bde-4fc8-a016-e77c8485fab7","name":"Microsoft Winnti Jan 2017","description":"Cap, P., et al. (2017, January 25). Detecting threat actors in recent German industrial attacks with Windows Defender ATP. Retrieved February 8, 2017.","url":"https://blogs.technet.microsoft.com/mmpc/2017/01/25/detecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp/","source":"MITRE","title":"Detecting threat actors in recent German industrial attacks with Windows Defender ATP","authors":"Cap, P., et al","date_accessed":"2017-02-08T00:00:00Z","date_published":"2017-01-25T00:00:00Z","owner_name":null,"tidal_id":"3bcda4f5-fa25-5fcc-832a-312f83837335","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421739Z"},{"id":"16c00830-eade-40e2-9ee6-6e1af4b58e5d","name":"Chokepoint preload rootkits","description":"stderr. (2014, February 14). Detecting Userland Preload Rootkits. Retrieved December 20, 2017.","url":"http://www.chokepoint.net/2014/02/detecting-userland-preload-rootkits.html","source":"MITRE","title":"Detecting Userland Preload Rootkits","authors":"stderr","date_accessed":"2017-12-20T00:00:00Z","date_published":"2014-02-14T00:00:00Z","owner_name":null,"tidal_id":"7d8d0a30-f8b5-529f-add6-e5eb05d1df7b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428662Z"},{"id":"1a6673b0-2a30-481e-a2a4-9e17e2676c5d","name":"Sygnia Golden SAML","description":"Sygnia. (2020, December). Detection and Hunting of Golden SAML Attack. Retrieved November 17, 2024.","url":"https://www.sygnia.co/threat-reports-and-advisories/golden-saml-attack/","source":"MITRE","title":"Detection and Hunting of Golden SAML Attack","authors":"Sygnia","date_accessed":"2024-11-17T00:00:00Z","date_published":"2020-12-01T00:00:00Z","owner_name":null,"tidal_id":"a9d0c37b-8fd8-532a-8d05-2c1138a83e55","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426083Z"},{"id":"5e5452a4-c3f5-4802-bcb4-198612cc8282","name":"FireEye Exchange Zero Days March 2021","description":"Bromiley, M. et al. (2021, March 4). Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities. Retrieved March 9, 2021.","url":"https://www.fireeye.com/blog/threat-research/2021/03/detection-response-to-exploitation-of-microsoft-exchange-zero-day-vulnerabilities.html","source":"MITRE","title":"Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities","authors":"Bromiley, M. et al","date_accessed":"2021-03-09T00:00:00Z","date_published":"2021-03-04T00:00:00Z","owner_name":null,"tidal_id":"c53db058-76a2-5147-9e7d-cf8acf71d794","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442107Z"},{"id":"05e44d3d-9170-550c-90b7-60ba30a87dda","name":"Google Cloud Threat Intelligence ESXi Hardening 2023","description":"Alex Marvi, Greg Blaum, and Ron Craft. (2023, June 28). Detection, Containment, and Hardening Opportunities for Privileged Guest Operations, Anomalous Behavior, and VMCI Backdoors on Compromised VMware Hosts. Retrieved March 26, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/vmware-detection-containment-hardening","source":"MITRE","title":"Detection, Containment, and Hardening Opportunities for Privileged Guest Operations, Anomalous Behavior, and VMCI Backdoors on Compromised VMware Hosts","authors":"Alex Marvi, Greg Blaum, and Ron Craft","date_accessed":"2025-03-26T00:00:00Z","date_published":"2023-06-28T00:00:00Z","owner_name":null,"tidal_id":"1c1d3e19-6c77-57fa-8b1a-1a67df8a0fbe","created":"2025-04-22T20:47:31.508446Z","modified":"2025-12-17T15:08:36.442046Z"},{"id":"6c87cbfd-7cb2-5703-af97-042b8610904e","name":"Splunk Detect Renamed PSExec","description":"Splunk. (2025, February 24). Detection: Detect Renamed PSExec. Retrieved April 3, 2025.","url":"https://research.splunk.com/endpoint/683e6196-b8e8-11eb-9a79-acde48001122/","source":"MITRE","title":"Detection: Detect Renamed PSExec","authors":"Splunk","date_accessed":"2025-04-03T00:00:00Z","date_published":"2025-02-24T00:00:00Z","owner_name":null,"tidal_id":"6ef1eda5-63a6-5ea8-800f-b050c6cd9240","created":"2025-04-22T20:47:18.676833Z","modified":"2025-12-17T15:08:36.434101Z"},{"id":"f9c070f1-aa83-45a3-bffb-c90f4caf5926","name":"Microsoft DEV-0139 December 6 2022","description":"Microsoft Threat Intelligence. (2022, December 6). DEV-0139 launches targeted attacks against the cryptocurrency industry. Retrieved September 30, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2022/12/06/dev-0139-launches-targeted-attacks-against-the-cryptocurrency-industry/","source":"Tidal Cyber","title":"DEV-0139 launches targeted attacks against the cryptocurrency industry","authors":"Microsoft Threat Intelligence","date_accessed":"2024-09-30T00:00:00Z","date_published":"2022-12-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"66675e01-aede-5591-8a8e-a31201cf9354","created":"2024-10-04T20:31:28.829746Z","modified":"2024-10-04T20:31:29.260162Z"},{"id":"2f7a59f3-620d-4e2e-8595-af96cd4e16c3","name":"Microsoft DEV-0537","description":"Microsoft. (2022, March 22). DEV-0537 criminal actor targeting organizations for data exfiltration and destruction. Retrieved March 23, 2022.","url":"https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/","source":"MITRE","title":"DEV-0537 criminal actor targeting organizations for data exfiltration and destruction","authors":"Microsoft","date_accessed":"2022-03-23T00:00:00Z","date_published":"2022-03-22T00:00:00Z","owner_name":null,"tidal_id":"1463146d-a48b-59cd-88a3-4f9058a9b348","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428209Z"},{"id":"79f78b10-c1b6-5545-a6a7-b1199ae364c0","name":"Microsoft DEV-0537 Mar2022","description":"Microsoft Incident Response, Microsoft Threat Intelligence . (2022, March 22). DEV-0537 criminal actor targeting organizations for data exfiltration and destruction. Retrieved January","url":"https://www.microsoft.com/en-us/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/","source":"Mobile","title":"DEV-0537 criminal actor targeting organizations for data exfiltration and destruction","authors":"Microsoft Incident Response, Microsoft Threat Intelligence","date_accessed":"1978-01-01T00:00:00Z","date_published":"2022-03-22T00:00:00Z","owner_name":null,"tidal_id":"7c6a5fec-b363-5371-acad-41373a4e601b","created":"2026-01-28T13:08:10.047894Z","modified":"2026-01-28T13:08:10.047897Z"},{"id":"a9ce7e34-6e7d-4681-9869-8e8f2b5b0390","name":"MSTIC DEV-0537 Mar 2022","description":"MSTIC, DART, M365 Defender. (2022, March 24). DEV-0537 Criminal Actor Targeting Organizations for Data Exfiltration and Destruction. Retrieved May 17, 2022.","url":"https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/","source":"MITRE","title":"DEV-0537 Criminal Actor Targeting Organizations for Data Exfiltration and Destruction","authors":"MSTIC, DART, M365 Defender","date_accessed":"2022-05-17T00:00:00Z","date_published":"2022-03-24T00:00:00Z","owner_name":null,"tidal_id":"52371ed1-9ef6-548a-a6ee-d6135014ea23","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438635Z"},{"id":"91efc6bf-e15c-514a-96c1-e838268d222f","name":"Microsoft Royal ransomware November 2022","description":"MSTIC. (2022, November 17). DEV-0569 finds new ways to deliver Royal ransomware, various payloads. Retrieved March 30, 2023.","url":"https://www.microsoft.com/en-us/security/blog/2022/11/17/dev-0569-finds-new-ways-to-deliver-royal-ransomware-various-payloads/","source":"MITRE","title":"DEV-0569 finds new ways to deliver Royal ransomware, various payloads","authors":"MSTIC","date_accessed":"2023-03-30T00:00:00Z","date_published":"2022-11-17T00:00:00Z","owner_name":null,"tidal_id":"34713463-78d5-50c4-8d4e-f6204ef8be9c","created":"2023-05-26T01:21:16.461048Z","modified":"2025-12-17T15:08:36.419882Z"},{"id":"5b667611-649d-44d5-86e0-a79527608b3c","name":"MSTIC DEV-0832 October 25 2022","description":"Microsoft Threat Intelligence. (2022, October 25). DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector. Retrieved September 19, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2022/10/25/dev-0832-vice-society-opportunistic-ransomware-campaigns-impacting-us-education-sector/","source":"Tidal Cyber","title":"DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector","authors":"Microsoft Threat Intelligence","date_accessed":"2024-09-19T00:00:00Z","date_published":"2022-10-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b0c0ecb2-0683-56bc-b8d4-55ed73f76070","created":"2024-09-20T15:08:28.569076Z","modified":"2024-09-20T15:08:28.773876Z"},{"id":"95fdf251-f40d-4f7a-bb12-8762e9c961b9","name":"Cisco IOS Forensics Developments","description":"Felix 'FX' Lindner. (2008, February). Developments in Cisco IOS Forensics. Retrieved October 21, 2020.","url":"https://www.recurity-labs.com/research/RecurityLabs_Developments_in_IOS_Forensics.pdf","source":"MITRE","title":"Developments in Cisco IOS Forensics","authors":"Felix 'FX' Lindner","date_accessed":"2020-10-21T00:00:00Z","date_published":"2008-02-01T00:00:00Z","owner_name":null,"tidal_id":"febbd77d-e92f-5e3b-9b85-2aa969df775a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434979Z"},{"id":"ae1e6e1b-4a48-5fac-a176-ed76d6ae2320","name":"Android DeviceAdminInfo","description":"Google. (n.d.). DeviceAdminInfo. Retrieved November","url":"https://developer.android.com/reference/android/app/admin/DeviceAdminInfo","source":"Mobile","title":"DeviceAdminInfo","authors":"Google","date_accessed":"1978-11-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3606f2eb-d666-5134-ae36-313817e21a06","created":"2026-01-28T13:08:10.044888Z","modified":"2026-01-28T13:08:10.044892Z"},{"id":"ccc298c3-c1df-5918-a624-0de671702bd2","name":"LOLBAS Project GitHub Device Cred Dep","description":"Elliot Killick. (n.d.). /DeviceCredentialDeployment.exe. Retrieved July 22, 2025.","url":"https://lolbas-project.github.io/lolbas/Binaries/DeviceCredentialDeployment/","source":"MITRE","title":"/DeviceCredentialDeployment.exe","authors":"Elliot Killick","date_accessed":"2025-07-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3759ad66-7678-5e2d-9ed1-3ee6fbc8a613","created":"2025-10-29T21:08:48.166516Z","modified":"2025-12-17T15:08:36.434730Z"},{"id":"fef281e8-8138-4420-b11b-66d1e6a19805","name":"DeviceCredentialDeployment.exe - LOLBAS Project","description":"LOLBAS. (2021, August 16). DeviceCredentialDeployment.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/DeviceCredentialDeployment/","source":"Tidal Cyber","title":"DeviceCredentialDeployment.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-08-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"88a9fa96-fae8-51f6-8c56-dc1d40cb3cfd","created":"2024-01-12T14:46:38.469125Z","modified":"2024-01-12T14:46:38.652565Z"},{"id":"4ecd64b4-8014-447a-91d2-a431f4adbfcd","name":"GitHub mattifestation DeviceGuardBypass","description":"Graeber, M. (2016, November 13). DeviceGuardBypassMitigationRules. Retrieved November 30, 2016.","url":"https://github.com/mattifestation/DeviceGuardBypassMitigationRules","source":"MITRE","title":"DeviceGuardBypassMitigationRules","authors":"Graeber, M","date_accessed":"2016-11-30T00:00:00Z","date_published":"2016-11-13T00:00:00Z","owner_name":null,"tidal_id":"cbb3bd4a-bd37-586a-a3b3-d676cb96e958","created":"2022-12-14T20:06:32.013016Z","modified":"2025-04-22T20:47:33.357971Z"},{"id":"4d0b8b5d-eab6-5c61-9b5a-bcb82c96a431","name":"Android Notification Listeners","description":"Android. (n.d.). DevicePolicyManager. Retrieved September","url":"https://developer.android.com/reference/android/app/admin/DevicePolicyManager#setPermittedCrossProfileNotificationListeners(android.content.ComponentName,%20java.util.List%3Cjava.lang.String%3E)","source":"Mobile","title":"DevicePolicyManager","authors":"Android","date_accessed":"1978-09-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"12adfaf4-aa1f-56af-b17d-b42d56519859","created":"2026-01-28T13:08:10.047841Z","modified":"2026-01-28T13:08:10.047844Z"},{"id":"4b4249ac-8e1b-5682-8959-75bb6cd83db5","name":"Android DevicePolicyManager 2019","description":"Android Developers. (n.d.). DevicePolicyManager. Retrieved September","url":"https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html","source":"Mobile","title":"DevicePolicyManager","authors":"Android Developers","date_accessed":"1978-09-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a4ce7587-4b13-5e04-b7b1-e557c72a4448","created":"2026-01-28T13:08:10.045011Z","modified":"2026-01-28T13:08:10.045014Z"},{"id":"55dc9526-73c5-5606-8da4-7b6d6f9ff7e7","name":"Android resetPassword","description":"Google. (n.d.). DevicePolicyManager. Retrieved October","url":"https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#resetPassword(java.lang.String,%20int)","source":"Mobile","title":"DevicePolicyManager","authors":"Google","date_accessed":"1978-10-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c40df6b1-bc84-592d-bbc9-a08fa41cd291","created":"2026-01-28T13:08:10.045211Z","modified":"2026-01-28T13:08:10.045214Z"},{"id":"66f0d40b-24b2-5bb4-9f32-3c02527eec87","name":"NYTimes-Celljam","description":"Matt Richtel. (2007, November 4). Devices Enforce Silence of Cellphones, Illegally. Retrieved November","url":"https://www.nytimes.com/2007/11/04/technology/04jammer.html","source":"Mobile","title":"Devices Enforce Silence of Cellphones, Illegally","authors":"Matt Richtel","date_accessed":"1978-11-01T00:00:00Z","date_published":"2007-11-04T00:00:00Z","owner_name":null,"tidal_id":"726a9536-373e-5367-9f87-d957e6f2a5ae","created":"2026-01-28T13:08:10.045923Z","modified":"2026-01-28T13:08:10.045926Z"},{"id":"27343583-c17d-4c11-a7e3-14d725756556","name":"Devinit.exe - LOLBAS Project","description":"LOLBAS. (2022, January 20). Devinit.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Devinit/","source":"Tidal Cyber","title":"Devinit.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-01-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9e33486d-8e98-5563-abd2-36003a3beb6b","created":"2024-01-12T14:47:20.578292Z","modified":"2024-01-12T14:47:20.763489Z"},{"id":"cb263978-019c-40c6-b6de-61db0e7a8941","name":"Devtoolslauncher.exe - LOLBAS Project","description":"LOLBAS. (2019, October 4). Devtoolslauncher.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Devtoolslauncher/","source":"Tidal Cyber","title":"Devtoolslauncher.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2019-10-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"097e4da4-2f5c-50b7-af8f-f6f2836ae0dd","created":"2024-01-12T14:47:20.951010Z","modified":"2024-01-12T14:47:21.132828Z"},{"id":"657c8b4c-1eee-4997-8461-c7592eaed9e8","name":"devtunnel.exe - LOLBAS Project","description":"LOLBAS. (2023, September 16). devtunnel.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/devtunnels/","source":"Tidal Cyber","title":"devtunnel.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2023-09-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"304f5915-df42-5617-83b6-9d42f5d51d86","created":"2024-01-12T14:47:35.339570Z","modified":"2024-01-12T14:47:35.516313Z"},{"id":"30503e42-6047-46a9-8189-e6caa5f4deb0","name":"Dfshim.dll - LOLBAS Project","description":"LOLBAS. (2018, May 25). Dfshim.dll. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Libraries/Dfshim/","source":"Tidal Cyber","title":"Dfshim.dll","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"969742f8-0a0f-54f2-b17e-229d319666b0","created":"2024-01-12T14:47:11.380851Z","modified":"2024-01-12T14:47:11.557617Z"},{"id":"caef4593-a7ac-57f7-9e06-b6ace2c9623d","name":"LOLBAS /Dfsvc.exe","description":"LOLBAS. (n.d.). /Dfsvc.exe. Retrieved September 9, 2024.","url":"https://lolbas-project.github.io/lolbas/Binaries/Dfsvc/","source":"MITRE","title":"/Dfsvc.exe","authors":"LOLBAS","date_accessed":"2024-09-09T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"bb02ba6e-13a3-5d4d-a7df-2ae5e51eeb06","created":"2024-10-31T16:28:25.699043Z","modified":"2025-12-17T15:08:36.434755Z"},{"id":"7f3a78c0-68b2-4a9d-ae6a-6e63e8ddac3f","name":"Dfsvc.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Dfsvc.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Dfsvc/","source":"Tidal Cyber","title":"Dfsvc.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a00634ff-1cdd-50d5-b4ba-ff12bcfeeb54","created":"2024-01-12T14:46:38.828215Z","modified":"2024-01-12T14:46:39.025648Z"},{"id":"e2b1e810-2a78-4553-8927-38ed5fba0f38","name":"dhcp_serv_op_events","description":"Microsoft. (2006, August 31). DHCP Server Operational Events. Retrieved March 7, 2022.","url":"https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn800668(v=ws.11)","source":"MITRE","title":"DHCP Server Operational Events","authors":"Microsoft","date_accessed":"2022-03-07T00:00:00Z","date_published":"2006-08-31T00:00:00Z","owner_name":null,"tidal_id":"2bd8adea-5a33-5248-8f34-97985e03b808","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430101Z"},{"id":"bde7a680-8925-5d69-b2ae-eb9c8b49ea50","name":"DHS CISA February 2019","description":"DHS CISA 2019, February 27 MAR-17-352-01 HatManSafety System Targeted Malware (Update B). Retrieved 2019/03/08","url":"https://ics-cert.us-cert.gov/sites/default/files/documents/MAR-17-352-01%20HatMan%20-%20Safety%20System%20Targeted%20Malware%20%28Update%20B%29.pdf","source":"ICS","title":"DHS CISA February 2019","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f6410d86-f050-55b6-80e4-be771b2edfdb","created":"2026-01-28T13:08:18.175745Z","modified":"2026-01-28T13:08:18.175748Z"},{"id":"522bc43a-bb34-5cea-80f0-63a1e9535417","name":"DHS National Urban Security Technology Laboratory April 2019","description":"DHS National Urban Security Technology Laboratory 2019, April Radio Frequency Detection, Spectrum Analysis, and Direction Finding Equipment. Retrieved 2020/09/17","url":"https://www.dhs.gov/sites/default/files/saver-msr-rf-detection_cod-508_10july2019.pdf","source":"ICS","title":"DHS National Urban Security Technology Laboratory April 2019","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5c3eb860-4beb-5391-ad19-a2821c7fc481","created":"2026-01-28T13:08:18.175301Z","modified":"2026-01-28T13:08:18.175304Z"},{"id":"854f2dcf-d807-55b4-b819-6f8f20491883","name":"Microsoft DiamondSleet 2023","description":"Microsoft Threat Intelligence. (2023, November 22). Diamond Sleet supply chain compromise distributes a modified CyberLink installer. Retrieved March 28, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer/","source":"MITRE","title":"Diamond Sleet supply chain compromise distributes a modified CyberLink installer","authors":"Microsoft Threat Intelligence","date_accessed":"2025-03-28T00:00:00Z","date_published":"2023-11-22T00:00:00Z","owner_name":null,"tidal_id":"f9b3e07e-0c21-550d-8586-74c49e7899a3","created":"2025-04-22T20:47:31.001469Z","modified":"2025-12-17T15:08:36.441239Z"},{"id":"92993055-d2e6-46b2-92a3-ad70b62e4cc0","name":"GitHub Diamorphine","description":"Mello, V. (2018, March 8). Diamorphine - LMK rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64). Retrieved April 9, 2018.","url":"https://github.com/m0nad/Diamorphine","source":"MITRE","title":"Diamorphine - LMK rootkit for Linux Kernels 2.6.x/3.x/4.x (x86 and x86_64)","authors":"Mello, V","date_accessed":"2018-04-09T00:00:00Z","date_published":"2018-03-08T00:00:00Z","owner_name":null,"tidal_id":"a564d4ec-672a-53dc-a6b1-ed096962e83e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430936Z"},{"id":"66652db8-5594-414f-8a6b-83d708a0c1fa","name":"diantz.exe_lolbas","description":"Living Off The Land Binaries, Scripts and Libraries (LOLBAS). (n.d.). Diantz.exe. Retrieved October 25, 2021.","url":"https://lolbas-project.github.io/lolbas/Binaries/Diantz/","source":"MITRE","title":"Diantz.exe","authors":"Living Off The Land Binaries, Scripts and Libraries (LOLBAS)","date_accessed":"2021-10-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d2d4beb6-fec8-552f-85df-68d4bd97fe45","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423682Z"},{"id":"28c650f2-8ce8-4c78-ab4a-cae56c1548ed","name":"Fortinet Diavol July 2021","description":"Neeamni, D., Rubinfeld, A.. (2021, July 1). Diavol - A New Ransomware Used By Wizard Spider?. Retrieved November 12, 2021.","url":"https://www.fortinet.com/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider","source":"MITRE","title":"Diavol - A New Ransomware Used By Wizard Spider?","authors":"Neeamni, D., Rubinfeld, A.","date_accessed":"2021-11-12T00:00:00Z","date_published":"2021-07-01T00:00:00Z","owner_name":null,"tidal_id":"35550bf6-eb0f-5c32-bb89-803569330d9f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418511Z"},{"id":"eb89f18d-684c-4220-b2a8-967f1f8f9162","name":"DFIR Diavol Ransomware December 2021","description":"DFIR Report. (2021, December 13). Diavol Ransomware. Retrieved March 9, 2022.","url":"https://thedfirreport.com/2021/12/13/diavol-ransomware/","source":"MITRE","title":"Diavol Ransomware","authors":"DFIR Report","date_accessed":"2022-03-09T00:00:00Z","date_published":"2021-12-13T00:00:00Z","owner_name":null,"tidal_id":"b0836432-42cb-5637-b028-d17910cc407e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418490Z"},{"id":"3b85fff0-88d8-4df6-af0b-66e57492732e","name":"Überwachung APT28 Forfiles June 2015","description":"Guarnieri, C. (2015, June 19). Digital Attack on German Parliament: Investigative Report on the Hack of the Left Party Infrastructure in Bundestag. Retrieved January 22, 2018.","url":"https://netzpolitik.org/2015/digital-attack-on-german-parliament-investigative-report-on-the-hack-of-the-left-party-infrastructure-in-bundestag/","source":"MITRE","title":"Digital Attack on German Parliament: Investigative Report on the Hack of the Left Party Infrastructure in Bundestag","authors":"Guarnieri, C","date_accessed":"2018-01-22T00:00:00Z","date_published":"2015-06-19T00:00:00Z","owner_name":null,"tidal_id":"b4a4bf44-5142-5dd6-b1de-2657d4062613","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423146Z"},{"id":"f58e28af-6c30-4186-879a-d64542f161bf","name":"Unit 42 November 14 2025","description":"Keerthiraj Nagaraj, Vishwa Thothathri, Nabeel Mohamed, Reethika Ramesh. (2025, November 14). Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT. Retrieved November 19, 2025.","url":"https://origin-unit42.paloaltonetworks.com/impersonation-campaigns-deliver-gh0st-rat/","source":"Tidal Cyber","title":"Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT","authors":"Keerthiraj Nagaraj, Vishwa Thothathri, Nabeel Mohamed, Reethika Ramesh","date_accessed":"2025-11-19T12:00:00Z","date_published":"2025-11-14T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0686be6d-3f77-5d35-ab8e-ac53a6fb5646","created":"2025-11-26T19:37:27.955722Z","modified":"2025-11-26T19:37:28.102832Z"},{"id":"451bdfe3-0b30-425c-97a0-44727b70c1da","name":"Microsoft DSE June 2017","description":"Microsoft. (2017, June 1). Digital Signatures for Kernel Modules on Windows. Retrieved April 22, 2021.","url":"https://docs.microsoft.com/en-us/previous-versions/windows/hardware/design/dn653559(v=vs.85)?redirectedfrom=MSDN","source":"MITRE","title":"Digital Signatures for Kernel Modules on Windows","authors":"Microsoft","date_accessed":"2021-04-22T00:00:00Z","date_published":"2017-06-01T00:00:00Z","owner_name":null,"tidal_id":"09a2bd11-2bbb-505e-993b-f89ebad6947a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429850Z"},{"id":"31f2c61e-cefe-5df7-9c2b-780bf03c88ec","name":"Microsoft East Asia Threats September 2023","description":"Microsoft Threat Intelligence. (2023, September). Digital threats from East Asia increase in breadth and effectiveness. Retrieved February 5, 2024.","url":"https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RW1aFyW","source":"MITRE","title":"Digital threats from East Asia increase in breadth and effectiveness","authors":"Microsoft Threat Intelligence","date_accessed":"2024-02-05T00:00:00Z","date_published":"2023-09-01T00:00:00Z","owner_name":null,"tidal_id":"da7304f1-3d5b-5267-9996-7a6c34280c0f","created":"2024-04-25T13:28:45.798272Z","modified":"2025-12-17T15:08:36.438362Z"},{"id":"cd177c2e-ef22-47be-9926-61e25fd5f33b","name":"ESET Turla Mosquito Jan 2018","description":"ESET, et al. (2018, January). Diplomats in Eastern Europe bitten by a Turla mosquito. Retrieved July 3, 2018.","url":"https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf","source":"MITRE","title":"Diplomats in Eastern Europe bitten by a Turla mosquito","authors":"ESET, et al","date_accessed":"2018-07-03T00:00:00Z","date_published":"2018-01-01T00:00:00Z","owner_name":null,"tidal_id":"0aa2ab2a-8125-5d07-b319-c99cd21f9326","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420428Z"},{"id":"f1eb8631-6bea-4688-a5ff-a388b1fdceb0","name":"TechNet Dir","description":"Microsoft. (n.d.). Dir. Retrieved April 18, 2016.","url":"https://technet.microsoft.com/en-us/library/cc755121.aspx","source":"MITRE","title":"Dir","authors":"Microsoft","date_accessed":"2016-04-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"73113a0c-8018-5fb6-abf4-30a35ed480c6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423333Z"},{"id":"c504485b-2daa-4159-96da-481a0b97a979","name":"Frisk DMA August 2016","description":"Ulf Frisk. (2016, August 5). Direct Memory Attack the Kernel. Retrieved March 30, 2018.","url":"https://www.youtube.com/watch?v=fXthwl6ShOg","source":"MITRE","title":"Direct Memory Attack the Kernel","authors":"Ulf Frisk","date_accessed":"2018-03-30T00:00:00Z","date_published":"2016-08-05T00:00:00Z","owner_name":null,"tidal_id":"8e5694ec-5f49-54a2-931e-9f69ae1970c4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435117Z"},{"id":"dd8c2edd-b5ba-5a41-b65d-c3a2951d07b8","name":"Redops Syscalls","description":"Feichter, D. (2023, June 30). Direct Syscalls vs Indirect Syscalls. Retrieved September 27, 2023.","url":"https://redops.at/en/blog/direct-syscalls-vs-indirect-syscalls","source":"MITRE","title":"Direct Syscalls vs Indirect Syscalls","authors":"Feichter, D","date_accessed":"2023-09-27T00:00:00Z","date_published":"2023-06-30T00:00:00Z","owner_name":null,"tidal_id":"414c8293-d9d7-57c5-b7a7-80d51ff2f68f","created":"2023-11-07T00:36:00.716523Z","modified":"2025-12-17T15:08:36.427815Z"},{"id":"5b5b93d3-77c8-5d46-95e3-f7bc84448a34","name":"AWS DisableAWSServiceAccess","description":"AWS. (n.d.). DisableAWSServiceAccess. Retrieved May 22, 2025.","url":"https://docs.aws.amazon.com/organizations/latest/APIReference/API_DisableAWSServiceAccess.html","source":"MITRE","title":"DisableAWSServiceAccess","authors":"AWS","date_accessed":"2025-05-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"21f1f2c7-dc9c-5119-b096-44ba437232d7","created":"2025-10-29T21:08:48.165658Z","modified":"2025-12-17T15:08:36.426105Z"},{"id":"eea0dd34-4efa-4093-bd11-a59d1601868f","name":"GitHub Disable DDEAUTO Oct 2017","description":"Dormann, W. (2017, October 20). Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016. Retrieved February 3, 2018.","url":"https://gist.github.com/wdormann/732bb88d9b5dd5a66c9f1e1498f31a1b","source":"MITRE","title":"Disable DDEAUTO for Outlook, Word, OneNote, and Excel versions 2010, 2013, 2016","authors":"Dormann, W","date_accessed":"2018-02-03T00:00:00Z","date_published":"2017-10-20T00:00:00Z","owner_name":null,"tidal_id":"483911f6-6df1-5aa3-b709-8c5a5301e8c4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415914Z"},{"id":"2155591e-eacf-4575-b7a6-f031675ef1b3","name":"Disable automount for ISO","description":"wordmann. (2022, February 8). Disable Disc Imgage. Retrieved February 8, 2022.","url":"https://gist.github.com/wdormann/fca29e0dcda8b5c0472e73e10c78c3e7","source":"MITRE","title":"Disable Disc Imgage","authors":"wordmann","date_accessed":"2022-02-08T00:00:00Z","date_published":"2022-02-08T00:00:00Z","owner_name":null,"tidal_id":"a61a29de-fbe6-5c01-ab4a-b95a3645f26b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431762Z"},{"id":"0fa5e507-33dc-40ea-b960-bcd9aa024ab1","name":"Disable_Win_Event_Logging","description":"dmcxblue. (n.d.). Disable Windows Event Logging. Retrieved September 10, 2021.","url":"https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-techniques/defense-evasion/t1562-impair-defenses/disable-windows-event-logging","source":"MITRE","title":"Disable Windows Event Logging","authors":"dmcxblue","date_accessed":"2021-09-10T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4042aa91-2787-5436-b41b-37a99b00dea7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429242Z"},{"id":"044aa74a-9320-496a-9d15-37d8b934c244","name":"GitHub MOTW","description":"wdormann. (2019, August 29). Disable Windows Explorer file associations for Disc Image Mount. Retrieved April 16, 2022.","url":"https://gist.github.com/wdormann/fca29e0dcda8b5c0472e73e10c78c3e7","source":"MITRE","title":"Disable Windows Explorer file associations for Disc Image Mount","authors":"wdormann","date_accessed":"2022-04-16T00:00:00Z","date_published":"2019-08-29T00:00:00Z","owner_name":null,"tidal_id":"82d32cbe-de0c-5785-aa16-bfbb258292e9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441774Z"},{"id":"d7545e0c-f0b7-4be4-800b-06a02240385e","name":"Apple Disable SIP","description":"Apple. (n.d.). Disabling and Enabling System Integrity Protection. Retrieved April 22, 2021.","url":"https://developer.apple.com/documentation/security/disabling_and_enabling_system_integrity_protection","source":"MITRE","title":"Disabling and Enabling System Integrity Protection","authors":"Apple","date_accessed":"2021-04-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b8d4ce53-c48c-5244-bfae-86604b043dd2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429832Z"},{"id":"27573597-5269-4894-87fb-24afcdb8f30a","name":"Microsoft GPO Bluetooth FEB 2009","description":"Microsoft. (2009, February 9). Disabling Bluetooth and Infrared Beaming. Retrieved July 26, 2018.","url":"https://technet.microsoft.com/library/dd252791.aspx","source":"MITRE","title":"Disabling Bluetooth and Infrared Beaming","authors":"Microsoft","date_accessed":"2018-07-26T00:00:00Z","date_published":"2009-02-09T00:00:00Z","owner_name":null,"tidal_id":"a3665160-3971-5629-b447-30c44140da49","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416088Z"},{"id":"6e91f485-5777-4a06-94a3-cdc4718a8e39","name":"ITSyndicate Disabling PHP functions","description":"Kondratiev, A. (n.d.). Disabling dangerous PHP functions. Retrieved July 26, 2021.","url":"https://itsyndicate.org/blog/disabling-dangerous-php-functions/","source":"MITRE","title":"Disabling dangerous PHP functions","authors":"Kondratiev, A","date_accessed":"2021-07-26T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"eac3441e-6c78-51ea-9ef9-ed25cb0ce92f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441786Z"},{"id":"d53e8f89-df78-565b-a316-cf2644c5ed36","name":"disable_notif_synology_ransom","description":"TheDFIRReport. (2022, March 1). Disabling notifications on Synology servers before ransom. Retrieved September 12, 2024.","url":"https://x.com/TheDFIRReport/status/1498657590259109894","source":"MITRE","title":"Disabling notifications on Synology servers before ransom","authors":"TheDFIRReport","date_accessed":"2024-09-12T00:00:00Z","date_published":"2022-03-01T00:00:00Z","owner_name":null,"tidal_id":"72417b5a-647d-5d2b-bfe0-ee4dbbdeb3bb","created":"2023-05-26T01:21:11.125976Z","modified":"2025-12-17T15:08:36.436655Z"},{"id":"91e860ad-9f44-5531-9886-e2be3dd0ac99","name":"SonicWall","description":"SecurityNews. (2024, July 12). Disarming DarkGate: A Deep Dive into Thwarting the Latest DarkGate Variant. Retrieved September 22, 2025.","url":"https://www.sonicwall.com/blog/disarming-darkgate-a-deep-dive-into-thwarting-the-latest-darkgate-variant","source":"MITRE","title":"Disarming DarkGate: A Deep Dive into Thwarting the Latest DarkGate Variant","authors":"SecurityNews","date_accessed":"2025-09-22T00:00:00Z","date_published":"2024-07-12T00:00:00Z","owner_name":null,"tidal_id":"c1dde5ed-219c-5d68-b3d3-b5364bd03ee1","created":"2025-10-29T21:08:48.166691Z","modified":"2025-12-17T15:08:36.436880Z"},{"id":"1d0a21f4-9a8e-5514-894a-3d55263ff973","name":"Krebs Discord Bookmarks 2023","description":"Brian Krebs. (2023, May 30). Discord Admins Hacked by Malicious Bookmarks. Retrieved January 2, 2024.","url":"https://krebsonsecurity.com/2023/05/discord-admins-hacked-by-malicious-bookmarks/","source":"MITRE","title":"Discord Admins Hacked by Malicious Bookmarks","authors":"Brian Krebs","date_accessed":"2024-01-02T00:00:00Z","date_published":"2023-05-30T00:00:00Z","owner_name":null,"tidal_id":"adecd7b6-91d3-51dc-86f7-77ed90755f45","created":"2024-04-25T13:28:30.320828Z","modified":"2025-12-17T15:08:36.425102Z"},{"id":"9e8b57a5-7e31-5add-ac3e-8b9c0f7f27aa","name":"Diskshadow","description":"Microsoft Windows Server. (2023, February 3). Diskshadow. Retrieved November 21, 2023.","url":"https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/diskshadow","source":"MITRE","title":"Diskshadow","authors":"Microsoft Windows Server","date_accessed":"2023-11-21T00:00:00Z","date_published":"2023-02-03T00:00:00Z","owner_name":null,"tidal_id":"8c8015ca-edef-5905-9d9b-b46a6f08f0cf","created":"2024-04-25T13:28:41.606921Z","modified":"2025-12-17T15:08:36.436629Z"},{"id":"27a3f0b4-e699-4319-8b52-8eae4581faa2","name":"Diskshadow.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Diskshadow.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Diskshadow/","source":"Tidal Cyber","title":"Diskshadow.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"99656c72-fc46-5c1c-963d-091d74e8d4cb","created":"2024-01-12T14:46:39.377687Z","modified":"2024-01-12T14:46:39.560113Z"},{"id":"85bae892-d121-5db7-90e6-533868266ebb","name":"Elastic Security Labs","description":"Joe Desimone. (2024, August 5). Dismantling Smart App Control. Retrieved March 21, 2025.","url":"https://www.elastic.co/security-labs/dismantling-smart-app-control","source":"MITRE","title":"Dismantling Smart App Control","authors":"Joe Desimone","date_accessed":"2025-03-21T00:00:00Z","date_published":"2024-08-05T00:00:00Z","owner_name":null,"tidal_id":"d2422334-137c-5047-9dcc-57dcf1e476a8","created":"2025-04-22T20:47:16.225017Z","modified":"2025-12-17T15:08:36.431583Z"},{"id":"9a2d190e-e0ea-42a0-8358-bdc7d43952ec","name":"Microsoft Security Blog July 22 2025","description":"Microsoft Threat Intelligence. (2025, July 22). Disrupting active exploitation of on-premises SharePoint vulnerabilities . Retrieved July 25, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/","source":"Tidal Cyber","title":"Disrupting active exploitation of on-premises SharePoint vulnerabilities","authors":"Microsoft Threat Intelligence","date_accessed":"2025-07-25T12:00:00Z","date_published":"2025-07-22T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5fcfbd09-2c84-5563-a088-9410117dda12","created":"2025-08-04T14:20:50.939830Z","modified":"2025-08-04T14:20:51.398244Z"},{"id":"e6b03e68-453d-570a-8910-74401d0ffdca","name":"Microsoft SharePoint Exploit JUL 2025","description":"Microsoft Threat Intelligence. (2025, July 22). Disrupting active exploitation of on-premises SharePoint vulnerabilities. Retrieved October 15, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/#storm-2603","source":"MITRE","title":"Disrupting active exploitation of on-premises SharePoint vulnerabilities","authors":"Microsoft Threat Intelligence","date_accessed":"2025-10-15T00:00:00Z","date_published":"2025-07-22T00:00:00Z","owner_name":null,"tidal_id":"dae33757-86cd-5b32-b4c2-16f1569a667f","created":"2025-10-29T21:08:48.167253Z","modified":"2025-12-17T15:08:36.439316Z"},{"id":"701c3b9f-235a-429d-9d94-b4b4ac720fe3","name":"Microsoft On the Issues February 27 2025","description":"Steven Masada. (2025, February 27). Disrupting a Global Cybercrime Network Abusing Generative AI. Retrieved February 28, 2025.","url":"https://blogs.microsoft.com/on-the-issues/2025/02/27/disrupting-cybercrime-abusing-gen-ai/","source":"Tidal Cyber","title":"Disrupting a Global Cybercrime Network Abusing Generative AI","authors":"Steven Masada","date_accessed":"2025-02-28T00:00:00Z","date_published":"2025-02-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fd49238d-4b9c-552a-bd5a-cbcb0996c075","created":"2025-03-04T15:54:54.112297Z","modified":"2025-03-04T15:54:54.459800Z"},{"id":"bc7580b8-a686-4f90-a833-55592c62894b","name":"Microsoft Lumma Stealer Disruption May 21 2025","description":"Steve Masada. (2025, May 21). Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool. Retrieved May 22, 2025.","url":"https://blogs.microsoft.com/on-the-issues/2025/05/21/microsoft-leads-global-action-against-favored-cybercrime-tool/","source":"Tidal Cyber","title":"Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool","authors":"Steve Masada","date_accessed":"2025-05-22T00:00:00Z","date_published":"2025-05-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5224b8f5-15a5-5669-af4f-79e483357384","created":"2025-05-23T14:41:31.933109Z","modified":"2025-05-23T14:41:32.101999Z"},{"id":"d8f576cb-0afc-54a7-a449-570c4311ef7a","name":"OpenAI-CTI","description":"OpenAI. (2024, February 14). Disrupting malicious uses of AI by state-affiliated threat actors. Retrieved September 12, 2024.","url":"https://openai.com/index/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors/","source":"MITRE","title":"Disrupting malicious uses of AI by state-affiliated threat actors","authors":"OpenAI","date_accessed":"2024-09-12T00:00:00Z","date_published":"2024-02-14T00:00:00Z","owner_name":null,"tidal_id":"d95dffe6-fedf-5784-b4fc-401bfa502837","created":"2024-04-25T13:28:29.742294Z","modified":"2025-12-17T15:08:36.424583Z"},{"id":"05da33ac-e25a-4ad3-8146-d015d7494bb9","name":"OpenAI CTI Update June 2025","description":"Ben Nimmo, Albert Zhang, Sophia Farquhar, Max Murphy, Kimo Bumanglag. (2025, June 5). Disrupting malicious uses of AI: June 2025. Retrieved June 9, 2025.","url":"https://cdn.openai.com/threat-intelligence-reports/5f73af09-a3a3-4a55-992e-069237681620/disrupting-malicious-uses-of-ai-june-2025.pdf","source":"Tidal Cyber","title":"Disrupting malicious uses of AI: June 2025","authors":"Ben Nimmo, Albert Zhang, Sophia Farquhar, Max Murphy, Kimo Bumanglag","date_accessed":"2025-06-09T00:00:00Z","date_published":"2025-06-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4b76f287-21c6-5d93-9ba3-ebcd16a4bd1f","created":"2025-06-10T15:50:21.964020Z","modified":"2025-06-10T15:50:22.256191Z"},{"id":"0318c7c7-9c12-46ce-bb91-c986f7e5f73b","name":"OpenAI CTI Update February 2025","description":"OpenAI. (2025, February 1). Disrupting malicious uses of our models - an update February 2025. Retrieved February 27, 2025.","url":"https://cdn.openai.com/threat-intelligence-reports/disrupting-malicious-uses-of-our-models-february-2025-update.pdf","source":"Tidal Cyber","title":"Disrupting malicious uses of our models - an update February 2025","authors":"OpenAI","date_accessed":"2025-02-27T00:00:00Z","date_published":"2025-02-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9c020dec-bcda-59be-9e31-829546a8d64a","created":"2025-03-04T15:54:52.916011Z","modified":"2025-03-04T15:54:53.503156Z"},{"id":"d5fc25ad-2337-55f5-9eac-050178a533d6","name":"Microsoft Star Blizzard August 2022","description":"Microsoft Threat Intelligence. (2022, August 15). Disrupting SEABORGIUM’s ongoing phishing operations. Retrieved June 13, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/","source":"MITRE","title":"Disrupting SEABORGIUM’s ongoing phishing operations","authors":"Microsoft Threat Intelligence","date_accessed":"2024-06-13T00:00:00Z","date_published":"2022-08-15T00:00:00Z","owner_name":null,"tidal_id":"3e138a0a-27e0-59f4-8522-6efcbd3ecaf2","created":"2024-10-31T16:28:30.863090Z","modified":"2025-12-17T15:08:36.439562Z"},{"id":"b62a9f2c-02ca-4dfa-95fc-5dc6ad9568de","name":"Bitdefender FunnyDream Campaign November 2020","description":"Vrabie, V. (2020, November). Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions. Retrieved September 19, 2022.","url":"https://www.bitdefender.com/files/News/CaseStudies/study/379/Bitdefender-Whitepaper-Chinese-APT.pdf","source":"MITRE","title":"Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions","authors":"Vrabie, V","date_accessed":"2022-09-19T00:00:00Z","date_published":"2020-11-01T00:00:00Z","owner_name":null,"tidal_id":"e508b103-9cc7-5f12-9cdf-10aae623bc33","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416905Z"},{"id":"7181a91d-63a6-5846-81a0-6d72c188d2d1","name":"Zhou","description":"Yajin Zhou and Xuxian Jiang. (2012, May). Dissecting Android Malware: Characterization and Evolution. Retrieved December","url":"http://ieeexplore.ieee.org/document/6234407","source":"Mobile","title":"Dissecting Android Malware: Characterization and Evolution","authors":"Yajin Zhou and Xuxian Jiang","date_accessed":"1978-12-01T00:00:00Z","date_published":"2012-05-01T00:00:00Z","owner_name":null,"tidal_id":"00c1644e-2065-5c5c-afd8-f271d6fcbb1f","created":"2026-01-28T13:08:10.045547Z","modified":"2026-01-28T13:08:10.045550Z"},{"id":"404d4f7e-62de-4483-9320-a90fb255e783","name":"FireEye NETWIRE March 2019","description":"Maniath, S. and Kadam P. (2019, March 19). Dissecting a NETWIRE Phishing Campaign's Usage of Process Hollowing. Retrieved January 7, 2021.","url":"https://www.mandiant.com/resources/blog/dissecting-netwire-phishing-campaigns-usage-process-hollowing","source":"MITRE","title":"Dissecting a NETWIRE Phishing Campaign's Usage of Process Hollowing","authors":"Maniath, S. and Kadam P","date_accessed":"2021-01-07T00:00:00Z","date_published":"2019-03-19T00:00:00Z","owner_name":null,"tidal_id":"74090f9e-7613-5761-bbf5-5dca086607e1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441269Z"},{"id":"98f6f667-388b-4317-ad3e-be1caa99b87c","name":"Huntress January 16 2026","description":"None Identified. (2026, January 16). Dissecting CrashFix: KongTuke's New Toy | Huntress. Retrieved January 23, 2026.","url":"https://www.huntress.com/blog/malicious-browser-extention-crashfix-kongtuke","source":"Tidal Cyber","title":"Dissecting CrashFix: KongTuke's New Toy | Huntress","authors":"None Identified","date_accessed":"2026-01-23T12:00:00Z","date_published":"2026-01-16T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4a3756d7-8cf5-582e-b4c7-b267dc4c8fdc","created":"2026-01-23T20:29:40.957623Z","modified":"2026-01-23T20:29:41.087987Z"},{"id":"9888cdb6-fe85-49b4-937c-75005ac9660d","name":"Cybereason Dissecting DGAs","description":"Sternfeld, U. (2016). Dissecting Domain Generation Algorithms: Eight Real World DGA Variants. Retrieved February 18, 2019.","url":"http://go.cybereason.com/rs/996-YZT-709/images/Cybereason-Lab-Analysis-Dissecting-DGAs-Eight-Real-World-DGA-Variants.pdf","source":"MITRE","title":"Dissecting Domain Generation Algorithms: Eight Real World DGA Variants","authors":"Sternfeld, U","date_accessed":"2019-02-18T00:00:00Z","date_published":"2016-01-01T00:00:00Z","owner_name":null,"tidal_id":"1a8d7f53-8562-559d-ae14-2bbf30f4fc85","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415626Z"},{"id":"b1271e05-80d7-4761-a13f-b6f0db7d7e5a","name":"FireEye POSHSPY April 2017","description":"Dunwoody, M.. (2017, April 3). Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY). Retrieved April 5, 2017.","url":"https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html","source":"MITRE","title":"Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY)","authors":"Dunwoody, M.","date_accessed":"2017-04-05T00:00:00Z","date_published":"2017-04-03T00:00:00Z","owner_name":null,"tidal_id":"bdf16141-c46d-59a4-acb6-f67b4ccc79c6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419017Z"},{"id":"6b21cfaf-eb87-587e-9fe0-cc358f42645a","name":"Oberheide-Bouncer","description":"Jon Oberheide and Charlie Miller. (2012). Dissecting the Android Bouncer. Retrieved December","url":"https://jon.oberheide.org/files/summercon12-bouncer.pdf","source":"Mobile","title":"Dissecting the Android Bouncer","authors":"Jon Oberheide and Charlie Miller","date_accessed":"1978-12-01T00:00:00Z","date_published":"2012-01-01T00:00:00Z","owner_name":null,"tidal_id":"0a6a0de4-409e-5bbe-ac83-7aa76b0e5eb0","created":"2026-01-28T13:08:10.046073Z","modified":"2026-01-28T13:08:10.046076Z"},{"id":"3bcbc294-91f1-56af-9eb9-9ce556c09602","name":"Bleeping Computer Stealer Logs 2023","description":"Flare. (2023, June 6). Dissecting the Dark Web Supply Chain: Stealer Logs in Context. Retrieved October 10, 2024.","url":"https://www.bleepingcomputer.com/news/security/dissecting-the-dark-web-supply-chain-stealer-logs-in-context/","source":"MITRE","title":"Dissecting the Dark Web Supply Chain: Stealer Logs in Context","authors":"Flare","date_accessed":"2024-10-10T00:00:00Z","date_published":"2023-06-06T00:00:00Z","owner_name":null,"tidal_id":"133b1cdd-47ca-5b42-933a-03502c973300","created":"2024-10-31T16:28:25.165480Z","modified":"2025-12-17T15:08:36.434069Z"},{"id":"9bc1468b-123d-5e4c-9829-88ae837798c3","name":"SecureList OpTriangulation 21Jun2023","description":"Kucherin, G., et al. (2023, June 21). Dissecting TriangleDB, a Triangulation spyware implant. Retrieved April","url":"https://securelist.com/triangledb-triangulation-implant/110050/","source":"Mobile","title":"Dissecting TriangleDB, a Triangulation spyware implant","authors":"Kucherin, G., et al","date_accessed":"1978-04-01T00:00:00Z","date_published":"2023-06-21T00:00:00Z","owner_name":null,"tidal_id":"7a74fd9e-5c63-5d82-ae64-c901749918b5","created":"2026-01-28T13:08:10.038965Z","modified":"2026-01-28T13:08:10.038968Z"},{"id":"9ea7b125-ed3a-41a1-9010-4893e0164710","name":"Canadian Centre for Cyber Security September 15 2023","description":"Communications Security Establishment Canada. (2023, September 15). Distributed Denial of Service campaign targeting multiple Canadian sectors - Canadian Centre for Cyber Security. Retrieved December 12, 2024.","url":"https://www.cyber.gc.ca/en/alerts-advisories/distributed-denial-service-campaign-targeting-multiple-canadian-sectors","source":"Tidal Cyber","title":"Distributed Denial of Service campaign targeting multiple Canadian sectors - Canadian Centre for Cyber Security","authors":"Communications Security Establishment Canada","date_accessed":"2024-12-12T00:00:00Z","date_published":"2023-09-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"77905b7d-476b-5cc6-9694-0a64431f6cd6","created":"2025-04-11T15:05:58.510376Z","modified":"2025-04-11T15:05:58.670723Z"},{"id":"d2a1aab3-a4c9-4583-9cf8-170eeb77d828","name":"Microsoft DTC","description":"Microsoft. (2011, January 12). Distributed Transaction Coordinator. Retrieved February 25, 2016.","url":"https://technet.microsoft.com/en-us/library/cc759136(v=ws.10).aspx","source":"MITRE","title":"Distributed Transaction Coordinator","authors":"Microsoft","date_accessed":"2016-02-25T00:00:00Z","date_published":"2011-01-12T00:00:00Z","owner_name":null,"tidal_id":"a9fcf9b8-c299-58bb-80e2-73ad61df01fe","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439689Z"},{"id":"f990745d-06c1-4b0a-8394-66c7a3cf0818","name":"Mandiant UNC4841 August 29 2023","description":"Austin Larsen, John Palmisano, John Wolfram, Mathew Potaczek, Michael Raggi. (2023, August 29). Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation. Retrieved October 24, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/unc4841-post-barracuda-zero-day-remediation","source":"Tidal Cyber","title":"Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation","authors":"Austin Larsen, John Palmisano, John Wolfram, Mathew Potaczek, Michael Raggi","date_accessed":"2024-10-24T00:00:00Z","date_published":"2023-08-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9229f8bf-7e97-5263-ae47-4cbbe3e8ff46","created":"2024-10-25T19:42:15.148899Z","modified":"2024-10-25T19:42:15.420055Z"},{"id":"40e61aec-04e5-5916-a1b1-450b38990ce3","name":"Microsoft AppLocker DLL","description":"Microsoft. (2024, October 1). DLL rules in AppLocker. Retrieved April 10, 2025.","url":"https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/applocker/dll-rules-in-applocker","source":"MITRE","title":"DLL rules in AppLocker","authors":"Microsoft","date_accessed":"2025-04-10T00:00:00Z","date_published":"2024-10-01T00:00:00Z","owner_name":null,"tidal_id":"d021dacf-28a7-5619-9e57-2f97df27b531","created":"2025-04-22T20:47:30.675359Z","modified":"2025-12-17T15:08:36.440983Z"},{"id":"2f602a6c-0305-457c-b329-a17b55d8e094","name":"Mandiant Search Order","description":"Mandiant. (2010, August 31). DLL Search Order Hijacking Revisited. Retrieved December 5, 2014.","url":"https://www.mandiant.com/blog/dll-search-order-hijacking-revisited/","source":"MITRE","title":"DLL Search Order Hijacking Revisited","authors":"Mandiant","date_accessed":"2014-12-05T00:00:00Z","date_published":"2010-08-31T00:00:00Z","owner_name":null,"tidal_id":"97c0886d-ffcd-5199-ad8b-fbbafe50f133","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428840Z"},{"id":"0ba2675d-4d7f-406a-81fa-b87e62d7a539","name":"FireEye DLL Search Order Hijacking","description":"Nick Harbour. (2010, September 1). DLL Search Order Hijacking Revisited. Retrieved March 13, 2020.","url":"https://www.fireeye.com/blog/threat-research/2010/08/dll-search-order-hijacking-revisited.html","source":"MITRE","title":"DLL Search Order Hijacking Revisited","authors":"Nick Harbour","date_accessed":"2020-03-13T00:00:00Z","date_published":"2010-09-01T00:00:00Z","owner_name":null,"tidal_id":"8a04cd58-d8e4-5c10-af37-0c296e1ee8cc","created":"2022-12-14T20:06:32.013016Z","modified":"2024-10-31T16:28:18.591041Z"},{"id":"813905b5-7aa5-4bab-b2ac-eaafdea55805","name":"Stewart 2014","description":"Stewart, A. (2014). DLL SIDE-LOADING: A Thorn in the Side of the Anti-Virus Industry. Retrieved November 12, 2014.","url":"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-dll-sideloading.pdf","source":"MITRE","title":"DLL SIDE-LOADING: A Thorn in the Side of the Anti-Virus Industry","authors":"Stewart, A","date_accessed":"2014-11-12T00:00:00Z","date_published":"2014-01-01T00:00:00Z","owner_name":null,"tidal_id":"2f01f964-60c1-5b58-b895-c7b8f50cad0f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433569Z"},{"id":"330fd090-565f-50c1-9c1e-522f336abca7","name":"DMARC-overview","description":"DMARC. (n.d.). Retrieved March 24, 2025.","url":"https://dmarc.org/overview","source":"MITRE","title":"DMARC-overview","authors":"","date_accessed":"2025-03-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c6d59649-bbd3-59af-af37-416b5971d664","created":"2025-04-22T20:47:20.212402Z","modified":"2025-12-17T15:08:36.435619Z"},{"id":"ca0ba276-5746-5530-bd73-62f42d62119e","name":"DNS Beacons","description":"Vercara. (n.d.). Retrieved July 21, 2025.","url":"https://vercara.digicert.com/resources/dns-beacons#page_top","source":"MITRE","title":"DNS Beacons","authors":"","date_accessed":"2025-07-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2fcb997b-e97b-5e27-9dde-6c1d997962bb","created":"2025-10-29T21:08:48.165643Z","modified":"2025-12-17T15:08:36.425738Z"},{"id":"3571ca9d-3388-4e74-8b30-dd92ef2b5f10","name":"Dnscmd.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Dnscmd.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Dnscmd/","source":"Tidal Cyber","title":"Dnscmd.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"09688d44-bc0f-5261-98fc-9f2c87156731","created":"2024-01-12T14:46:39.741162Z","modified":"2024-01-12T14:46:39.914720Z"},{"id":"24b1cb7b-357f-470f-9715-fa0ec3958cbb","name":"Dnscmd Microsoft","description":"Microsoft. (2023, February 3). Dnscmd Microsoft. Retrieved July 11, 2023.","url":"https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/dnscmd","source":"Tidal Cyber","title":"Dnscmd Microsoft","authors":"Microsoft","date_accessed":"2023-07-11T00:00:00Z","date_published":"2023-02-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0aad9fe3-4dca-5859-99fa-c7f00257ce63","created":"2023-07-14T12:56:33.586887Z","modified":"2023-07-14T12:56:33.699906Z"},{"id":"0bbe1e50-28af-4265-a493-4bb4fd693bad","name":"DNS Dumpster","description":"Hacker Target. (n.d.). DNS Dumpster. Retrieved October 20, 2020.","url":"https://dnsdumpster.com/","source":"MITRE","title":"DNS Dumpster","authors":"Hacker Target","date_accessed":"2020-10-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8554ae98-415a-5485-913d-1d783e3407f7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424755Z"},{"id":"d597ad7d-f808-4289-b42a-79807248c2d6","name":"Talos DNSpionage Nov 2018","description":"Mercer, W., Rascagneres, P. (2018, November 27). DNSpionage Campaign Targets Middle East. Retrieved October 9, 2020.","url":"https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html","source":"MITRE","title":"DNSpionage Campaign Targets Middle East","authors":"Mercer, W., Rascagneres, P","date_accessed":"2020-10-09T00:00:00Z","date_published":"2018-11-27T00:00:00Z","owner_name":null,"tidal_id":"466bfc84-8aa8-5e3c-88d0-9cebf433287d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431730Z"},{"id":"bb420420-d03c-53b9-8bd9-e4357df8930a","name":"DNS-msft","description":"Microsoft. (2022). DNS Policies Overview. Retrieved June 6, 2024.","url":"https://learn.microsoft.com/en-us/windows-server/networking/dns/deploy/dns-policies-overview","source":"MITRE","title":"DNS Policies Overview","authors":"Microsoft","date_accessed":"2024-06-06T00:00:00Z","date_published":"2022-01-01T00:00:00Z","owner_name":null,"tidal_id":"628f9294-e4e6-58a3-9d0f-030253948586","created":"2024-10-31T16:28:37.981385Z","modified":"2025-12-17T15:08:36.442471Z"},{"id":"e41fde80-5ced-4f66-9852-392d1ef79520","name":"Unit42 DNS Mar 2019","description":"Hinchliffe, A. (2019, March 15). DNS Tunneling: how DNS can be (ab)used by malicious actors. Retrieved October 3, 2020.","url":"https://unit42.paloaltonetworks.com/dns-tunneling-how-dns-can-be-abused-by-malicious-actors/","source":"MITRE","title":"DNS Tunneling: how DNS can be (ab)used by malicious actors","authors":"Hinchliffe, A","date_accessed":"2020-10-03T00:00:00Z","date_published":"2019-03-15T00:00:00Z","owner_name":null,"tidal_id":"4e6c27db-ad24-572a-a284-72ca27ca1e9a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425704Z"},{"id":"bc24500a-500c-5e08-90ec-6fbb39b0b74c","name":"DNS-CISA","description":"CISA. (2016, September 29). DNS Zone Transfer AXFR Requests May Leak Domain Information. Retrieved June 5, 2024.","url":"https://www.cisa.gov/news-events/alerts/2015/04/13/dns-zone-transfer-axfr-requests-may-leak-domain-information","source":"MITRE","title":"DNS Zone Transfer AXFR Requests May Leak Domain Information","authors":"CISA","date_accessed":"2024-06-05T00:00:00Z","date_published":"2016-09-29T00:00:00Z","owner_name":null,"tidal_id":"ae8bd083-1bfa-5888-9743-231afd7ec579","created":"2024-10-31T16:28:16.657364Z","modified":"2025-12-17T15:08:36.424906Z"},{"id":"50652a27-c47b-41d4-a2eb-2ebf74e5bd09","name":"dnx.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). dnx.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Dnx/","source":"Tidal Cyber","title":"dnx.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c073f1d3-4931-5d2a-84ff-a87c7db1f5ff","created":"2024-01-12T14:47:21.315429Z","modified":"2024-01-12T14:47:21.499099Z"},{"id":"c4fa5825-85f9-5ab1-a59d-a86b20ef0570","name":"GTFOBins Docker","description":"GTFOBins. (n.d.). docker. Retrieved February 15, 2024.","url":"https://gtfobins.github.io/gtfobins/docker/","source":"MITRE","title":"docker","authors":"GTFOBins","date_accessed":"2024-02-15T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"bdf65bdb-1237-57f1-a63e-3e085ab50d9e","created":"2024-04-25T13:28:38.603595Z","modified":"2025-12-17T15:08:36.433523Z"},{"id":"ea86eae4-6ad4-4d79-9dd3-dd965a7feb5c","name":"Docker Daemon CLI","description":"Docker. (n.d.). DockerD CLI. Retrieved March 29, 2021.","url":"https://docs.docker.com/engine/reference/commandline/dockerd/","source":"MITRE","title":"DockerD CLI","authors":"Docker","date_accessed":"2021-03-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c3ec3e91-25ca-5e62-a59a-b13e9bbd9b60","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431494Z"},{"id":"b8ec1e37-7286-40e8-9577-ff9c54801086","name":"Docker API","description":"Docker. (n.d.). Docker Engine API v1.41 Reference. Retrieved March 31, 2021.","url":"https://docs.docker.com/engine/api/v1.41/","source":"MITRE","title":"Docker Engine API v1.41 Reference","authors":"Docker","date_accessed":"2021-03-31T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6297c4e9-1195-5658-8a78-8b49f1b4b1d4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424090Z"},{"id":"ee708b64-57f3-4b47-af05-1e26b698c21f","name":"Docker Build Image","description":"Docker. ( null). Docker Engine API v1.41 Reference - Build an Image. Retrieved March 30, 2021.","url":"https://docs.docker.com/engine/api/v1.41/#operation/ImageBuild","source":"MITRE","title":"Docker Engine API v1.41 Reference - Build an Image","authors":"Docker","date_accessed":"2021-03-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"cd48d060-a863-5bea-998c-4d8e25dc81a1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431792Z"},{"id":"2351cb32-23d6-4557-9c52-e6e228402bab","name":"Docker Containers API","description":"Docker. (n.d.). Docker Engine API v1.41 Reference - Container. Retrieved March 29, 2021.","url":"https://docs.docker.com/engine/api/v1.41/#tag/Container","source":"MITRE","title":"Docker Engine API v1.41 Reference - Container","authors":"Docker","date_accessed":"2021-03-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b965227c-078c-51ae-b580-611e02ffcac1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429880Z"},{"id":"5f1ace27-6584-4585-98de-52cb71d419c1","name":"Docker Exec","description":"Docker. (n.d.). Docker Exec. Retrieved March 29, 2021.","url":"https://docs.docker.com/engine/reference/commandline/exec/","source":"MITRE","title":"Docker Exec","authors":"Docker","date_accessed":"2021-03-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9d900c9f-c482-5418-a2da-d93808470ebb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431481Z"},{"id":"9b4d1e80-61e9-4557-a562-5eda66d0bbf7","name":"Docker Images","description":"Docker. (n.d.). Docker Images. Retrieved April 6, 2021.","url":"https://docs.docker.com/engine/reference/commandline/images/","source":"MITRE","title":"Docker Images","authors":"Docker","date_accessed":"2021-04-06T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8652661a-1c4f-5335-8256-c23755cbd129","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425870Z"},{"id":"52954bb1-16b0-4717-a72c-8a6dec97610b","name":"Docker Overview","description":"Docker. (n.d.). Docker Overview. Retrieved March 30, 2021.","url":"https://docs.docker.com/get-started/overview/","source":"MITRE","title":"Docker Overview","authors":"Docker","date_accessed":"2021-03-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d24db883-4bc8-51f7-b3d6-d111be8c3757","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429060Z"},{"id":"c80ad3fd-d7fc-4a7a-8565-da3feaa4a915","name":"Docker Entrypoint","description":"Docker. (n.d.). Docker run reference. Retrieved March 29, 2021.","url":"https://docs.docker.com/engine/reference/run/#entrypoint-default-command-to-execute-at-runtime","source":"MITRE","title":"Docker run reference","authors":"Docker","date_accessed":"2021-03-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"003b4d95-a3ce-5adc-8b27-afab11942c48","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431487Z"},{"id":"a9497afa-42c8-499e-a6b6-4231b1c22f6e","name":"TechNet Server Operator Scheduled Task","description":"Microsoft. (2012, November 15). Domain controller: Allow server operators to schedule tasks. Retrieved December 18, 2017.","url":"https://technet.microsoft.com/library/jj852168.aspx","source":"MITRE","title":"Domain controller: Allow server operators to schedule tasks","authors":"Microsoft","date_accessed":"2017-12-18T00:00:00Z","date_published":"2012-11-15T00:00:00Z","owner_name":null,"tidal_id":"fad8830b-02f3-5be9-a26b-71279dd9cf36","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416384Z"},{"id":"5dbe2bcb-40b9-4ff8-a37a-0893a7a6cb58","name":"Cisco Umbrella DGA","description":"Scarfo, A. (2016, October 10). Domain Generation Algorithms – Why so effective?. Retrieved February 18, 2019.","url":"https://umbrella.cisco.com/blog/2016/10/10/domain-generation-algorithms-effective/","source":"MITRE","title":"Domain Generation Algorithms – Why so effective?","authors":"Scarfo, A","date_accessed":"2019-02-18T00:00:00Z","date_published":"2016-10-10T00:00:00Z","owner_name":null,"tidal_id":"ff14015a-1a91-54cf-aed1-351c238845f1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425188Z"},{"id":"571086ce-42d3-4416-9521-315f694647a6","name":"Microsoft GetAllTrustRelationships","description":"Microsoft. (n.d.). Domain.GetAllTrustRelationships Method. Retrieved February 14, 2019.","url":"https://docs.microsoft.com/en-us/dotnet/api/system.directoryservices.activedirectory.domain.getalltrustrelationships?redirectedfrom=MSDN&view=netframework-4.7.2#System_DirectoryServices_ActiveDirectory_Domain_GetAllTrustRelationships","source":"MITRE","title":"Domain.GetAllTrustRelationships Method","authors":"Microsoft","date_accessed":"2019-02-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1ab8d30c-7e54-5f17-881e-4a45586c85bd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431343Z"},{"id":"96c5ec6c-d53d-49c3-bca1-0b6abe0080e6","name":"ICANNDomainNameHijacking","description":"ICANN Security and Stability Advisory Committee. (2005, July 12). Domain Name Hijacking: Incidents, Threats, Risks and Remediation. Retrieved November 17, 2024.","url":"https://www.icann.org/en/ssac/registration-services/documents/sac-007-domain-name-hijacking-incidents-threats-risks-and-remediation-12-07-2005-en","source":"MITRE","title":"Domain Name Hijacking: Incidents, Threats, Risks and Remediation","authors":"ICANN Security and Stability Advisory Committee","date_accessed":"2024-11-17T00:00:00Z","date_published":"2005-07-12T00:00:00Z","owner_name":null,"tidal_id":"f5b99a12-49c0-5bbc-be23-be1e38df45c9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431717Z"},{"id":"ec460017-fd25-5975-b697-c8c11fee960d","name":"Palo Alto Unit 42 Domain Shadowing 2022","description":"Janos Szurdi, Rebekah Houser and Daiping Liu. (2022, September 21). Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime. Retrieved March 7, 2023.","url":"https://unit42.paloaltonetworks.com/domain-shadowing/","source":"MITRE","title":"Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime","authors":"Janos Szurdi, Rebekah Houser and Daiping Liu","date_accessed":"2023-03-07T00:00:00Z","date_published":"2022-09-21T00:00:00Z","owner_name":null,"tidal_id":"b27834c6-8f47-5272-9fdb-1a7c622017d4","created":"2023-05-26T01:21:11.136276Z","modified":"2025-12-17T15:08:36.436675Z"},{"id":"8094c5ff-2479-54fa-9e78-3f0e161d735d","name":"Splunk RedLine Stealer June 2023","description":"Splunk Threat Research Team. (2023, June 1). Do Not Cross The 'RedLine' Stealer: Detections and Analysis. Retrieved September 17, 2025.","url":"https://www.splunk.com/en_us/blog/security/do-not-cross-the-redline-stealer-detections-and-analysis.html","source":"MITRE","title":"Do Not Cross The 'RedLine' Stealer: Detections and Analysis","authors":"Splunk Threat Research Team","date_accessed":"2025-09-17T00:00:00Z","date_published":"2023-06-01T00:00:00Z","owner_name":null,"tidal_id":"ebbf24ac-4f6a-5db2-8e22-6fbfef7c7451","created":"2025-10-29T21:08:48.165207Z","modified":"2025-12-17T15:08:36.420226Z"},{"id":"e6d5b908-3837-4f7e-93c8-378d4006db58","name":"www.welivesecurity.com January 18 2022","description":"None Identified. (2022, January 18). DoNot Go! Do not respawn!. Retrieved January 20, 2026.","url":"https://www.welivesecurity.com/2022/01/18/donot-go-do-not-respawn/","source":"Tidal Cyber","title":"DoNot Go! Do not respawn!","authors":"None Identified","date_accessed":"2026-01-20T12:00:00Z","date_published":"2022-01-18T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"71e62e86-0001-578a-8776-c40af6ab68be","created":"2026-01-23T20:29:38.997958Z","modified":"2026-01-23T20:29:39.397638Z"},{"id":"a1b987cc-7789-411c-9673-3cf6357b207c","name":"ASERT Donot March 2018","description":"Schwarz, D., Sopko J. (2018, March 08). Donot Team Leverages New Modular Malware Framework in South Asia. Retrieved June 11, 2018.","url":"https://www.arbornetworks.com/blog/asert/donot-team-leverages-new-modular-malware-framework-south-asia/","source":"MITRE","title":"Donot Team Leverages New Modular Malware Framework in South Asia","authors":"Schwarz, D., Sopko J","date_accessed":"2018-06-11T00:00:00Z","date_published":"2018-03-08T00:00:00Z","owner_name":null,"tidal_id":"930d8f54-6298-5690-99a8-12b250c80206","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416738Z"},{"id":"3e1ae9e8-2547-4b37-bce4-9f3eda66b445","name":"Sophos News August 13 2024","description":"Paul Jacobs. (2024, August 13). Don't get Mad, get wise. Retrieved August 26, 2024.","url":"https://news.sophos.com/en-us/2024/08/13/dont-get-mad-get-wise/","source":"Tidal Cyber","title":"Don't get Mad, get wise","authors":"Paul Jacobs","date_accessed":"2024-08-26T00:00:00Z","date_published":"2024-08-13T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f1c12d62-04f3-51b1-a14a-6a8c1f6c4f29","created":"2025-02-03T21:08:27.038538Z","modified":"2025-02-03T21:08:27.365307Z"},{"id":"b63f5934-2ace-5326-89be-7a850469a563","name":"Mandiant URL Obfuscation 2023","description":"Nick Simonian. (2023, May 22). Don't @ Me: URL Obfuscation Through Schema Abuse. Retrieved August 4, 2023.","url":"https://www.mandiant.com/resources/blog/url-obfuscation-schema-abuse","source":"MITRE","title":"Don't @ Me: URL Obfuscation Through Schema Abuse","authors":"Nick Simonian","date_accessed":"2023-08-04T00:00:00Z","date_published":"2023-05-22T00:00:00Z","owner_name":null,"tidal_id":"29f0f0cb-c0e5-539c-871b-0d5f2fa2ae7f","created":"2023-11-07T00:35:59.419812Z","modified":"2025-12-17T15:08:36.426765Z"},{"id":"d5ed4c98-6d37-5000-bba0-9aada295a50c","name":"mandiant-masking","description":"Simonian, Nick. (2023, May 22). Don't @ Me: URL Obfuscation Through Schema Abuse. Retrieved January 17, 2024.","url":"https://www.mandiant.com/resources/blog/url-obfuscation-schema-abuse","source":"MITRE","title":"Don't @ Me: URL Obfuscation Through Schema Abuse","authors":"Simonian, Nick","date_accessed":"2024-01-17T00:00:00Z","date_published":"2023-05-22T00:00:00Z","owner_name":null,"tidal_id":"f67008be-6b5b-5564-a877-36fa92126eaf","created":"2024-04-25T13:28:37.393994Z","modified":"2025-12-17T15:08:36.432133Z"},{"id":"75b860d9-a48d-57de-ba1e-b0db970abb1b","name":"Schema-abuse","description":"Nick Simonian. (2023, May 22). Don't @ Me: URL Obfuscation Through Schema Abuse. Retrieved February 13, 2024.","url":"https://www.mandiant.com/resources/blog/url-obfuscation-schema-abuse","source":"MITRE","title":"Don't @ Me: URL Obfuscation Through Schema Abuse","authors":"Nick Simonian","date_accessed":"2024-02-13T00:00:00Z","date_published":"2023-05-22T00:00:00Z","owner_name":null,"tidal_id":"fcd7849f-aefe-549a-801b-866ecac38efa","created":"2024-04-25T13:28:41.113472Z","modified":"2025-12-17T15:08:36.436146Z"},{"id":"5f28c41f-6903-4779-93d4-3de99e031b70","name":"Donut Github","description":"TheWover. (2019, May 9). donut. Retrieved March 25, 2022.","url":"https://github.com/TheWover/donut","source":"MITRE","title":"donut","authors":"TheWover","date_accessed":"2022-03-25T00:00:00Z","date_published":"2019-05-09T00:00:00Z","owner_name":null,"tidal_id":"ef5f0430-3796-5811-91c1-1e01330360c7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423218Z"},{"id":"8fd099c6-e002-44d0-8b7f-65f290a42c07","name":"Introducing Donut","description":"The Wover. (2019, May 9). Donut - Injecting .NET Assemblies as Shellcode. Retrieved October 4, 2021.","url":"https://thewover.github.io/Introducing-Donut/","source":"MITRE","title":"Donut - Injecting .NET Assemblies as Shellcode","authors":"The Wover","date_accessed":"2021-10-04T00:00:00Z","date_published":"2019-05-09T00:00:00Z","owner_name":null,"tidal_id":"1e320ccd-80dd-5aba-9aef-d66031325ad0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423211Z"},{"id":"8abe21ad-88d1-4a5c-b79e-8216b4b06862","name":"Dotnet.exe - LOLBAS Project","description":"LOLBAS. (2019, November 12). Dotnet.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Dotnet/","source":"Tidal Cyber","title":"Dotnet.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2019-11-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3edde046-87e1-5a88-b330-236bec72f2e9","created":"2024-01-12T14:47:21.682881Z","modified":"2024-01-12T14:47:21.869575Z"},{"id":"4406d688-c392-5244-b438-6995f38dfc61","name":"cyberproof-double-bounce","description":"Itkin, Liora. (2022, September 1). Double-bounced attacks with email spoofing . Retrieved February 24, 2023.","url":"https://blog.cyberproof.com/blog/double-bounced-attacks-with-email-spoofing-2022-trends","source":"MITRE","title":"Double-bounced attacks with email spoofing","authors":"Itkin, Liora","date_accessed":"2023-02-24T00:00:00Z","date_published":"2022-09-01T00:00:00Z","owner_name":null,"tidal_id":"1f97bd8c-e05f-597b-9f2f-61c4a1b00bb2","created":"2023-05-26T01:21:08.633578Z","modified":"2025-12-17T15:08:36.433243Z"},{"id":"20f8e252-0a95-4ebd-857c-d05b0cde0904","name":"FireEye APT41 Aug 2019","description":"Fraser, N., et al. (2019, August 7). Double DragonAPT41, a dual espionage and cyber crime operation APT41. Retrieved September 23, 2019.","url":"https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf","source":"MITRE, Tidal Cyber","title":"Double DragonAPT41, a dual espionage and cyber crime operation APT41","authors":"Fraser, N., et al","date_accessed":"2019-09-23T00:00:00Z","date_published":"2019-08-07T00:00:00Z","owner_name":null,"tidal_id":"fe20fc01-1b5d-52e2-b342-badbd3ac220f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.262166Z"},{"id":"daa31f35-15a6-413b-9319-80d6921d1598","name":"FireEye APT41 2019","description":"FireEye. (2019). Double DragonAPT41, a dual espionage andcyber crime operationAPT41. Retrieved September 23, 2019.","url":"https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf","source":"MITRE","title":"Double DragonAPT41, a dual espionage andcyber crime operationAPT41","authors":"FireEye","date_accessed":"2019-09-23T00:00:00Z","date_published":"2019-01-01T00:00:00Z","owner_name":null,"tidal_id":"5abcb37a-7819-50cf-85ba-bbb5ce82e625","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438827Z"},{"id":"931aed95-a629-4f94-8762-aad580f5d3e2","name":"Malwarebytes IssacWiper CaddyWiper March 2022","description":"Threat Intelligence Team. (2022, March 18). Double header: IsaacWiper and CaddyWiper . Retrieved April 11, 2022.","url":"https://blog.malwarebytes.com/threat-intelligence/2022/03/double-header-isaacwiper-and-caddywiper/","source":"MITRE","title":"Double header: IsaacWiper and CaddyWiper","authors":"Threat Intelligence Team","date_accessed":"2022-04-11T00:00:00Z","date_published":"2022-03-18T00:00:00Z","owner_name":null,"tidal_id":"317a719e-5bdb-5669-b648-a2d108c1198e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441998Z"},{"id":"a91c3252-94b8-52a8-bb0d-cadac6afa161","name":"Crowdstrike-leaks","description":"Crowdstrike. (2020, September 24). Double Trouble: Ransomware with Data Leak Extortion, Part 1. Retrieved December 6, 2023.","url":"https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1/","source":"MITRE","title":"Double Trouble: Ransomware with Data Leak Extortion, Part 1","authors":"Crowdstrike","date_accessed":"2023-12-06T00:00:00Z","date_published":"2020-09-24T00:00:00Z","owner_name":null,"tidal_id":"df71401a-81d3-57da-84ef-85255442ae5c","created":"2024-04-25T13:28:37.406248Z","modified":"2025-12-17T15:08:36.432146Z"},{"id":"8b5d46bf-fb4e-4ecd-b8a9-9c084c1864a3","name":"tlseminar_downgrade_att","description":"Team Cinnamon. (2017, February 3). Downgrade Attacks. Retrieved December 9, 2021.","url":"https://tlseminar.github.io/downgrade-attacks/","source":"MITRE","title":"Downgrade Attacks","authors":"Team Cinnamon","date_accessed":"2021-12-09T00:00:00Z","date_published":"2017-02-03T00:00:00Z","owner_name":null,"tidal_id":"4923e24c-6126-5757-a7d2-f3254e178811","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423948Z"},{"id":"88a84f9a-e077-4fdd-9936-30fc7b290476","name":"LogRhythm Do You Trust Oct 2014","description":"Foss, G. (2014, October 3). Do You Trust Your Computer?. Retrieved December 17, 2018.","url":"https://logrhythm.com/blog/do-you-trust-your-computer/","source":"MITRE","title":"Do You Trust Your Computer?","authors":"Foss, G","date_accessed":"2018-12-17T00:00:00Z","date_published":"2014-10-03T00:00:00Z","owner_name":null,"tidal_id":"2778e62a-bc97-5cde-a9ca-b7f6f42c1a16","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432631Z"},{"id":"3ec5440a-cb3b-4aa9-8e0e-0f92525ef51c","name":"VNC Vulnerabilities","description":"Sergiu Gatlan. (2019, November 22). Dozens of VNC Vulnerabilities Found in Linux, Windows Solutions. Retrieved September 20, 2021.","url":"https://www.bleepingcomputer.com/news/security/dozens-of-vnc-vulnerabilities-found-in-linux-windows-solutions/","source":"MITRE","title":"Dozens of VNC Vulnerabilities Found in Linux, Windows Solutions","authors":"Sergiu Gatlan","date_accessed":"2021-09-20T00:00:00Z","date_published":"2019-11-22T00:00:00Z","owner_name":null,"tidal_id":"4b6fdd83-f3e9-5d8f-ae3b-a81a3b1d9ed1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423748Z"},{"id":"66fc30f1-2ace-4c63-9371-448827fdb719","name":"Google Cloud Blog October 16 2025","description":"Blas Kojusner, Robert Wallace, Joseph Dobson. (2025, October 16). DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains | Google Cloud Blog. Retrieved October 22, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhiding","source":"Tidal Cyber","title":"DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains | Google Cloud Blog","authors":"Blas Kojusner, Robert Wallace, Joseph Dobson","date_accessed":"2025-10-22T12:00:00Z","date_published":"2025-10-16T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4d65c5b0-9aee-5c53-913d-6016f3423816","created":"2025-10-24T16:13:06.447497Z","modified":"2025-10-24T16:13:06.586091Z"},{"id":"af33e366-77f6-47e1-9d3b-790d650418e9","name":"Google Cloud April 1 2025","description":"Google Threat Intelligence Group. (2025, April 1). DPRK IT Workers Expanding in Scope and Scale . Retrieved July 7, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/dprk-it-workers-expanding-scope-scale","source":"Tidal Cyber","title":"DPRK IT Workers Expanding in Scope and Scale","authors":"Google Threat Intelligence Group","date_accessed":"2025-07-07T12:00:00Z","date_published":"2025-04-01T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f646fdef-af0d-5bd4-8f7f-b9dcc69f254b","created":"2025-07-08T16:58:15.092131Z","modified":"2025-07-08T16:58:15.279609Z"},{"id":"f692c6fa-7b3a-4d1d-9002-b1a59f7116f4","name":"Accenture Dragonfish Jan 2018","description":"Accenture Security. (2018, January 27). DRAGONFISH DELIVERS NEW FORM OF ELISE MALWARE TARGETING ASEAN DEFENCE MINISTERS’ MEETING AND ASSOCIATES. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20190508165226/https://www.accenture.com/t20180127T003755Z_w_/us-en/_acnmedia/PDF-46/Accenture-Security-Dragonfish-Threat-Analysis.pdf","source":"MITRE","title":"DRAGONFISH DELIVERS NEW FORM OF ELISE MALWARE TARGETING ASEAN DEFENCE MINISTERS’ MEETING AND ASSOCIATES","authors":"Accenture Security","date_accessed":"2024-11-17T00:00:00Z","date_published":"2018-01-27T00:00:00Z","owner_name":null,"tidal_id":"bd6616e6-921c-5f05-8ea5-9132c8074e05","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419636Z"},{"id":"9514c5cd-2ed6-4dbf-aa9e-1c425e969226","name":"Symantec Dragonfly","description":"Symantec Security Response. (2014, June 30). Dragonfly: Cyberespionage Attacks Against Energy Suppliers. Retrieved April 8, 2016.","url":"https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=7382dce7-0260-4782-84cc-890971ed3f17&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments","source":"MITRE, Tidal Cyber","title":"Dragonfly: Cyberespionage Attacks Against Energy Suppliers","authors":"Symantec Security Response","date_accessed":"2016-04-08T00:00:00Z","date_published":"2014-06-30T00:00:00Z","owner_name":null,"tidal_id":"d98ab005-c541-5308-af32-7be8c679254c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.257050Z"},{"id":"11bbeafc-ed5d-4d2b-9795-a0a9544fb64e","name":"Symantec Dragonfly Sept 2017","description":"Symantec Security Response. (2014, July 7). Dragonfly: Western energy sector targeted by sophisticated attack group. Retrieved September 9, 2017.","url":"https://docs.broadcom.com/doc/dragonfly_threat_against_western_energy_suppliers","source":"MITRE","title":"Dragonfly: Western energy sector targeted by sophisticated attack group","authors":"Symantec Security Response","date_accessed":"2017-09-09T00:00:00Z","date_published":"2014-07-07T00:00:00Z","owner_name":null,"tidal_id":"6a37887e-2cdb-5780-8d84-ad0fcf417302","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416753Z"},{"id":"a0439d4a-a3ea-4be5-9a01-f223ca259681","name":"Symantec Dragonfly 2.0 October 2017","description":"Symantec. (2017, October 7). Dragonfly: Western energy sector targeted by sophisticated attack group. Retrieved April 19, 2022.","url":"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks","source":"MITRE","title":"Dragonfly: Western energy sector targeted by sophisticated attack group","authors":"Symantec","date_accessed":"2022-04-19T00:00:00Z","date_published":"2017-10-07T00:00:00Z","owner_name":null,"tidal_id":"70f34fa4-8ab2-5f65-97d9-ad78139e4b7e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437469Z"},{"id":"edb4359f-f12a-4ab1-9116-9c4b3220120d","name":"Sophos DragonForce Attack May 27 2025","description":"Anthony Bradshaw, Hunter Neal, Morgan Demboski, Sean Gallagher. (2025, May 27). DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers. Retrieved June 2, 2025.","url":"https://news.sophos.com/en-us/2025/05/27/dragonforce-actors-target-simplehelp-vulnerabilities-to-attack-msp-customers/","source":"Tidal Cyber","title":"DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers","authors":"Anthony Bradshaw, Hunter Neal, Morgan Demboski, Sean Gallagher","date_accessed":"2025-06-02T00:00:00Z","date_published":"2025-05-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d5349211-8bf4-5994-b81a-8470f40bd2e8","created":"2025-06-03T14:14:11.254064Z","modified":"2025-06-03T14:14:11.412087Z"},{"id":"c8ea888b-c87c-49eb-a1be-3a269292c414","name":"Cisco Talos Blog September 10 2024","description":"Joey Chen. (2024, September 10). DragonRank, a Chinese-speaking SEO manipulator service provider. Retrieved September 11, 2024.","url":"https://blog.talosintelligence.com/dragon-rank-seo-poisoning/","source":"Tidal Cyber","title":"DragonRank, a Chinese-speaking SEO manipulator service provider","authors":"Joey Chen","date_accessed":"2024-09-11T00:00:00Z","date_published":"2024-09-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"072dddef-3be1-5b93-bab5-7a0ce069d78c","created":"2025-02-11T18:20:03.409761Z","modified":"2025-02-11T18:20:03.601737Z"},{"id":"d7648e78-2743-5313-9a0f-fce6e12db147","name":"Dragos December 2017","description":"Dragos 2017, December 13 TRISIS Malware Analysis of Safety System Targeted Malware. Retrieved 2018/01/12","url":"https://dragos.com/blog/trisis/TRISIS-01.pdf","source":"ICS","title":"Dragos December 2017","authors":"","date_accessed":"2018-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b6e4b201-2fc1-5a55-ac95-aa021f125730","created":"2026-01-28T13:08:18.175769Z","modified":"2026-01-28T13:08:18.175772Z"},{"id":"786c2951-50d9-5011-aff2-b9f9f101edc2","name":"Dragos Inc. June 2017","description":"Dragos Inc. 2017, June 13 Industroyer - Dragos - 201706: Analysis of the Threat to Electic Grid Operations. Retrieved 2017/09/18","url":"https://dragos.com/blog/crashoverride/CrashOverride-01.pdf","source":"ICS","title":"Dragos Inc. June 2017","authors":"","date_accessed":"2017-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b4b85f29-8b80-577e-aabd-2648b16485c5","created":"2026-01-28T13:08:18.179694Z","modified":"2026-01-28T13:08:18.179697Z"},{"id":"aab3fd7e-ba04-5f51-a40d-64477964ca62","name":"Dragos October 2018","description":"Dragos 2018, October 12 Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE. Retrieved 2019/10/14","url":"https://dragos.com/wp-content/uploads/CRASHOVERRIDE2018.pdf","source":"ICS","title":"Dragos October 2018","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"973734e3-c5ac-51f9-a67c-daa74d8403da","created":"2026-01-28T13:08:18.179497Z","modified":"2026-01-28T13:08:18.179500Z"},{"id":"bcf7adc6-7819-53a9-8980-a4bccfde8914","name":"Dragos Threat Intelligence August 2019","description":"Dragos Threat Intelligence 2019, August Global Oil and Gas Cyber Threat Perspective. Retrieved 2020/01/03","url":"https://dragos.com/wp-content/uploads/Dragos-Oil-and-Gas-Threat-Perspective-2019.pdf","source":"ICS","title":"Dragos Threat Intelligence August 2019","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"74849d35-f680-5e3c-9f6e-1b070b764d6b","created":"2026-01-28T13:08:18.180375Z","modified":"2026-01-28T13:08:18.180378Z"},{"id":"ed87ce89-c4b5-5211-906b-d628d2156fce","name":"Dragos Threat Intelligence February 2020","description":"Dragos Threat Intelligence 2020, February 03 EKANS Ransomware and ICS Operations. Retrieved 2021/04/12","url":"https://www.dragos.com/blog/industry-news/ekans-ransomware-and-ics-operations/","source":"ICS","title":"Dragos Threat Intelligence February 2020","authors":"","date_accessed":"2021-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1d2ecea2-4265-5dca-8db7-9ad8708a6132","created":"2026-01-28T13:08:18.180423Z","modified":"2026-01-28T13:08:18.180426Z"},{"id":"c9324e31-1135-5142-bb20-0555b6fde20b","name":"TrendMicro-DressCode","description":"Echo Duan. (2016, September 29). DressCode and its Potential Impact for Enterprises. Retrieved December","url":"http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-potential-impact-enterprises/","source":"Mobile","title":"DressCode and its Potential Impact for Enterprises","authors":"Echo Duan","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-09-29T00:00:00Z","owner_name":null,"tidal_id":"1e0d9e28-9fe7-5c3e-9f8b-c143fc5dcac2","created":"2026-01-28T13:08:10.042464Z","modified":"2026-01-28T13:08:10.042467Z"},{"id":"52c48bc3-2b53-4214-85c3-7e5dd036c969","name":"Kaspersky Dridex May 2017","description":"Slepogin, N. (2017, May 25). Dridex: A History of Evolution. Retrieved May 31, 2019.","url":"https://securelist.com/dridex-a-history-of-evolution/78531/","source":"MITRE","title":"Dridex: A History of Evolution","authors":"Slepogin, N","date_accessed":"2019-05-31T00:00:00Z","date_published":"2017-05-25T00:00:00Z","owner_name":null,"tidal_id":"5a726e00-c091-5ce8-8b99-813aff80aab4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422308Z"},{"id":"f81ce947-d875-4631-9709-b54c8b5d25bc","name":"Dell Dridex Oct 2015","description":"Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, October 13). Dridex (Bugat v5) Botnet Takeover Operation. Retrieved May 31, 2019.","url":"https://www.secureworks.com/research/dridex-bugat-v5-botnet-takeover-operation","source":"MITRE","title":"Dridex (Bugat v5) Botnet Takeover Operation","authors":"Dell SecureWorks Counter Threat Unit Threat Intelligence","date_accessed":"2019-05-31T00:00:00Z","date_published":"2015-10-13T00:00:00Z","owner_name":null,"tidal_id":"7ccc114b-24e3-5276-9175-9c055c7c71d9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422301Z"},{"id":"3be25132-6655-5fa9-92cb-772d02f49d2b","name":"Red Canary Dridex Threat Report 2021","description":"Red Canary. (2021, February 9). Dridex - Red Canary Threat Detection Report. Retrieved August 3, 2023.","url":"https://redcanary.com/threat-detection-report/threats/dridex/","source":"MITRE","title":"Dridex - Red Canary Threat Detection Report","authors":"Red Canary","date_accessed":"2023-08-03T00:00:00Z","date_published":"2021-02-09T00:00:00Z","owner_name":null,"tidal_id":"ca9a78fa-618c-587a-bd44-160202e7b56f","created":"2023-11-07T00:36:19.175091Z","modified":"2025-12-17T15:08:36.440483Z"},{"id":"85bee18e-216d-4ea6-b34e-b071e3f63382","name":"volexity_0day_sophos_FW","description":"Adair, S., Lancaster, T., Volexity Threat Research. (2022, June 15). DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach. Retrieved July 1, 2022.","url":"https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/","source":"MITRE","title":"DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach","authors":"Adair, S., Lancaster, T., Volexity Threat Research","date_accessed":"2022-07-01T00:00:00Z","date_published":"2022-06-15T00:00:00Z","owner_name":null,"tidal_id":"3cbb7f2a-1d35-504d-9075-9d978637a203","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423907Z"},{"id":"f15ac961-080d-4e33-a958-6c343f4c3569","name":"The Register Salesloft Drift September 8 2025","description":"Jessica Lyons. (2025, September 8). Drift massive attack traced back to loose Salesloft GitHub account. Retrieved November 24, 2025.","url":"https://www.bleepingcomputer.com/news/security/meet-shinysp1d3r-new-ransomware-as-a-service-created-by-shinyhunters/","source":"Tidal Cyber","title":"Drift massive attack traced back to loose Salesloft GitHub account","authors":"Jessica Lyons","date_accessed":"2025-11-24T12:00:00Z","date_published":"2025-09-08T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2a8b7885-9c4f-5f9a-8619-e2acac5db884","created":"2025-11-26T19:37:30.176659Z","modified":"2025-11-26T19:37:30.312318Z"},{"id":"2d08dfba-65b3-5a1e-a3f1-c1ec5e1b8b0c","name":"cyble_drinik_1022","description":"Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved November","url":"https://web.archive.org/web/20221114031945/https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/","source":"Mobile","title":"Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers","authors":"Cyble","date_accessed":"1978-11-01T00:00:00Z","date_published":"2022-10-27T00:00:00Z","owner_name":null,"tidal_id":"5325ad02-7b80-5bdf-825b-bdab60f7d14d","created":"2026-01-28T13:08:10.041896Z","modified":"2026-01-28T13:08:10.041899Z"},{"id":"f546898e-3639-58f4-85a2-6268dfaab207","name":"Google Drive Log Events","description":"Google. (n.d.). Drive log events. Retrieved March 4, 2024.","url":"https://support.google.com/a/answer/4579696","source":"MITRE","title":"Drive log events","authors":"Google","date_accessed":"2024-03-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"875dde17-bd04-548c-b59f-8a5c7144b45f","created":"2024-04-25T13:28:53.179245Z","modified":"2025-04-22T20:47:32.434710Z"},{"id":"7302dc00-a75a-5787-a04c-88ef4922ac09","name":"Microsoft Driverquery","description":"Microsoft. (n.d.). driverquery. Retrieved March 28, 2023.","url":"https://learn.microsoft.com/windows-server/administration/windows-commands/driverquery","source":"MITRE","title":"driverquery","authors":"Microsoft","date_accessed":"2023-03-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"448304df-0b7a-5605-b2f4-ceb8c137a87b","created":"2023-05-26T01:21:02.591716Z","modified":"2025-12-17T15:08:36.426206Z"},{"id":"3a24f9b7-2b89-530d-bf4a-8acde38c31ec","name":"Rastogi","description":"Vaibhav Rastogi, Yan Chen, and Xuxian Jiang. (2013, May). DroidChameleon: Evaluating Android Anti-malware against Transformation Attacks. Retrieved December","url":"http://pages.cs.wisc.edu/~vrastogi/static/papers/rcj13b.pdf","source":"Mobile","title":"DroidChameleon: Evaluating Android Anti-malware against Transformation Attacks","authors":"Vaibhav Rastogi, Yan Chen, and Xuxian Jiang","date_accessed":"1978-12-01T00:00:00Z","date_published":"2013-05-01T00:00:00Z","owner_name":null,"tidal_id":"19478edf-8f32-5f7f-8d01-6980f6d1a97d","created":"2026-01-28T13:08:10.045483Z","modified":"2026-01-28T13:08:10.045488Z"},{"id":"005465c2-d3b1-5dd2-b003-e5d239c2fc3e","name":"Proofpoint-Droidjack","description":"Proofpoint. (2016, July 7). DroidJack Uses Side-Load…It's Super Effective! Backdoored Pokemon GO Android App Found. Retrieved January","url":"https://www.proofpoint.com/us/threat-insight/post/droidjack-uses-side-load-backdoored-pokemon-go-android-app","source":"Mobile","title":"DroidJack Uses Side-Load…It's Super Effective! Backdoored Pokemon GO Android App Found","authors":"Proofpoint","date_accessed":"1978-01-01T00:00:00Z","date_published":"2016-07-07T00:00:00Z","owner_name":null,"tidal_id":"2cdd8e7d-190f-5fbd-b278-4d1da24b655f","created":"2026-01-28T13:08:10.038784Z","modified":"2026-01-28T13:08:10.038787Z"},{"id":"06ca63fa-8c6c-501c-96d3-5e7e45ca1e04","name":"Dropbox Malware Sync","description":"David Talbot. (2013, August 21). Dropbox and Similar Services Can Sync Malware. Retrieved May 31, 2023.","url":"https://www.technologyreview.com/2013/08/21/83143/dropbox-and-similar-services-can-sync-malware/","source":"MITRE","title":"Dropbox and Similar Services Can Sync Malware","authors":"David Talbot","date_accessed":"2023-05-31T00:00:00Z","date_published":"2013-08-21T00:00:00Z","owner_name":null,"tidal_id":"2d9d96fc-0d66-560d-a0c8-50c429f1bb4a","created":"2023-11-07T00:36:07.265117Z","modified":"2025-12-17T15:08:36.434167Z"},{"id":"a8dc5598-9963-4a1d-a473-bee8d2c72c57","name":"Cyberreason Anchor December 2019","description":"Dahan, A. et al. (2019, December 11). DROPPING ANCHOR: FROM A TRICKBOT INFECTION TO THE DISCOVERY OF THE ANCHOR MALWARE. Retrieved September 10, 2020.","url":"https://www.cybereason.com/blog/dropping-anchor-from-a-trickbot-infection-to-the-discovery-of-the-anchor-malware","source":"MITRE","title":"DROPPING ANCHOR: FROM A TRICKBOT INFECTION TO THE DISCOVERY OF THE ANCHOR MALWARE","authors":"Dahan, A. et al","date_accessed":"2020-09-10T00:00:00Z","date_published":"2019-12-11T00:00:00Z","owner_name":null,"tidal_id":"20b69c34-5c03-5833-b203-c8a6b3812f7b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419045Z"},{"id":"79e8f598-9962-4124-b884-eb10f86885af","name":"Samba DRSUAPI","description":"SambaWiki. (n.d.). DRSUAPI. Retrieved December 4, 2017.","url":"https://wiki.samba.org/index.php/DRSUAPI","source":"MITRE","title":"DRSUAPI","authors":"SambaWiki","date_accessed":"2017-12-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f59198da-f38a-5333-b4af-d9d34aca15d2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424399Z"},{"id":"fc982faf-a37d-4d0b-949c-f7a27adc3030","name":"dsdbutil.exe - LOLBAS Project","description":"LOLBAS. (2023, May 31). dsdbutil.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Dsdbutil/","source":"Tidal Cyber","title":"dsdbutil.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2023-05-31T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"12b69b8f-257f-5802-a247-a8e4f94fcc58","created":"2024-01-12T14:47:22.057090Z","modified":"2024-01-12T14:47:22.240131Z"},{"id":"bbbb4a45-2963-4f04-901a-fb2752800e12","name":"TechNet Dsquery","description":"Microsoft. (n.d.). Dsquery. Retrieved April 18, 2016.","url":"https://technet.microsoft.com/en-us/library/cc732952.aspx","source":"MITRE","title":"Dsquery","authors":"Microsoft","date_accessed":"2016-04-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b3415c36-0eea-56e4-bc3f-86ca6dc39dd7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422919Z"},{"id":"1ac944f4-868c-4312-8b5d-1580fd6542a0","name":"CyberBit Dtrack","description":"Hod Gavriel. (2019, November 21). Dtrack: In-depth analysis of APT on a nuclear power plant. Retrieved January 20, 2021.","url":"https://www.cyberbit.com/blog/endpoint-security/dtrack-apt-malware-found-in-nuclear-power-plant/","source":"MITRE","title":"Dtrack: In-depth analysis of APT on a nuclear power plant","authors":"Hod Gavriel","date_accessed":"2021-01-20T00:00:00Z","date_published":"2019-11-21T00:00:00Z","owner_name":null,"tidal_id":"9e2285ef-e448-5cc6-a733-33eeadbf85d5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422482Z"},{"id":"0122ee35-938d-493f-a3bb-bc75fc808f62","name":"Kaspersky Dtrack","description":"Kaspersky Global Research and Analysis Team. (2019, September 23). DTrack: previously unknown spy-tool by Lazarus hits financial institutions and research centers. Retrieved January 20, 2021.","url":"https://usa.kaspersky.com/about/press-releases/2019_dtrack-previously-unknown-spy-tool-hits-financial-institutions-and-research-centers","source":"MITRE","title":"DTrack: previously unknown spy-tool by Lazarus hits financial institutions and research centers","authors":"Kaspersky Global Research and Analysis Team","date_accessed":"2021-01-20T00:00:00Z","date_published":"2019-09-23T00:00:00Z","owner_name":null,"tidal_id":"46fb9f25-441e-53d8-b440-3607a8d558fa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422490Z"},{"id":"dc76db65-5a5a-43ab-8e84-6cd38a4524a7","name":"dtutil.exe - LOLBAS Project","description":"LOLBAS. (2024, June 17). dtutil.exe. Retrieved May 19, 2025.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Dtutil/","source":"Tidal Cyber","title":"dtutil.exe","authors":"LOLBAS","date_accessed":"2025-05-19T00:00:00Z","date_published":"2024-06-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"73cd8a27-2f22-522d-86cc-71c81b482e33","created":"2025-05-20T16:19:05.828001Z","modified":"2025-05-20T16:19:05.983020Z"},{"id":"49e88449-eee2-5391-8715-02c0fa14b6d4","name":"PaloAlto-DualToy","description":"Claud Xiao. (2016, September 13). DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices. Retrieved January","url":"https://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/","source":"Mobile","title":"DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices","authors":"Claud Xiao","date_accessed":"1978-01-01T00:00:00Z","date_published":"2016-09-13T00:00:00Z","owner_name":null,"tidal_id":"392cdccd-d14d-5ab7-a347-6eaa4da34ea9","created":"2026-01-28T13:08:10.040494Z","modified":"2026-01-28T13:08:10.040497Z"},{"id":"636a9b94-8260-45cc-bd74-a764cd8f50b0","name":"Crowdstrike Qakbot October 2020","description":"CS. (2020, October 7). Duck Hunting with Falcon Complete: A Fowl Banking Trojan Evolves, Part 2. Retrieved September 27, 2021.","url":"https://www.crowdstrike.com/blog/duck-hunting-with-falcon-complete-qakbot-zip-based-campaign/","source":"MITRE","title":"Duck Hunting with Falcon Complete: A Fowl Banking Trojan Evolves, Part 2","authors":"CS","date_accessed":"2021-09-27T00:00:00Z","date_published":"2020-10-07T00:00:00Z","owner_name":null,"tidal_id":"9ffbb0cf-9db5-54c7-b192-a492e932664d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440279Z"},{"id":"b0186447-a6d5-40d7-a11d-ab2e9fb93087","name":"Dump64.exe - LOLBAS Project","description":"LOLBAS. (2021, November 16). Dump64.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Dump64/","source":"Tidal Cyber","title":"Dump64.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-11-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"afe13adf-a089-5583-b18d-cddbbef4c436","created":"2024-01-12T14:47:22.422403Z","modified":"2024-01-12T14:47:22.603818Z"},{"id":"bd1d7e75-feee-47fd-abfb-7e3dfc648a72","name":"dump_pwd_dcsync","description":"Metcalf, S. (2015, November 22). Dump Clear-Text Passwords for All Admins in the Domain Using Mimikatz DCSync. Retrieved November 15, 2021.","url":"https://adsecurity.org/?p=2053","source":"MITRE","title":"Dump Clear-Text Passwords for All Admins in the Domain Using Mimikatz DCSync","authors":"Metcalf, S","date_accessed":"2021-11-15T00:00:00Z","date_published":"2015-11-22T00:00:00Z","owner_name":null,"tidal_id":"d1def07f-0618-51db-92e5-5576fdefa33f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435202Z"},{"id":"5b643e7d-1ace-4517-88c2-96115cac1209","name":"ired mscache","description":"Mantvydas Baranauskas. (2019, November 16). Dumping and Cracking mscash - Cached Domain Credentials. Retrieved February 21, 2020.","url":"https://ired.team/offensive-security/credential-access-and-credential-dumping/dumping-and-cracking-mscash-cached-domain-credentials","source":"MITRE","title":"Dumping and Cracking mscash - Cached Domain Credentials","authors":"Mantvydas Baranauskas","date_accessed":"2020-02-21T00:00:00Z","date_published":"2019-11-16T00:00:00Z","owner_name":null,"tidal_id":"b1de3407-59f4-5fbf-977c-832235bedc30","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430846Z"},{"id":"cf883397-11e9-4f94-977a-bbe46e3107f5","name":"ired Dumping LSA Secrets","description":"Mantvydas Baranauskas. (2019, November 16). Dumping LSA Secrets. Retrieved February 21, 2020.","url":"https://ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsa-secrets","source":"MITRE","title":"Dumping LSA Secrets","authors":"Mantvydas Baranauskas","date_accessed":"2020-02-21T00:00:00Z","date_published":"2019-11-16T00:00:00Z","owner_name":null,"tidal_id":"6c4fde96-5817-5044-9b95-03887333c30b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426023Z"},{"id":"4634e025-c005-46fe-b97c-5d7dda455ba0","name":"DumpMinitool.exe - LOLBAS Project","description":"LOLBAS. (2022, January 20). DumpMinitool.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/DumpMinitool/","source":"Tidal Cyber","title":"DumpMinitool.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-01-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0149d3dc-aabf-5969-a8fe-de168135ca9f","created":"2024-01-12T14:47:22.784911Z","modified":"2024-01-12T14:47:22.958990Z"},{"id":"fbf31bc2-7883-56fa-975f-d083288464dc","name":"DuplicateToken function","description":"Microsoft. (2021, October 12). DuplicateToken function (securitybaseapi.h). Retrieved January 8, 2024.","url":"https://learn.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-duplicatetoken","source":"MITRE","title":"DuplicateToken function (securitybaseapi.h)","authors":"Microsoft","date_accessed":"2024-01-08T00:00:00Z","date_published":"2021-10-12T00:00:00Z","owner_name":null,"tidal_id":"e33ece3e-f669-5c2c-bc2a-be29fbb0e712","created":"2024-04-25T13:28:37.512754Z","modified":"2025-12-17T15:08:36.432263Z"},{"id":"5cf0101e-c036-4c1c-b322-48f04e2aef0b","name":"Wikipedia Duqu","description":"Wikipedia. (2017, December 29). Duqu. Retrieved April 10, 2018.","url":"https://en.wikipedia.org/wiki/Duqu","source":"MITRE","title":"Duqu","authors":"Wikipedia","date_accessed":"2018-04-10T00:00:00Z","date_published":"2017-12-29T00:00:00Z","owner_name":null,"tidal_id":"7dfd99b2-727f-51f1-afff-e21ef17b33d5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434291Z"},{"id":"2136e140-13fc-4b3e-b2e8-9f3ff87caa2a","name":"The Record Laundry Bear May 27 2025","description":"Alexander Martin. (2025, May 27). Dutch intelligence unmasks previously unknown Russian hacking group 'Laundry Bear'. Retrieved June 2, 2025.","url":"https://therecord.media/laundry-bear-void-blizzard-russia-hackers-netherlands","source":"Tidal Cyber","title":"Dutch intelligence unmasks previously unknown Russian hacking group 'Laundry Bear'","authors":"Alexander Martin","date_accessed":"2025-06-02T00:00:00Z","date_published":"2025-05-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bbd5e7b3-3e61-5af9-b312-a398966d4375","created":"2025-06-03T14:14:11.921677Z","modified":"2025-06-03T14:14:12.101499Z"},{"id":"8f199b95-c986-569f-a723-39eab286516c","name":"SecureList DVMap June 2017","description":"R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December","url":"https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/","source":"Mobile","title":"Dvmap: the first Android malware with code injection","authors":"R. Unuchek","date_accessed":"1978-12-01T00:00:00Z","date_published":"2017-06-08T00:00:00Z","owner_name":null,"tidal_id":"9878299c-003b-5582-9950-674dba054068","created":"2026-01-28T13:08:10.039251Z","modified":"2026-01-28T13:08:10.039254Z"},{"id":"7611eb7a-46b7-4c76-9728-67c1fbf20e17","name":"Dxcap.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Dxcap.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Dxcap/","source":"Tidal Cyber","title":"Dxcap.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bce5b43e-ef12-5213-a45c-13619b2b3376","created":"2024-01-12T14:47:23.128458Z","modified":"2024-01-12T14:47:23.302796Z"},{"id":"bd27026c-81eb-480e-b092-f861472ac775","name":"TheEvilBit DYLD_INSERT_LIBRARIES","description":"Fitzl, C. (2019, July 9). DYLD_INSERT_LIBRARIES DYLIB injection in macOS / OSX. Retrieved March 26, 2020.","url":"https://theevilbit.github.io/posts/dyld_insert_libraries_dylib_injection_in_macos_osx_deep_dive/","source":"MITRE","title":"DYLD_INSERT_LIBRARIES DYLIB injection in macOS / OSX","authors":"Fitzl, C","date_accessed":"2020-03-26T00:00:00Z","date_published":"2019-07-09T00:00:00Z","owner_name":null,"tidal_id":"858e8b1b-43c5-5ae5-8bab-d91e2532c50e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430343Z"},{"id":"c78d8c94-4fe3-4aa9-b879-f0b0e9d2714b","name":"Wardle Dylib Hijacking OSX 2015","description":"Patrick Wardle. (2015, March 1). Dylib Hijacking on OS X. Retrieved March 29, 2021.","url":"https://www.virusbulletin.com/uploads/pdf/magazine/2015/vb201503-dylib-hijacking.pdf","source":"MITRE","title":"Dylib Hijacking on OS X","authors":"Patrick Wardle","date_accessed":"2021-03-29T00:00:00Z","date_published":"2015-03-01T00:00:00Z","owner_name":null,"tidal_id":"0d6ca752-9c61-5744-bb60-6318cdad3f6d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436772Z"},{"id":"d2785c6e-e0d1-4e90-a2d5-2c302176d5d3","name":"Dragos DYMALLOY","description":"Dragos. (n.d.). DYMALLOY. Retrieved August 20, 2020.","url":"https://www.dragos.com/threat/dymalloy/","source":"MITRE","title":"DYMALLOY","authors":"Dragos","date_accessed":"2020-08-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c889f5ac-4b68-57d1-9cbd-d8f53c80028a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419937Z"},{"id":"3cb6d0b1-4d6b-4f2d-bd7d-e4b2dcde081d","name":"MWRInfoSecurity Dynamic Hooking 2015","description":"Hillman, M. (2015, August 8). Dynamic Hooking Techniques: User Mode. Retrieved December 20, 2017.","url":"https://www.mwrinfosecurity.com/our-thinking/dynamic-hooking-techniques-user-mode/","source":"MITRE","title":"Dynamic Hooking Techniques: User Mode","authors":"Hillman, M","date_accessed":"2017-12-20T00:00:00Z","date_published":"2015-08-08T00:00:00Z","owner_name":null,"tidal_id":"16f3bc9c-dc54-5e9b-8b1a-1c5a3c7240ee","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430562Z"},{"id":"b16bd2d5-162b-44cb-a812-7becd6684021","name":"rfc2131","description":"Droms, R. (1997, March). Dynamic Host Configuration Protocol. Retrieved March 9, 2022.","url":"https://datatracker.ietf.org/doc/html/rfc2131","source":"MITRE","title":"Dynamic Host Configuration Protocol","authors":"Droms, R","date_accessed":"2022-03-09T00:00:00Z","date_published":"1997-03-01T00:00:00Z","owner_name":null,"tidal_id":"a4ad1ccd-79f6-5c24-98d7-fc4a3e30e020","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430082Z"},{"id":"9349f864-79e9-4481-ad77-44099621795a","name":"rfc3315","description":"J. Bound, et al. (2003, July). Dynamic Host Configuration Protocol for IPv6 (DHCPv6). Retrieved June 27, 2022.","url":"https://datatracker.ietf.org/doc/html/rfc3315","source":"MITRE","title":"Dynamic Host Configuration Protocol for IPv6 (DHCPv6)","authors":"J. Bound, et al","date_accessed":"2022-06-27T00:00:00Z","date_published":"2003-07-01T00:00:00Z","owner_name":null,"tidal_id":"34b5b842-4b84-50d3-8f30-c89964ccb663","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430094Z"},{"id":"89063089-c96a-5816-b64b-bd56c8950e4b","name":"Microsoft redirection","description":"Microsoft. (2023, October 12). Dynamic-link library redirection. Retrieved January 30, 2025.","url":"https://learn.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-redirection?redirectedfrom=MSDN","source":"MITRE","title":"Dynamic-link library redirection","authors":"Microsoft","date_accessed":"2025-01-30T00:00:00Z","date_published":"2023-10-12T00:00:00Z","owner_name":null,"tidal_id":"71ab6cd3-9e6d-5906-90cb-cdd28c9feb6a","created":"2025-04-22T20:47:11.757623Z","modified":"2025-12-17T15:08:36.427075Z"},{"id":"72458590-ee1b-4447-adb8-ca4f486d1db5","name":"Microsoft Dynamic-Link Library Redirection","description":"Microsoft. (2018, May 31). Dynamic-Link Library Redirection. Retrieved March 13, 2020.","url":"https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-redirection?redirectedfrom=MSDN","source":"MITRE","title":"Dynamic-Link Library Redirection","authors":"Microsoft","date_accessed":"2020-03-13T00:00:00Z","date_published":"2018-05-31T00:00:00Z","owner_name":null,"tidal_id":"422722f4-440c-55f3-8571-ba67c47f4def","created":"2022-12-14T20:06:32.013016Z","modified":"2024-10-31T16:28:18.574911Z"},{"id":"ac60bb28-cb14-4ff9-bc05-df48273a28a9","name":"Microsoft DLL Redirection","description":"Microsoft. (n.d.). Dynamic-Link Library Redirection. Retrieved December 5, 2014.","url":"http://msdn.microsoft.com/en-US/library/ms682600","source":"MITRE","title":"Dynamic-Link Library Redirection","authors":"Microsoft","date_accessed":"2014-12-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9a0fab47-fd0e-5b44-9ed3-dba210f19860","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428827Z"},{"id":"7b1f945b-2547-4bc6-98bf-30248bdf3587","name":"Microsoft Dynamic Link Library Search Order","description":"Microsoft. (2018, May 31). Dynamic-Link Library Search Order. Retrieved November 30, 2014.","url":"https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order?redirectedfrom=MSDN","source":"MITRE","title":"Dynamic-Link Library Search Order","authors":"Microsoft","date_accessed":"2014-11-30T00:00:00Z","date_published":"2018-05-31T00:00:00Z","owner_name":null,"tidal_id":"d854ac61-669e-5ca7-bfa4-2254c33c7f57","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441544Z"},{"id":"c157444d-bf2b-4806-b069-519122b7a459","name":"Microsoft DLL Search","description":"Microsoft. (n.d.). Dynamic-Link Library Search Order. Retrieved November 30, 2014.","url":"http://msdn.microsoft.com/en-US/library/ms682586","source":"MITRE","title":"Dynamic-Link Library Search Order","authors":"Microsoft","date_accessed":"2014-11-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e7e32fe9-a004-52ff-bdcc-ab1d156a11a3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416037Z"},{"id":"584490c7-b155-4f62-b68d-a5a2a1799e60","name":"Microsoft DLL Security","description":"Microsoft. (n.d.). Dynamic-Link Library Security. Retrieved November 27, 2017.","url":"https://msdn.microsoft.com/library/windows/desktop/ff919712.aspx","source":"MITRE","title":"Dynamic-Link Library Security","authors":"Microsoft","date_accessed":"2017-11-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8fb34c01-e2be-5beb-b491-5095e36dce8a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415875Z"},{"id":"e087442a-0a53-4cc8-9fd6-772cbd0295d5","name":"Microsoft Dynamic-Link Library Security","description":"Microsoft. (n.d.). Dynamic-Link Library Security. Retrieved July 25, 2016.","url":"https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-security?redirectedfrom=MSDN","source":"MITRE","title":"Dynamic-Link Library Security","authors":"Microsoft","date_accessed":"2016-07-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c445a2ef-42a4-5450-ae0d-7c1c2090c0b5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441190Z"},{"id":"5d1d1916-cef4-49d1-b8e2-a6d18fb297f6","name":"MSDN DLL Security","description":"Microsoft. (n.d.). Dynamic-Link Library Security. Retrieved July 25, 2016.","url":"https://msdn.microsoft.com/en-us/library/ff919712.aspx","source":"MITRE","title":"Dynamic-Link Library Security","authors":"Microsoft","date_accessed":"2016-07-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"25cde088-9c36-5278-a043-de4331b14e7d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416355Z"},{"id":"a9780bb0-302f-44c2-8252-b53d94da24e6","name":"Symantec Dyre June 2015","description":"Symantec Security Response. (2015, June 23). Dyre: Emerging threat on financial fraud landscape. Retrieved August 23, 2018.","url":"http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/dyre-emerging-threat.pdf","source":"MITRE","title":"Dyre: Emerging threat on financial fraud landscape","authors":"Symantec Security Response","date_accessed":"2018-08-23T00:00:00Z","date_published":"2015-06-23T00:00:00Z","owner_name":null,"tidal_id":"9bc561c2-dcdd-5f96-b8c2-1901761eb8e9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419185Z"},{"id":"3362e1df-cfb9-4281-a0a1-9a3710d76945","name":"EA Hacked via Slack - June 2021","description":"Anthony Spadafora. (2021, June 11). EA hack reportedly used stolen cookies and Slack to target gaming giant. Retrieved May 31, 2022.","url":"https://www.techradar.com/news/ea-hack-reportedly-used-stolen-cookies-and-slack-to-hack-gaming-giant","source":"MITRE","title":"EA hack reportedly used stolen cookies and Slack to target gaming giant","authors":"Anthony Spadafora","date_accessed":"2022-05-31T00:00:00Z","date_published":"2021-06-11T00:00:00Z","owner_name":null,"tidal_id":"04c6bc99-7ee8-534e-99f3-d8eb812cd876","created":"2022-12-14T20:06:32.013016Z","modified":"2023-05-26T01:21:03.802799Z"},{"id":"149c1446-d6a1-4a63-9420-def9272d6cb9","name":"CrowdStrike StellarParticle January 2022","description":"CrowdStrike. (2022, January 27). Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign. Retrieved February 7, 2022.","url":"https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/","source":"MITRE","title":"Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign","authors":"CrowdStrike","date_accessed":"2022-02-07T00:00:00Z","date_published":"2022-01-27T00:00:00Z","owner_name":null,"tidal_id":"a301ae52-8cca-5441-ae72-56d419eff215","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418955Z"},{"id":"d3b71f80-4dd5-43d6-9522-9d8a83469109","name":"Trend Micro Earth Estries August 30 2023","description":"Ted Lee, Lenart Bermejo, Hara Hiroaki, Leon M Chang, Gilbert Sison. (2023, August 30). Earth Estries Targets Government, Tech for Cyberespionage. Retrieved November 13, 2024.","url":"https://www.trendmicro.com/en_us/research/23/h/earth-estries-targets-government-tech-for-cyberespionage.html","source":"Tidal Cyber","title":"Earth Estries Targets Government, Tech for Cyberespionage","authors":"Ted Lee, Lenart Bermejo, Hara Hiroaki, Leon M Chang, Gilbert Sison","date_accessed":"2024-11-13T00:00:00Z","date_published":"2023-08-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"706d6cbf-33e0-5513-9e0f-367feacf4afd","created":"2024-11-15T17:28:52.714284Z","modified":"2024-11-15T17:28:53.533052Z"},{"id":"0e593cd3-19fd-597a-9788-2356c31bfa09","name":"Trend Micro MUSTANG PANDA PUBLOAD HIUPAN SEPTEMBER 2024","description":"Lenart Bermejo, Sunny Lu, Ted Lee. (2024, September 9). Earth Preta Evolves its Attacks with New Malware and Strategies. Retrieved August 4, 2025.","url":"https://www.trendmicro.com/en_us/research/24/i/earth-preta-new-malware-and-strategies.html","source":"MITRE","title":"Earth Preta Evolves its Attacks with New Malware and Strategies","authors":"Lenart Bermejo, Sunny Lu, Ted Lee","date_accessed":"2025-08-04T00:00:00Z","date_published":"2024-09-09T00:00:00Z","owner_name":null,"tidal_id":"0197e5d8-2afc-579e-a86e-090b83d06801","created":"2025-10-29T21:08:48.165246Z","modified":"2025-12-17T15:08:36.421879Z"},{"id":"0fdc9ee2-5be2-43e0-afb9-c9a94fde3867","name":"Trend Micro September 9 2024","description":"Lenart Bermejo; Sunny Lu; Ted Lee Read time. (2024, September 9). Earth Preta Evolves its Attacks with New Malware and Strategies. Retrieved September 10, 2024.","url":"https://www.trendmicro.com/en_us/research/24/i/earth-preta-new-malware-and-strategies.html","source":"Tidal Cyber","title":"Earth Preta Evolves its Attacks with New Malware and Strategies","authors":"Lenart Bermejo; Sunny Lu; Ted Lee Read time","date_accessed":"2024-09-10T00:00:00Z","date_published":"2024-09-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"44d34e04-e9ed-53cb-81a0-2db9ed13e521","created":"2024-09-13T19:19:50.788750Z","modified":"2024-09-13T19:19:50.981137Z"},{"id":"bd7fdacd-9e2c-5bc0-befd-2aeeedd16b0b","name":"Trend Micro Mustang Panda Earth Preta Toneshell February 2025","description":"Nathaniel Morales, Nick Dai. (2025, February 18). Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection. Retrieved September 10, 2025.","url":"https://www.trendmicro.com/en_us/research/25/b/earth-preta-mixes-legitimate-and-malicious-components-to-sidestep-detection.html","source":"MITRE","title":"Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection","authors":"Nathaniel Morales, Nick Dai","date_accessed":"2025-09-10T00:00:00Z","date_published":"2025-02-18T00:00:00Z","owner_name":null,"tidal_id":"0d911303-5ea0-5bb4-9d54-5200ba204698","created":"2025-10-29T21:08:48.166883Z","modified":"2025-12-17T15:08:36.438575Z"},{"id":"0afb412d-45ea-5c50-99d9-d915d5796a60","name":"2022 November_TrendMicro_Earth Preta_Toneshell_Pubload","description":"Nick Dai, Vickie Su, Sunny Lu. (2022, November 18). Earth Preta Spear-Phishing Governments Worldwide. Retrieved August 4, 2025.","url":"https://www.trendmicro.com/en_us/research/22/k/earth-preta-spear-phishing-governments-worldwide.html","source":"MITRE","title":"Earth Preta Spear-Phishing Governments Worldwide","authors":"Nick Dai, Vickie Su, Sunny Lu","date_accessed":"2025-08-04T00:00:00Z","date_published":"2022-11-18T00:00:00Z","owner_name":null,"tidal_id":"2c5b0476-9a78-51a8-ac3a-a5e6b4bc91ca","created":"2025-10-29T21:08:48.165042Z","modified":"2025-12-17T15:08:36.417856Z"},{"id":"aff9097b-43ea-50aa-88ed-62b98f2d58ce","name":"Trend Micro Earth Simnavaz October 2024","description":"Fahmy, M. et al. (2024, October 11). Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East. Retrieved November 27, 2024.","url":"https://www.trendmicro.com/en_us/research/24/j/earth-simnavaz-cyberattacks.html","source":"MITRE","title":"Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East","authors":"Fahmy, M. et al","date_accessed":"2024-11-27T00:00:00Z","date_published":"2024-10-11T00:00:00Z","owner_name":null,"tidal_id":"05f02ed0-6b9c-5e45-8793-051ce57cf2f5","created":"2025-04-22T20:47:23.875624Z","modified":"2025-12-17T15:08:36.437487Z"},{"id":"16b4b834-2f44-4bac-b810-f92080c41f09","name":"Trend Micro Muddy Water March 2021","description":"Peretz, A. and Theck, E. (2021, March 5). Earth Vetala – MuddyWater Continues to Target Organizations in the Middle East. Retrieved March 18, 2021.","url":"https://www.trendmicro.com/en_us/research/21/c/earth-vetala---muddywater-continues-to-target-organizations-in-t.html","source":"MITRE","title":"Earth Vetala – MuddyWater Continues to Target Organizations in the Middle East","authors":"Peretz, A. and Theck, E","date_accessed":"2021-03-18T00:00:00Z","date_published":"2021-03-05T00:00:00Z","owner_name":null,"tidal_id":"60be6c53-3a07-5ad3-9d27-4e20b34080c2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422678Z"},{"id":"88170ef5-03ac-42f2-9b03-2ce204b5d45c","name":"Earthworm English Project Page","description":"rootkiter. (2019, March 9). Earthworm. Retrieved July 7, 2023.","url":"http://rootkiter.com/EarthWorm/en/index.html","source":"Tidal Cyber","title":"Earthworm","authors":"rootkiter","date_accessed":"2023-07-07T00:00:00Z","date_published":"2019-03-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3ff8af23-1110-5357-876f-4a54a4722e59","created":"2024-06-13T20:10:34.900559Z","modified":"2024-06-13T20:10:35.095789Z"},{"id":"7df9b7ed-ecac-5432-9fc2-8961fc315415","name":"ESET Ebury May 2024","description":"Marc-Etienne M.Léveillé. (2024, May 1). Ebury is alive but unseen. Retrieved May 21, 2024.","url":"https://web-assets.esetstatic.com/wls/en/papers/white-papers/ebury-is-alive-but-unseen.pdf","source":"MITRE","title":"Ebury is alive but unseen","authors":"Marc-Etienne M.Léveillé","date_accessed":"2024-05-21T00:00:00Z","date_published":"2024-05-01T00:00:00Z","owner_name":null,"tidal_id":"82f3f47b-da90-5867-9742-84388be8fa22","created":"2024-10-31T16:28:34.554068Z","modified":"2025-12-17T15:08:36.421781Z"},{"id":"0291041b-70ba-460c-8a59-4c0799604f46","name":"Wikimedia Foundation Inc. June 25 2004","description":"Wikimedia Foundation Inc.. (2004, June 25). echo (command) - Wikipedia. Retrieved December 19, 2024.","url":"https://en.wikipedia.org/wiki/Echo_(command)","source":"Tidal Cyber","title":"echo (command) - Wikipedia","authors":"Wikimedia Foundation Inc.","date_accessed":"2024-12-19T00:00:00Z","date_published":"2004-06-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2b0ea70b-e360-5e22-9380-cad3ccd084a0","created":"2025-04-11T15:06:18.809348Z","modified":"2025-04-11T15:06:18.963330Z"},{"id":"9fb37080-6703-4882-bf7c-8226c724dcd9","name":"ECMangen.exe - LOLBAS Project","description":"LOLBAS. (2024, April 30). ECMangen.exe. Retrieved December 30, 2025.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/ECMangen/","source":"Tidal Cyber","title":"ECMangen.exe","authors":"LOLBAS","date_accessed":"2025-12-30T12:00:00Z","date_published":"2024-04-30T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3b940919-e5ec-5301-a733-3386fb80986e","created":"2026-01-06T18:03:31.844442Z","modified":"2026-01-06T18:03:31.987517Z"},{"id":"8d377896-9a11-4ac1-aad4-1d5ac4580cfa","name":"U.S. CISA Vulnerabilities in F5 Devices October 15 2025","description":"Cybersecurity and Infrastructure Security Agency. (2025, October 15). ED 26-01: Mitigate Vulnerabilities in F5 Devices. Retrieved October 16, 2025.","url":"https://www.cisa.gov/news-events/directives/ed-26-01-mitigate-vulnerabilities-f5-devices","source":"Tidal Cyber","title":"ED 26-01: Mitigate Vulnerabilities in F5 Devices","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2025-10-16T12:00:00Z","date_published":"2025-10-15T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1045277a-3974-504a-8a21-fe529c62fd7b","created":"2025-10-17T17:09:12.224320Z","modified":"2025-10-17T17:09:12.404870Z"},{"id":"97958143-80c5-41f6-9fa6-4748e90e9f12","name":"SEC EDGAR Search","description":"U.S. SEC. (n.d.). EDGAR - Search and Access. Retrieved November 17, 2024.","url":"https://www.sec.gov/edgar/search/","source":"MITRE","title":"EDGAR - Search and Access","authors":"U.S. SEC","date_accessed":"2024-11-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"caaee54e-23b6-5166-812b-117717c95c46","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432734Z"},{"id":"f5081d4f-c555-50e8-9341-ffd47a45cbb4","name":"Eduard Kovacs March 2018","description":"Eduard Kovacs 2018, March 1 Five Threat Groups Target Industrial Systems: Dragos. Retrieved 2020/01/03","url":"https://www.securityweek.com/five-threat-groups-target-industrial-systems-dragos","source":"ICS","title":"Eduard Kovacs March 2018","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4ef63b49-38fc-5135-8ae5-d76f30b71b7d","created":"2026-01-28T13:08:18.179545Z","modified":"2026-01-28T13:08:18.179548Z"},{"id":"995edec9-916c-5902-b9d3-ac2ad6d5e487","name":"Eduard Kovacs May 2018","description":"Eduard Kovacs 2018, May 21 Group linked to Shamoon attacks targeting ICS networks in Middle East and UK. Retrieved September","url":"https://web.archive.org/web/20220120001230/https://www.cyberviser.com/2018/05/group-linked-to-shamoon-attacks-targeting-ics-networks-in-middle-east-and-uk/","source":"ICS","title":"Eduard Kovacs May 2018","authors":"","date_accessed":"1978-09-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"0ecd4254-ada7-580a-b250-93970112c27e","created":"2026-01-28T13:08:18.180590Z","modified":"2026-01-28T13:08:18.180593Z"},{"id":"e55604da-b419-411a-85cf-073f2d78e0c1","name":"Intrinsec Egregor Nov 2020","description":"Bichet, J. (2020, November 12). Egregor – Prolock: Fraternal Twins ?. Retrieved January 6, 2021.","url":"https://www.intrinsec.com/egregor-prolock/?cn-reloaded=1","source":"MITRE","title":"Egregor – Prolock: Fraternal Twins ?","authors":"Bichet, J","date_accessed":"2021-01-06T00:00:00Z","date_published":"2020-11-12T00:00:00Z","owner_name":null,"tidal_id":"6b5cae96-063f-5c8b-9b42-12a71a659b82","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441305Z"},{"id":"c36b38d4-cfa2-4f1e-a410-6d629a24be62","name":"Cybereason Egregor Nov 2020","description":"Rochberger, L. (2020, November 26). Cybereason vs. Egregor Ransomware. Retrieved December 30, 2020.","url":"https://www.cybereason.com/blog/cybereason-vs-egregor-ransomware","source":"MITRE","title":"Egregor Ransomware","authors":"Rochberger, L. (2020, November 26)","date_accessed":"2020-12-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"06c8cf55-0bf1-581d-8c1c-66ebec832a49","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440959Z"},{"id":"545a131d-88fc-4b34-923c-0b759b45fc7f","name":"Cyble Egregor Oct 2020","description":"Cybleinc. (2020, October 31). Egregor Ransomware – A Deep Dive Into Its Activities and Techniques. Retrieved December 29, 2020.","url":"https://cybleinc.com/2020/10/31/egregor-ransomware-a-deep-dive-into-its-activities-and-techniques/","source":"MITRE","title":"Egregor Ransomware – A Deep Dive Into Its Activities and Techniques","authors":"Cybleinc","date_accessed":"2020-12-29T00:00:00Z","date_published":"2020-10-31T00:00:00Z","owner_name":null,"tidal_id":"ad6e3b3d-eb71-53e3-a53d-aa31b9eff566","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421638Z"},{"id":"92f74037-2a20-4667-820d-2ccc0e4dbd3d","name":"NHS Digital Egregor Nov 2020","description":"NHS Digital. (2020, November 26). Egregor Ransomware The RaaS successor to Maze. Retrieved December 29, 2020.","url":"https://digital.nhs.uk/cyber-alerts/2020/cc-3681#summary","source":"MITRE","title":"Egregor Ransomware The RaaS successor to Maze","authors":"NHS Digital","date_accessed":"2020-12-29T00:00:00Z","date_published":"2020-11-26T00:00:00Z","owner_name":null,"tidal_id":"007b2411-072c-5ebd-8776-dbf81d664ee8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421631Z"},{"id":"cd37a000-9e15-45a3-a7c9-bb508c10e55d","name":"Security Boulevard Egregor Oct 2020","description":"Meskauskas, T.. (2020, October 29). Egregor: Sekhmet’s Cousin. Retrieved January 6, 2021.","url":"https://securityboulevard.com/2020/10/egregor-sekhmets-cousin/","source":"MITRE","title":"Egregor: Sekhmet’s Cousin","authors":"Meskauskas, T.","date_accessed":"2021-01-06T00:00:00Z","date_published":"2020-10-29T00:00:00Z","owner_name":null,"tidal_id":"a442f839-86a3-5d8f-99cf-0c484de82b5e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421644Z"},{"id":"b97e9a02-4cc5-4845-8058-0be4c566cd7c","name":"U.S. CISA Trends June 30 2020","description":"Cybersecurity and Infrastructure Security Agency. (2020, June 30). EINSTEIN Data Trends – 30-day Lookback. Retrieved October 25, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-182a","source":"Tidal Cyber","title":"EINSTEIN Data Trends – 30-day Lookback","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-10-25T00:00:00Z","date_published":"2020-06-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d46be2ad-63ab-5c7a-af15-1a4149010124","created":"2023-10-26T14:24:05.187517Z","modified":"2023-10-26T14:24:05.312450Z"},{"id":"c8a018c5-caa3-4af1-b210-b65bbf94c8b2","name":"Dragos EKANS","description":"Dragos. (2020, February 3). EKANS Ransomware and ICS Operations. Retrieved February 9, 2021.","url":"https://www.dragos.com/blog/industry-news/ekans-ransomware-and-ics-operations/","source":"MITRE","title":"EKANS Ransomware and ICS Operations","authors":"Dragos","date_accessed":"2021-02-09T00:00:00Z","date_published":"2020-02-03T00:00:00Z","owner_name":null,"tidal_id":"281e1dc7-e64e-50d7-aae6-580e0a505e47","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416472Z"},{"id":"5b8522ac-7c4f-5f4d-8b73-d040fdf638d0","name":"Dragos EKANS February 2020","description":"Dragos Threat Intelligence. (2020, February 03). EKANS Ransomware and ICS Operations. Retrieved April","url":"https://www.dragos.com/blog/industry-news/ekans-ransomware-and-ics-operations/","source":"ICS","title":"EKANS Ransomware and ICS Operations","authors":"Dragos Threat Intelligence","date_accessed":"1978-04-01T00:00:00Z","date_published":"2020-02-03T00:00:00Z","owner_name":null,"tidal_id":"bb61d428-cb3c-5e21-a03c-4e0d3b0550cb","created":"2026-01-28T13:08:18.175968Z","modified":"2026-01-28T13:08:18.175971Z"},{"id":"b6359574-4361-50c9-8d08-14e52dafb7f1","name":"Dragos EKANS June 2020","description":"Joe Slowik. (2020, June 18). EKANS Ransomware Misconceptions and Misunderstandings. Retrieved April","url":"https://www.dragos.com/blog/industry-news/ekans-ransomware-misconceptions-and-misunderstandings/#_edn7","source":"ICS","title":"EKANS Ransomware Misconceptions and Misunderstandings","authors":"Joe Slowik","date_accessed":"1978-04-01T00:00:00Z","date_published":"2020-06-18T00:00:00Z","owner_name":null,"tidal_id":"ee1c21cd-df4d-5cb1-9421-2b4b8981ac2b","created":"2026-01-28T13:08:18.176047Z","modified":"2026-01-28T13:08:18.176050Z"},{"id":"79b35606-279f-50e7-a38f-3854bddd585d","name":"Elcomsoft-EPPB","description":"Elcomsoft. (n.d.). Elcomsoft Phone Breaker. Retrieved December","url":"https://www.elcomsoft.com/eppb.html","source":"Mobile","title":"Elcomsoft Phone Breaker","authors":"Elcomsoft","date_accessed":"1978-12-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"38c5e997-1b61-5cba-90d3-795f353eab42","created":"2026-01-28T13:08:10.042843Z","modified":"2026-01-28T13:08:10.042847Z"},{"id":"cec05996-84a1-4c07-86eb-d72f8c6d9362","name":"Dark Reading July 9 2024","description":"Nathan Eddy; Contributing Writer. (2024, July 9). Eldorado Ransomware Cruises Onto the Scene to Target VMware ESXi. Retrieved July 15, 2024.","url":"https://www.darkreading.com/endpoint-security/eldorado-ransomware-target-vmware-esxi","source":"Tidal Cyber","title":"Eldorado Ransomware Cruises Onto the Scene to Target VMware ESXi","authors":"Nathan Eddy; Contributing Writer","date_accessed":"2024-07-15T00:00:00Z","date_published":"2024-07-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d6341e1d-bd85-5448-a3cf-535babd01a98","created":"2024-07-19T15:46:27.513736Z","modified":"2024-07-19T15:46:27.732512Z"},{"id":"50148a85-314c-4b29-bdfc-913ab647dadf","name":"Group-IB July 3 2024","description":"Nikolay Kichatov Cyber Intelligence Analyst; Group-IB. (2024, July 3). Eldorado Ransomware The New Golden Empire of Cybercrime . Retrieved July 15, 2024.","url":"https://www.group-ib.com/blog/eldorado-ransomware/","source":"Tidal Cyber","title":"Eldorado Ransomware The New Golden Empire of Cybercrime","authors":"Nikolay Kichatov Cyber Intelligence Analyst; Group-IB","date_accessed":"2024-07-15T00:00:00Z","date_published":"2024-07-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"26bddb32-8354-57ec-87d3-17e6576aee08","created":"2024-07-19T15:46:27.930885Z","modified":"2024-07-19T15:46:28.168469Z"},{"id":"a6cf3d1d-2310-42bb-9324-495b4e94d329","name":"EldoS RawDisk ITpro","description":"Edwards, M. (2007, March 14). EldoS Provides Raw Disk Access for Vista and XP. Retrieved March 26, 2019.","url":"https://www.itprotoday.com/windows-78/eldos-provides-raw-disk-access-vista-and-xp","source":"MITRE","title":"EldoS Provides Raw Disk Access for Vista and XP","authors":"Edwards, M","date_accessed":"2019-03-26T00:00:00Z","date_published":"2007-03-14T00:00:00Z","owner_name":null,"tidal_id":"bd918770-f789-5089-aa12-ae48d4bf9a34","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422932Z"},{"id":"1d7070fd-01be-4776-bb21-13368a6173b1","name":"Microsoft Targeting Elections September 2020","description":"Burt, T. (2020, September 10). New cyberattacks targeting U.S. elections. Retrieved March 24, 2021.","url":"https://blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/","source":"MITRE, Tidal Cyber","title":"elections","authors":"Burt, T. (2020, September 10)","date_accessed":"2021-03-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"19120061-f0c6-575f-8083-479f651b5425","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279923Z"},{"id":"0d42c329-5847-4970-9580-2318a566df4e","name":"Secureworks IRON RITUAL USAID Phish May 2021","description":"Secureworks CTU. (2021, May 28). USAID-Themed Phishing Campaign Leverages U.S. Elections Lure. Retrieved February 24, 2022.","url":"https://www.secureworks.com/blog/usaid-themed-phishing-campaign-leverages-us-elections-lure","source":"MITRE","title":"Elections Lure","authors":"Secureworks CTU. (2021, May 28)","date_accessed":"2022-02-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"81b01885-66d2-5d91-8d1d-4e729f4a1c95","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441867Z"},{"id":"ffc1f17a-6416-552b-8ee8-ff21b2743bef","name":"Electricity Information Sharing and Analysis Center; SANS Industrial Control Systems March 2016","description":"Electricity Information Sharing and Analysis Center; SANS Industrial Control Systems 2016, March 18 Analysis of the Cyber Attack on the Ukranian Power Grid: Defense Use Case. Retrieved 2018/03/27","url":"https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt6a77276749b76a40/607f235992f0063e5c070fff/E-ISAC_SANS_Ukraine_DUC_5%5b73%5d.pdf","source":"ICS","title":"Electricity Information Sharing and Analysis Center; SANS Industrial Control Systems March 2016","authors":"","date_accessed":"2018-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9d609e4e-202c-5b75-a308-785409ef2218","created":"2026-01-28T13:08:18.176249Z","modified":"2026-01-28T13:08:18.176252Z"},{"id":"e44c8abf-77c1-5e19-93e6-99397d7eaa41","name":"Electron Security","description":"ElectronJS.org. (n.d.). Retrieved March 7, 2024.","url":"https://www.electronjs.org/docs/latest/tutorial/using-native-node-modules","source":"MITRE","title":"Electron Security","authors":"","date_accessed":"2024-03-07T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4c939ec8-5470-5fb3-86b2-85c77e9fac58","created":"2024-04-25T13:28:34.825841Z","modified":"2025-12-17T15:08:36.429764Z"},{"id":"a17aa1b1-cda4-5aeb-b401-f4fd47d29f93","name":"Dragos-Sandworm-Ukraine-2022","description":"Dragos, Inc.. (2023, December 11). ELECTRUM Targeted Ukrainian Electric Entity Using Custom Tools and CaddyWiper Malware, October 2022. Retrieved March 28, 2024.","url":"https://www.dragos.com/blog/new-details-electrum-ukraine-electric-sector-compromise-2022/","source":"MITRE","title":"ELECTRUM Targeted Ukrainian Electric Entity Using Custom Tools and CaddyWiper Malware, October 2022","authors":"Dragos, Inc.","date_accessed":"2024-03-28T00:00:00Z","date_published":"2023-12-11T00:00:00Z","owner_name":null,"tidal_id":"69c0808c-5609-5314-b35e-75835fa0dcef","created":"2024-04-25T13:28:42.521630Z","modified":"2025-12-17T15:08:36.439443Z"},{"id":"494f7056-7a39-4fa0-958d-fb1172d01852","name":"Dragos ELECTRUM","description":"Dragos. (2017, January 1). ELECTRUM Threat Profile. Retrieved June 10, 2020.","url":"https://www.dragos.com/resource/electrum/","source":"MITRE","title":"ELECTRUM Threat Profile","authors":"Dragos","date_accessed":"2020-06-10T00:00:00Z","date_published":"2017-01-01T00:00:00Z","owner_name":null,"tidal_id":"2c6e50bc-a210-5b5c-952b-e41f1cb86686","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437780Z"},{"id":"55671ede-f309-4924-a1b4-3d597517b27e","name":"Symantec Elfin Mar 2019","description":"Security Response attack Investigation Team. (2019, March 27). Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.. Retrieved April 10, 2019.","url":"https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage","source":"MITRE","title":"Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.","authors":"Security Response attack Investigation Team","date_accessed":"2019-04-10T00:00:00Z","date_published":"2019-03-27T00:00:00Z","owner_name":null,"tidal_id":"7956ffe1-6556-56dd-bcba-d3970fd1cc31","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433556Z"},{"id":"1c8fa804-6579-4e68-a0b3-d16e0bee5654","name":"Backtrace VDSO","description":"backtrace. (2016, April 22). ELF SHARED LIBRARY INJECTION FORENSICS. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20210205211142/https://backtrace.io/blog/backtrace/elf-shared-library-injection-forensics/","source":"MITRE","title":"ELF SHARED LIBRARY INJECTION FORENSICS","authors":"backtrace","date_accessed":"2024-11-17T00:00:00Z","date_published":"2016-04-22T00:00:00Z","owner_name":null,"tidal_id":"c7c9cf25-edf4-579b-b458-45400f1ad911","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432849Z"},{"id":"fc7be240-bd15-4ec4-bc01-f8891d7210d9","name":"Securelist Machete Aug 2014","description":"Kaspersky Global Research and Analysis Team. (2014, August 20). El Machete. Retrieved September 13, 2019.","url":"https://securelist.com/el-machete/66108/","source":"MITRE, Tidal Cyber","title":"El Machete","authors":"Kaspersky Global Research and Analysis Team","date_accessed":"2019-09-13T00:00:00Z","date_published":"2014-08-20T00:00:00Z","owner_name":null,"tidal_id":"e245c871-275d-569e-919b-cdbf8b28ee80","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.258066Z"},{"id":"92a9a311-1e0b-4819-9856-2dfc8dbfc08d","name":"Cylance Machete Mar 2017","description":"The Cylance Threat Research Team. (2017, March 22). El Machete's Malware Attacks Cut Through LATAM. Retrieved September 13, 2019.","url":"https://threatvector.cylance.com/en_us/home/el-machete-malware-attacks-cut-through-latam.html","source":"MITRE, Tidal Cyber","title":"El Machete's Malware Attacks Cut Through LATAM","authors":"The Cylance Threat Research Team","date_accessed":"2019-09-13T00:00:00Z","date_published":"2017-03-22T00:00:00Z","owner_name":null,"tidal_id":"32432e51-bf64-5d2f-ab9c-8ca60ab4b95e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279943Z"},{"id":"8cfa3dc4-a6b4-4204-b1e5-5b325955936d","name":"Sophos News September 24 2020","description":"Sophos News. (2020, September 24). Email-delivered MoDi RAT attack pastes PowerShell commands. Retrieved May 7, 2023.","url":"https://news.sophos.com/en-us/2020/09/24/email-delivered-modi-rat-attack-pastes-powershell-commands/","source":"Tidal Cyber","title":"Email-delivered MoDi RAT attack pastes PowerShell commands","authors":"Sophos News","date_accessed":"2023-05-07T00:00:00Z","date_published":"2020-09-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"86d8e464-2d4d-5012-b2f4-fdb63e593963","created":"2024-06-13T20:10:15.862456Z","modified":"2024-06-13T20:10:16.070825Z"},{"id":"79eeaadf-5c1e-4608-84a5-6c903966a7f3","name":"Power Automate Email Exfiltration Controls","description":"Microsoft. (2022, February 15). Email exfiltration controls for connectors. Retrieved May 27, 2022.","url":"https://docs.microsoft.com/en-us/power-platform/admin/block-forwarded-email-from-power-automate","source":"MITRE","title":"Email exfiltration controls for connectors","authors":"Microsoft","date_accessed":"2022-05-27T00:00:00Z","date_published":"2022-02-15T00:00:00Z","owner_name":null,"tidal_id":"8ad03b26-57f4-503c-aae7-b00d87105c9d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-04-22T20:47:31.368988Z"},{"id":"b6aefd99-fd97-4ca0-b717-f9dc147c9413","name":"HackersArise Email","description":"Hackers Arise. (n.d.). Email Scraping and Maltego. Retrieved October 20, 2020.","url":"https://www.hackers-arise.com/email-scraping-and-maltego","source":"MITRE","title":"Email Scraping and Maltego","authors":"Hackers Arise","date_accessed":"2020-10-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f04954c8-5dcf-5bae-bcce-d77d2560fa17","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430801Z"},{"id":"1b8d14bb-95df-5c8b-adbf-0821f6f85c60","name":"ESET Embargo Ransomware October 2024","description":"Jan Holman, Tomas Zvara. (2024, October 23). Embargo ransomware: Rock’n’Rust. Retrieved October 19, 2025.","url":"https://www.welivesecurity.com/en/eset-research/embargo-ransomware-rocknrust/","source":"MITRE","title":"Embargo ransomware: Rock’n’Rust","authors":"Jan Holman, Tomas Zvara","date_accessed":"2025-10-19T00:00:00Z","date_published":"2024-10-23T00:00:00Z","owner_name":null,"tidal_id":"67acf8c8-d312-5e6b-bbdc-09e536eb2649","created":"2025-10-29T21:08:48.165140Z","modified":"2025-12-17T15:08:36.419930Z"},{"id":"689b71f4-f8e5-455f-91c2-c599c8650f11","name":"Elastic - Koadiac Detection with EQL","description":"Stepanic, D.. (2020, January 13). Embracing offensive tooling: Building detections against Koadic using EQL. Retrieved November 17, 2024.","url":"https://www.elastic.co/security-labs/embracing-offensive-tooling-building-detections-against-koadic-using-eql","source":"MITRE","title":"Embracing offensive tooling: Building detections against Koadic using EQL","authors":"Stepanic, D.","date_accessed":"2024-11-17T00:00:00Z","date_published":"2020-01-13T00:00:00Z","owner_name":null,"tidal_id":"24b66884-600b-50ae-820e-31a3d774acd4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426419Z"},{"id":"e279c308-fabc-47d3-bdeb-296266c80988","name":"Nccgroup Emissary Panda May 2018","description":"Pantazopoulos, N., Henry T. (2018, May 18). Emissary Panda – A potential new malicious tool. Retrieved June 25, 2018.","url":"https://research.nccgroup.com/2018/05/18/emissary-panda-a-potential-new-malicious-tool/","source":"MITRE","title":"Emissary Panda – A potential new malicious tool","authors":"Pantazopoulos, N., Henry T","date_accessed":"2018-06-25T00:00:00Z","date_published":"2018-05-18T00:00:00Z","owner_name":null,"tidal_id":"253e685c-77b9-5f86-b193-fe44bfa30a9b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439087Z"},{"id":"3a3ec86c-88da-40ab-8e5f-a7d5102c026b","name":"Unit42 Emissary Panda May 2019","description":"Falcone, R. and Lancaster, T. (2019, May 28). Emissary Panda Attacks Middle East Government Sharepoint Servers. Retrieved July 9, 2019.","url":"https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers/","source":"MITRE","title":"Emissary Panda Attacks Middle East Government Sharepoint Servers","authors":"Falcone, R. and Lancaster, T","date_accessed":"2019-07-09T00:00:00Z","date_published":"2019-05-28T00:00:00Z","owner_name":null,"tidal_id":"e08ce9c5-22ac-598e-b146-1174c5e9df07","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419024Z"},{"id":"580ce22f-b76b-4a92-9fab-26ce8f449ab6","name":"Emissary Trojan Feb 2016","description":"Falcone, R. and Miller-Osborn, J. (2016, February 3). Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?. Retrieved February 15, 2016.","url":"http://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-did-operation-lotus-blossom-cause-it-to-evolve/","source":"MITRE","title":"Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?","authors":"Falcone, R. and Miller-Osborn, J","date_accessed":"2016-02-15T00:00:00Z","date_published":"2016-02-03T00:00:00Z","owner_name":null,"tidal_id":"a25018ff-1a92-564b-a326-692a814b8e3d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439646Z"},{"id":"138a6cd4-36f9-41fd-a724-2b600dc6bf85","name":"orangecyberdefense.com August 14 2024","description":"orangecyberdefense.com. (2024, August 14). Emmenhtal a little-known loader distributing commodity infostealers worldwide. Retrieved August 25, 2024.","url":"https://www.orangecyberdefense.com/global/blog/cert-news/emmenhtal-a-little-known-loader-distributing-commodity-infostealers-worldwide","source":"Tidal Cyber","title":"Emmenhtal a little-known loader distributing commodity infostealers worldwide","authors":"orangecyberdefense.com","date_accessed":"2024-08-25T00:00:00Z","date_published":"2024-08-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b171bd26-edb2-54a8-981c-a8de0f358063","created":"2024-10-14T19:18:55.051420Z","modified":"2024-10-14T19:18:55.218003Z"},{"id":"0bd01e6c-6fb5-4bae-9fe9-395de061c1da","name":"Sophos Emotet Apr 2019","description":"Brandt, A.. (2019, May 5). Emotet 101, stage 4: command and control. Retrieved April 16, 2019.","url":"https://news.sophos.com/en-us/2019/03/05/emotet-101-stage-4-command-and-control/","source":"MITRE","title":"Emotet 101, stage 4: command and control","authors":"Brandt, A.","date_accessed":"2019-04-16T00:00:00Z","date_published":"2019-05-05T00:00:00Z","owner_name":null,"tidal_id":"cc8e47dd-40f7-5e59-9cf1-dffc5a6ae053","created":"2022-12-14T20:06:32.013016Z","modified":"2024-10-31T16:28:38.885203Z"},{"id":"8016eca2-f702-4081-83ba-06262c29e6c2","name":"Deep Instinct March 10 2023","description":"Deep Instinct. (2023, March 10). Emotet Again! The First Malspam Wave of 2023 | Deep Instinct. Retrieved May 7, 2023.","url":"https://www.deepinstinct.com/blog/emotet-again-the-first-malspam-wave-of-2023","source":"Tidal Cyber","title":"Emotet Again! The First Malspam Wave of 2023 | Deep Instinct","authors":"Deep Instinct","date_accessed":"2023-05-07T00:00:00Z","date_published":"2023-03-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b7bc508b-f266-5242-9e5a-eab8e268c5b0","created":"2024-06-13T20:10:16.256180Z","modified":"2024-06-13T20:10:16.445807Z"},{"id":"8dc7653f-84ef-4f0a-91f6-9b10ff50b756","name":"CIS Emotet Apr 2017","description":"CIS. (2017, April 28). Emotet Changes TTPs and Arrives in United States. Retrieved January 17, 2019.","url":"https://www.cisecurity.org/blog/emotet-changes-ttp-and-arrives-in-united-states/","source":"MITRE","title":"Emotet Changes TTPs and Arrives in United States","authors":"CIS","date_accessed":"2019-01-17T00:00:00Z","date_published":"2017-04-28T00:00:00Z","owner_name":null,"tidal_id":"c1e519f4-d064-5da5-aa0d-67618c6eac60","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417665Z"},{"id":"05e624ee-c53d-5cd1-8fd2-6b2d38344bfd","name":"Binary Defense Emotes Wi-Fi Spreader","description":"Binary Defense. (n.d.). Emotet Evolves With new Wi-Fi Spreader. Retrieved September 8, 2023.","url":"https://www.binarydefense.com/resources/blog/emotet-evolves-with-new-wi-fi-spreader/","source":"MITRE","title":"Emotet Evolves With new Wi-Fi Spreader","authors":"Binary Defense","date_accessed":"2023-09-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"414269bf-c860-55fc-a907-015c5e6ea75e","created":"2023-11-07T00:36:01.885998Z","modified":"2025-12-17T15:08:36.428962Z"},{"id":"e954c9aa-4995-452c-927e-11d0a6e2f442","name":"ESET Emotet Nov 2018","description":"ESET . (2018, November 9). Emotet launches major new spam campaign. Retrieved March 25, 2019.","url":"https://www.welivesecurity.com/2018/11/09/emotet-launches-major-new-spam-campaign/","source":"MITRE","title":"Emotet launches major new spam campaign","authors":"ESET","date_accessed":"2019-03-25T00:00:00Z","date_published":"2018-11-09T00:00:00Z","owner_name":null,"tidal_id":"e8ca1b57-7ef0-5235-8790-ac2dcf7ed294","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417687Z"},{"id":"36b41ab3-2a3d-5f5f-86ad-bc4cf810b4ba","name":"emotet_hc3_nov2023","description":"Office of Information Security, Health Sector Cybersecurity Coordination Center. (2023, November 16). Emotet Malware: The Enduring and Persistent Threat to the Health Sector. Retrieved June 19, 2024.","url":"https://www.hhs.gov/sites/default/files/emotet-the-enduring-and-persistent-threat-to-the-hph-tlpclear.pdf","source":"MITRE","title":"Emotet Malware: The Enduring and Persistent Threat to the Health Sector","authors":"Office of Information Security, Health Sector Cybersecurity Coordination Center","date_accessed":"2024-06-19T00:00:00Z","date_published":"2023-11-16T00:00:00Z","owner_name":null,"tidal_id":"9f557073-ac3a-501f-b2d9-60c12277dc5a","created":"2024-10-31T16:28:36.624693Z","modified":"2025-12-17T15:08:36.441161Z"},{"id":"150327e6-db4b-4588-8cf2-ee131569150b","name":"Trend Micro Emotet 2020","description":"Cybercrime & Digital Threat Team. (2020, February 13). Emotet Now Spreads via Wi-Fi. Retrieved February 16, 2022.","url":"https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/emotet-now-spreads-via-wi-fi","source":"MITRE","title":"Emotet Now Spreads via Wi-Fi","authors":"Cybercrime & Digital Threat Team","date_accessed":"2022-02-16T00:00:00Z","date_published":"2020-02-13T00:00:00Z","owner_name":null,"tidal_id":"ed6760b2-38c7-5707-afb8-de3cddda1632","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424332Z"},{"id":"83180391-89b6-4431-87f4-2703b47cb81b","name":"Talos Emotet Jan 2019","description":"Brumaghin, E.. (2019, January 15). Emotet re-emerges after the holidays. Retrieved March 25, 2019.","url":"https://blog.talosintelligence.com/2019/01/return-of-emotet.html","source":"MITRE","title":"Emotet re-emerges after the holidays","authors":"Brumaghin, E.","date_accessed":"2019-03-25T00:00:00Z","date_published":"2019-01-15T00:00:00Z","owner_name":null,"tidal_id":"bd7e1826-fb0f-53f2-b561-896a1822575b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417658Z"},{"id":"6d39aba3-ae77-4a95-8242-7dacae8c89d8","name":"Cybersécurité - INTRINSEC January 09 2023","description":"Equipe cti. (2023, January 9). Emotet returns and deploys loaders. Retrieved May 7, 2023.","url":"https://www.intrinsec.com/emotet-returns-and-deploys-loaders/","source":"Tidal Cyber","title":"Emotet returns and deploys loaders","authors":"Equipe cti","date_accessed":"2023-05-07T00:00:00Z","date_published":"2023-01-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4135d142-e485-5c8b-864d-eefd80b0af2f","created":"2024-06-13T20:10:16.635876Z","modified":"2024-06-13T20:10:17.054416Z"},{"id":"6f9050d9-e960-50dd-86a9-aee5fd100d9c","name":"emotet_trendmicro_mar2023","description":"Kenefick, I. (2023, March 13). Emotet Returns, Now Adopts Binary Padding for Evasion. Retrieved June 19, 2024.","url":"https://www.trendmicro.com/en_us/research/23/c/emotet-returns-now-adopts-binary-padding-for-evasion.html","source":"MITRE","title":"Emotet Returns, Now Adopts Binary Padding for Evasion","authors":"Kenefick, I","date_accessed":"2024-06-19T00:00:00Z","date_published":"2023-03-13T00:00:00Z","owner_name":null,"tidal_id":"cf6194e1-07d7-51b2-92be-64acb26e611a","created":"2024-10-31T16:28:36.057762Z","modified":"2025-12-17T15:08:36.440569Z"},{"id":"02e6c7bf-f81c-53a3-b771-fd77d4cdb5a0","name":"Emotet shutdown","description":"The DFIR Report. (2022, November 8). Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware. Retrieved March 6, 2023.","url":"https://thedfirreport.com/2022/11/28/emotet-strikes-again-lnk-file-leads-to-domain-wide-ransomware/","source":"MITRE","title":"Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware","authors":"The DFIR Report","date_accessed":"2023-03-06T00:00:00Z","date_published":"2022-11-08T00:00:00Z","owner_name":null,"tidal_id":"b80c5955-f950-53cb-a706-5525d622e0e6","created":"2023-05-26T01:21:04.713277Z","modified":"2025-12-17T15:08:36.428183Z"},{"id":"db8fe753-d674-4668-9ee5-c1269085a7a1","name":"Carbon Black Emotet Apr 2019","description":"Lee, S.. (2019, April 24). Emotet Using WMI to Launch PowerShell Encoded Code. Retrieved May 24, 2019.","url":"https://www.carbonblack.com/2019/04/24/cb-tau-threat-intelligence-notification-emotet-utilizing-wmi-to-launch-powershell-encoded-code/","source":"MITRE","title":"Emotet Using WMI to Launch PowerShell Encoded Code","authors":"Lee, S.","date_accessed":"2019-05-24T00:00:00Z","date_published":"2019-04-24T00:00:00Z","owner_name":null,"tidal_id":"40a4545e-d350-5a35-832c-4526a7ca09f2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440519Z"},{"id":"578e44f2-9ff5-4bed-8dee-a992711df8ce","name":"DanielManea Emotet May 2017","description":"Manea, D.. (2019, May 25). Emotet v4 Analysis. Retrieved April 16, 2019.","url":"https://danielmanea.com/category/reverseengineering/","source":"MITRE","title":"Emotet v4 Analysis","authors":"Manea, D.","date_accessed":"2019-04-16T00:00:00Z","date_published":"2019-05-25T00:00:00Z","owner_name":null,"tidal_id":"e51c84ed-c1f8-5d96-a800-f06b748ecb1b","created":"2022-12-14T20:06:32.013016Z","modified":"2024-10-31T16:28:38.890629Z"},{"id":"41075230-73a2-4195-b716-379f9e5ae93b","name":"Empire Keychain Decrypt","description":"Empire. (2018, March 8). Empire keychaindump_decrypt Module. Retrieved April 14, 2022.","url":"https://github.com/EmpireProject/Empire/blob/08cbd274bef78243d7a8ed6443b8364acd1fc48b/lib/modules/python/collection/osx/keychaindump_decrypt.py","source":"MITRE","title":"Empire keychaindump_decrypt Module","authors":"Empire","date_accessed":"2022-04-14T00:00:00Z","date_published":"2018-03-08T00:00:00Z","owner_name":null,"tidal_id":"eaf28461-b269-5ae4-a00c-3d4af16b5526","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425962Z"},{"id":"2908418d-54cf-4245-92c6-63f616b04e91","name":"Github EmpireProject CreateHijacker Dylib","description":"Wardle, P., Ross, C. (2018, April 8). EmpireProject Create Dylib Hijacker. Retrieved April 1, 2021.","url":"https://github.com/EmpireProject/Empire/blob/08cbd274bef78243d7a8ed6443b8364acd1fc48b/lib/modules/python/persistence/osx/CreateHijacker.py","source":"MITRE","title":"EmpireProject Create Dylib Hijacker","authors":"Wardle, P., Ross, C","date_accessed":"2021-04-01T00:00:00Z","date_published":"2018-04-08T00:00:00Z","owner_name":null,"tidal_id":"245e2eeb-a13a-5bae-929f-d66560e0a8da","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436790Z"},{"id":"c83e8833-9648-4178-b5be-6fa0af8f737f","name":"Github EmpireProject HijackScanner","description":"Wardle, P., Ross, C. (2017, September 21). Empire Project Dylib Hijack Vulnerability Scanner. Retrieved April 1, 2021.","url":"https://github.com/EmpireProject/Empire/blob/master/lib/modules/python/situational_awareness/host/osx/HijackScanner.py","source":"MITRE","title":"Empire Project Dylib Hijack Vulnerability Scanner","authors":"Wardle, P., Ross, C","date_accessed":"2021-04-01T00:00:00Z","date_published":"2017-09-21T00:00:00Z","owner_name":null,"tidal_id":"eb0c9abd-4eea-5e74-a01a-c8b3572d8310","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436785Z"},{"id":"d05921d0-16f3-5ab4-837c-52a2df098a24","name":"ATTACKIQ MUSTANG PANDA TONESHELL March 2023","description":"Ken Towne, Francis Guibernau. (2023, March 23). Emulating the Politically Motivated Chinese APT Mustang Panda. Retrieved September 10, 2025.","url":"https://www.attackiq.com/2023/03/23/emulating-the-politically-motivated-chinese-apt-mustang-panda/","source":"MITRE","title":"Emulating the Politically Motivated Chinese APT Mustang Panda","authors":"Ken Towne, Francis Guibernau","date_accessed":"2025-09-10T00:00:00Z","date_published":"2023-03-23T00:00:00Z","owner_name":null,"tidal_id":"ac61a6cf-afe2-5066-b2f2-afa5c6bb1fe7","created":"2025-10-29T21:08:48.164840Z","modified":"2025-12-17T15:08:36.417366Z"},{"id":"1cb445f6-a366-4ae6-a698-53da6c61b4c9","name":"Microsoft ASR Nov 2017","description":"Brower, N. & D'Souza-Wiltshire, I. (2017, November 9). Enable Attack surface reduction. Retrieved February 3, 2018.","url":"https://docs.microsoft.com/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction","source":"MITRE","title":"Enable Attack surface reduction","authors":"Brower, N. & D'Souza-Wiltshire, I","date_accessed":"2018-02-03T00:00:00Z","date_published":"2017-11-09T00:00:00Z","owner_name":null,"tidal_id":"6cb9d066-5d0f-586f-8b72-773d812f8c66","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415944Z"},{"id":"c04153f9-d4c7-4349-9bef-3f883eec0028","name":"Microsoft TESTSIGNING Feb 2021","description":"Microsoft. (2021, February 15). Enable Loading of Test Signed Drivers. Retrieved April 22, 2021.","url":"https://docs.microsoft.com/en-us/windows-hardware/drivers/install/the-testsigning-boot-configuration-option","source":"MITRE","title":"Enable Loading of Test Signed Drivers","authors":"Microsoft","date_accessed":"2021-04-22T00:00:00Z","date_published":"2021-02-15T00:00:00Z","owner_name":null,"tidal_id":"99de9fa8-c73d-524f-abcd-e3ee111963a5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429856Z"},{"id":"1aeac4da-f5fd-4fa3-9cc0-b1a50427c121","name":"Microsoft Disable DCOM","description":"Microsoft. (n.d.). Enable or Disable DCOM. Retrieved November 22, 2017.","url":"https://technet.microsoft.com/library/cc771387.aspx","source":"MITRE","title":"Enable or Disable DCOM","authors":"Microsoft","date_accessed":"2017-11-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"265c6037-a0e4-518c-8096-030e120acd54","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415988Z"},{"id":"cfe592a1-c06d-4555-a30f-c5d533dfd73e","name":"Microsoft Disable Macros","description":"Microsoft. (n.d.). Enable or disable macros in Office files. Retrieved September 13, 2018.","url":"https://support.office.com/article/enable-or-disable-macros-in-office-files-12b036fd-d140-4e74-b45e-16fed1a7e5c6","source":"MITRE","title":"Enable or disable macros in Office files","authors":"Microsoft","date_accessed":"2018-09-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ca5375ac-653a-5786-8c07-ba383dcb0584","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416275Z"},{"id":"331d59e3-ce7f-483c-b77d-001c8a9ae1df","name":"Microsoft Remote","description":"Microsoft. (n.d.). Enable the Remote Registry Service. Retrieved May 1, 2015.","url":"https://technet.microsoft.com/en-us/library/cc754820.aspx","source":"MITRE","title":"Enable the Remote Registry Service","authors":"Microsoft","date_accessed":"2015-05-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1a765dcb-cb2b-5ce3-a40d-cf600a037cd2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429948Z"},{"id":"b6574aa6-2703-5447-98bf-e76b2f0f82fd","name":"Broadcom ESXi Lockdown Mode","description":"Broadcom. (2025, February 12). Enabling or disabling Lockdown mode on an ESXi host. Retrieved March 27, 2025.","url":"https://knowledge.broadcom.com/external/article/336894/enabling-or-disabling-lockdown-mode-on-a.html","source":"MITRE","title":"Enabling or disabling Lockdown mode on an ESXi host","authors":"Broadcom","date_accessed":"2025-03-27T00:00:00Z","date_published":"2025-02-12T00:00:00Z","owner_name":null,"tidal_id":"57801f6e-49dc-51ff-b071-4a1373c3a25a","created":"2025-04-22T20:47:32.457601Z","modified":"2025-12-17T15:08:36.442577Z"},{"id":"a729519d-8c9f-477c-b992-434076a9d294","name":"PCMag DoubleExtension","description":"PCMag. (n.d.). Encyclopedia: double extension. Retrieved August 4, 2021.","url":"https://www.pcmag.com/encyclopedia/term/double-extension","source":"MITRE","title":"Encyclopedia: double extension","authors":"PCMag","date_accessed":"2021-08-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e0d3e86c-d296-5d3f-8e4a-7d0c1184cb69","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425206Z"},{"id":"7787289d-f636-5a26-b182-cd1015879007","name":"Microsoft Entra ID App Passwords","description":"Microsoft. (2023, October 23). Enforce Microsoft Entra multifactor authentication with legacy applications using app passwords. Retrieved May 28, 2024.","url":"https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-app-passwords","source":"MITRE","title":"Enforce Microsoft Entra multifactor authentication with legacy applications using app passwords","authors":"Microsoft","date_accessed":"2024-05-28T00:00:00Z","date_published":"2023-10-23T00:00:00Z","owner_name":null,"tidal_id":"194a71a7-2b06-568b-a204-c4e90836dc0b","created":"2024-10-31T16:28:23.593062Z","modified":"2025-12-17T15:08:36.432424Z"},{"id":"8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f","name":"FireEye Periscope March 2018","description":"FireEye. (2018, March 16). Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries. Retrieved April 11, 2018.","url":"https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html","source":"MITRE","title":"Engineering and Maritime Industries","authors":"FireEye. (2018, March 16)","date_accessed":"2018-04-11T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e4c2e7b2-18ad-582c-995e-5b81ddad1e1e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416619Z"},{"id":"b930e838-649b-42ab-86dc-0443667276de","name":"NCCIC AR-17-20045 February 2017","description":"NCCIC. (2017, February 10). Enhanced Analysis of GRIZZLY STEPPE Activity. Retrieved April 12, 2021.","url":"https://us-cert.cisa.gov/sites/default/files/publications/AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf","source":"MITRE","title":"Enhanced Analysis of GRIZZLY STEPPE Activity","authors":"NCCIC","date_accessed":"2021-04-12T00:00:00Z","date_published":"2017-02-10T00:00:00Z","owner_name":null,"tidal_id":"2eca7052-3d73-5f79-a891-f6eeb657e81a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418184Z"},{"id":"a2016103-ead7-46b3-bae5-aa97c45a12b7","name":"ESET Sednit Part 1","description":"ESET. (2016, October). En Route with Sednit - Part 1: Approaching the Target. Retrieved November 8, 2016.","url":"http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf","source":"MITRE","title":"En Route with Sednit - Part 1: Approaching the Target","authors":"ESET","date_accessed":"2016-11-08T00:00:00Z","date_published":"2016-10-01T00:00:00Z","owner_name":null,"tidal_id":"5723fe8a-3711-59dd-b491-2d1d5eb8eb6c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420122Z"},{"id":"aefb9eda-df5a-437f-af2a-ec1b6c04628b","name":"ESET Sednit Part 2","description":"ESET. (2016, October). En Route with Sednit - Part 2: Observing the Comings and Goings. Retrieved November 21, 2016.","url":"http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf","source":"MITRE","title":"En Route with Sednit - Part 2: Observing the Comings and Goings","authors":"ESET","date_accessed":"2016-11-21T00:00:00Z","date_published":"2016-10-01T00:00:00Z","owner_name":null,"tidal_id":"0dfb3425-9519-52ff-8833-ea829013cf6b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419550Z"},{"id":"7c2be444-a947-49bc-b5f6-8f6bec870c6a","name":"ESET Sednit Part 3","description":"ESET. (2016, October). En Route with Sednit - Part 3: A Mysterious Downloader. Retrieved November 21, 2016.","url":"http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part3.pdf","source":"MITRE","title":"En Route with Sednit - Part 3: A Mysterious Downloader","authors":"ESET","date_accessed":"2016-11-21T00:00:00Z","date_published":"2016-10-01T00:00:00Z","owner_name":null,"tidal_id":"66d638bd-7fd2-50cc-975a-d75110046b05","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416789Z"},{"id":"1ae3af0b-3228-471f-9095-f4d9eb95d71d","name":"PayHere Incident May 1 2022","description":"PayHere. (2022, May 1). Ensuring Integrity on PayHere Cybersecurity Incident. Retrieved January 20, 2026.","url":"https://blog.payhere.lk/ensuring-integrity-on-payhere-cybersecurity-incident/","source":"Tidal Cyber","title":"Ensuring Integrity on PayHere Cybersecurity Incident","authors":"PayHere","date_accessed":"2026-01-20T12:00:00Z","date_published":"2022-05-01T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8a2017dd-cead-5114-85c7-7789248eb837","created":"2026-01-23T20:29:39.837304Z","modified":"2026-01-23T20:29:39.986454Z"},{"id":"ad3eda19-08eb-4d59-a2c9-3b5ed8302205","name":"Google Ensuring Your Information is Safe","description":"Google. (2011, June 1). Ensuring your information is safe online. Retrieved April 1, 2022.","url":"https://googleblog.blogspot.com/2011/06/ensuring-your-information-is-safe.html","source":"MITRE","title":"Ensuring your information is safe online","authors":"Google","date_accessed":"2022-04-01T00:00:00Z","date_published":"2011-06-01T00:00:00Z","owner_name":null,"tidal_id":"7e30d916-70bf-5b52-9463-fd7b40f11722","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435911Z"},{"id":"dd36eb97-89df-59d5-b6fd-db2a06e3085f","name":"Enterprise ATT&CK January 2018","description":"Enterprise ATT&CK 2018, January 11 Command-Line Interface. Retrieved 2018/05/17","url":"https://attack.mitre.org/wiki/Technique/T1059","source":"ICS","title":"Enterprise ATT&CK January 2018","authors":"","date_accessed":"2018-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5e00147d-5544-570f-a9cf-fb5dd26a5f84","created":"2026-01-28T13:08:18.176632Z","modified":"2026-01-28T13:08:18.176635Z"},{"id":"28c12929-1eca-5d55-bfb2-4cf36bad640e","name":"Enterprise ATT&CK October 2019","description":"Enterprise ATT&CK 2019, October 25 Spearphishing Attachment. Retrieved 2019/10/25","url":"https://attack.mitre.org/techniques/T1193/","source":"ICS","title":"Enterprise ATT&CK October 2019","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c3b6fae7-5461-5132-804e-b688278ab6b4","created":"2026-01-28T13:08:18.177181Z","modified":"2026-01-28T13:08:18.177184Z"},{"id":"1b9b5c48-d504-4c73-aedc-37e935c47f17","name":"Fortinet Blog November 13 2018","description":"Fortinet Blog. (2018, November 13). Enter The DarkGate - New Cryptocurrency Mining and Ransomware Campaign. Retrieved October 20, 2023.","url":"https://www.fortinet.com/blog/threat-research/enter-the-darkgate-new-cryptocurrency-mining-and-ransomware-campaign","source":"Tidal Cyber","title":"Enter The DarkGate - New Cryptocurrency Mining and Ransomware Campaign","authors":"Fortinet Blog","date_accessed":"2023-10-20T00:00:00Z","date_published":"2018-11-13T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"25350d99-fea1-59b3-93bc-ce4edf3d4ab6","created":"2024-01-26T18:00:34.704827Z","modified":"2024-01-26T18:00:34.827843Z"},{"id":"31796564-4154-54c0-958a-7d6802dfefad","name":"Ensilo Darkgate 2018","description":"Adi Zeligson & Rotem Kerner. (2018, November 13). Enter The DarkGate - New Cryptocurrency Mining and Ransomware Campaign. Retrieved February 9, 2024.","url":"https://www.fortinet.com/blog/threat-research/enter-the-darkgate-new-cryptocurrency-mining-and-ransomware-campaign","source":"MITRE","title":"Enter The DarkGate - New Cryptocurrency Mining and Ransomware Campaign","authors":"Adi Zeligson & Rotem Kerner","date_accessed":"2024-02-09T00:00:00Z","date_published":"2018-11-13T00:00:00Z","owner_name":null,"tidal_id":"44fffc78-7397-5fe8-8bf1-4af63e2d9072","created":"2024-04-25T13:28:48.073151Z","modified":"2025-12-17T15:08:36.419423Z"},{"id":"a45a920c-3bda-4442-8650-4ad78f950283","name":"Splunk DarkGate January 17 2024","description":"Splunk Threat Research Team. (2024, January 17). Enter The Gates: An Analysis of the DarkGate AutoIt Loader. Retrieved January 24, 2024.","url":"https://www.splunk.com/en_us/blog/security/enter-the-gates-an-analysis-of-the-darkgate-autoit-loader.html","source":"Tidal Cyber","title":"Enter The Gates: An Analysis of the DarkGate AutoIt Loader","authors":"Splunk Threat Research Team","date_accessed":"2024-01-24T00:00:00Z","date_published":"2024-01-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"89e84684-f777-5d49-8178-df42293a43b9","created":"2024-01-26T18:00:36.172497Z","modified":"2024-01-26T18:00:36.296135Z"},{"id":"adc6384c-e0d7-547f-a1e3-2c57ff0525ae","name":"Splunk DarkGate","description":"Splunk Threat Research Team. (2024, January 17). Enter The Gates: An Analysis of the DarkGate AutoIt Loader. Retrieved March 29, 2024.","url":"https://www.splunk.com/en_us/blog/security/enter-the-gates-an-analysis-of-the-darkgate-autoit-loader.html","source":"MITRE","title":"Enter The Gates: An Analysis of the DarkGate AutoIt Loader","authors":"Splunk Threat Research Team","date_accessed":"2024-03-29T00:00:00Z","date_published":"2024-01-17T00:00:00Z","owner_name":null,"tidal_id":"f9a3e62c-9eb8-5aff-a31b-8bec34a77f5e","created":"2024-04-25T13:28:33.035719Z","modified":"2025-12-17T15:08:36.428024Z"},{"id":"2d227339-250d-468c-b6da-a034754bc995","name":"Portcullis Labs September 16 2008","description":"MRL. (2008, September 16). enum4linux - Portcullis Labs. Retrieved December 19, 2024.","url":"https://labs.portcullis.co.uk/tools/enum4linux/","source":"Tidal Cyber","title":"enum4linux - Portcullis Labs","authors":"MRL","date_accessed":"2024-12-19T00:00:00Z","date_published":"2008-09-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"71918b1e-adab-5cc6-84ae-8a5a74c10633","created":"2025-04-11T15:06:13.975090Z","modified":"2025-04-11T15:06:14.193442Z"},{"id":"647ffc70-8eab-5f2f-abf4-9bbf42554043","name":"Microsoft EnumDeviceDrivers","description":"Microsoft. (2021, October 12). EnumDeviceDrivers function (psapi.h). Retrieved March 28, 2023.","url":"https://learn.microsoft.com/windows/win32/api/psapi/nf-psapi-enumdevicedrivers","source":"MITRE","title":"EnumDeviceDrivers function (psapi.h)","authors":"Microsoft","date_accessed":"2023-03-28T00:00:00Z","date_published":"2021-10-12T00:00:00Z","owner_name":null,"tidal_id":"4a3b5cf5-2568-5469-b4b6-98c287736c00","created":"2023-05-26T01:21:02.586706Z","modified":"2025-12-17T15:08:36.426199Z"},{"id":"ef7409d2-af39-4ad8-8469-76f0165687bd","name":"EK Clueless Agents","description":"Riordan, J., Schneier, B. (1998, June 18). Environmental Key Generation towards Clueless Agents. Retrieved January 18, 2019.","url":"https://www.schneier.com/academic/paperfiles/paper-clueless-agents.pdf","source":"MITRE","title":"Environmental Key Generation towards Clueless Agents","authors":"Riordan, J., Schneier, B","date_accessed":"2019-01-18T00:00:00Z","date_published":"1998-06-18T00:00:00Z","owner_name":null,"tidal_id":"5ed3762f-6379-5e94-8fce-eec5dcc9c73b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436345Z"},{"id":"af842a1f-8f39-4b4f-b4d2-0bbb810e6c31","name":"Deloitte Environment Awareness","description":"Torello, A. & Guibernau, F. (n.d.). Environment Awareness. Retrieved September 13, 2024.","url":"https://drive.google.com/file/d/1t0jn3xr4ff2fR30oQAUn_RsWSnMpOAQc/edit","source":"MITRE","title":"Environment Awareness","authors":"Torello, A. & Guibernau, F","date_accessed":"2024-09-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8ed6ad65-706d-58ea-b645-d54ef78ff703","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426711Z"},{"id":"64598969-864d-4bc7-805e-c289cccb7bc6","name":"Microsoft Environment Property","description":"Microsoft. (2011, October 24). Environment Property. Retrieved July 27, 2016.","url":"https://docs.microsoft.com/en-us/previous-versions//fd7hxfdd(v=vs.85)?redirectedfrom=MSDN","source":"MITRE","title":"Environment Property","authors":"Microsoft","date_accessed":"2016-07-27T00:00:00Z","date_published":"2011-10-24T00:00:00Z","owner_name":null,"tidal_id":"f72f9d37-b4f4-5fab-8f63-e0a4bfcc6587","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430057Z"},{"id":"79ea888c-2dd7-40cb-9149-e2469a35ea3a","name":"MSDN Environment Property","description":"Microsoft. (n.d.). Environment Property. Retrieved July 27, 2016.","url":"https://msdn.microsoft.com/en-us/library/fd7hxfdd.aspx","source":"MITRE","title":"Environment Property","authors":"Microsoft","date_accessed":"2016-07-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8a41435f-518c-52e7-ae66-b792f4babe05","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434428Z"},{"id":"44879a86-9eda-4934-bfc4-cbc643ab113a","name":"Envoy Panda Profile","description":"CrowdStrike. (n.d.). Envoy Panda Profile. Retrieved February 28, 2025.","url":"https://www.crowdstrike.com/adversaries/envoy-panda/","source":"Tidal Cyber","title":"Envoy Panda Profile","authors":"CrowdStrike","date_accessed":"2025-02-28T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"76fe4da6-6e24-59fe-8e6a-75035d5889a5","created":"2025-03-04T15:54:55.382324Z","modified":"2025-03-04T15:54:55.558066Z"},{"id":"34674802-fbd9-4cdb-8611-c58665c430e5","name":"Kaspersky Equation QA","description":"Kaspersky Lab's Global Research and Analysis Team. (2015, February). Equation Group: Questions and Answers. Retrieved December 21, 2015.","url":"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064459/Equation_group_questions_and_answers.pdf","source":"MITRE, Tidal Cyber","title":"Equation Group: Questions and Answers","authors":"Kaspersky Lab's Global Research and Analysis Team","date_accessed":"2015-12-21T00:00:00Z","date_published":"2015-02-01T00:00:00Z","owner_name":null,"tidal_id":"f8bf5c56-e511-5dfb-9426-87d6c6228c66","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.275958Z"},{"id":"4c90eba9-118e-5d50-ad58-27bcb0e1e228","name":"erase_cmd_cisco","description":"Cisco. (2022, August 16). erase - Cisco IOS Configuration Fundamentals Command Reference . Retrieved July 13, 2022.","url":"https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/D_through_E.html#wp3557227463","source":"MITRE","title":"erase - Cisco IOS Configuration Fundamentals Command Reference","authors":"Cisco","date_accessed":"2022-07-13T00:00:00Z","date_published":"2022-08-16T00:00:00Z","owner_name":null,"tidal_id":"30c23447-07c1-59f1-b33c-acdfe84ddeb9","created":"2023-05-26T01:21:02.107836Z","modified":"2025-12-17T15:08:36.425711Z"},{"id":"239c2746-6c0d-5425-b417-091efab77a1f","name":"Nanjundaiah, Vaidyanath","description":"Nanjundaiah, Vaidyanath Dr. Kelvin T. Erickson 2010, December Programmable logic controller hardware. Retrieved 2018/03/29","url":"https://www.ezautomation.net/industry-articles/plc-ladder-logic-basics.htm","source":"ICS","title":"Erickson 2010, December Programmable logic controller hardware","authors":"Nanjundaiah, Vaidyanath Dr","date_accessed":"2018-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f339e0f4-ef6b-55ed-a786-ead256eab16a","created":"2026-01-28T13:08:18.176981Z","modified":"2026-01-28T13:08:18.176987Z"},{"id":"6391c3d2-529c-5e9b-8a04-930f872285f1","name":"Dr. Kelvin T. Erickson December 2010","description":"Dr. Kelvin T. Erickson 2010, December Programmable logic controller hardware. Retrieved November","url":"https://www.scribd.com/document/458637574/Programmable-Logic-Controllers","source":"ICS","title":"Erickson 2010, December Programmable logic controller hardware","authors":"Dr","date_accessed":"1978-11-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"465be28a-65ac-53f9-a47f-1341c6831a34","created":"2026-01-28T13:08:18.176957Z","modified":"2026-01-28T13:08:18.176960Z"},{"id":"8248917a-9afd-4ec6-a086-1a97a68deff1","name":"Container Escape","description":"0xn3va. (n.d.). Escaping. Retrieved May 27, 2022.","url":"https://0xn3va.gitbook.io/cheat-sheets/container/escaping","source":"MITRE","title":"Escaping","authors":"0xn3va","date_accessed":"2022-05-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9af0f77d-778d-5ff9-8218-44cedccc9715","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429041Z"},{"id":"5b28245c-b0db-5346-b994-52e2f6c7fe1e","name":"SIGTTO ESD 2021","description":"Society of International Gas Tanker & Terminal Operators Ltd. (2021). ESD Systems: Recommendations for Emergency Shutdown and Related Safety Systems (Second Edition). Retrieved September","url":"https://sigtto.org/media/3457/sigtto-2021-esd-systems.pdf","source":"ICS","title":"ESD Systems: Recommendations for Emergency Shutdown and Related Safety Systems (Second Edition)","authors":"Society of International Gas Tanker & Terminal Operators Ltd","date_accessed":"1978-09-01T00:00:00Z","date_published":"2021-01-01T00:00:00Z","owner_name":null,"tidal_id":"de08afbc-6e1f-575c-b7d8-9fe611b1e3a0","created":"2026-01-28T13:08:18.178628Z","modified":"2026-01-28T13:08:18.178631Z"},{"id":"f346f327-f0e4-4405-bf3c-c0723c23384f","name":"eSentire November 13 2025","description":"None Identified. (2025, November 13). eSentire | EVALUSION Campaign Delivers Amatera Stealer and NetSupport…. Retrieved November 21, 2025.","url":"https://www.esentire.com/blog/evalusion-campaign-delivers-amatera-stealer-and-netsupport-rat","source":"Tidal Cyber","title":"eSentire | EVALUSION Campaign Delivers Amatera Stealer and NetSupport…","authors":"None Identified","date_accessed":"2025-11-21T12:00:00Z","date_published":"2025-11-13T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8f62a049-4e66-5fb9-b812-dd6f651073c2","created":"2025-12-10T14:13:41.045165Z","modified":"2025-12-10T14:13:41.199049Z"},{"id":"08fb9e84-495f-4710-bd1e-417eb8191a10","name":"Microsoft Esentutl","description":"Microsoft. (2016, August 30). Esentutl. Retrieved September 3, 2019.","url":"https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh875546(v=ws.11)","source":"MITRE","title":"Esentutl","authors":"Microsoft","date_accessed":"2019-09-03T00:00:00Z","date_published":"2016-08-30T00:00:00Z","owner_name":null,"tidal_id":"717ff706-817b-5f7b-95be-a9736f4e77da","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423346Z"},{"id":"691b4907-3544-4ad0-989c-b5c845e0330f","name":"LOLBAS Esentutl","description":"LOLBAS. (n.d.). Esentutl.exe. Retrieved September 3, 2019.","url":"https://lolbas-project.github.io/lolbas/Binaries/Esentutl/","source":"MITRE","title":"Esentutl.exe","authors":"LOLBAS","date_accessed":"2019-09-03T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c9c4a6b1-d09e-535c-9de5-9839c33bb898","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424542Z"},{"id":"9dcb82fc-cfee-5176-b70e-a25e9d5a735f","name":"ESET April 2016","description":"ESET 2016, April 28 Malware found at a German nuclear power plant. Retrieved 2019/10/14","url":"https://www.welivesecurity.com/2016/04/28/malware-found-german-nuclear-power-plant/","source":"ICS","title":"ESET April 2016","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d09fefec-6c5c-5fb6-bfb6-5662a28a43e0","created":"2026-01-28T13:08:18.177990Z","modified":"2026-01-28T13:08:18.177993Z"},{"id":"896cc899-b667-4f9d-ba90-8650fb978535","name":"ESET APT Activity Report Q4 2023-Q1 2024","description":"ESET Research. (2024, May 14). ESET APT Activity Report Q4 2023-Q1 2024. Retrieved September 1, 2024.","url":"https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset-apt-activity-report-q4-2023-q1-2024.pdf","source":"Tidal Cyber","title":"ESET APT Activity Report Q4 2023-Q1 2024","authors":"ESET Research","date_accessed":"2024-09-01T00:00:00Z","date_published":"2024-05-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bbb4ab71-8d2c-5be1-92cc-02e7741284ef","created":"2024-09-04T12:49:08.136217Z","modified":"2024-09-04T12:49:08.377815Z"},{"id":"6d079207-a7c0-4023-b504-1010dd538221","name":"ESET Twitter Ida Pro Nov 2021","description":"Cherepanov, Anton. (2019, November 10). ESETresearch discovered a trojanized IDA Pro installer. Retrieved September 12, 2024.","url":"https://x.com/ESETresearch/status/1458438155149922312","source":"MITRE","title":"ESETresearch discovered a trojanized IDA Pro installer","authors":"Cherepanov, Anton","date_accessed":"2024-09-12T00:00:00Z","date_published":"2019-11-10T00:00:00Z","owner_name":null,"tidal_id":"f1866981-4dfc-5f25-b6a0-a142fbf237e7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440489Z"},{"id":"d583b409-35bd-45ea-8f2a-c0d566a6865b","name":"ESET PowerPool Code October 2020","description":"ESET Research. (2020, October 1). ESET Research Tweet Linking Slothfulmedia and PowerPool. Retrieved September 12, 2024.","url":"https://x.com/ESETresearch/status/1311762215490461696","source":"MITRE","title":"ESET Research Tweet Linking Slothfulmedia and PowerPool","authors":"ESET Research","date_accessed":"2024-09-12T00:00:00Z","date_published":"2020-10-01T00:00:00Z","owner_name":null,"tidal_id":"0cf2a527-dbc0-5b1d-9e47-c03e6b1c6a2a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422583Z"},{"id":"85e30151-c412-5b6f-a4c8-f48cea5cc954","name":"ESET Research Whitepapers September 2018","description":"ESET Research Whitepapers 2018, September LOJAX First UEFI rootkit found in the wild, courtesy of the Sednit group. Retrieved 2020/09/25","url":"https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf","source":"ICS","title":"ESET Research Whitepapers September 2018","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9d712258-c4d5-5427-b078-7b36ef30443e","created":"2026-01-28T13:08:18.178985Z","modified":"2026-01-28T13:08:18.178988Z"},{"id":"be169308-19e8-4ee9-8ff6-e08eb9291ef8","name":"ESET FinFisher Jan 2018","description":"Kafka, F. (2018, January). ESET's Guide to Deobfuscating and Devirtualizing FinFisher. Retrieved August 12, 2019.","url":"https://www.welivesecurity.com/wp-content/uploads/2018/01/WP-FinFisher.pdf","source":"MITRE","title":"ESET's Guide to Deobfuscating and Devirtualizing FinFisher","authors":"Kafka, F","date_accessed":"2019-08-12T00:00:00Z","date_published":"2018-01-01T00:00:00Z","owner_name":null,"tidal_id":"52f397fe-a621-54a1-accf-735ba43d19f9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431117Z"},{"id":"c3320c11-4631-4e02-8025-5c1e5b54e521","name":"ESET Trickbot Oct 2020","description":"Boutin, J. (2020, October 12). ESET takes part in global operation to disrupt Trickbot. Retrieved March 15, 2021.","url":"https://www.welivesecurity.com/2020/10/12/eset-takes-part-global-operation-disrupt-trickbot/","source":"MITRE","title":"ESET takes part in global operation to disrupt Trickbot","authors":"Boutin, J","date_accessed":"2021-03-15T00:00:00Z","date_published":"2020-10-12T00:00:00Z","owner_name":null,"tidal_id":"7d63fa56-b487-54e8-b720-78351b7835fb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440684Z"},{"id":"f86845b9-03c4-446b-845f-b31b79b247ee","name":"WeLiveSecurity April 19 2022","description":"Jean-Ian Boutin, Tomáš Procházka. (2022, April 19). ESET takes part in global operation to disrupt Zloader botnets | WeLiveSecurity. Retrieved May 10, 2023.","url":"https://www.welivesecurity.com/2022/04/13/eset-takes-part-global-operation-disrupt-zloader-botnets/","source":"Tidal Cyber","title":"ESET takes part in global operation to disrupt Zloader botnets | WeLiveSecurity","authors":"Jean-Ian Boutin, Tomáš Procházka","date_accessed":"2023-05-10T00:00:00Z","date_published":"2022-04-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fa2b3f67-1474-5bcf-9e4c-5b6a70b0df55","created":"2023-07-14T12:56:29.734663Z","modified":"2023-07-14T12:56:29.871265Z"},{"id":"a641a41c-dcd8-47e5-9b29-109dd2eb7f1e","name":"Riskiq Remcos Jan 2018","description":"Klijnsma, Y. (2018, January 23). Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors. Retrieved November 6, 2018.","url":"https://web.archive.org/web/20180124082756/https://www.riskiq.com/blog/labs/spear-phishing-turkish-defense-contractors/","source":"MITRE","title":"Espionage Campaign Leverages Spear Phishing, RATs Against Turkish Defense Contractors","authors":"Klijnsma, Y","date_accessed":"2018-11-06T00:00:00Z","date_published":"2018-01-23T00:00:00Z","owner_name":null,"tidal_id":"4c24f71a-234b-56b9-8d00-12e0739f4a20","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423089Z"},{"id":"2a1f452f-57b6-4764-b474-befa7787642d","name":"EventLog_Core_Technologies","description":"Core Technologies. (2021, May 24). Essential Windows Services: EventLog / Windows Event Log. Retrieved September 14, 2021.","url":"https://www.coretechnologies.com/blog/windows-services/eventlog/","source":"MITRE","title":"Essential Windows Services: EventLog / Windows Event Log","authors":"Core Technologies","date_accessed":"2021-09-14T00:00:00Z","date_published":"2021-05-24T00:00:00Z","owner_name":null,"tidal_id":"7df18c5e-cd74-5113-accc-542232ba11fd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429256Z"},{"id":"ebcabcff-0408-5e6c-b93c-af794a9ffbec","name":"Establishing persistence using extended attributes on Linux","description":"Irem Kuyucu. (2024, August 6). Establishing persistence using extended attributes on Linux. Retrieved March 27, 2025.","url":"https://kernal.eu/posts/linux-xattr-persistence/","source":"MITRE","title":"Establishing persistence using extended attributes on Linux","authors":"Irem Kuyucu","date_accessed":"2025-03-27T00:00:00Z","date_published":"2024-01-01T00:00:00Z","owner_name":null,"tidal_id":"84704715-ecbc-5f91-a282-9761039974b4","created":"2025-04-22T20:47:15.920739Z","modified":"2025-12-17T15:08:36.431282Z"},{"id":"1b612b14-8fcd-4e2a-ac4d-41190289471d","name":"ESXCLI Overview","description":"Vmware. (n.d.). ESXCLI Overview. Retrieved December 19, 2024.","url":"https://developer.vmware.com/web/tool/7.0/esxcli","source":"Tidal Cyber","title":"ESXCLI Overview","authors":"Vmware","date_accessed":"2024-12-19T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"3bc17634-7f26-5027-8f26-bbc72b3955ec","created":"2025-04-11T15:06:27.277346Z","modified":"2025-04-11T15:06:27.442033Z"},{"id":"456fc128-8d88-560d-8221-397b6dcfe134","name":"Broadcom ESXCLI Reference","description":"Broadcom. (n.d.). ESXCLI Reference. Retrieved March 27, 2025.","url":"https://developer.broadcom.com/xapis/esxcli-command-reference/latest/","source":"MITRE","title":"ESXCLI Reference","authors":"Broadcom","date_accessed":"2025-03-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"79e2bee1-ddb4-5ee2-be94-4b3800f98a0e","created":"2025-04-22T20:47:19.582647Z","modified":"2025-12-17T15:08:36.435029Z"},{"id":"cefcfd52-712e-549e-a4af-365ead492dca","name":"Recorded Future ESXiArgs Ransomware 2023","description":"German Hoeffner, Aaron Soehnen and Gianni Perez. (2023, February 7). ESXiArgs Ransomware Targets Publicly-Exposed ESXi OpenSLP Servers. Retrieved March 26, 2025.","url":"https://www.recordedfuture.com/blog/esxiargs-ransomware-targets-vmware-esxi-openslp-servers","source":"MITRE","title":"ESXiArgs Ransomware Targets Publicly-Exposed ESXi OpenSLP Servers","authors":"German Hoeffner, Aaron Soehnen and Gianni Perez","date_accessed":"2025-03-26T00:00:00Z","date_published":"2023-02-07T00:00:00Z","owner_name":null,"tidal_id":"767da37c-7d6d-541b-99ec-6d863708320c","created":"2025-04-22T20:47:12.912953Z","modified":"2025-12-17T15:08:36.428336Z"},{"id":"bb10b99f-af95-52fd-bf85-09d698d9b680","name":"Elastic ESXI Discovery via Find","description":"Elastic. (n.d.). ESXI Discovery via Find. Retrieved March 27, 2025.","url":"https://www.elastic.co/guide/en/security/current/esxi-discovery-via-find.html","source":"MITRE","title":"ESXI Discovery via Find","authors":"Elastic","date_accessed":"2025-03-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b4cdf511-e8ef-5e2a-817e-637e5765d65c","created":"2025-04-22T20:47:32.509186Z","modified":"2025-04-22T20:47:32.509194Z"},{"id":"bf9f968a-106b-543c-816f-74df7f18fe9b","name":"Elastic ESXI Discovery via Grep","description":"Elastic. (n.d.). ESXI Discovery via Grep. Retrieved March 27, 2025.","url":"https://www.elastic.co/guide/en/security/current/esxi-discovery-via-grep.html","source":"MITRE","title":"ESXI Discovery via Grep","authors":"Elastic","date_accessed":"2025-03-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c1c293ef-bf29-51f3-a09f-44d9d2a10ce1","created":"2025-04-22T20:47:32.516724Z","modified":"2025-04-22T20:47:32.516731Z"},{"id":"f4a98641-d76c-4f39-9cc2-4daf30cc1a56","name":"Huntress January 07 2026","description":"None Identified. (2026, January 7). ESXi Exploitation in the Wild | Huntress. Retrieved January 12, 2026.","url":"https://www.huntress.com/blog/esxi-vm-escape-exploit","source":"Tidal Cyber","title":"ESXi Exploitation in the Wild | Huntress","authors":"None Identified","date_accessed":"2026-01-12T12:00:00Z","date_published":"2026-01-07T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"18f75ecb-4cb2-5e4e-a4e5-04110e71f9e7","created":"2026-01-14T13:29:43.327158Z","modified":"2026-01-14T13:29:43.467822Z"},{"id":"f7d98c0a-b327-50b0-ac41-86becdb3b898","name":"Sygnia ESXi Ransomware 2024","description":"Nital Ruzin and Omer Kidron. (2024, May 15). ESXi Ransomware Attacks: Evolution, Impact, and Defense Strategy. Retrieved April 4, 2025.","url":"https://www.sygnia.co/blog/esxi-ransomware-attacks/","source":"MITRE","title":"ESXi Ransomware Attacks: Evolution, Impact, and Defense Strategy","authors":"Nital Ruzin and Omer Kidron","date_accessed":"2025-04-04T00:00:00Z","date_published":"2024-05-15T00:00:00Z","owner_name":null,"tidal_id":"2f2775bb-43f7-5d3e-bb7b-ecdc507a8442","created":"2025-04-22T20:47:31.108970Z","modified":"2025-12-17T15:08:36.441349Z"},{"id":"177dd788-33d1-53f8-9419-2af3a78269ba","name":"Sygnia ESXi Ransomware 2025","description":"Zhongyuan Hau (Aaron), Ren Jie Yow, and Yoav Mazor. (2025, January 21). ESXi Ransomware Attacks: Stealthy Persistence through. Retrieved March 27, 2025.","url":"https://www.sygnia.co/blog/esxi-ransomware-ssh-tunneling-defense-strategies/","source":"MITRE","title":"ESXi Ransomware Attacks: Stealthy Persistence through","authors":"Zhongyuan Hau (Aaron), Ren Jie Yow, and Yoav Mazor","date_accessed":"2025-03-27T00:00:00Z","date_published":"2025-01-21T00:00:00Z","owner_name":null,"tidal_id":"5f2c3946-3034-50bb-af30-7c8b5f57bdc4","created":"2025-04-22T20:47:11.610153Z","modified":"2025-12-17T15:08:36.426919Z"},{"id":"749897b3-9aa0-593d-928c-cccc5e8e96e2","name":"Guardio Etherhiding 2023","description":"Nati Tal and Oleg Zaytsev. (2023, October 13). “EtherHiding” — Hiding Web2 Malicious Code in Web3 Smart Contracts. Retrieved May 22, 2025.","url":"https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16","source":"MITRE","title":"“EtherHiding” — Hiding Web2 Malicious Code in Web3 Smart Contracts","authors":"Nati Tal and Oleg Zaytsev","date_accessed":"2025-05-22T00:00:00Z","date_published":"2023-10-13T00:00:00Z","owner_name":null,"tidal_id":"eb1026bc-c9d2-5b2f-8bbb-dda579a888bb","created":"2025-10-29T21:08:48.165911Z","modified":"2025-12-17T15:08:36.428279Z"},{"id":"c2c5be3c-1883-4b35-9dd5-706ecebe041e","name":"Eudcedit.exe - LOLBAS Project","description":"LOLBAS. (2025, August 7). Eudcedit.exe. Retrieved December 30, 2025.","url":"https://lolbas-project.github.io/lolbas/Binaries/Eudcedit/","source":"Tidal Cyber","title":"Eudcedit.exe","authors":"LOLBAS","date_accessed":"2025-12-30T12:00:00Z","date_published":"2025-08-07T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ab1c210e-4803-5dd1-b4ba-c18bee3d5bbf","created":"2026-01-06T18:03:29.839372Z","modified":"2026-01-06T18:03:29.978784Z"},{"id":"a071bf02-066b-46e6-a554-f43d0c170807","name":"ISACA Malware Tricks","description":"Kolbitsch, C. (2017, November 1). Evasive Malware Tricks: How Malware Evades Detection by Sandboxes. Retrieved March 30, 2021.","url":"https://www.isaca.org/resources/isaca-journal/issues/2017/volume-6/evasive-malware-tricks-how-malware-evades-detection-by-sandboxes","source":"MITRE","title":"Evasive Malware Tricks: How Malware Evades Detection by Sandboxes","authors":"Kolbitsch, C","date_accessed":"2021-03-30T00:00:00Z","date_published":"2017-11-01T00:00:00Z","owner_name":null,"tidal_id":"59287eb2-fba0-509d-b94a-236c801cfbe2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429172Z"},{"id":"de6bc044-6275-4cab-80a1-feefebd3c1f0","name":"ThreatStream Evasion Analysis","description":"Shelmire, A.. (2015, July 6). Evasive Maneuvers. Retrieved January 22, 2016.","url":"https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop","source":"MITRE","title":"Evasive Maneuvers","authors":"Shelmire, A.","date_accessed":"2016-01-22T00:00:00Z","date_published":"2015-07-06T00:00:00Z","owner_name":null,"tidal_id":"a945151b-5135-5a7f-ba1b-886ff3f8e849","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421960Z"},{"id":"471ae30c-2753-468e-8e4d-6e7a3be599c9","name":"Anomali Evasive Maneuvers July 2015","description":"Shelmire, A. (2015, July 06). Evasive Maneuvers by the Wekby group with custom ROP-packing and DNS covert channels. Retrieved November 15, 2018.","url":"https://www.anomali.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop","source":"MITRE","title":"Evasive Maneuvers by the Wekby group with custom ROP-packing and DNS covert channels","authors":"Shelmire, A","date_accessed":"2018-11-15T00:00:00Z","date_published":"2015-07-06T00:00:00Z","owner_name":null,"tidal_id":"869d2965-3e07-5faf-809a-f7e20a4a749f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439502Z"},{"id":"f7f6c441-7b98-43fc-b173-2be753d6bf97","name":"Securelist December 24 2025","description":"None Identified. (2025, December 24). Evasive Panda APT campaign overview | Securelist. Retrieved December 28, 2025.","url":"https://securelist.com/evasive-panda-apt/118576/","source":"Tidal Cyber","title":"Evasive Panda APT campaign overview | Securelist","authors":"None Identified","date_accessed":"2025-12-28T12:00:00Z","date_published":"2025-12-24T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fdeaa08b-59fa-5f6d-a5be-5ebe5e790190","created":"2025-12-29T17:39:50.233436Z","modified":"2025-12-29T17:39:50.388277Z"},{"id":"08026c7e-cc35-5d51-9536-a02febd1a891","name":"ESET EvasivePanda 2023","description":"Facundo Muñoz. (2023, April 26). Evasive Panda APT group delivers malware via updates for popular Chinese software. Retrieved July 25, 2024.","url":"https://www.welivesecurity.com/2023/04/26/evasive-panda-apt-group-malware-updates-popular-chinese-software/","source":"MITRE","title":"Evasive Panda APT group delivers malware via updates for popular Chinese software","authors":"Facundo Muñoz","date_accessed":"2024-07-25T00:00:00Z","date_published":"2023-04-26T00:00:00Z","owner_name":null,"tidal_id":"c7c76f5e-fd03-5a68-9802-ea9ea041ef78","created":"2024-10-31T16:28:31.754623Z","modified":"2025-12-17T15:08:36.420845Z"},{"id":"07e6b866-7119-50ad-8a6e-80c4e0d594bf","name":"ESET EvasivePanda 2024","description":"Ahn Ho, Facundo Muñoz, & Marc-Etienne M.Léveillé. (2024, March 7). Evasive Panda leverages Monlam Festival to target Tibetans. Retrieved July 25, 2024.","url":"https://www.welivesecurity.com/en/eset-research/evasive-panda-leverages-monlam-festival-target-tibetans/","source":"MITRE","title":"Evasive Panda leverages Monlam Festival to target Tibetans","authors":"Ahn Ho, Facundo Muñoz, & Marc-Etienne M.Léveillé","date_accessed":"2024-07-25T00:00:00Z","date_published":"2024-03-07T00:00:00Z","owner_name":null,"tidal_id":"12c3668c-aad2-5565-8a85-6acefdf36c7d","created":"2024-10-31T16:28:31.747000Z","modified":"2025-12-17T15:08:36.418596Z"},{"id":"e38902bb-9bab-5beb-817b-668a67a76541","name":"Unit42 OilRig Playbook 2023","description":"Unit42. (2016, May 1). Evasive Serpens Unit 42 Playbook Viewer. Retrieved February 6, 2023.","url":"https://pan-unit42.github.io/playbook_viewer/?pb=evasive-serpens","source":"MITRE","title":"Evasive Serpens Unit 42 Playbook Viewer","authors":"Unit42","date_accessed":"2023-02-06T00:00:00Z","date_published":"2016-05-01T00:00:00Z","owner_name":null,"tidal_id":"1dc12e73-769f-5f7b-941c-0f52660bb827","created":"2023-05-26T01:21:13.264652Z","modified":"2025-12-17T15:08:36.437518Z"},{"id":"e44c377a-8c1c-554c-8f0f-7ed6baa313ef","name":"Perception Point","description":"Arthur Vaiselbuh, Peleg Cabra. (2024, November 7). Evasive ZIP Concatenation: Trojan Targets Windows Users. Retrieved March 3, 2025.","url":"https://perception-point.io/blog/evasive-concatenated-zip-trojan-targets-windows-users/","source":"MITRE","title":"Evasive ZIP Concatenation: Trojan Targets Windows Users","authors":"Arthur Vaiselbuh, Peleg Cabra","date_accessed":"2025-03-03T00:00:00Z","date_published":"2024-11-07T00:00:00Z","owner_name":null,"tidal_id":"bbc60ca7-2512-56eb-90be-2c066dbab852","created":"2025-04-22T20:47:21.350650Z","modified":"2025-12-17T15:08:36.436746Z"},{"id":"d46c82da-cd94-5a56-9cb5-f130c8518c4e","name":"Cybereason EventBot","description":"D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June","url":"https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born","source":"Mobile","title":"EventBot: A New Mobile Banking Trojan is Born","authors":"D. Frank, L. Rochberger, Y. Rimmer, A. Dahan","date_accessed":"1978-06-01T00:00:00Z","date_published":"2020-04-30T00:00:00Z","owner_name":null,"tidal_id":"9fd4058f-65bd-598c-942a-68ea5e07fbce","created":"2026-01-28T13:08:10.041513Z","modified":"2026-01-28T13:08:10.041516Z"},{"id":"b2711ad3-981c-4c77-bb64-643b547bfda6","name":"Microsoft EventLog.Clear","description":"Microsoft. (n.d.). EventLog.Clear Method (). Retrieved July 2, 2018.","url":"https://msdn.microsoft.com/library/system.diagnostics.eventlog.clear.aspx","source":"MITRE","title":"EventLog.Clear Method ()","authors":"Microsoft","date_accessed":"2018-07-02T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"dea66452-31a9-53c5-bdf2-fc8fa614e132","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430440Z"},{"id":"7757bbc6-8058-4584-a5aa-14b647d932a6","name":"evt_log_tampering","description":"svch0st. (2020, September 30). Event Log Tampering Part 1: Disrupting the EventLog Service. Retrieved September 14, 2021.","url":"https://svch0st.medium.com/event-log-tampering-part-1-disrupting-the-eventlog-service-8d4b7d67335c","source":"MITRE","title":"Event Log Tampering Part 1: Disrupting the EventLog Service","authors":"svch0st","date_accessed":"2021-09-14T00:00:00Z","date_published":"2020-09-30T00:00:00Z","owner_name":null,"tidal_id":"4f46d688-7a70-501e-91a0-758627529a06","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429314Z"},{"id":"876f8690-1874-41c0-bd38-d3bd41c96acc","name":"Microsoft ETW May 2018","description":"Microsoft. (2018, May 30). Event Tracing. Retrieved September 6, 2018.","url":"https://docs.microsoft.com/windows/desktop/etw/event-tracing-portal","source":"MITRE","title":"Event Tracing","authors":"Microsoft","date_accessed":"2018-09-06T00:00:00Z","date_published":"2018-05-30T00:00:00Z","owner_name":null,"tidal_id":"82318171-a242-550c-addd-7f034446e23f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416369Z"},{"id":"0c09812a-a936-4282-b574-35a00f631857","name":"Eventvwr.exe - LOLBAS Project","description":"LOLBAS. (2018, November 1). Eventvwr.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Eventvwr/","source":"Tidal Cyber","title":"Eventvwr.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-11-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"39955427-6cc4-5cba-b1e9-dc55e1580ae4","created":"2024-01-12T14:46:40.106202Z","modified":"2024-01-12T14:46:40.296744Z"},{"id":"04bf21c9-1670-41d7-b52c-0e31ad846b43","name":"The Register Everest Ransomware October 12 2023","description":"Connor Jones. (2023, October 12). Everest cybercriminals offer corporate insiders cold, hard cash for remote access. Retrieved July 31, 2025.","url":"https://www.theregister.com/2023/10/12/everest_courting_corporate_insiders/","source":"Tidal Cyber","title":"Everest cybercriminals offer corporate insiders cold, hard cash for remote access","authors":"Connor Jones","date_accessed":"2025-07-31T12:00:00Z","date_published":"2023-10-12T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6ae6701e-7659-5832-80e8-35306b0af72b","created":"2025-08-06T14:56:42.712429Z","modified":"2025-08-06T14:56:42.854630Z"},{"id":"ac4b2e91-f338-44c3-8950-435102136991","name":"Secure Ideas SMB Relay","description":"Kuehn, E. (2018, April 11). Ever Run a Relay? Why SMB Relays Should Be On Your Mind. Retrieved February 7, 2019.","url":"https://blog.secureideas.com/2018/04/ever-run-a-relay-why-smb-relays-should-be-on-your-mind.html","source":"MITRE","title":"Ever Run a Relay? Why SMB Relays Should Be On Your Mind","authors":"Kuehn, E","date_accessed":"2019-02-07T00:00:00Z","date_published":"2018-04-11T00:00:00Z","owner_name":null,"tidal_id":"c929f220-f7af-5c08-9bff-1c6287256337","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415751Z"},{"id":"9764d449-b374-5ba4-8d9c-325631617faf","name":"Kaspersky Triada June 2016","description":"Kivva, A. (2016, June 6). Everyone sees not what they want to see. Retrieved July","url":"https://securelist.com/everyone-sees-not-what-they-want-to-see/74997/","source":"Mobile","title":"Everyone sees not what they want to see","authors":"Kivva, A","date_accessed":"1978-07-01T00:00:00Z","date_published":"2016-06-06T00:00:00Z","owner_name":null,"tidal_id":"b8e44fee-1217-5bed-ab53-a42a3d991a97","created":"2026-01-28T13:08:10.047816Z","modified":"2026-01-28T13:08:10.047819Z"},{"id":"22c871ff-2701-4809-9f5b-fb29da7481e8","name":"CSV Excel Macro Injection","description":"Ishaq Mohammed . (2021, January 10). Everything about CSV Injection and CSV Excel Macro Injection. Retrieved February 7, 2022.","url":"https://blog.securelayer7.net/how-to-perform-csv-excel-macro-injection/","source":"MITRE","title":"Everything about CSV Injection and CSV Excel Macro Injection","authors":"Ishaq Mohammed","date_accessed":"2022-02-07T00:00:00Z","date_published":"2021-01-10T00:00:00Z","owner_name":null,"tidal_id":"2f9c440e-1fb4-5e71-9af4-67e133cf47eb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426280Z"},{"id":"abeb1146-e5e5-5ecc-9b70-b348fba097f6","name":"Avertium callback phishing","description":"Avertium. (n.d.). EVERYTHING YOU NEED TO KNOW ABOUT CALLBACK PHISHING. Retrieved February 2, 2023.","url":"https://www.avertium.com/resources/threat-reports/everything-you-need-to-know-about-callback-phishing","source":"MITRE","title":"EVERYTHING YOU NEED TO KNOW ABOUT CALLBACK PHISHING","authors":"Avertium","date_accessed":"2023-02-02T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"988857b6-ea6f-59c3-971b-fd65b80873f4","created":"2023-05-26T01:21:09.827634Z","modified":"2025-12-17T15:08:36.430828Z"},{"id":"60bd2e39-744c-44e7-b417-0ef0a768f7b6","name":"Outpost24 April 5 2023","description":"Alberto Marín. (2023, April 5). Everything you need to know about the LummaC2 stealer Leveraging IDA Python and Unicorn to deobfuscate Windows API hashing. Retrieved October 10, 2024.","url":"https://outpost24.com/blog/everything-you-need-to-know-lummac2-stealer/","source":"Tidal Cyber","title":"Everything you need to know about the LummaC2 stealer Leveraging IDA Python and Unicorn to deobfuscate Windows API hashing","authors":"Alberto Marín","date_accessed":"2024-10-10T00:00:00Z","date_published":"2023-04-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0cb3afbc-9300-53e7-9aa0-725dc3a6fbbb","created":"2024-10-14T19:18:50.768669Z","modified":"2024-10-14T19:18:51.265196Z"},{"id":"b2999bd7-50d5-4d49-8893-8c0903d49104","name":"Intezer Aurora Sept 2017","description":"Rosenberg, J. (2017, September 20). Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner. Retrieved February 13, 2018.","url":"http://www.intezer.com/evidence-aurora-operation-still-active-supply-chain-attack-through-ccleaner/","source":"MITRE","title":"Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner","authors":"Rosenberg, J","date_accessed":"2018-02-13T00:00:00Z","date_published":"2017-09-20T00:00:00Z","owner_name":null,"tidal_id":"2f0d2ff4-8b48-539a-8766-4ff87b7051b2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421144Z"},{"id":"a0218d0f-3378-4508-9d3c-a7cd3e00a156","name":"Cyphort EvilBunny Dec 2014","description":"Marschalek, M.. (2014, December 16). EvilBunny: Malware Instrumented By Lua. Retrieved June 28, 2019.","url":"https://web.archive.org/web/20150311013500/http://www.cyphort.com/evilbunny-malware-instrumented-lua/","source":"MITRE","title":"EvilBunny: Malware Instrumented By Lua","authors":"Marschalek, M.","date_accessed":"2019-06-28T00:00:00Z","date_published":"2014-12-16T00:00:00Z","owner_name":null,"tidal_id":"821d392c-eb79-532c-8410-1f641d08a9a6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420982Z"},{"id":"21536444-7287-55f7-8e11-c97dcb85398d","name":"Cyphort EvilBunny","description":"Marschalek, Marion. (2014, December 16). EvilBunny: Malware Instrumented By Lua. Retrieved August 5, 2024.","url":"https://web.archive.org/web/20150311013500/http:/www.cyphort.com/evilbunny-malware-instrumented-lua/","source":"MITRE","title":"EvilBunny: Malware Instrumented By Lua","authors":"Marschalek, Marion","date_accessed":"2024-08-05T00:00:00Z","date_published":"2014-12-16T00:00:00Z","owner_name":null,"tidal_id":"bb21a748-f218-5ce9-9cbf-06e5c31473b0","created":"2024-10-31T16:28:24.546983Z","modified":"2025-12-17T15:08:36.433492Z"},{"id":"aafa27e8-5df7-4fc6-9fe5-9a438f2b507a","name":"Evil Clippy May 2019","description":"Hegt, S. (2019, May 5). Evil Clippy: MS Office maldoc assistant. Retrieved September 17, 2020.","url":"https://outflank.nl/blog/2019/05/05/evil-clippy-ms-office-maldoc-assistant/","source":"MITRE","title":"Evil Clippy: MS Office maldoc assistant","authors":"Hegt, S","date_accessed":"2020-09-17T00:00:00Z","date_published":"2019-05-05T00:00:00Z","owner_name":null,"tidal_id":"c86ac015-2dbe-5fcc-9317-a40711cb04a1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434583Z"},{"id":"7b5617f8-5d0d-4185-97c7-82acf023f3c3","name":"Cyble August 19 2022","description":"Cybleinc. (2022, August 19). EvilCoder Project Selling Multiple Dangerous Tools Online. Retrieved May 10, 2023.","url":"https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/","source":"Tidal Cyber","title":"EvilCoder Project Selling Multiple Dangerous Tools Online","authors":"Cybleinc","date_accessed":"2023-05-10T00:00:00Z","date_published":"2022-08-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f996e72e-81d8-5041-aed2-954d4b8a87b1","created":"2024-06-13T20:10:20.303441Z","modified":"2024-06-13T20:10:20.496846Z"},{"id":"14f61d84-7669-555c-82ba-fb3a585d270e","name":"Volexity Insomnia","description":"A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June","url":"https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/","source":"Mobile","title":"Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant","authors":"A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al","date_accessed":"1978-06-01T00:00:00Z","date_published":"2020-04-21T00:00:00Z","owner_name":null,"tidal_id":"03cfebf1-cd7b-5ec1-9389-89d6ad177bb0","created":"2026-01-28T13:08:10.039226Z","modified":"2026-01-28T13:08:10.039229Z"},{"id":"9099b5aa-25eb-4cb7-9e3a-da4c3244f15a","name":"Evilginx 2 July 2018","description":"Gretzky, K.. (2018, July 26). Evilginx 2 - Next Generation of Phishing 2FA Tokens. Retrieved October 14, 2019.","url":"https://breakdev.org/evilginx-2-next-generation-of-phishing-2fa-tokens/","source":"MITRE","title":"Evilginx 2 - Next Generation of Phishing 2FA Tokens","authors":"Gretzky, K.","date_accessed":"2019-10-14T00:00:00Z","date_published":"2018-07-26T00:00:00Z","owner_name":null,"tidal_id":"d6b70201-6b4b-5a21-9537-2181e7b32bfa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-04-22T20:47:31.988160Z"},{"id":"13bdabb2-5956-492a-baf9-b0c3a0629806","name":"Evilginx Sources & Methods December 2023","description":"Matthew Conway. (2023, December 14). Evilginx Phishing Proxy. Retrieved January 3, 2023.","url":"https://sourcesmethods.com/evilginx-phishing-proxy/","source":"Tidal Cyber","title":"Evilginx Phishing Proxy","authors":"Matthew Conway","date_accessed":"2023-01-03T00:00:00Z","date_published":"2023-12-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6154bd82-d993-5734-8db4-52eb363d5808","created":"2024-01-05T16:32:28.105735Z","modified":"2024-01-05T16:32:28.602575Z"},{"id":"4dc26c77-d0ce-4836-a4cc-0490b6d7f115","name":"SentinelOne EvilQuest Ransomware Spyware 2020","description":"Phil Stokes. (2020, July 8). “EvilQuest” Rolls Ransomware, Spyware & Data Theft Into One. Retrieved April 1, 2021.","url":"https://www.sentinelone.com/blog/evilquest-a-new-macos-malware-rolls-ransomware-spyware-and-data-theft-into-one/","source":"MITRE","title":"“EvilQuest” Rolls Ransomware, Spyware & Data Theft Into One","authors":"Phil Stokes","date_accessed":"2021-04-01T00:00:00Z","date_published":"2020-07-08T00:00:00Z","owner_name":null,"tidal_id":"b57c3e30-7053-58fe-b9c2-8b30cff8b38c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419493Z"},{"id":"230f15c3-79dd-5272-88b5-e9d5de9556f1","name":"Kaspersky evil twin","description":"AO Kaspersky Lab. (n.d.). Evil twin attacks and how to prevent them. Retrieved September 17, 2024.","url":"https://usa.kaspersky.com/resource-center/preemptive-safety/evil-twin-attacks","source":"MITRE","title":"Evil twin attacks and how to prevent them","authors":"AO Kaspersky Lab","date_accessed":"2024-09-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f3319b55-6716-5e28-b531-9d5fe45c5186","created":"2024-10-31T16:28:20.356079Z","modified":"2025-12-17T15:08:36.428881Z"},{"id":"7c8149ce-e546-594d-bad7-7c7ff463a472","name":"SaaS Attacks GitHub Evil Twin Integrations","description":"Push Security. (n.d.). Evil twin integrations. Retrieved March 20, 2025.","url":"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/evil_twin_integrations/description.md","source":"MITRE","title":"Evil twin integrations","authors":"Push Security","date_accessed":"2025-03-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d9817938-97fe-56cb-bc3a-70e40597d15c","created":"2025-04-22T20:47:18.920398Z","modified":"2025-12-17T15:08:36.434348Z"},{"id":"29301297-8343-4f75-8096-7fe229812f75","name":"Cisco Synful Knock Evolution","description":"Graham Holmes. (2015, October 8). Evolution of attacks on Cisco IOS devices. Retrieved October 19, 2020.","url":"https://blogs.cisco.com/security/evolution-of-attacks-on-cisco-ios-devices","source":"MITRE","title":"Evolution of attacks on Cisco IOS devices","authors":"Graham Holmes","date_accessed":"2020-10-19T00:00:00Z","date_published":"2015-10-08T00:00:00Z","owner_name":null,"tidal_id":"c20b2f02-a546-55e8-a81b-a8178438a786","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419978Z"},{"id":"a7a0db8d-bc1c-5e89-8c42-a3a6cc2cf28d","name":"SCILabs URSA/Mispadu Evolution 2023","description":"SCILabs. (2023, May 23). Evolution of banking trojan URSA/Mispadu. Retrieved March 13, 2024.","url":"https://blog.scilabs.mx/en/evolution-of-banking-trojan-ursa-mispadu/","source":"MITRE","title":"Evolution of banking trojan URSA/Mispadu","authors":"SCILabs","date_accessed":"2024-03-13T00:00:00Z","date_published":"2023-05-23T00:00:00Z","owner_name":null,"tidal_id":"b93e4fd6-1796-5b10-a3f9-dc6c8d141af2","created":"2024-04-25T13:28:47.614473Z","modified":"2025-12-17T15:08:36.418462Z"},{"id":"c29ca9f2-1e48-4913-b10b-15e558868ed8","name":"Securelist JSWorm","description":"Fedor Sinitsyn. (2021, May 25). Evolution of JSWorm Ransomware. Retrieved August 18, 2021.","url":"https://securelist.com/evolution-of-jsworm-ransomware/102428/","source":"MITRE","title":"Evolution of JSWorm Ransomware","authors":"Fedor Sinitsyn","date_accessed":"2021-08-18T00:00:00Z","date_published":"2021-05-25T00:00:00Z","owner_name":null,"tidal_id":"e7f9cebf-25e5-5d3b-83db-72c6cbe84690","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434235Z"},{"id":"0e7d6d6a-00f0-4adf-99de-bb3acdfc7e79","name":"Kaspersky September 4 2024","description":"Fedor Sinitsyn. (2024, September 4). Evolution of Mallox from private ransomware to RaaS. Retrieved September 5, 2024.","url":"https://securelist.com/mallox-ransomware/113529/","source":"Tidal Cyber","title":"Evolution of Mallox from private ransomware to RaaS","authors":"Fedor Sinitsyn","date_accessed":"2024-09-05T00:00:00Z","date_published":"2024-09-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"26818402-dd66-5cce-b799-d689f8d04f64","created":"2025-02-03T21:08:24.911925Z","modified":"2025-02-03T21:08:25.900935Z"},{"id":"28faff77-3e68-4f5c-974d-dc7c9d06ce5e","name":"S2 Grupo TrickBot June 2017","description":"Salinas, M., Holguin, J. (2017, June). Evolution of Trickbot. Retrieved July 31, 2018.","url":"https://www.securityartwork.es/wp-content/uploads/2017/07/Trickbot-report-S2-Grupo.pdf","source":"MITRE","title":"Evolution of Trickbot","authors":"Salinas, M., Holguin, J","date_accessed":"2018-07-31T00:00:00Z","date_published":"2017-06-01T00:00:00Z","owner_name":null,"tidal_id":"be9b3e42-e417-5fa0-944b-e86ded5f7d49","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416442Z"},{"id":"9a96da13-5795-49bc-ab82-dfd4f964d9d0","name":"Unit 42 Valak July 2020","description":"Duncan, B. (2020, July 24). Evolution of Valak, from Its Beginnings to Mass Distribution. Retrieved August 31, 2020.","url":"https://unit42.paloaltonetworks.com/valak-evolution/","source":"MITRE","title":"Evolution of Valak, from Its Beginnings to Mass Distribution","authors":"Duncan, B","date_accessed":"2020-08-31T00:00:00Z","date_published":"2020-07-24T00:00:00Z","owner_name":null,"tidal_id":"8cf69598-fe30-52b6-9aea-3d088f0579ad","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421089Z"},{"id":"3f42fc18-2adc-46ef-ae0a-c2d530518435","name":"Microsoft - Device Registration","description":"Microsoft 365 Defender Threat Intelligence Team. (2022, January 26). Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA. Retrieved March 4, 2022.","url":"https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa","source":"MITRE","title":"Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA","authors":"Microsoft 365 Defender Threat Intelligence Team","date_accessed":"2022-03-04T00:00:00Z","date_published":"2022-01-26T00:00:00Z","owner_name":null,"tidal_id":"0bce67f2-5b88-550b-ae54-6e5f3c9fbfee","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431685Z"},{"id":"0b0f9cf6-f0af-4f86-9699-a63ff36c49e2","name":"Amnesty OAuth Phishing Attacks, August 2019","description":"Amnesty International. (2019, August 16). Evolving Phishing Attacks Targeting Journalists and Human Rights Defenders from the Middle-East and North Africa. Retrieved October 8, 2019.","url":"https://www.amnesty.org/en/latest/research/2019/08/evolving-phishing-attacks-targeting-journalists-and-human-rights-defenders-from-the-middle-east-and-north-africa/","source":"MITRE","title":"Evolving Phishing Attacks Targeting Journalists and Human Rights Defenders from the Middle-East and North Africa","authors":"Amnesty International","date_accessed":"2019-10-08T00:00:00Z","date_published":"2019-08-16T00:00:00Z","owner_name":null,"tidal_id":"483b6521-bbaf-59dd-ae10-3b516e02820a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432289Z"},{"id":"a6cb597e-e25b-4f49-bbb0-d270b1ac53f2","name":"RSAC 2015 Abu Dhabi Stefano Maccaglia","description":"Maccaglia, S. (2015, November 4). Evolving Threats: dissection of a CyberEspionage attack. Retrieved April 4, 2018.","url":"https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2015/2015.11.04_Evolving_Threats/cct-w08_evolving-threats-dissection-of-a-cyber-espionage-attack.pdf","source":"MITRE","title":"Evolving Threats: dissection of a CyberEspionage attack","authors":"Maccaglia, S","date_accessed":"2018-04-04T00:00:00Z","date_published":"2015-11-04T00:00:00Z","owner_name":null,"tidal_id":"80265f75-87c9-5265-a460-9fb77be424fb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442101Z"},{"id":"78d39ee7-1cd5-5cb8-844a-1c3649e367a1","name":"Microsoft Iranian Threat Actor Trends November 2021","description":"MSTIC. (2021, November 16). Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021. Retrieved January 12, 2023.","url":"https://www.microsoft.com/en-us/security/blog/2021/11/16/evolving-trends-in-iranian-threat-actor-activity-mstic-presentation-at-cyberwarcon-2021","source":"MITRE","title":"Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021","authors":"MSTIC","date_accessed":"2023-01-12T00:00:00Z","date_published":"2021-11-16T00:00:00Z","owner_name":null,"tidal_id":"ee08c35e-2391-534c-a2df-d1b2a24c3724","created":"2023-05-26T01:21:13.047981Z","modified":"2025-12-17T15:08:36.438941Z"},{"id":"c3eccab6-b12b-513a-9a04-396f7b3dcf63","name":"Palo Alto Unit 42 VBA Infostealer 2014","description":"Vicky Ray and Rob Downs. (2014, October 29). Examining a VBA-Initiated Infostealer Campaign. Retrieved March 13, 2023.","url":"https://unit42.paloaltonetworks.com/examining-vba-initiated-infostealer-campaign/","source":"MITRE","title":"Examining a VBA-Initiated Infostealer Campaign","authors":"Vicky Ray and Rob Downs","date_accessed":"2023-03-13T00:00:00Z","date_published":"2014-10-29T00:00:00Z","owner_name":null,"tidal_id":"15412ef2-21a7-5a66-aee9-79411681bf9c","created":"2023-05-26T01:21:08.657702Z","modified":"2025-12-17T15:08:36.433268Z"},{"id":"b0351b0a-112f-543f-8909-f4b4a9f23e2e","name":"Trend Micro Black Basta May 2022","description":"Gonzalez, I., Chavez I., et al. (2022, May 9). Examining the Black Basta Ransomware’s Infection Routine. Retrieved March 7, 2023.","url":"https://www.trendmicro.com/en_us/research/22/e/examining-the-black-basta-ransomwares-infection-routine.html","source":"MITRE","title":"Examining the Black Basta Ransomware’s Infection Routine","authors":"Gonzalez, I., Chavez I., et al","date_accessed":"2023-03-07T00:00:00Z","date_published":"2022-05-09T00:00:00Z","owner_name":null,"tidal_id":"c575b8ac-fb22-5621-878f-f12e0fdde40a","created":"2023-05-26T01:21:18.168864Z","modified":"2025-12-17T15:08:36.439739Z"},{"id":"bb336a6f-d76e-4535-ba81-0c7932ae91e3","name":"Mandiant Glyer APT 2010","description":"Glyer, C. (2010). Examples of Recent APT Persistence Mechanism. Retrieved December 18, 2020.","url":"https://digital-forensics.sans.org/summit-archives/2010/35-glyer-apt-persistence-mechanisms.pdf","source":"MITRE","title":"Examples of Recent APT Persistence Mechanism","authors":"Glyer, C","date_accessed":"2020-12-18T00:00:00Z","date_published":"2010-01-01T00:00:00Z","owner_name":null,"tidal_id":"de042cb7-0793-56f6-b66c-15733bfc717d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426227Z"},{"id":"965503f6-e5f9-5c98-b0c4-1211e44346d9","name":"Symantec BlackByte 2022","description":"Symantec Threat Hunter Team. (2022, October 21). Exbyte: BlackByte Ransomware Attackers Deploy New Exfiltration Tool. Retrieved December 16, 2024.","url":"https://www.security.com/threat-intelligence/blackbyte-exbyte-ransomware","source":"MITRE","title":"Exbyte: BlackByte Ransomware Attackers Deploy New Exfiltration Tool","authors":"Symantec Threat Hunter Team","date_accessed":"2024-12-16T00:00:00Z","date_published":"2022-10-21T00:00:00Z","owner_name":null,"tidal_id":"f4ea5127-234b-500f-bc2b-d67f1162291c","created":"2025-04-22T20:47:22.684428Z","modified":"2025-12-17T15:08:36.419157Z"},{"id":"9a2458f7-63ca-4eca-8c61-b6098ec0798f","name":"Excel.exe - LOLBAS Project","description":"LOLBAS. (2019, July 19). Excel.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Excel/","source":"Tidal Cyber","title":"Excel.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2019-07-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d09cda76-ef4d-5fd4-8fb7-7b59a2eb19f8","created":"2024-01-12T14:47:23.478266Z","modified":"2024-01-12T14:47:23.660573Z"},{"id":"b5bf8e12-0133-46ea-85e3-b48c9901b518","name":"Microsoft Tim McMichael Exchange Mail Forwarding 2","description":"McMichael, T.. (2015, June 8). Exchange and Office 365 Mail Forwarding. Retrieved October 8, 2019.","url":"https://blogs.technet.microsoft.com/timmcmic/2015/06/08/exchange-and-office-365-mail-forwarding-2/","source":"MITRE","title":"Exchange and Office 365 Mail Forwarding","authors":"McMichael, T.","date_accessed":"2019-10-08T00:00:00Z","date_published":"2015-06-08T00:00:00Z","owner_name":null,"tidal_id":"c83efc43-36c4-5efd-bde5-260abc4e0dc5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425389Z"},{"id":"0156d408-a36d-5876-96fd-f0b0cf296ea2","name":"DFIR Phosphorus November 2021","description":"DFIR Report. (2021, November 15). Exchange Exploit Leads to Domain Wide Ransomware. Retrieved January 5, 2023.","url":"https://thedfirreport.com/2021/11/15/exchange-exploit-leads-to-domain-wide-ransomware/","source":"MITRE","title":"Exchange Exploit Leads to Domain Wide Ransomware","authors":"DFIR Report","date_accessed":"2023-01-05T00:00:00Z","date_published":"2021-11-15T00:00:00Z","owner_name":null,"tidal_id":"243cfeef-f494-5b4d-92ed-f5b83d8de6ab","created":"2023-05-26T01:21:18.583523Z","modified":"2025-12-17T15:08:36.422897Z"},{"id":"c03c0f35-3b86-4733-8a2c-71524f0e3d17","name":"Mandiant UNC2596 Cuba Ransomware February 2022","description":"Tyler McLellan, Joshua Shilko, Shambavi Sadayappan. (2022, February 23). (Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware. Retrieved May 19, 2023.","url":"https://www.mandiant.com/resources/blog/unc2596-cuba-ransomware","source":"Tidal Cyber","title":"(Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware","authors":"Tyler McLellan, Joshua Shilko, Shambavi Sadayappan","date_accessed":"2023-05-19T00:00:00Z","date_published":"2022-02-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"63c52c58-a687-5912-8d2e-62e07ec65979","created":"2024-06-13T20:10:29.857244Z","modified":"2024-06-13T20:10:30.073807Z"},{"id":"8af67c2a-15e2-48c9-9ec2-b62ffca0f677","name":"ExchangePowerShell Module","description":"Microsoft. (2017, September 25). ExchangePowerShell. Retrieved June 10, 2022.","url":"https://docs.microsoft.com/en-us/powershell/module/exchange/?view=exchange-ps#mailboxes","source":"MITRE","title":"ExchangePowerShell","authors":"Microsoft","date_accessed":"2022-06-10T00:00:00Z","date_published":"2017-09-25T00:00:00Z","owner_name":null,"tidal_id":"451bfcd5-3115-574c-86f6-3c9805bc0163","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428580Z"},{"id":"c83f1810-22bb-4def-ab2f-3f3d67703f47","name":"ESET Exchange Mar 2021","description":"Faou, M., Tartare, M., Dupuy, T. (2021, March 10). Exchange servers under siege from at least 10 APT groups. Retrieved May 21, 2021.","url":"https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/","source":"MITRE, Tidal Cyber","title":"Exchange servers under siege from at least 10 APT groups","authors":"Faou, M., Tartare, M., Dupuy, T","date_accessed":"2021-05-21T00:00:00Z","date_published":"2021-03-10T00:00:00Z","owner_name":null,"tidal_id":"5e413429-76f2-531d-8041-5c5eb6f39095","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279739Z"},{"id":"5c2791d4-556d-426a-b305-44e23b50f013","name":"Executable Installers are Vulnerable","description":"Stefan Kanthak. (2015, December 8). Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege. Retrieved December 4, 2014.","url":"https://seclists.org/fulldisclosure/2015/Dec/34","source":"MITRE","title":"Executable installers are vulnerable^WEVIL (case 7): 7z*.exe allows remote code execution with escalation of privilege","authors":"Stefan Kanthak","date_accessed":"2014-12-04T00:00:00Z","date_published":"2015-12-08T00:00:00Z","owner_name":null,"tidal_id":"4a47cd8c-8f32-5745-b4a5-4f69a984ee87","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431203Z"},{"id":"f2ebfc35-1bd9-4bc5-8a54-e2dea4e1caf5","name":"Seclists Kanthak 7zip Installer","description":"Kanthak, S. (2015, December 8). Executable installers are vulnerable^WEVIL (case 7): 7z*.exe\tallows remote code execution with escalation of privilege. Retrieved March 10, 2017.","url":"http://seclists.org/fulldisclosure/2015/Dec/34","source":"MITRE","title":"Executable installers are vulnerable^WEVIL (case 7): 7z*.exe\tallows remote code execution with escalation of privilege","authors":"Kanthak, S","date_accessed":"2017-03-10T00:00:00Z","date_published":"2015-12-08T00:00:00Z","owner_name":null,"tidal_id":"6a0afc11-7dd0-5092-beba-69376feba0ce","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415522Z"},{"id":"bce1cd78-b55e-40cf-8a90-64240db867ac","name":"Redxorblue Remote Template Injection","description":"Hawkins, J. (2018, July 18). Executing Macros From a DOCX With Remote Template Injection. Retrieved October 12, 2018.","url":"http://blog.redxorblue.com/2018/07/executing-macros-from-docx-with-remote.html","source":"MITRE","title":"Executing Macros From a DOCX With Remote Template Injection","authors":"Hawkins, J","date_accessed":"2018-10-12T00:00:00Z","date_published":"2018-07-18T00:00:00Z","owner_name":null,"tidal_id":"9050e5fb-558f-534f-b360-9f425632b401","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435364Z"},{"id":"83e346d5-1894-4c46-98eb-88a61ce7f003","name":"Microsoft PSfromCsharp APR 2014","description":"Babinec, K. (2014, April 28). Executing PowerShell scripts from C#. Retrieved April 22, 2019.","url":"https://blogs.msdn.microsoft.com/kebab/2014/04/28/executing-powershell-scripts-from-c/","source":"MITRE","title":"Executing PowerShell scripts from C#","authors":"Babinec, K","date_accessed":"2019-04-22T00:00:00Z","date_published":"2014-04-28T00:00:00Z","owner_name":null,"tidal_id":"20a01f00-c730-5721-8f53-77d305564609","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432808Z"},{"id":"aa9d5bdd-2102-4322-8736-56db8e083fc0","name":"PAM Creds","description":"Fernández, J. M. (2018, June 27). Exfiltrating credentials via PAM backdoors & DNS requests. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20240303094335/https://x-c3ll.github.io/posts/PAM-backdoor-DNS/","source":"MITRE","title":"Exfiltrating credentials via PAM backdoors & DNS requests","authors":"Fernández, J. M","date_accessed":"2024-11-17T00:00:00Z","date_published":"2018-06-27T00:00:00Z","owner_name":null,"tidal_id":"ab68d48a-d1e2-5e4b-a2c3-15a194d95d06","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424222Z"},{"id":"e39d5c7f-7fea-56e0-82a1-7cdb275c7574","name":"Threat Fabric Exobot","description":"Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October","url":"https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html","source":"Mobile","title":"Exobot - Android banking Trojan on the rise","authors":"Threat Fabric","date_accessed":"1978-10-01T00:00:00Z","date_published":"2017-02-01T00:00:00Z","owner_name":null,"tidal_id":"20543786-cc5c-533a-a758-9af73cec87c2","created":"2026-01-28T13:08:10.041771Z","modified":"2026-01-28T13:08:10.041774Z"},{"id":"006c1d73-342d-5966-8996-8a690a194c64","name":"SWB Exodus March 2019","description":"Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved November","url":"https://web.archive.org/web/20200314194610/https://securitywithoutborders.org/blog/2019/03/29/exodus.html","source":"Mobile","title":"Exodus: New Android Spyware Made in Italy","authors":"Security Without Borders","date_accessed":"1978-11-01T00:00:00Z","date_published":"2019-03-29T00:00:00Z","owner_name":null,"tidal_id":"3b8328cd-9e8d-520a-b06d-ef469d75b42e","created":"2026-01-28T13:08:10.039998Z","modified":"2026-01-28T13:08:10.040001Z"},{"id":"bf73a375-87b7-4603-8734-9f3d8d11967e","name":"Microsoft Expand Utility","description":"Microsoft. (2017, October 15). Expand. Retrieved February 19, 2019.","url":"https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/expand","source":"MITRE","title":"Expand","authors":"Microsoft","date_accessed":"2019-02-19T00:00:00Z","date_published":"2017-10-15T00:00:00Z","owner_name":null,"tidal_id":"73c26f94-3d60-5d52-b315-1954378deea4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423374Z"},{"id":"689b058e-a4ec-45bf-b0f8-8885eb8d8b63","name":"LOLBAS Expand","description":"LOLBAS. (n.d.). Expand.exe. Retrieved February 19, 2019.","url":"https://lolbas-project.github.io/lolbas/Binaries/Expand/","source":"MITRE","title":"Expand.exe","authors":"LOLBAS","date_accessed":"2019-02-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"0778ffc7-3e62-59a5-a67d-6cabe6f29030","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441991Z"},{"id":"f7ffa0ee-80d4-5ed8-a432-23a33cbf2752","name":"polymorphic-medium","description":"Shellseekercyber. (2024, January 7). Explainer: Packed Malware. Retrieved September 27, 2024.","url":"https://medium.com/@shellseekerscyber/explainer-packed-malware-16f09cc75035","source":"MITRE","title":"Explainer: Packed Malware","authors":"Shellseekercyber","date_accessed":"2024-09-27T00:00:00Z","date_published":"2024-01-07T00:00:00Z","owner_name":null,"tidal_id":"2dda3cc5-c3cc-56f6-b86c-68ac2270410c","created":"2024-10-31T16:28:24.870083Z","modified":"2025-12-17T15:08:36.433823Z"},{"id":"45f638af-ad10-566e-9e4d-49385a79022f","name":"Proofpoint WinterVivern 2023","description":"Michael Raggi & The Proofpoint Threat Research Team. (2023, March 30). Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe. Retrieved July 29, 2024.","url":"https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability","source":"MITRE","title":"Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe","authors":"Michael Raggi & The Proofpoint Threat Research Team","date_accessed":"2024-07-29T00:00:00Z","date_published":"2023-03-30T00:00:00Z","owner_name":null,"tidal_id":"8e68664f-7817-5952-9b4a-024d13e58e6e","created":"2024-10-31T16:28:30.143149Z","modified":"2025-12-17T15:08:36.439356Z"},{"id":"4404ed65-3020-453d-8c51-2885018ba03b","name":"Mandiant CVE-2023-3519 Exploitation","description":"James Nugent, Foti Castelan, Doug Bienstock, Justin Moore, Josh Murchie. (2023, July 21). Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519). Retrieved July 24, 2023.","url":"https://www.mandiant.com/resources/blog/citrix-zero-day-espionage","source":"Tidal Cyber","title":"Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519)","authors":"James Nugent, Foti Castelan, Doug Bienstock, Justin Moore, Josh Murchie","date_accessed":"2023-07-24T00:00:00Z","date_published":"2023-07-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"920871ba-0459-519e-ab8a-f59db893d3b7","created":"2023-07-28T16:33:34.308981Z","modified":"2023-07-28T16:33:34.410267Z"},{"id":"02aae606-da8f-4c9b-86e0-5b960579c8d7","name":"Unit 42 December 12 2025","description":"Unit 42. (2025, December 12). Exploitation of Critical Vulnerability in React Server Components (Updated December 12). Retrieved December 15, 2025.","url":"https://unit42.paloaltonetworks.com/cve-2025-55182-react-and-cve-2025-66478-next/","source":"Tidal Cyber","title":"Exploitation of Critical Vulnerability in React Server Components (Updated December 12)","authors":"Unit 42","date_accessed":"2025-12-15T12:00:00Z","date_published":"2025-12-12T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8af0dcb7-f54c-54ad-a4cc-87637ed6aee1","created":"2025-12-17T14:17:40.476766Z","modified":"2025-12-17T14:17:40.639767Z"},{"id":"4acdf8d0-23ea-5819-a51c-c0ace1cd0c76","name":"Enterprise ATT&CK","description":"Enterprise ATT&CK. (n.d.). Exploitation of Remote Services. Retrieved 2019/10/27","url":"https://attack.mitre.org/techniques/T1210/","source":"ICS","title":"Exploitation of Remote Services","authors":"Enterprise ATT&CK","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"0455c4aa-153e-5a2a-b24c-381b354eb4a5","created":"2026-01-28T13:08:18.177255Z","modified":"2026-01-28T13:08:18.177258Z"},{"id":"edb48b66-4270-5f33-a59f-b249c23b0ba8","name":"CISA Unitronics November 2023","description":"DHS/CISA. (2023, November 28). Exploitation of Unitronics PLCs used in Water and Wastewater Systems. Retrieved March","url":"https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems","source":"ICS","title":"Exploitation of Unitronics PLCs used in Water and Wastewater Systems","authors":"DHS/CISA","date_accessed":"1978-03-01T00:00:00Z","date_published":"2023-11-28T00:00:00Z","owner_name":null,"tidal_id":"add599f7-5da4-5542-b6d0-ebb7de681c4c","created":"2026-01-28T13:08:18.179255Z","modified":"2026-01-28T13:08:18.179258Z"},{"id":"f7581e7f-c95b-4ba4-baf9-9c039bf77c33","name":"Huntress October 24 2025","description":"None Identified. (2025, October 24). Exploitation of Windows Server Update Services Remote Code Execution Vulnerability (CVE-2025-59287) | Huntress. Retrieved October 26, 2025.","url":"https://www.huntress.com/blog/exploitation-of-windows-server-update-services-remote-code-execution-vulnerability","source":"Tidal Cyber","title":"Exploitation of Windows Server Update Services Remote Code Execution Vulnerability (CVE-2025-59287) | Huntress","authors":"None Identified","date_accessed":"2025-10-26T12:00:00Z","date_published":"2025-10-24T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"89660985-cdec-5bab-8398-7ddc42bf6f74","created":"2025-11-11T13:25:40.963421Z","modified":"2025-11-11T13:25:41.126257Z"},{"id":"38f7b3ea-9959-4dfb-8216-a745d071e7e2","name":"Exploit Database","description":"Offensive Security. (n.d.). Exploit Database. Retrieved October 15, 2020.","url":"https://www.exploit-db.com/","source":"MITRE","title":"Exploit Database","authors":"Offensive Security","date_accessed":"2020-10-15T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"72490565-f478-59bf-81c4-1f2f6ded4a8e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436554Z"},{"id":"8435b1bb-eb69-5c47-a73f-06b025b4a960","name":"Hassell-ExploitingAndroid","description":"R. Hassell. (2011, October 12-13). Exploiting Androids for Fun and Profit. Retrieved October","url":"https://conference.hitb.org/hitbsecconf2011kul/materials/D1T1%20-%20Riley%20Hassell%20-%20Exploiting%20Androids%20for%20Fun%20and%20Profit.pdf","source":"Mobile","title":"Exploiting Androids for Fun and Profit","authors":"R. Hassell","date_accessed":"1978-10-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6d3d5eb7-680c-592e-a2d0-014ee77caabf","created":"2026-01-28T13:08:10.043722Z","modified":"2026-01-28T13:08:10.043725Z"},{"id":"8fb46ed8-0c21-4b57-b2a6-89cb28f0abaf","name":"Rhino Labs Cloud Image Backdoor Technique Sept 2019","description":"Rhino Labs. (2019, August). Exploiting AWS ECR and ECS with the Cloud Container Attack Tool (CCAT). Retrieved September 12, 2019.","url":"https://rhinosecuritylabs.com/aws/cloud-container-attack-tool/","source":"MITRE","title":"Exploiting AWS ECR and ECS with the Cloud Container Attack Tool (CCAT)","authors":"Rhino Labs","date_accessed":"2019-09-12T00:00:00Z","date_published":"2019-08-01T00:00:00Z","owner_name":null,"tidal_id":"cd21243c-672e-5a18-8df2-7bf8632b0837","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429361Z"},{"id":"a0ddb60b-5445-46b3-94c5-b47e76de553d","name":"Azure AD PTA Vulnerabilities","description":"Dr. Nestori Syynimaa. (2022, September 20). Exploiting Azure AD PTA vulnerabilities: Creating backdoor and harvesting credentials. Retrieved September 28, 2022.","url":"https://o365blog.com/post/pta/","source":"MITRE","title":"Exploiting Azure AD PTA vulnerabilities: Creating backdoor and harvesting credentials","authors":"Dr. Nestori Syynimaa","date_accessed":"2022-09-28T00:00:00Z","date_published":"2022-09-20T00:00:00Z","owner_name":null,"tidal_id":"b01bdc4b-4599-5aad-9079-210ca3df91eb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-04-22T20:47:32.177846Z"},{"id":"c3ec6fec-2249-5dd0-921c-c62b39a944c9","name":"Wang-ExploitingUSB","description":"Z. Wang and A. Stavrou. (2010, December 6-10). Exploiting smart-phone USB connectivity for fun and profit. Retrieved December","url":"http://dl.acm.org/citation.cfm?id=1920314","source":"Mobile","title":"Exploiting smart-phone USB connectivity for fun and profit","authors":"Z. Wang and A. Stavrou","date_accessed":"1978-12-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8d69af5d-a171-50ab-979b-e64679abf2af","created":"2026-01-28T13:08:10.045313Z","modified":"2026-01-28T13:08:10.045316Z"},{"id":"573796bd-4553-4ae1-884a-9af71b5de873","name":"Exploiting Smartphone USB","description":"Zhaohui Wang & Angelos Stavrou. (n.d.). Exploiting Smart-Phone USB Connectivity For Fun And Profit. Retrieved May 25, 2022.","url":"https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.226.3427&rep=rep1&type=pdf","source":"MITRE","title":"Exploiting Smart-Phone USB Connectivity For Fun And Profit","authors":"Zhaohui Wang & Angelos Stavrou","date_accessed":"2022-05-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c91a64aa-cb6d-5136-9efa-f2d15dde5f34","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428130Z"},{"id":"5e65d8cc-142b-4724-8a07-8e21558e0f64","name":"versprite xpc vpn","description":"VerSprite. (2018, January 24). Exploiting VyprVPN for MacOS. Retrieved April 20, 2022.","url":"https://versprite.com/blog/exploiting-vyprvpn-for-macos/","source":"MITRE","title":"Exploiting VyprVPN for MacOS","authors":"VerSprite","date_accessed":"2022-04-20T00:00:00Z","date_published":"2018-01-24T00:00:00Z","owner_name":null,"tidal_id":"99569d05-05d5-5c8f-9fed-b63d97c982d4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-04-22T20:47:31.771755Z"},{"id":"9ba3d54c-02d1-45bd-bfe8-939e84d9d44b","name":"Explorer.exe - LOLBAS Project","description":"LOLBAS. (2020, June 24). Explorer.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Explorer/","source":"Tidal Cyber","title":"Explorer.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-06-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"15fa0b26-219d-5cf0-b470-7de156249466","created":"2024-01-12T14:46:40.492318Z","modified":"2024-01-12T14:46:40.681321Z"},{"id":"cd76910f-1c15-50fb-a942-f19b6cc1ca69","name":"Palo Alto Unit 42 Google Workspace Domain Wide Delegation 2023","description":"Zohar Zigdon. (2023, November 30). Exploring a Critical Risk in Google Workspace's Domain-Wide Delegation Feature. Retrieved January 16, 2024.","url":"https://unit42.paloaltonetworks.com/critical-risk-in-google-workspace-delegation-feature/","source":"MITRE","title":"Exploring a Critical Risk in Google Workspace's Domain-Wide Delegation Feature","authors":"Zohar Zigdon","date_accessed":"2024-01-16T00:00:00Z","date_published":"2023-11-30T00:00:00Z","owner_name":null,"tidal_id":"27a8ac3d-20c5-5991-bd5e-ba4c1b1d2e83","created":"2024-04-25T13:28:36.318967Z","modified":"2025-12-17T15:08:36.431085Z"},{"id":"a81f1dad-5841-4142-80c1-483b240fd67d","name":"Trend Micro Emotet Jan 2019","description":"Trend Micro. (2019, January 16). Exploring Emotet's Activities . Retrieved March 25, 2019.","url":"https://documents.trendmicro.com/assets/white_papers/ExploringEmotetsActivities_Final.pdf","source":"MITRE","title":"Exploring Emotet's Activities","authors":"Trend Micro","date_accessed":"2019-03-25T00:00:00Z","date_published":"2019-01-16T00:00:00Z","owner_name":null,"tidal_id":"85a7b5de-2abb-5408-92b2-f304212e62c0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417739Z"},{"id":"3e7fdeaf-24a7-4cb5-8ed3-6057c9035303","name":"SecurityTrails Google Hacking","description":"Borges, E. (2019, March 5). Exploring Google Hacking Techniques. Retrieved September 12, 2024.","url":"https://www.recordedfuture.com/threat-intelligence-101/threat-analysis-techniques/google-dorks","source":"MITRE","title":"Exploring Google Hacking Techniques","authors":"Borges, E","date_accessed":"2024-09-12T00:00:00Z","date_published":"2019-03-05T00:00:00Z","owner_name":null,"tidal_id":"72e16940-878e-5022-a67b-1489440af362","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431020Z"},{"id":"6502425f-3435-4162-8c96-9e10a789d362","name":"Medium SSL Cert","description":"Jain, M. (2019, September 16). Export & Download — SSL Certificate from Server (Site URL). Retrieved October 20, 2020.","url":"https://medium.com/@menakajain/export-download-ssl-certificate-from-server-site-url-bcfc41ea46a2","source":"MITRE","title":"Export & Download — SSL Certificate from Server (Site URL)","authors":"Jain, M","date_accessed":"2020-10-20T00:00:00Z","date_published":"2019-09-16T00:00:00Z","owner_name":null,"tidal_id":"0fedbe6b-71ef-5c6c-9b6a-d0921353d294","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424271Z"},{"id":"1235086f-0919-5de6-b673-ef457ed01682","name":"Exposed Fortinet Fortigate firewall interface leads to LockBit Ransomware","description":"InTheCyber. (2025, March 24). Exposed Fortinet Fortigate firewall interface leads to LockBit Ransomware (CVE-2024–55591). Retrieved September 22, 2025.","url":"https://posts.inthecyber.com/exposed-fortinet-fortigate-firewall-interface-leads-to-lockbit-ransomware-cve-2024-55591-de8fcfb6c45c","source":"MITRE","title":"Exposed Fortinet Fortigate firewall interface leads to LockBit Ransomware (CVE-2024–55591)","authors":"InTheCyber","date_accessed":"2025-09-22T00:00:00Z","date_published":"2025-03-24T00:00:00Z","owner_name":null,"tidal_id":"d32d96bc-4e44-5e27-af67-30c1dbd2aeb8","created":"2025-10-29T21:08:48.166123Z","modified":"2025-12-17T15:08:36.433062Z"},{"id":"58e61406-a8ca-52a8-be48-ef6066619a8a","name":"TrendMicro Exposed Redis 2020","description":"David Fiser and Jaromir Horejsi. (2020, April 21). Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining. Retrieved September 25, 2024.","url":"https://www.trendmicro.com/en_us/research/20/d/exposed-redis-instances-abused-for-remote-code-execution-cryptocurrency-mining.html","source":"MITRE","title":"Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining","authors":"David Fiser and Jaromir Horejsi","date_accessed":"2024-09-25T00:00:00Z","date_published":"2020-04-21T00:00:00Z","owner_name":null,"tidal_id":"adb314a4-97b0-5ba4-ab3d-2283f98c2879","created":"2024-10-31T16:28:25.937821Z","modified":"2025-12-17T15:08:36.435003Z"},{"id":"3971c8ac-4fdd-5e19-ac8a-b8d7abbaebe3","name":"Magnet Forensics","description":"Magnet Forensics. (2020, August 24). Expose Evidence of Timestomping with the NTFS Timestamp Mismatch Artifact. Retrieved June 20, 2024.","url":"https://www.magnetforensics.com/blog/expose-evidence-of-timestomping-with-the-ntfs-timestamp-mismatch-artifact-in-magnet-axiom-4-4/","source":"MITRE","title":"Expose Evidence of Timestomping with the NTFS Timestamp Mismatch Artifact","authors":"Magnet Forensics","date_accessed":"2024-06-20T00:00:00Z","date_published":"2020-08-24T00:00:00Z","owner_name":null,"tidal_id":"9492247f-d156-5d3c-8107-ade2b4ed7190","created":"2024-10-31T16:28:20.340719Z","modified":"2025-12-17T15:08:36.428867Z"},{"id":"fd19ce93-66ea-59d2-b6da-880c7bc574f1","name":"dtex DPRK 2025 structure ITworkers","description":"Michael “Barni” Barnhart, DTEX, and Anonymous SMEs. (2025, May 14). Exposing DPRK's Cyber Syndicate and Hidden IT Workforce. Retrieved September 3, 2025.","url":"https://reports.dtexsystems.com/DTEX-Exposing+DPRK+Cyber+Syndicate+and+Hidden+IT+Workforce.pdf","source":"MITRE","title":"Exposing DPRK's Cyber Syndicate and Hidden IT Workforce","authors":"Michael “Barni” Barnhart, DTEX, and Anonymous SMEs","date_accessed":"2025-09-03T00:00:00Z","date_published":"2025-05-14T00:00:00Z","owner_name":null,"tidal_id":"af934c39-9454-5305-8057-e598ecccfcca","created":"2025-10-29T21:08:48.167120Z","modified":"2025-12-17T15:08:36.439022Z"},{"id":"5e14260b-6a81-48da-8190-91f3c05e2c14","name":"trendmicro.com May 24 2022","description":"trendmicro.com. (2022, May 24). Exposing Earth Berberoka A Multiplatform APT Campaign Targeting Online Gambling Sites. Retrieved December 19, 2024.","url":"https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/exposing-earth-berberoka-a-multiplatform-apt-campaign-targeting-online-gambling-sites","source":"Tidal Cyber","title":"Exposing Earth Berberoka A Multiplatform APT Campaign Targeting Online Gambling Sites","authors":"trendmicro.com","date_accessed":"2024-12-19T00:00:00Z","date_published":"2022-05-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5b8646b1-d4dd-5c89-86b8-4c0132609eb5","created":"2025-04-11T15:06:12.675082Z","modified":"2025-04-11T15:06:12.838760Z"},{"id":"19d2cb48-bdb2-41fe-ba24-0769d7bd4d94","name":"Google EXOTIC LILY March 2022","description":"Stolyarov, V. (2022, March 17). Exposing initial access broker with ties to Conti. Retrieved August 18, 2022.","url":"https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/","source":"MITRE","title":"Exposing initial access broker with ties to Conti","authors":"Stolyarov, V","date_accessed":"2022-08-18T00:00:00Z","date_published":"2022-03-17T00:00:00Z","owner_name":null,"tidal_id":"b62503fe-636a-5b49-8357-4c1fc81bb631","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416612Z"},{"id":"689ff1ab-9fed-4aa2-8e5e-78dac31e6fbd","name":"Microsoft POLONIUM June 2022","description":"Microsoft. (2022, June 2). Exposing POLONIUM activity and infrastructure targeting Israeli organizations. Retrieved July 1, 2022.","url":"https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/","source":"MITRE","title":"Exposing POLONIUM activity and infrastructure targeting Israeli organizations","authors":"Microsoft","date_accessed":"2022-07-01T00:00:00Z","date_published":"2022-06-02T00:00:00Z","owner_name":null,"tidal_id":"93e75e45-8fc5-5296-ae19-8c6861a46990","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419621Z"},{"id":"276a2ed6-d532-51ee-9066-83145b7506c5","name":"Check Point Scattered Spider JUL 2025","description":"Check Point Team. (2025, July 7). Exposing Scattered Spider: New Indicators Highlight Growing Threat to Enterprises and Aviation. Retrieved October 13, 2025.","url":"https://blog.checkpoint.com/research/exposing-scattered-spider-new-indicators-highlight-growing-threat-to-enterprises-and-aviation/","source":"MITRE","title":"Exposing Scattered Spider: New Indicators Highlight Growing Threat to Enterprises and Aviation","authors":"Check Point Team","date_accessed":"2025-10-13T00:00:00Z","date_published":"2025-07-07T00:00:00Z","owner_name":null,"tidal_id":"64f144eb-15b3-5302-a85d-bc15cb566506","created":"2025-10-29T21:08:48.167509Z","modified":"2025-12-17T15:08:36.440642Z"},{"id":"775e74be-a093-5a42-92c1-9ab2559be113","name":"Scott-Railton_TheCitizenLab Pegasus Apr2022","description":"Scott-Railton, J., et al. (2022, April 18). Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru. Retrieved April","url":"https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/","source":"Mobile","title":"Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru","authors":"Scott-Railton, J., et al","date_accessed":"1978-04-01T00:00:00Z","date_published":"2022-04-18T00:00:00Z","owner_name":null,"tidal_id":"3e656649-ec7f-57b9-bc41-38b91f95ea2c","created":"2026-01-28T13:08:10.047790Z","modified":"2026-01-28T13:08:10.047793Z"},{"id":"b714e6a9-5c12-4a3b-89f9-d379c0284f06","name":"External to DA, the OS X Way","description":"Alex Rymdeko-Harvey, Steve Borosh. (2016, May 14). External to DA, the OS X Way. Retrieved September 12, 2024.","url":"https://www.slideshare.net/slideshow/external-to-da-the-os-x-way/62021418","source":"MITRE","title":"External to DA, the OS X Way","authors":"Alex Rymdeko-Harvey, Steve Borosh","date_accessed":"2024-09-12T00:00:00Z","date_published":"2016-05-14T00:00:00Z","owner_name":null,"tidal_id":"2daf795b-98d7-5f4b-9071-07f45d76ec2c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425764Z"},{"id":"2aa09a10-a492-4753-bbd8-aacd31e4fee3","name":"Extexport.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Extexport.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Extexport/","source":"Tidal Cyber","title":"Extexport.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"748eab48-edc0-504a-8caf-6627e9c3ac9d","created":"2024-01-12T14:46:40.860052Z","modified":"2024-01-12T14:46:41.031750Z"},{"id":"ae632afc-336c-488e-81f6-91ffe1829595","name":"Extrac32.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Extrac32.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Extrac32/","source":"Tidal Cyber","title":"Extrac32.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f992b240-1fb1-5149-b3e9-8d4713de74e9","created":"2024-01-12T14:46:41.221016Z","modified":"2024-01-12T14:46:41.397807Z"},{"id":"65fa6c04-d967-586c-b950-9dc173cd0551","name":"Elcomsoft-WhatsApp","description":"Oleg Afonin. (2017, July 20). Extract and Decrypt WhatsApp Backups from iCloud. Retrieved July","url":"https://blog.elcomsoft.com/2017/07/extract-and-decrypt-whatsapp-backups-from-icloud/","source":"Mobile","title":"Extract and Decrypt WhatsApp Backups from iCloud","authors":"Oleg Afonin","date_accessed":"1978-07-01T00:00:00Z","date_published":"2017-07-20T00:00:00Z","owner_name":null,"tidal_id":"b43a36c8-5b9d-5396-bcb1-46cd3f025879","created":"2026-01-28T13:08:10.042868Z","modified":"2026-01-28T13:08:10.042871Z"},{"id":"b667325b-8783-5386-9fd5-b52d065a579e","name":"QualcommKeyMaster","description":"laginimaineb. (2016, June). Extracting Qualcomm's KeyMaster Keys - Breaking Android Full Disk Encryption. Retrieved December","url":"https://bits-please.blogspot.in/2016/06/extracting-qualcomms-keymaster-keys.html","source":"Mobile","title":"Extracting Qualcomm's KeyMaster Keys - Breaking Android Full Disk Encryption","authors":"laginimaineb","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-06-01T00:00:00Z","owner_name":null,"tidal_id":"79d5b846-d126-562a-804a-8e91ec09f49b","created":"2026-01-28T13:08:10.046488Z","modified":"2026-01-28T13:08:10.046491Z"},{"id":"e9dff187-fe7d-469d-81cb-30ad520dbd3d","name":"Journey into IR ZeroAccess NTFS EA","description":"Harrell, C. (2012, December 11). Extracting ZeroAccess from NTFS Extended Attributes. Retrieved June 3, 2016.","url":"http://journeyintoir.blogspot.com/2012/12/extracting-zeroaccess-from-ntfs.html","source":"MITRE","title":"Extracting ZeroAccess from NTFS Extended Attributes","authors":"Harrell, C","date_accessed":"2016-06-03T00:00:00Z","date_published":"2012-12-11T00:00:00Z","owner_name":null,"tidal_id":"b318399d-1532-58b4-971a-ecb504045c87","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436406Z"},{"id":"a4617ef4-e6d2-47e7-8f81-68e7380279bf","name":"Bizeul 2014","description":"Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Pernet, C. (2014, July 11). Eye of the Tiger. Retrieved September 29, 2015.","url":"https://airbus-cyber-security.com/the-eye-of-the-tiger/","source":"MITRE, Tidal Cyber","title":"Eye of the Tiger","authors":"Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Pernet, C","date_accessed":"2015-09-29T00:00:00Z","date_published":"2014-07-11T00:00:00Z","owner_name":null,"tidal_id":"59003e66-d6ed-59d5-a25d-afacff57535f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.280224Z"},{"id":"8f362ce3-729d-4d20-b03e-14c985416b2a","name":"Zscaler F5 Security Incident October 16 2025","description":"Atinderpal Singh, Jithin Prajeev Nair, Deepen Desai. (2025, October 16). F5 Security Incident Advisory. Retrieved October 19, 2025.","url":"https://www.zscaler.com/blogs/security-research/f5-security-incident-advisory","source":"Tidal Cyber","title":"F5 Security Incident Advisory","authors":"Atinderpal Singh, Jithin Prajeev Nair, Deepen Desai","date_accessed":"2025-10-19T12:00:00Z","date_published":"2025-10-16T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9f235c5d-d54d-5b4f-ba24-ec9f643f2873","created":"2025-10-24T16:13:05.868628Z","modified":"2025-10-24T16:13:06.045278Z"},{"id":"bd80f3d7-e653-5f8f-ba8a-00b8780ae935","name":"Facad1ng","description":"Spyboy. (2023). Facad1ng. Retrieved February 13, 2024.","url":"https://github.com/spyboy-productions/Facad1ng","source":"MITRE","title":"Facad1ng","authors":"Spyboy","date_accessed":"2024-02-13T00:00:00Z","date_published":"2023-01-01T00:00:00Z","owner_name":null,"tidal_id":"b45ceb30-d3e5-5938-bcf0-eef26598dae1","created":"2024-04-25T13:28:41.125030Z","modified":"2025-12-17T15:08:36.436159Z"},{"id":"186c1213-d0c5-4eb6-aa0f-0fd61b07a1f7","name":"ThreatPost Social Media Phishing","description":"O'Donnell, L. (2020, October 20). Facebook: A Top Launching Pad For Phishing Attacks. Retrieved October 20, 2020.","url":"https://threatpost.com/facebook-launching-pad-phishing-attacks/160351/","source":"MITRE","title":"Facebook: A Top Launching Pad For Phishing Attacks","authors":"O'Donnell, L","date_accessed":"2020-10-20T00:00:00Z","date_published":"2020-10-20T00:00:00Z","owner_name":null,"tidal_id":"3a91e762-55b7-5122-b6bd-1dc4df354438","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434805Z"},{"id":"785f7692-2be8-4f5d-921e-51efdfe0c0b9","name":"Sentinel Labs","description":"Phil Stokes. (2021, January 11). FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts. Retrieved September 30, 2022.","url":"https://www.sentinelone.com/labs/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/","source":"MITRE","title":"FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts","authors":"Phil Stokes","date_accessed":"2022-09-30T00:00:00Z","date_published":"2021-01-11T00:00:00Z","owner_name":null,"tidal_id":"5883eb05-0afe-5b64-a86b-ed68b61bddde","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424201Z"},{"id":"34dc9010-e800-420c-ace4-4f426c915d2f","name":"SentinelLabs reversing run-only applescripts 2021","description":"Phil Stokes. (2021, January 11). FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts. Retrieved September 29, 2022.","url":"https://www.sentinelone.com/labs/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/","source":"MITRE","title":"FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts","authors":"Phil Stokes","date_accessed":"2022-09-29T00:00:00Z","date_published":"2021-01-11T00:00:00Z","owner_name":null,"tidal_id":"d6db173f-c6dd-58ce-81c3-c4e3953b3aab","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417500Z"},{"id":"1191be5e-3f24-5eda-8a8a-1ae92a470dc2","name":"kaspersky_fakecalls_0422","description":"Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July","url":"https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/","source":"Mobile","title":"Fakecalls: a talking Trojan","authors":"Igor Golovin","date_accessed":"1978-07-01T00:00:00Z","date_published":"2022-04-11T00:00:00Z","owner_name":null,"tidal_id":"b0df22fb-5c2c-55a4-a52f-1f4e7c761241","created":"2026-01-28T13:08:10.040393Z","modified":"2026-01-28T13:08:10.040396Z"},{"id":"74e2c444-e38e-5344-aba5-d4bb63053456","name":"eset-finance","description":"Lukáš Štefanko. (2016, July 7). Fake finance apps on Google Play target users from around the world. Retrieved September","url":"https://www.welivesecurity.com/2018/09/19/fake-finance-apps-google-play-target-around-world/","source":"Mobile","title":"Fake finance apps on Google Play target users from around the world","authors":"Lukáš Štefanko","date_accessed":"1978-09-01T00:00:00Z","date_published":"2016-07-07T00:00:00Z","owner_name":null,"tidal_id":"51604ce5-86fb-5e1c-ba6c-d78a8dfbf06a","created":"2026-01-28T13:08:10.043697Z","modified":"2026-01-28T13:08:10.043700Z"},{"id":"6efa70e3-d8eb-4260-b0ab-62335681e6fd","name":"BleepingComputer Fake Chrome Errors June 17 2024","description":"Bill Toulas. (2024, June 17). Fake Google Chrome errors trick you into running malicious PowerShell scripts. Retrieved June 20, 2024.","url":"https://www.bleepingcomputer.com/news/security/fake-google-chrome-errors-trick-you-into-running-malicious-powershell-scripts/","source":"Tidal Cyber","title":"Fake Google Chrome errors trick you into running malicious PowerShell scripts","authors":"Bill Toulas","date_accessed":"2024-06-20T00:00:00Z","date_published":"2024-06-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"49395950-5e78-52f3-a4f5-eed57e044317","created":"2024-07-03T15:42:40.815080Z","modified":"2024-07-03T15:42:40.996107Z"},{"id":"b2745f5c-a181-48e1-b1cf-37a1ffe1fdf0","name":"ESET OceanLotus Mar 2019","description":"Dumont, R. (2019, March 20). Fake or Fake: Keeping up with OceanLotus decoys. Retrieved April 1, 2019.","url":"https://www.welivesecurity.com/2019/03/20/fake-or-fake-keeping-up-with-oceanlotus-decoys/","source":"MITRE","title":"Fake or Fake: Keeping up with OceanLotus decoys","authors":"Dumont, R","date_accessed":"2019-04-01T00:00:00Z","date_published":"2019-03-20T00:00:00Z","owner_name":null,"tidal_id":"b82d4122-7093-5907-8919-a51e704a8b37","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438330Z"},{"id":"8f7f998d-b6cc-517e-bdcf-a630ec5eb1a9","name":"TrendMicro-Yellow Camera","description":"Song Wang. (2019, October 18). Fake Photo Beautification Apps on Google Play can Read SMS Verification Code to Trigger Wireless Application Protocol (WAP)/Carrier Billing. Retrieved November","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/fake-photo-beautification-apps-on-google-play-can-read-sms-verification-code-to-trigger-wireless-application-protocol-wap-carrier-billing/","source":"Mobile","title":"Fake Photo Beautification Apps on Google Play can Read SMS Verification Code to Trigger Wireless Application Protocol (WAP)/Carrier Billing","authors":"Song Wang","date_accessed":"1978-11-01T00:00:00Z","date_published":"2019-10-18T00:00:00Z","owner_name":null,"tidal_id":"c0776424-ca45-5a2e-9eea-666a9f6c11af","created":"2026-01-28T13:08:10.044198Z","modified":"2026-01-28T13:08:10.044200Z"},{"id":"c4243313-1d54-4d78-bf3b-cf55ff2eb50a","name":"ReversingLabs September 10 2024","description":"Karlo Zanki. (2024, September 10). Fake recruiter coding tests target devs with malicious Python packages. Retrieved September 16, 2024.","url":"https://www.reversinglabs.com/blog/fake-recruiter-coding-tests-target-devs-with-malicious-python-packages","source":"Tidal Cyber","title":"Fake recruiter coding tests target devs with malicious Python packages","authors":"Karlo Zanki","date_accessed":"2024-09-16T00:00:00Z","date_published":"2024-09-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4a811866-1d65-59d3-8de6-1d3e323dc331","created":"2025-02-03T21:08:28.621273Z","modified":"2025-02-03T21:08:28.843140Z"},{"id":"c2f01a3b-a164-59b7-be5d-5eec4eb69ee5","name":"ZScaler BitB 2020","description":"ZScaler. (2020, February 11). Fake Sites Stealing Steam Credentials. Retrieved March 8, 2023.","url":"https://www.zscaler.com/blogs/security-research/fake-sites-stealing-steam-credentials","source":"MITRE","title":"Fake Sites Stealing Steam Credentials","authors":"ZScaler","date_accessed":"2023-03-08T00:00:00Z","date_published":"2020-02-11T00:00:00Z","owner_name":null,"tidal_id":"f1f5bbad-1560-5cad-b683-13bc5fbdf7ab","created":"2023-05-26T01:21:03.418652Z","modified":"2025-12-17T15:08:36.426899Z"},{"id":"a9360be0-af39-53e5-abfe-6904bef51167","name":"Cybereason FakeSpy","description":"O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September","url":"https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world","source":"Mobile","title":"FakeSpy Masquerades as Postal Service Apps Around the World","authors":"O. Almkias","date_accessed":"1978-09-01T00:00:00Z","date_published":"2020-07-01T00:00:00Z","owner_name":null,"tidal_id":"33584874-0d5a-589c-bfbd-a2d97916eeb1","created":"2026-01-28T13:08:10.041013Z","modified":"2026-01-28T13:08:10.041016Z"},{"id":"e9810a28-f060-468b-b4ea-ffed9403ae8b","name":"FalconFeedsio Tweet October 9 2023","description":"FalconFeedsio. (2023, October 9). FalconFeedsio Tweet October 9 2023. Retrieved October 10, 2023.","url":"https://twitter.com/FalconFeedsio/status/1711251161289003465","source":"Tidal Cyber","title":"FalconFeedsio Tweet October 9 2023","authors":"FalconFeedsio","date_accessed":"2023-10-10T00:00:00Z","date_published":"2023-10-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7b711a0c-0106-5ed3-b094-662517a9ee68","created":"2023-10-10T20:48:42.729588Z","modified":"2023-10-10T20:48:42.871594Z"},{"id":"78128031-bcbb-42c2-8bed-4613a10a02ca","name":"FalconFeedsio Tweet September 28 2023","description":"FalconFeedsio. (2023, September 28). FalconFeedsio Tweet September 28 2023. Retrieved October 10, 2023.","url":"https://twitter.com/FalconFeedsio/status/1707330146842169831","source":"Tidal Cyber","title":"FalconFeedsio Tweet September 28 2023","authors":"FalconFeedsio","date_accessed":"2023-10-10T00:00:00Z","date_published":"2023-09-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d904952f-b383-57e4-9f20-e11f7947bf78","created":"2023-10-10T20:48:41.207784Z","modified":"2023-10-10T20:48:41.371553Z"},{"id":"9d0ff77c-09e9-4d58-86f4-e2398f298ca9","name":"falconoverwatch_blackcat_attack","description":"Falcon OverWatch Team. (2022, March 23). Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack. Retrieved May 5, 2022.","url":"https://www.crowdstrike.com/blog/falcon-overwatch-contributes-to-blackcat-protection/","source":"MITRE","title":"Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack","authors":"Falcon OverWatch Team","date_accessed":"2022-05-05T00:00:00Z","date_published":"2022-03-23T00:00:00Z","owner_name":null,"tidal_id":"8282ba6e-0e06-5aa8-a38d-86ad680a4d5f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430460Z"},{"id":"5c662775-9703-4d01-844b-40a0e5c24fb9","name":"CitizenLab Tropic Trooper Aug 2018","description":"Alexander, G., et al. (2018, August 8). Familiar Feeling: A Malware Campaign Targeting the Tibetan Diaspora Resurfaces. Retrieved June 17, 2019.","url":"https://citizenlab.ca/2018/08/familiar-feeling-a-malware-campaign-targeting-the-tibetan-diaspora-resurfaces/","source":"MITRE","title":"Familiar Feeling: A Malware Campaign Targeting the Tibetan Diaspora Resurfaces","authors":"Alexander, G., et al","date_accessed":"2019-06-17T00:00:00Z","date_published":"2018-08-08T00:00:00Z","owner_name":null,"tidal_id":"bff87975-d512-58bb-b00e-5fd4cb7adc0f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440228Z"},{"id":"bd498a3d-c411-41b1-b55a-f700aaf5e166","name":"Cisco Talos Blog June 18 2025","description":"Vanja Svajcer. (2025, June 18). Famous Chollima deploying Python version of GolangGhost RAT. Retrieved July 7, 2025.","url":"https://blog.talosintelligence.com/python-version-of-golangghost-rat/","source":"Tidal Cyber","title":"Famous Chollima deploying Python version of GolangGhost RAT","authors":"Vanja Svajcer","date_accessed":"2025-07-07T12:00:00Z","date_published":"2025-06-18T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8bda93ee-4f42-59db-8c8e-c7a3214101dc","created":"2025-07-08T16:58:15.592172Z","modified":"2025-07-08T16:58:15.802576Z"},{"id":"f91d6d8e-22a4-4851-9444-7a066e6b7aa5","name":"ESET FamousSparrow September 23 2021","description":"Tahseen Bin Taj, Matthieu Faou. (2021, September 23). FamousSparrow: A suspicious hotel guest. Retrieved October 24, 2024.","url":"https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/","source":"Tidal Cyber","title":"FamousSparrow: A suspicious hotel guest","authors":"Tahseen Bin Taj, Matthieu Faou","date_accessed":"2024-10-24T00:00:00Z","date_published":"2021-09-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"54cc8668-2eba-5645-9e91-f9060e317067","created":"2024-10-25T19:42:15.605213Z","modified":"2024-10-25T19:42:15.998420Z"},{"id":"a8a2e3f2-3967-4e82-a36a-2436c654fb3f","name":"CISA AA20-239A BeagleBoyz August 2020","description":"DHS/CISA. (2020, August 26). FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks. Retrieved September 29, 2021.","url":"https://us-cert.cisa.gov/ncas/alerts/aa20-239a","source":"MITRE, Tidal Cyber","title":"FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks","authors":"DHS/CISA","date_accessed":"2021-09-29T00:00:00Z","date_published":"2020-08-26T00:00:00Z","owner_name":null,"tidal_id":"98b74c08-174b-5539-bdef-6e7fe47ec39f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.278936Z"},{"id":"e232d739-663e-4878-b13b-9248cd81e657","name":"Fast Flux - Welivesecurity","description":"Albors, Josep. (2017, January 12). Fast Flux networks: What are they and how do they work?. Retrieved March 11, 2020.","url":"https://www.welivesecurity.com/2017/01/12/fast-flux-networks-work/","source":"MITRE","title":"Fast Flux networks: What are they and how do they work?","authors":"Albors, Josep","date_accessed":"2020-03-11T00:00:00Z","date_published":"2017-01-12T00:00:00Z","owner_name":null,"tidal_id":"fe6c38ea-fd10-5ffd-aa4c-9abe91ff307f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426697Z"},{"id":"5f169cae-6b59-4879-9a8f-93fdcea5cc58","name":"MehtaFastFluxPt1","description":"Mehta, L. (2014, December 17). Fast Flux Networks Working and Detection, Part 1. Retrieved March 6, 2017.","url":"https://resources.infosecinstitute.com/fast-flux-networks-working-detection-part-1/#gref","source":"MITRE","title":"Fast Flux Networks Working and Detection, Part 1","authors":"Mehta, L","date_accessed":"2017-03-06T00:00:00Z","date_published":"2014-12-17T00:00:00Z","owner_name":null,"tidal_id":"8c850b16-66a1-5ec4-84ec-345e9eac0bde","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426684Z"},{"id":"f8a98e55-c91e-4b5e-b6f3-0065ef07375d","name":"MehtaFastFluxPt2","description":"Mehta, L. (2014, December 23). Fast Flux Networks Working and Detection, Part 2. Retrieved March 6, 2017.","url":"https://resources.infosecinstitute.com/fast-flux-networks-working-detection-part-2/#gref","source":"MITRE","title":"Fast Flux Networks Working and Detection, Part 2","authors":"Mehta, L","date_accessed":"2017-03-06T00:00:00Z","date_published":"2014-12-23T00:00:00Z","owner_name":null,"tidal_id":"188c9561-7391-5cec-8863-d15401f8cac3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426690Z"},{"id":"3388bfec-7822-56dc-a384-95aa79f42fe8","name":"FBI-BEC","description":"FBI. (2022). FBI 2022 Congressional Report on BEC and Real Estate Wire Fraud. Retrieved August 18, 2023.","url":"https://www.fbi.gov/file-repository/fy-2022-fbi-congressional-report-business-email-compromise-and-real-estate-wire-fraud-111422.pdf/view","source":"MITRE","title":"FBI 2022 Congressional Report on BEC and Real Estate Wire Fraud","authors":"FBI","date_accessed":"2023-08-18T00:00:00Z","date_published":"2022-01-01T00:00:00Z","owner_name":null,"tidal_id":"0e46ff58-f902-5587-b618-d24f8f68d22e","created":"2023-11-07T00:36:05.501647Z","modified":"2025-12-17T15:08:36.432165Z"},{"id":"42dc957c-007b-4f90-88c6-1afd6d1032e8","name":"FBI Flash FIN7 USB","description":"The Record. (2022, January 7). FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware. Retrieved January 14, 2022.","url":"https://therecord.media/fbi-fin7-hackers-target-us-companies-with-badusb-devices-to-install-ransomware/","source":"MITRE","title":"FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware","authors":"The Record","date_accessed":"2022-01-14T00:00:00Z","date_published":"2022-01-07T00:00:00Z","owner_name":null,"tidal_id":"ce905d86-2e9e-5909-b0ec-8152404a760f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426153Z"},{"id":"b36a077f-9e47-5bf3-a58a-ed5a08821de7","name":"BleepingComputer USB","description":"Ionut Ilascu. (2020, March 27). FBI: Hackers Sending Malicious USB Drives & Teddy Bears via USPS. Retrieved March 27, 2025.","url":"https://www.bleepingcomputer.com/news/security/fbi-hackers-sending-malicious-usb-drives-and-teddy-bears-via-usps/","source":"MITRE","title":"FBI: Hackers Sending Malicious USB Drives & Teddy Bears via USPS","authors":"Ionut Ilascu","date_accessed":"2025-03-27T00:00:00Z","date_published":"2020-03-27T00:00:00Z","owner_name":null,"tidal_id":"1183494d-db91-59ee-bd2f-577d4238d811","created":"2025-04-22T20:47:15.034719Z","modified":"2025-12-17T15:08:36.430421Z"},{"id":"d753c01c-c0f6-4382-ae79-5605a28c94d5","name":"FBI Lazarus Stake.com Theft Attribution September 2023","description":"FBI National Press Office. (2023, September 6). FBI Identifies Lazarus Group Cyber Actors as Responsible for Theft of $41 Million from Stake.com. Retrieved September 13, 2023.","url":"https://www.fbi.gov/news/press-releases/fbi-identifies-lazarus-group-cyber-actors-as-responsible-for-theft-of-41-million-from-stakecom","source":"Tidal Cyber","title":"FBI Identifies Lazarus Group Cyber Actors as Responsible for Theft of $41 Million from Stake.com","authors":"FBI National Press Office","date_accessed":"2023-09-13T00:00:00Z","date_published":"2023-09-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"51746be0-4408-5fee-ac4a-0736a5551cef","created":"2023-09-14T20:17:56.950578Z","modified":"2023-09-14T20:17:57.338763Z"},{"id":"191bc704-3314-56c5-8f2d-dbbbb8afea2f","name":"VPNFilter Router","description":"Tung, Liam. (2018, May 29). FBI to all router users: Reboot now to neuter Russia's VPNFilter malware. Retrieved March 7, 2024.","url":"https://www.zdnet.com/article/fbi-to-all-router-users-reboot-now-to-neuter-russias-vpnfilter-malware/","source":"MITRE","title":"FBI to all router users: Reboot now to neuter Russia's VPNFilter malware","authors":"Tung, Liam","date_accessed":"2024-03-07T00:00:00Z","date_published":"2018-05-29T00:00:00Z","owner_name":null,"tidal_id":"f7c8ef45-a25a-54e5-9d83-adf66c3e2972","created":"2024-10-31T16:28:38.264628Z","modified":"2025-12-17T15:08:36.442745Z"},{"id":"5e452793-7384-52bb-98ab-c286eb2de17b","name":"CNET-Celljammer","description":"Chris Matyszczyk. (2014, May 1). FCC: Man used device to jam drivers' cell phone calls. Retrieved November","url":"https://www.cnet.com/news/man-put-cell-phone-jammer-in-car-to-stop-driver-calls-fcc-says/","source":"Mobile","title":"FCC: Man used device to jam drivers' cell phone calls","authors":"Chris Matyszczyk","date_accessed":"1978-11-01T00:00:00Z","date_published":"2014-05-01T00:00:00Z","owner_name":null,"tidal_id":"4a9baf21-0901-5907-b454-b2d8fef1ef15","created":"2026-01-28T13:08:10.045845Z","modified":"2026-01-28T13:08:10.045848Z"},{"id":"d92f6dc0-e902-4a4a-9083-8d1667a7003e","name":"Hakobyan 2009","description":"Hakobyan, A. (2009, January 8). FDump - Dumping File Sectors Directly from Disk using Logical Offsets. Retrieved November 12, 2014.","url":"http://www.codeproject.com/Articles/32169/FDump-Dumping-File-Sectors-Directly-from-Disk-usin","source":"MITRE","title":"FDump - Dumping File Sectors Directly from Disk using Logical Offsets","authors":"Hakobyan, A","date_accessed":"2014-11-12T00:00:00Z","date_published":"2009-01-08T00:00:00Z","owner_name":null,"tidal_id":"260fb6e8-8528-5501-bd5f-ad0cff186b3b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424537Z"},{"id":"7c7ce7bf-510b-57c8-8276-ab9a23c3c9ed","name":"Android 12 Features","description":"Google. (2022, April 4). Features and APIs Overview. Retrieved April","url":"https://developer.android.com/about/versions/12/features","source":"Mobile","title":"Features and APIs Overview","authors":"Google","date_accessed":"1978-04-01T00:00:00Z","date_published":"2022-04-04T00:00:00Z","owner_name":null,"tidal_id":"2416b8ab-09df-51e5-bc35-983c1ce119f8","created":"2026-01-28T13:08:10.047145Z","modified":"2026-01-28T13:08:10.047148Z"},{"id":"4e17ca9b-5c98-409b-9496-7c37fe9ee837","name":"Google Federating GC","description":"Google. (n.d.). Federating Google Cloud with Active Directory. Retrieved March 13, 2020.","url":"https://cloud.google.com/solutions/federating-gcp-with-active-directory-introduction","source":"MITRE","title":"Federating Google Cloud with Active Directory","authors":"Google","date_accessed":"2020-03-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3eb11e66-6cc2-56ed-9112-47051a6cdfdf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436312Z"},{"id":"b8f8020d-3f5c-4b5e-8761-6ecdd63fcd50","name":"Kaspersky Ferocious Kitten Jun 2021","description":"GReAT. (2021, June 16). Ferocious Kitten: 6 Years of Covert Surveillance in Iran. Retrieved September 22, 2021.","url":"https://securelist.com/ferocious-kitten-6-years-of-covert-surveillance-in-iran/102806/","source":"MITRE, Tidal Cyber","title":"Ferocious Kitten: 6 Years of Covert Surveillance in Iran","authors":"GReAT","date_accessed":"2021-09-22T00:00:00Z","date_published":"2021-06-16T00:00:00Z","owner_name":null,"tidal_id":"5dbe73af-4850-5cc0-8fdf-68bff9e6593f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.258889Z"},{"id":"6c985470-a923-48fd-82c9-9128b6d59bcb","name":"Fidelis njRAT June 2013","description":"Fidelis Cybersecurity. (2013, June 28). Fidelis Threat Advisory #1009: \"njRAT\" Uncovered. Retrieved June 4, 2019.","url":"https://www.threatminer.org/_reports/2013/fta-1009---njrat-uncovered-1.pdf","source":"MITRE","title":"Fidelis Threat Advisory #1009: \"njRAT\" Uncovered","authors":"Fidelis Cybersecurity","date_accessed":"2019-06-04T00:00:00Z","date_published":"2013-06-28T00:00:00Z","owner_name":null,"tidal_id":"62074ad9-2336-563d-960b-0c4e521c6674","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421831Z"},{"id":"9d9c0c71-d5a2-41e4-aa90-d1046e0742c7","name":"Fidelis INOCNATION","description":"Fidelis Cybersecurity. (2015, December 16). Fidelis Threat Advisory #1020: Dissecting the Malware Involved in the INOCNATION Campaign. Retrieved November 17, 2024.","url":"https://fidelissecurity.com/resource/report/fidelis-threat-advisory-1020-dissecting-the-malware-involved-in-the-inocnation-campaign/","source":"MITRE","title":"Fidelis Threat Advisory #1020: Dissecting the Malware Involved in the INOCNATION Campaign","authors":"Fidelis Cybersecurity","date_accessed":"2024-11-17T00:00:00Z","date_published":"2015-12-16T00:00:00Z","owner_name":null,"tidal_id":"d66e64d4-08a7-5a03-a5ee-db3e40b52dd2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440747Z"},{"id":"87535fb7-8916-494e-94ff-cf28c125f0b4","name":"ANY.RUN's Cybersecurity Blog 10 01 2025","description":"Mauro Eldritch. (2025, October 1). Fighting Telecom Cyberattacks: Investigating a Campaign Against UK Companies - ANY.RUN's Cybersecurity Blog. Retrieved October 3, 2025.","url":"https://any.run/cybersecurity-blog/funklocker-malware-analysis/","source":"Tidal Cyber","title":"Fighting Telecom Cyberattacks: Investigating a Campaign Against UK Companies - ANY.RUN's Cybersecurity Blog","authors":"Mauro Eldritch","date_accessed":"2025-10-03T12:00:00Z","date_published":"2025-10-01T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1f56d948-e858-515e-8994-1ead8808a4c0","created":"2025-10-07T14:06:56.791380Z","modified":"2025-10-07T14:06:56.936738Z"},{"id":"b58d9c32-89c5-449a-88e7-1c7dd3f8380e","name":"Securelist fileless attacks Feb 2017","description":"Kaspersky Lab's Global Research and Analysis Team. (2017, February 8). Fileless attacks against enterprise networks. Retrieved February 8, 2017.","url":"https://securelist.com/fileless-attacks-against-enterprise-networks/77403/","source":"MITRE","title":"Fileless attacks against enterprise networks","authors":"Kaspersky Lab's Global Research and Analysis Team","date_accessed":"2017-02-08T00:00:00Z","date_published":"2017-02-08T00:00:00Z","owner_name":null,"tidal_id":"34077213-3678-54e1-86aa-9a37fcbe902a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441967Z"},{"id":"a8420828-9e00-45a1-90d7-a37f898204f9","name":"Airbus Security Kovter Analysis","description":"Dove, A. (2016, March 23). Fileless Malware – A Behavioural Analysis Of Kovter Persistence. Retrieved December 5, 2017.","url":"https://airbus-cyber-security.com/fileless-malware-behavioural-analysis-kovter-persistence/","source":"MITRE","title":"Fileless Malware – A Behavioural Analysis Of Kovter Persistence","authors":"Dove, A","date_accessed":"2017-12-05T00:00:00Z","date_published":"2016-03-23T00:00:00Z","owner_name":null,"tidal_id":"f5f2180c-a96a-5706-a016-4b0a345bbf1f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432000Z"},{"id":"d728b343-3256-55ff-9491-f66b98c16226","name":"Sysdig Fileless Malware 23022","description":"Nicholas Lang. (2022, May 3). Fileless malware mitigation. Retrieved September 24, 2024.","url":"https://sysdig.com/blog/containers-read-only-fileless-malware/","source":"MITRE","title":"Fileless malware mitigation","authors":"Nicholas Lang","date_accessed":"2024-09-24T00:00:00Z","date_published":"2022-05-03T00:00:00Z","owner_name":null,"tidal_id":"a9ba27b5-1074-56cc-a566-bb3ad7e9e1c6","created":"2024-10-31T16:28:15.658206Z","modified":"2025-12-17T15:08:36.423867Z"},{"id":"263fc1ab-f928-583f-986d-1e1bae9b3c85","name":"Microsoft Fileless","description":"Microsoft. (2023, February 6). Fileless threats. Retrieved March 23, 2023.","url":"https://learn.microsoft.com/microsoft-365/security/intelligence/fileless-threats","source":"MITRE","title":"Fileless threats","authors":"Microsoft","date_accessed":"2023-03-23T00:00:00Z","date_published":"2023-02-06T00:00:00Z","owner_name":null,"tidal_id":"6c5a800c-3035-5583-a6f6-ecb3f4578acf","created":"2023-05-26T01:21:00.449167Z","modified":"2025-12-17T15:08:36.423860Z"},{"id":"74b16ca4-9494-4f10-97c5-103a8521818f","name":"enigma0x3 Fileless UAC Bypass","description":"Nelson, M. (2016, August 15). \"Fileless\" UAC Bypass using eventvwr.exe and Registry Hijacking. Retrieved December 27, 2016.","url":"https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/","source":"MITRE","title":"\"Fileless\" UAC Bypass using eventvwr.exe and Registry Hijacking","authors":"Nelson, M","date_accessed":"2016-12-27T00:00:00Z","date_published":"2016-08-15T00:00:00Z","owner_name":null,"tidal_id":"a39adb21-e57e-574c-91c5-b7a93d0427f4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425246Z"},{"id":"5e5597e2-ea05-41e0-8752-ca95a89a5aa3","name":"enigma0x3 sdclt bypass","description":"Nelson, M. (2017, March 17). \"Fileless\" UAC Bypass Using sdclt.exe. Retrieved May 25, 2017.","url":"https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe/","source":"MITRE","title":"\"Fileless\" UAC Bypass Using sdclt.exe","authors":"Nelson, M","date_accessed":"2017-05-25T00:00:00Z","date_published":"2017-03-17T00:00:00Z","owner_name":null,"tidal_id":"02c68186-9d16-52ed-974c-ba2ebbd2541b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425259Z"},{"id":"e6d84416-5808-4e7d-891b-ba67dada8726","name":"Microsoft File Mgmt","description":"Microsoft. (2018, May 31). File Management (Local File Systems). Retrieved September 28, 2021.","url":"https://docs.microsoft.com/en-us/windows/win32/fileio/file-management","source":"MITRE","title":"File Management (Local File Systems)","authors":"Microsoft","date_accessed":"2021-09-28T00:00:00Z","date_published":"2018-05-31T00:00:00Z","owner_name":null,"tidal_id":"cb2bb990-3ba0-573f-bd82-71961476d7f2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437140Z"},{"id":"ef3f58da-e735-4b1d-914c-fafabb7439bf","name":"Microsoft File Streams","description":"Microsoft. (n.d.). File Streams. Retrieved September 12, 2024.","url":"https://learn.microsoft.com/en-us/windows/win32/fileio/file-streams","source":"MITRE","title":"File Streams","authors":"Microsoft","date_accessed":"2024-09-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"34f2f071-043c-5d6a-b3ca-ff836eacf2fd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436418Z"},{"id":"4f7c7d6c-ad56-594f-bcb8-79523f436f2c","name":"file_upload_attacks_pt2","description":"YesWeRHackers. (2021, June 16). File Upload Attacks (Part 2). Retrieved August 23, 2022.","url":"https://blog.yeswehack.com/yeswerhackers/file-upload-attacks-part-2/","source":"MITRE","title":"File Upload Attacks (Part 2)","authors":"YesWeRHackers","date_accessed":"2022-08-23T00:00:00Z","date_published":"2021-06-16T00:00:00Z","owner_name":null,"tidal_id":"1e05f4cc-1660-5974-aee9-95ab90ba8243","created":"2023-05-26T01:21:20.475353Z","modified":"2025-12-17T15:08:36.442251Z"},{"id":"327caed7-a53f-4245-8774-a9f170932012","name":"Microsoft GPO Security Filtering","description":"Microsoft. (2018, May 30). Filtering the Scope of a GPO. Retrieved March 13, 2019.","url":"https://docs.microsoft.com/en-us/previous-versions/windows/desktop/Policy/filtering-the-scope-of-a-gpo","source":"MITRE","title":"Filtering the Scope of a GPO","authors":"Microsoft","date_accessed":"2019-03-13T00:00:00Z","date_published":"2018-05-30T00:00:00Z","owner_name":null,"tidal_id":"d3663676-a380-52ee-ad73-5aa2b1a87bcb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441799Z"},{"id":"9d5c3956-7169-48d5-b4d0-f7a56a742adf","name":"FireEye FIN10 June 2017","description":"FireEye iSIGHT Intelligence. (2017, June 16). FIN10: Anatomy of a Cyber Extortion Operation. Retrieved November 17, 2024.","url":"https://services.google.com/fh/files/misc/rpt-fin-10-anatomy-of-a-cyber-en.pdf","source":"MITRE, Tidal Cyber","title":"FIN10: Anatomy of a Cyber Extortion Operation","authors":"FireEye iSIGHT Intelligence","date_accessed":"2024-11-17T00:00:00Z","date_published":"2017-06-16T00:00:00Z","owner_name":null,"tidal_id":"fcf06bf7-fb06-5766-8c46-90baa0b6b199","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279498Z"},{"id":"7af84b3d-bbd6-449f-b29b-2f14591c9f05","name":"Mandiant FIN12 Group Profile October 07 2021","description":"Joshua Shilko, Zach Riddle, Jennifer Brooks, Genevieve Stark, Adam Brunner, Kimberly Goody, Jeremy Kennelly. (2021, October 7). FIN12 Group Profile. Retrieved September 22, 2023.","url":"https://www.mandiant.com/sites/default/files/2021-10/fin12-group-profile.pdf","source":"Tidal Cyber","title":"FIN12 Group Profile","authors":"Joshua Shilko, Zach Riddle, Jennifer Brooks, Genevieve Stark, Adam Brunner, Kimberly Goody, Jeremy Kennelly","date_accessed":"2023-09-22T00:00:00Z","date_published":"2021-10-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3052cb92-ea95-5241-b5bd-8a6872d5046c","created":"2023-09-22T15:01:26.686393Z","modified":"2023-09-22T15:01:26.807686Z"},{"id":"4514d7cc-b999-5711-a398-d90e5d3570f2","name":"Mandiant FIN12 Oct 2021","description":"Shilko, J., et al. (2021, October 7). FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets. Retrieved June 15, 2023.","url":"https://www.mandiant.com/sites/default/files/2021-10/fin12-group-profile.pdf","source":"MITRE","title":"FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets","authors":"Shilko, J., et al","date_accessed":"2023-06-15T00:00:00Z","date_published":"2021-10-07T00:00:00Z","owner_name":null,"tidal_id":"9dd761fb-758d-5f33-b084-df096ddc9265","created":"2023-11-07T00:36:14.058175Z","modified":"2025-12-17T15:08:36.437344Z"},{"id":"0f4a03c5-79b3-418e-a77d-305d5a32caca","name":"CERTFR-2023-CTI-007","description":"CERT-FR. (2023, September 18). FIN12: Un Groupe Cybercriminel aux Multiples Rançongiciel. Retrieved September 21, 2023.","url":"https://www.cert.ssi.gouv.fr/uploads/CERTFR-2023-CTI-007.pdf","source":"Tidal Cyber","title":"FIN12: Un Groupe Cybercriminel aux Multiples Rançongiciel","authors":"CERT-FR","date_accessed":"2023-09-21T00:00:00Z","date_published":"2023-09-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e17414a7-f343-5028-a7d4-ff7e831ddf34","created":"2023-09-22T15:01:24.211176Z","modified":"2023-09-22T15:01:24.645728Z"},{"id":"ebd9d479-1954-5a4a-b7f0-d5372489733c","name":"Mandiant FIN13 Aug 2022","description":"Ta, V., et al. (2022, August 8). FIN13: A Cybercriminal Threat Actor Focused on Mexico. Retrieved February 9, 2023.","url":"https://www.mandiant.com/resources/blog/fin13-cybercriminal-mexico","source":"MITRE","title":"FIN13: A Cybercriminal Threat Actor Focused on Mexico","authors":"Ta, V., et al","date_accessed":"2023-02-09T00:00:00Z","date_published":"2022-08-08T00:00:00Z","owner_name":null,"tidal_id":"943c4c43-914a-5607-b482-8b7554c34952","created":"2023-11-07T00:36:14.488516Z","modified":"2025-12-17T15:08:36.438859Z"},{"id":"375f6383-cdba-5d93-866e-b0ab062253a4","name":"Google Cloud Threat Intelligence FIN13 2021","description":"Van Ta, Jake Nicastro, Rufus Brown, and Nick Richard. (2021, December 7). FIN13: A Cybercriminal Threat Actor Focused on Mexico. Retrieved March 18, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/fin13-cybercriminal-mexico/","source":"MITRE","title":"FIN13: A Cybercriminal Threat Actor Focused on Mexico","authors":"Van Ta, Jake Nicastro, Rufus Brown, and Nick Richard","date_accessed":"2025-03-18T00:00:00Z","date_published":"2021-12-07T00:00:00Z","owner_name":null,"tidal_id":"9c631157-9d13-56ca-9a3a-3bdd1b2a490b","created":"2025-04-22T20:47:18.014142Z","modified":"2025-12-17T15:08:36.433433Z"},{"id":"b27f1040-46e5-411a-b238-0b40f6160680","name":"FireEye FIN4 Stealing Insider NOV 2014","description":"Dennesen, K. et al.. (2014, November 30). FIN4: Stealing Insider Information for an Advantage in Stock Trading?. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20190508171649/https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html","source":"MITRE","title":"FIN4: Stealing Insider Information for an Advantage in Stock Trading?","authors":"Dennesen, K. et al.","date_accessed":"2024-11-17T00:00:00Z","date_published":"2014-11-30T00:00:00Z","owner_name":null,"tidal_id":"56d71939-98c9-5109-87b6-46b94815026e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438992Z"},{"id":"9e9e8811-1d8e-4400-8688-e634f859c4e0","name":"Visa FIN6 Feb 2019","description":"Visa Public. (2019, February). FIN6 Cybercrime Group Expands Threat to eCommerce Merchants. Retrieved September 16, 2019.","url":"https://usa.visa.com/dam/VCOM/global/support-legal/documents/fin6-cybercrime-group-expands-threat-To-ecommerce-merchants.pdf","source":"MITRE","title":"FIN6 Cybercrime Group Expands Threat to eCommerce Merchants","authors":"Visa Public","date_accessed":"2019-09-16T00:00:00Z","date_published":"2019-02-01T00:00:00Z","owner_name":null,"tidal_id":"898e2d5e-4e06-5c85-8901-93d2716abcaa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421491Z"},{"id":"054d7827-3d0c-40a7-b2a0-1428ad7729ea","name":"SentinelOne FrameworkPOS September 2019","description":"Kremez, V. (2019, September 19). FIN6 “FrameworkPOS”: Point-of-Sale Malware Analysis & Internals. Retrieved September 8, 2020.","url":"https://labs.sentinelone.com/fin6-frameworkpos-point-of-sale-malware-analysis-internals-2/","source":"MITRE","title":"FIN6 “FrameworkPOS”: Point-of-Sale Malware Analysis & Internals","authors":"Kremez, V","date_accessed":"2020-09-08T00:00:00Z","date_published":"2019-09-19T00:00:00Z","owner_name":null,"tidal_id":"f4ba07ef-301b-530b-90c4-485925687bee","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417218Z"},{"id":"42e196e4-42a7-427d-a69b-d78fa6375f8c","name":"SecureList Griffon May 2019","description":"Namestnikov, Y. and Aime, F. (2019, May 8). FIN7.5: the infamous cybercrime rig “FIN7” continues its activities. Retrieved October 11, 2019.","url":"https://securelist.com/fin7-5-the-infamous-cybercrime-rig-fin7-continues-its-activities/90703/","source":"MITRE","title":"FIN7.5: the infamous cybercrime rig “FIN7” continues its activities","authors":"Namestnikov, Y. and Aime, F","date_accessed":"2019-10-11T00:00:00Z","date_published":"2019-05-08T00:00:00Z","owner_name":null,"tidal_id":"be6c2889-3789-54eb-9869-ceb5e8f89643","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416648Z"},{"id":"1b89f62f-586d-4dee-b6dd-e5a5cd090a0e","name":"Threatpost Lizar May 2021","description":"Seals, T. (2021, May 14). FIN7 Backdoor Masquerades as Ethical Hacking Tool. Retrieved February 2, 2022.","url":"https://threatpost.com/fin7-backdoor-ethical-hacking-tool/166194/","source":"MITRE","title":"FIN7 Backdoor Masquerades as Ethical Hacking Tool","authors":"Seals, T","date_accessed":"2022-02-02T00:00:00Z","date_published":"2021-05-14T00:00:00Z","owner_name":null,"tidal_id":"178a8334-b82e-55a4-8a14-fd83a5101935","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422462Z"},{"id":"22857eb3-b5f7-4677-bf5c-bc993f483450","name":"The Hacker News April 2 2025","description":"The Hacker News. (2025, April 2). FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites. Retrieved April 7, 2025.","url":"https://thehackernews.com/2025/04/fin7-deploys-anubis-backdoor-to-hijack.html","source":"Tidal Cyber","title":"FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites","authors":"The Hacker News","date_accessed":"2025-04-07T00:00:00Z","date_published":"2025-04-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0011aa6c-b775-5680-a42a-7873ffc2a72a","created":"2025-04-08T16:38:26.590217Z","modified":"2025-04-08T16:38:27.043096Z"},{"id":"6ee27fdb-1753-4fdf-af72-3295b072ff10","name":"FireEye FIN7 April 2017","description":"Carr, N., et al. (2017, April 24). FIN7 Evolution and the Phishing LNK. Retrieved April 24, 2017.","url":"https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html","source":"MITRE","title":"FIN7 Evolution and the Phishing LNK","authors":"Carr, N., et al","date_accessed":"2017-04-24T00:00:00Z","date_published":"2017-04-24T00:00:00Z","owner_name":null,"tidal_id":"0ebe10b4-e63b-5f47-aa33-99bb4d1ddc0b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416973Z"},{"id":"bef86725-c540-4241-bf3b-4b5a81aadebe","name":"The Hacker News March 7 2025","description":"The Hacker News. (2025, March 7). FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations. Retrieved April 8, 2025.","url":"https://thehackernews.com/2025/03/fin7-fin8-and-others-use-ragnar-loader.html","source":"Tidal Cyber","title":"FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations","authors":"The Hacker News","date_accessed":"2025-04-08T00:00:00Z","date_published":"2025-03-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f47b7f4e-5e69-5e54-bdd0-a4ec20a5664e","created":"2025-04-08T16:38:29.610784Z","modified":"2025-04-08T16:38:29.781440Z"},{"id":"fbc3ea90-d3d4-440e-964d-6cd2e991df0c","name":"Mandiant FIN7 April 4 2022","description":"Bryce Abdo, Zander Work, Ioana Teaca, Brendan McKeague. (2022, April 4). FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7. Retrieved May 25, 2023.","url":"https://www.mandiant.com/resources/blog/evolution-of-fin7","source":"Tidal Cyber","title":"FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7","authors":"Bryce Abdo, Zander Work, Ioana Teaca, Brendan McKeague","date_accessed":"2023-05-25T00:00:00Z","date_published":"2022-04-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0549128f-88b7-5d47-b7fb-d9e3389d8ea7","created":"2024-06-13T20:10:30.762821Z","modified":"2024-06-13T20:10:30.954919Z"},{"id":"be9919c0-ca52-593b-aea0-c5e9a262b570","name":"Mandiant FIN7 Apr 2022","description":"Abdo, B., et al. (2022, April 4). FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7. Retrieved April 5, 2022.","url":"https://www.mandiant.com/resources/evolution-of-fin7","source":"MITRE","title":"FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7","authors":"Abdo, B., et al","date_accessed":"2022-04-05T00:00:00Z","date_published":"2022-04-04T00:00:00Z","owner_name":null,"tidal_id":"51839f71-afda-583e-8091-4358388cd01e","created":"2023-11-07T00:36:11.894412Z","modified":"2025-12-17T15:08:36.437377Z"},{"id":"b5453789-65b5-4057-84ce-14097f5215d7","name":"SentinelOne July 14 2024","description":"Antonio Cocomazzi. (2024, July 14). FIN7 Reboot . Retrieved April 8, 2025.","url":"https://www.sentinelone.com/labs/fin7-reboot-cybercrime-gang-enhances-ops-with-new-edr-bypasses-and-automated-attacks/","source":"Tidal Cyber","title":"FIN7 Reboot","authors":"Antonio Cocomazzi","date_accessed":"2025-04-08T00:00:00Z","date_published":"2024-07-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1c97333e-c17a-5a07-ab05-0b4a736a0287","created":"2025-04-08T16:38:27.607699Z","modified":"2025-04-08T16:38:27.788252Z"},{"id":"599c7416-a6d8-5d3d-9044-dddf095859a5","name":"Cocomazzi FIN7 Reboot","description":"Cocomazzi, Antonio. (2024, July 17). FIN7 Reboot | Cybercrime Gang Enhances Ops with New EDR Bypasses and Automated Attacks. Retrieved September 24, 2025.","url":"https://www.sentinelone.com/labs/fin7-reboot-cybercrime-gang-enhances-ops-with-new-edr-bypasses-and-automated-attacks/","source":"MITRE","title":"FIN7 Reboot | Cybercrime Gang Enhances Ops with New EDR Bypasses and Automated Attacks","authors":"Cocomazzi, Antonio","date_accessed":"2025-09-24T00:00:00Z","date_published":"2024-07-17T00:00:00Z","owner_name":null,"tidal_id":"8a7ed28b-ff86-54da-a8ad-c30c1533c13d","created":"2025-10-29T21:08:48.165326Z","modified":"2025-12-17T15:08:36.422449Z"},{"id":"bbaef178-8577-4398-8e28-604faf0950b4","name":"Gemini FIN7 Oct 2021","description":"Gemini Advisory. (2021, October 21). FIN7 Recruits Talent For Push Into Ransomware. Retrieved February 2, 2022.","url":"https://geminiadvisory.io/fin7-ransomware-bastion-secure/","source":"MITRE","title":"FIN7 Recruits Talent For Push Into Ransomware","authors":"Gemini Advisory","date_accessed":"2022-02-02T00:00:00Z","date_published":"2021-10-21T00:00:00Z","owner_name":null,"tidal_id":"7204712f-7170-5759-81d6-a1c8e0729d05","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422456Z"},{"id":"b09453a3-c0df-4e96-b399-e7b34e068e9d","name":"Flashpoint FIN 7 March 2019","description":"Platt, J. and Reeves, J.. (2019, March). FIN7 Revisited: Inside Astra Panel and SQLRat Malware. Retrieved June 18, 2019.","url":"https://www.flashpoint-intel.com/blog/fin7-revisited-inside-astra-panel-and-sqlrat-malware/","source":"MITRE","title":"FIN7 Revisited: Inside Astra Panel and SQLRat Malware","authors":"Platt, J. and Reeves, J.","date_accessed":"2019-06-18T00:00:00Z","date_published":"2019-03-01T00:00:00Z","owner_name":null,"tidal_id":"a3cb3320-69f0-542f-85c5-7761c9678c6e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420378Z"},{"id":"7987bb91-ec41-42f8-bd2d-dabc26509a08","name":"FireEye FIN7 March 2017","description":"Miller, S., et al. (2017, March 7). FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings. Retrieved March 8, 2017.","url":"https://web.archive.org/web/20180808125108/https:/www.fireeye.com/blog/threat-research/2017/03/fin7_spear_phishing.html","source":"MITRE, Tidal Cyber","title":"FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings","authors":"Miller, S., et al","date_accessed":"2017-03-08T00:00:00Z","date_published":"2017-03-07T00:00:00Z","owner_name":null,"tidal_id":"5d1bc449-d5d7-52a8-8bea-1fbb9cd75df3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.257470Z"},{"id":"3831173c-7c67-4f16-b652-ad992a7ce411","name":"Morphisec FIN7 June 2017","description":"Gorelik, M.. (2017, June 9). FIN7 Takes Another Bite at the Restaurant Industry. Retrieved July 13, 2017.","url":"http://blog.morphisec.com/fin7-attacks-restaurant-industry","source":"MITRE","title":"FIN7 Takes Another Bite at the Restaurant Industry","authors":"Gorelik, M.","date_accessed":"2017-07-13T00:00:00Z","date_published":"2017-06-09T00:00:00Z","owner_name":null,"tidal_id":"c61f70a7-09d2-5dc8-8685-7bdcadc7a712","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437402Z"},{"id":"4f5c384a-83e0-5156-8322-28153c15c32a","name":"Gemini_FIN7_Jan2022","description":"Gemini Advisory. (2022, January 13). FIN7 Uses Flash Drives to Spread Remote Access Trojan. Retrieved May 14, 2025.","url":"https://geminiadvisory.io/fin7-flash-drives-spread-remote-access-trojan/","source":"MITRE","title":"FIN7 Uses Flash Drives to Spread Remote Access Trojan","authors":"Gemini Advisory","date_accessed":"2025-05-14T00:00:00Z","date_published":"2022-01-13T00:00:00Z","owner_name":null,"tidal_id":"6238022e-9a0a-5fea-aaff-f9fe1c7951d0","created":"2025-10-29T21:08:48.167669Z","modified":"2025-12-17T15:08:36.441245Z"},{"id":"67c3a7ed-e2e2-4566-aca7-61e766f177bf","name":"Esentire 5 8 2024","description":"Esentire Threat Response Unit. (2024, May 8). FIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX…. Retrieved May 14, 2024.","url":"https://www.esentire.com/blog/fin7-uses-trusted-brands-and-sponsored-google-ads-to-distribute-msix-payloads","source":"Tidal Cyber","title":"FIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX…","authors":"Esentire Threat Response Unit","date_accessed":"2024-05-14T00:00:00Z","date_published":"2024-05-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b0e1ed28-7265-5921-810b-dbca7278a460","created":"2024-06-13T20:11:03.821610Z","modified":"2024-06-13T20:11:04.021904Z"},{"id":"e38adff1-7f53-4b0c-9d58-a4640b09b10d","name":"CyberScoop FIN7 Oct 2017","description":"Waterman, S. (2017, October 16). Fin7 weaponization of DDE is just their latest slick move, say researchers. Retrieved November 21, 2017.","url":"https://www.cyberscoop.com/fin7-dde-morphisec-fileless-malware/","source":"MITRE","title":"Fin7 weaponization of DDE is just their latest slick move, say researchers","authors":"Waterman, S","date_accessed":"2017-11-21T00:00:00Z","date_published":"2017-10-16T00:00:00Z","owner_name":null,"tidal_id":"7f7f5215-fff4-56d4-96a5-6853b66f5d99","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441685Z"},{"id":"958cfc9a-901c-549d-96c2-956272b240e3","name":"BitDefender BADHATCH Mar 2021","description":"Vrabie, V., et al. (2021, March 10). FIN8 Returns with Improved BADHATCH Toolkit. Retrieved September 8, 2021.","url":"https://www.bitdefender.com/files/News/CaseStudies/study/394/Bitdefender-PR-Whitepaper-BADHATCH-creat5237-en-EN.pdf","source":"MITRE","title":"FIN8 Returns with Improved BADHATCH Toolkit","authors":"Vrabie, V., et al","date_accessed":"2021-09-08T00:00:00Z","date_published":"2021-03-10T00:00:00Z","owner_name":null,"tidal_id":"18fad246-12f3-5965-b287-3437cbc8e271","created":"2023-11-07T00:36:15.318633Z","modified":"2025-12-17T15:08:36.417806Z"},{"id":"501b6391-e09e-47dc-9cfc-c8ed4c034aca","name":"Bitdefender FIN8 BADHATCH Report","description":"Bitdefender. (2021, March 10). FIN8 Returns with Improved BADHATCH Toolkit. Retrieved October 30, 2023.","url":"https://www.bitdefender.com/files/News/CaseStudies/study/394/Bitdefender-PR-Whitepaper-BADHATCH-creat5237-en-EN.pdf","source":"Tidal Cyber","title":"FIN8 Returns with Improved BADHATCH Toolkit","authors":"Bitdefender","date_accessed":"2023-10-30T00:00:00Z","date_published":"2021-03-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a0cce835-8919-51a4-af04-555583392cd2","created":"2023-11-10T19:02:31.248083Z","modified":"2023-11-10T19:02:31.352015Z"},{"id":"8e9d05c9-6783-5738-ac85-a444810a8074","name":"Bitdefender Sardonic Aug 2021","description":"Budaca, E., et al. (2021, August 25). FIN8 Threat Actor Goes Agile with New Sardonic Backdoor. Retrieved August 9, 2023.","url":"https://www.bitdefender.com/files/News/CaseStudies/study/401/Bitdefender-PR-Whitepaper-FIN8-creat5619-en-EN.pdf","source":"MITRE","title":"FIN8 Threat Actor Goes Agile with New Sardonic Backdoor","authors":"Budaca, E., et al","date_accessed":"2023-08-09T00:00:00Z","date_published":"2021-08-25T00:00:00Z","owner_name":null,"tidal_id":"5a2fb0a3-fd60-5782-ab9a-8a0fdb691585","created":"2023-11-07T00:36:14.463697Z","modified":"2025-12-17T15:08:36.416944Z"},{"id":"9b08b7f0-1a33-5d76-817f-448fac0d165a","name":"Symantec FIN8 Jul 2023","description":"Symantec Threat Hunter Team. (2023, July 18). FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware. Retrieved August 9, 2023.","url":"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/syssphinx-fin8-backdoor","source":"MITRE","title":"FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware","authors":"Symantec Threat Hunter Team","date_accessed":"2023-08-09T00:00:00Z","date_published":"2023-07-18T00:00:00Z","owner_name":null,"tidal_id":"d18e7f48-7f54-53e5-b803-76e5060393f1","created":"2023-11-07T00:36:14.475831Z","modified":"2025-12-17T15:08:36.416951Z"},{"id":"ca0b8373-53d0-4367-ad31-05fbcdfd9cff","name":"Elastic FINALDRAFT February 12 2025","description":"Cyril François, Jia Yu Chan, Salim Bitam, Daniel Stepanic. (2025, February 12). FINALDRAFT Hides in Your Drafts. Retrieved February 14, 2025.","url":"https://www.elastic.co/security-labs/finaldraft","source":"Tidal Cyber","title":"FINALDRAFT Hides in Your Drafts","authors":"Cyril François, Jia Yu Chan, Salim Bitam, Daniel Stepanic","date_accessed":"2025-02-14T00:00:00Z","date_published":"2025-02-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d73add6e-8e2b-56f4-bd59-cc93570d5acb","created":"2025-02-18T15:18:04.086666Z","modified":"2025-02-18T15:18:04.235888Z"},{"id":"3c9b7b9a-d30a-4865-a96c-6e68d9e20452","name":"DiginotarCompromise","description":"Fisher, D. (2012, October 31). Final Report on DigiNotar Hack Shows Total Compromise of CA Servers. Retrieved March 6, 2017.","url":"https://threatpost.com/final-report-diginotar-hack-shows-total-compromise-ca-servers-103112/77170/","source":"MITRE","title":"Final Report on DigiNotar Hack Shows Total Compromise of CA Servers","authors":"Fisher, D","date_accessed":"2017-03-06T00:00:00Z","date_published":"2012-10-31T00:00:00Z","owner_name":null,"tidal_id":"d676051e-ae7f-5deb-a2f6-97781dc1c089","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425676Z"},{"id":"747fb15a-628f-52d2-ade4-48f42a7d4e13","name":"FireEye OT Ransomware July 2020","description":"Nathan Brubaker, Daniel Kapellmann Zafra, Keith Lunden, Ken Proska, Corey Hildebrandt. (2020, July 15). Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families. Retrieved April","url":"https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html","source":"ICS","title":"Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families","authors":"Nathan Brubaker, Daniel Kapellmann Zafra, Keith Lunden, Ken Proska, Corey Hildebrandt","date_accessed":"1978-04-01T00:00:00Z","date_published":"2020-07-15T00:00:00Z","owner_name":null,"tidal_id":"a020e08f-f3e5-5644-a9e9-1230bbb94ec1","created":"2026-01-28T13:08:18.175994Z","modified":"2026-01-28T13:08:18.175997Z"},{"id":"4bd514b8-1f79-4946-b001-110ce5cf29a9","name":"FireEye Financial Actors Moving into OT","description":"Brubaker, N. Zafra, D. K. Lunden, K. Proska, K. Hildebrandt, C.. (2020, July 15). Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families. Retrieved February 15, 2021.","url":"https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html","source":"MITRE","title":"Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families","authors":"Brubaker, N. Zafra, D. K. Lunden, K. Proska, K. Hildebrandt, C.","date_accessed":"2021-02-15T00:00:00Z","date_published":"2020-07-15T00:00:00Z","owner_name":null,"tidal_id":"c2ab2179-ae2a-5fd4-99ba-726ebb97469a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420385Z"},{"id":"2260f0a1-2a6c-4373-9e3a-624fd89446e3","name":"MITRECND FindAPIHash","description":"Jason (jxb5151). (2021, January 28). findapihash.py. Retrieved August 22, 2022.","url":"https://github.com/MITRECND/malchive/blob/main/malchive/utilities/findapihash.py","source":"MITRE","title":"findapihash.py","authors":"Jason (jxb5151)","date_accessed":"2022-08-22T00:00:00Z","date_published":"2021-01-28T00:00:00Z","owner_name":null,"tidal_id":"f858519a-d2dc-53e1-ba3e-cafe4e7484dc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-04-22T20:47:32.551538Z"},{"id":"4c2424d6-670b-4db0-a752-868b4c954e29","name":"Expel IO Evil in AWS","description":"A. Randazzo, B. Manahan and S. Lipton. (2020, April 28). Finding Evil in AWS. Retrieved June 25, 2020.","url":"https://expel.io/blog/finding-evil-in-aws/","source":"MITRE","title":"Finding Evil in AWS","authors":"A. Randazzo, B. Manahan and S. Lipton","date_accessed":"2020-06-25T00:00:00Z","date_published":"2020-04-28T00:00:00Z","owner_name":null,"tidal_id":"d5359b23-d788-54de-8883-730b4c56b310","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430012Z"},{"id":"ee46fd07-3df3-50f6-b922-263f031ee23f","name":"Evil WMI","description":"Chad Tilbury. (2023, May 22). Finding Evil WMI Event Consumers with Disk Forensics. Retrieved February 9, 2024.","url":"https://www.sans.org/blog/finding-evil-wmi-event-consumers-with-disk-forensics/","source":"MITRE","title":"Finding Evil WMI Event Consumers with Disk Forensics","authors":"Chad Tilbury","date_accessed":"2024-02-09T00:00:00Z","date_published":"2023-05-22T00:00:00Z","owner_name":null,"tidal_id":"22ab342f-be3f-5b9a-a11f-bc5ecc8204b2","created":"2024-04-25T13:28:52.119745Z","modified":"2025-04-22T20:47:31.322951Z"},{"id":"d251a79b-8516-41a7-b394-47a761d0ab3b","name":"SANS Decrypting SSL","description":"Butler, M. (2013, November). Finding Hidden Threats by Decrypting SSL. Retrieved April 5, 2016.","url":"http://www.sans.org/reading-room/whitepapers/analyst/finding-hidden-threats-decrypting-ssl-34840","source":"MITRE","title":"Finding Hidden Threats by Decrypting SSL","authors":"Butler, M","date_accessed":"2016-04-05T00:00:00Z","date_published":"2013-11-01T00:00:00Z","owner_name":null,"tidal_id":"2d160d96-a5c6-581c-8c8e-1fe38b34ef68","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428536Z"},{"id":"538def90-5de4-4b8c-b535-0e2570ba1841","name":"ADSecurity Finding Passwords in SYSVOL","description":"Sean Metcalf. (2015, December 28). Finding Passwords in SYSVOL & Exploiting Group Policy Preferences. Retrieved February 17, 2020.","url":"https://adsecurity.org/?p=2288","source":"MITRE","title":"Finding Passwords in SYSVOL & Exploiting Group Policy Preferences","authors":"Sean Metcalf","date_accessed":"2020-02-17T00:00:00Z","date_published":"2015-12-28T00:00:00Z","owner_name":null,"tidal_id":"e5b71d40-3699-5806-8cfa-e49fa0a3c8f1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432514Z"},{"id":"fc4b7b28-ac74-4a8f-a39d-ce55df5fca08","name":"Findstr.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Findstr.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Findstr/","source":"Tidal Cyber","title":"Findstr.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"280b9aef-9692-5498-8179-6c3f1efee871","created":"2024-01-12T14:46:41.578741Z","modified":"2024-01-12T14:46:41.763591Z"},{"id":"6ef0b8d8-ba98-49ce-807d-5a85d111b027","name":"FinFisher Citation","description":"FinFisher. (n.d.). Retrieved September 12, 2024.","url":"https://web.archive.org/web/20171222050934/http://www.finfisher.com/FinFisher/index.html","source":"MITRE","title":"FinFisher Citation","authors":"","date_accessed":"2024-09-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6d244b7d-5dd0-55b6-a687-b783b62049da","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420934Z"},{"id":"88c97a9a-ef14-4695-bde0-9de2b5f5343b","name":"Microsoft FinFisher March 2018","description":"Allievi, A.,Flori, E. (2018, March 01). FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines. Retrieved July 9, 2018.","url":"https://cloudblogs.microsoft.com/microsoftsecure/2018/03/01/finfisher-exposed-a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/","source":"MITRE","title":"FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines","authors":"Allievi, A.,Flori, E","date_accessed":"2018-07-09T00:00:00Z","date_published":"2018-03-01T00:00:00Z","owner_name":null,"tidal_id":"d895337e-46ff-527c-82cd-417b5282ddb3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420927Z"},{"id":"b2f4541e-f981-4b25-abf4-1bec92b16faa","name":"FinFisher exposed","description":"Microsoft Defender Security Research Team. (2018, March 1). FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines. Retrieved January 27, 2022.","url":"https://www.microsoft.com/security/blog/2018/03/01/finfisher-exposed-a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/","source":"MITRE","title":"FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines","authors":"Microsoft Defender Security Research Team","date_accessed":"2022-01-27T00:00:00Z","date_published":"2018-03-01T00:00:00Z","owner_name":null,"tidal_id":"a174f9b4-9768-5ffe-bee4-4a63ab988355","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433187Z"},{"id":"e32d01eb-d904-43dc-a7e2-bdcf42f3ebb2","name":"Finger.exe - LOLBAS Project","description":"LOLBAS. (2021, August 30). Finger.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Finger/","source":"Tidal Cyber","title":"Finger.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-08-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"26a8ce42-5245-5f97-9dbc-a8d4cf1febbc","created":"2024-01-12T14:46:41.943336Z","modified":"2024-01-12T14:46:42.328882Z"},{"id":"5fa2e277-344e-5690-91aa-f47d46c9c327","name":"SRLabs-Fingerprint","description":"SRLabs. (n.d.). Fingerprints are not fit for secure device unlocking. Retrieved December","url":"https://srlabs.de/bites/spoofing-fingerprints/","source":"Mobile","title":"Fingerprints are not fit for secure device unlocking","authors":"SRLabs","date_accessed":"1978-12-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"818a71a9-e429-50c6-bf3d-5701f4bfa488","created":"2026-01-28T13:08:10.046314Z","modified":"2026-01-28T13:08:10.046317Z"},{"id":"7b9bd753-01b7-4923-9964-19c59123ace2","name":"FireEye Cyber Threats to Media Industries","description":"FireEye. (n.d.). Retrieved November 17, 2024.","url":"https://web.archive.org/web/20210719110553/https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/ib-entertainment.pdf","source":"MITRE","title":"FireEye Cyber Threats to Media Industries","authors":"","date_accessed":"2024-11-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"790ef2be-fdbb-5687-b87f-2adbd85b0c53","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424674Z"},{"id":"9d58bcbb-5b96-4e12-8ff2-e0b084c3eb8c","name":"FireEye DLL Side-Loading","description":"Amanda Steward. (2014). FireEye DLL Side-Loading: A Thorn in the Side of the Anti-Virus Industry. Retrieved March 13, 2020.","url":"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-dll-sideloading.pdf","source":"MITRE","title":"FireEye DLL Side-Loading: A Thorn in the Side of the Anti-Virus Industry","authors":"Amanda Steward","date_accessed":"2020-03-13T00:00:00Z","date_published":"2014-01-01T00:00:00Z","owner_name":null,"tidal_id":"82953ab5-b6e9-592b-9a8f-e79756476337","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435826Z"},{"id":"44b2eb6b-4902-4ca0-80e5-7333d620e075","name":"FireEye Shamoon Nov 2016","description":"FireEye. (2016, November 30). FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20210126065851/https://www.fireeye.com/blog/threat-research/2016/11/fireeye_respondsto.html","source":"MITRE","title":"FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region","authors":"FireEye","date_accessed":"2024-11-17T00:00:00Z","date_published":"2016-11-30T00:00:00Z","owner_name":null,"tidal_id":"d8ad3795-c1b8-50a6-bde9-453615fb98f0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420088Z"},{"id":"b29dc755-f1f0-4206-9ecf-29257a1909ee","name":"FireEye Ryuk and Trickbot January 2019","description":"Goody, K., et al (2019, January 11). A Nasty Trick: From Credential Theft Malware to Business Disruption. Retrieved May 12, 2020.","url":"https://www.fireeye.com/blog/threat-research/2019/01/a-nasty-trick-from-credential-theft-malware-to-business-disruption.html","source":"MITRE","title":"FireEye Ryuk and Trickbot January 2019","authors":"","date_accessed":"2020-05-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7b044725-0a3e-518e-842e-185dbdf6a603","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420756Z"},{"id":"a662c764-8954-493f-88e5-e022e093a785","name":"DarkReading FireEye SolarWinds","description":"Kelly Jackson Higgins. (2021, January 7). FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack. Retrieved April 18, 2022.","url":"https://www.darkreading.com/threat-intelligence/fireeye-s-mandia-severity-zero-alert-led-to-discovery-of-solarwinds-attack","source":"MITRE","title":"FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack","authors":"Kelly Jackson Higgins","date_accessed":"2022-04-18T00:00:00Z","date_published":"2021-01-07T00:00:00Z","owner_name":null,"tidal_id":"10675297-1948-5ccb-9a04-71953d8d86b0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431679Z"},{"id":"142cf7a3-2ca2-4cf3-b95a-9f4b3bc1cdce","name":"FireEye FinSpy Sept 2017","description":"Jiang, G., et al. (2017, September 12). FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY. Retrieved February 15, 2018.","url":"https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html","source":"MITRE","title":"FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY","authors":"Jiang, G., et al","date_accessed":"2018-02-15T00:00:00Z","date_published":"2017-09-12T00:00:00Z","owner_name":null,"tidal_id":"29689989-5cec-5b3d-910b-1b7c71c22dfa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420941Z"},{"id":"7d48b679-d44d-466e-b12b-16f0f9858d15","name":"RiskIQ Cobalt Jan 2018","description":"Klijnsma, Y.. (2018, January 16). First Activities of Cobalt Group in 2018: Spear Phishing Russian Banks. Retrieved October 10, 2018.","url":"https://web.archive.org/web/20190508170147/https://www.riskiq.com/blog/labs/cobalt-group-spear-phishing-russian-banks/","source":"MITRE","title":"First Activities of Cobalt Group in 2018: Spear Phishing Russian Banks","authors":"Klijnsma, Y.","date_accessed":"2018-10-10T00:00:00Z","date_published":"2018-01-16T00:00:00Z","owner_name":null,"tidal_id":"ed1843a6-aa2a-5e40-a9e3-d01cec42801f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438186Z"},{"id":"ae28f530-40da-451e-89b8-b472340c3e0a","name":"Chrome Extension Crypto Miner","description":"Brinkmann, M. (2017, September 19). First Chrome extension with JavaScript Crypto Miner detected. Retrieved November 16, 2017.","url":"https://www.ghacks.net/2017/09/19/first-chrome-extension-with-javascript-crypto-miner-detected/","source":"MITRE","title":"First Chrome extension with JavaScript Crypto Miner detected","authors":"Brinkmann, M","date_accessed":"2017-11-16T00:00:00Z","date_published":"2017-09-19T00:00:00Z","owner_name":null,"tidal_id":"094eff80-cc16-50aa-a8fd-6fd7e1f2481c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426453Z"},{"id":"3c99dffc-96fe-5b47-b9a2-a77bd2ad3297","name":"Welivesecurity Clipboard Modification February 2019","description":"Lukáš Štefanko. (2019, February 8). First clipper malware discovered on Google Play. Retrieved July","url":"https://www.welivesecurity.com/2019/02/08/first-clipper-malware-google-play/","source":"Mobile","title":"First clipper malware discovered on Google Play","authors":"Lukáš Štefanko","date_accessed":"1978-07-01T00:00:00Z","date_published":"2019-02-08T00:00:00Z","owner_name":null,"tidal_id":"e48e1dcd-e72b-5b1d-af27-8fff26a2c3af","created":"2026-01-28T13:08:10.046388Z","modified":"2026-01-28T13:08:10.046391Z"},{"id":"b31c5deb-bb28-5d40-b80e-8da290741a0d","name":"ESET Clipboard Modification February 2019","description":"ESET. (2019, February 11). First clipper malware discovered on Google Play.. Retrieved July","url":"https://www.eset.com/uk/about/newsroom/press-releases/first-clipper-malware-discovered-on-google-play-1/","source":"Mobile","title":"First clipper malware discovered on Google Play.","authors":"ESET","date_accessed":"1978-07-01T00:00:00Z","date_published":"2019-02-11T00:00:00Z","owner_name":null,"tidal_id":"250bcc7c-3a72-508f-9675-cc24bf09d6c8","created":"2026-01-28T13:08:10.044689Z","modified":"2026-01-28T13:08:10.044692Z"},{"id":"6d6e2fc8-9806-5480-bfaa-a43a962a4980","name":"Aquasec Kubernetes Attack 2023","description":"Michael Katchinskiy, Assaf Morag. (2023, April 21). First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters. Retrieved July 14, 2023.","url":"https://blog.aquasec.com/leveraging-kubernetes-rbac-to-backdoor-clusters","source":"MITRE","title":"First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters","authors":"Michael Katchinskiy, Assaf Morag","date_accessed":"2023-07-14T00:00:00Z","date_published":"2023-04-21T00:00:00Z","owner_name":null,"tidal_id":"f2fe8498-0b99-56ad-9646-1612cd6db701","created":"2023-11-07T00:36:00.446638Z","modified":"2025-12-17T15:08:36.427620Z"},{"id":"aadaacda-ac83-533b-b908-4b8a35daa2ce","name":"Aquasec Kubernetes Backdoor 2023","description":"Michael Katchinskiy and Assaf Morag. (2023, April 21). First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters. Retrieved March 24, 2025.","url":"https://www.aquasec.com/blog/leveraging-kubernetes-rbac-to-backdoor-clusters/","source":"MITRE","title":"First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters","authors":"Michael Katchinskiy and Assaf Morag","date_accessed":"2025-03-24T00:00:00Z","date_published":"2023-04-21T00:00:00Z","owner_name":null,"tidal_id":"af1309fe-70ef-5ed9-b3bb-431bfc40bdac","created":"2025-04-22T20:47:10.663003Z","modified":"2025-12-17T15:08:36.425883Z"},{"id":"81938a35-0a3d-57b7-a4f1-bb0974423405","name":"CheckPoint Cerberus","description":"A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June","url":"https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/","source":"Mobile","title":"First seen in the wild – Malware uses Corporate MDM as attack vector","authors":"A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana","date_accessed":"1978-06-01T00:00:00Z","date_published":"2020-04-29T00:00:00Z","owner_name":null,"tidal_id":"7d67f10e-6556-5f7e-91de-360e4ef3ac3e","created":"2026-01-28T13:08:10.046840Z","modified":"2026-01-28T13:08:10.046843Z"},{"id":"845896a6-b21d-489d-b75c-1e35b3ec78e0","name":"ESET-Twitoor","description":"ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December","url":"http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/","source":"Mobile","title":"First Twitter-controlled Android botnet discovered","authors":"ESET","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-08-24T00:00:00Z","owner_name":null,"tidal_id":"9ff60379-2358-5ab5-aec3-19cdbc63a1a0","created":"2022-12-14T20:06:32.013016Z","modified":"2026-01-28T13:08:12.137440Z"},{"id":"85c4b88a-aa31-5445-af65-2748d250f805","name":"HackerNews-OldBoot","description":"Sudhir K Bansal. (2014, January 28). First widely distributed Android bootkit Malware infects more than 350,000 Devices. Retrieved December","url":"http://thehackernews.com/2014/01/first-widely-distributed-android.html","source":"Mobile","title":"First widely distributed Android bootkit Malware infects more than 350,000 Devices","authors":"Sudhir K Bansal","date_accessed":"1978-12-01T00:00:00Z","date_published":"2014-01-28T00:00:00Z","owner_name":null,"tidal_id":"01b95a8f-fd9a-5910-a758-0f7d440049a0","created":"2026-01-28T13:08:10.039043Z","modified":"2026-01-28T13:08:10.039046Z"},{"id":"3a0c4458-c8ec-44f9-95cc-0eb136a927cb","name":"Microsoft Azure AD Admin Consent","description":"Baldwin, M., Flores, J., Kess, B.. (2018, June 17). Five steps to securing your identity infrastructure. Retrieved October 4, 2019.","url":"https://docs.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity#block-end-user-consent","source":"MITRE","title":"Five steps to securing your identity infrastructure","authors":"Baldwin, M., Flores, J., Kess, B.","date_accessed":"2019-10-04T00:00:00Z","date_published":"2018-06-17T00:00:00Z","owner_name":null,"tidal_id":"55378792-8717-52d7-8f78-c87445331f4a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442345Z"},{"id":"c0f523fa-7f3b-4c85-b48f-19ae770e9f3b","name":"NTT Security Flagpro new December 2021","description":"Hada, H. (2021, December 28). Flagpro The new malware used by BlackTech. Retrieved March 25, 2022.","url":"https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-used-by-blacktech","source":"MITRE","title":"Flagpro The new malware used by BlackTech","authors":"Hada, H","date_accessed":"2022-03-25T00:00:00Z","date_published":"2021-12-28T00:00:00Z","owner_name":null,"tidal_id":"0892ea11-7f0c-5d32-b75a-0ae3bb3613be","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418825Z"},{"id":"c7d030ad-0ecf-458f-85d4-93778d759dc1","name":"Kaspersky Flame Functionality","description":"Gostev, A. (2012, May 30). Flame: Bunny, Frog, Munch and BeetleJuice…. Retrieved March 1, 2017.","url":"https://securelist.com/flame-bunny-frog-munch-and-beetlejuice-2/32855/","source":"MITRE","title":"Flame: Bunny, Frog, Munch and BeetleJuice…","authors":"Gostev, A","date_accessed":"2017-03-01T00:00:00Z","date_published":"2012-05-30T00:00:00Z","owner_name":null,"tidal_id":"e03e7380-be3b-5c9c-8724-5fedf2caa424","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439951Z"},{"id":"ea35f530-b0fd-4e27-a7a9-6ba41566154c","name":"Crysys Skywiper","description":"sKyWIper Analysis Team. (2012, May 31). sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks. Retrieved September 6, 2018.","url":"https://www.crysys.hu/publications/files/skywiper.pdf","source":"MITRE","title":"Flamer): A complex malware for targeted attacks","authors":"sKyWIper Analysis Team. (2012, May 31). sKyWIper (a.k.a","date_accessed":"2018-09-06T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3cd9f833-94a5-5a5c-8733-907bc041822b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422643Z"},{"id":"691ada65-fe64-4917-b379-1db2573eea32","name":"Symantec Beetlejuice","description":"Symantec Security Response. (2012, May 31). Flamer: A Recipe for Bluetoothache. Retrieved February 25, 2017.","url":"https://www.symantec.com/connect/blogs/flamer-recipe-bluetoothache","source":"MITRE","title":"Flamer: A Recipe for Bluetoothache","authors":"Symantec Security Response","date_accessed":"2017-02-25T00:00:00Z","date_published":"2012-05-31T00:00:00Z","owner_name":null,"tidal_id":"a3d79dc2-28e0-5c2a-ac65-f506df745bd7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422650Z"},{"id":"1d550554-5c7b-5881-9758-c95d5be9c7e7","name":"TrendMicro-FlappyBird","description":"Veo Zhang. (2014, February 18). Flappy Bird and Third-Party App Stores. Retrieved November","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/flappy-bird-and-third-party-app-stores/","source":"Mobile","title":"Flappy Bird and Third-Party App Stores","authors":"Veo Zhang","date_accessed":"1978-11-01T00:00:00Z","date_published":"2014-02-18T00:00:00Z","owner_name":null,"tidal_id":"76cc634d-039c-5ef5-bc1e-cbc22d64789a","created":"2026-01-28T13:08:10.044050Z","modified":"2026-01-28T13:08:10.044053Z"},{"id":"ec962b72-7b7f-4f7e-b6d6-7c5380b07201","name":"Microsoft Flax Typhoon August 24 2023","description":"Microsoft Threat Intelligence. (2023, August 24). Flax Typhoon using legitimate software to quietly access Taiwanese organizations. Retrieved August 28, 2023.","url":"https://www.microsoft.com/en-us/security/blog/2023/08/24/flax-typhoon-using-legitimate-software-to-quietly-access-taiwanese-organizations/","source":"Tidal Cyber","title":"Flax Typhoon using legitimate software to quietly access Taiwanese organizations","authors":"Microsoft Threat Intelligence","date_accessed":"2023-08-28T00:00:00Z","date_published":"2023-08-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9cc83cac-57d2-54a0-a047-4da2330fd377","created":"2024-06-13T20:10:40.269490Z","modified":"2024-06-13T20:10:40.457182Z"},{"id":"9e21c538-cfd1-41c4-a188-443900b4fa19","name":"jamf FlexibleFerret November 25 2025","description":"Jamf Threat Labs. (2025, November 25). FlexibleFerret: macOS Malware Deploys in Fake Job Scams. Retrieved December 1, 2025.","url":"https://www.jamf.com/blog/flexibleferret-macos-malware-recruitment-lure/","source":"Tidal Cyber","title":"FlexibleFerret: macOS Malware Deploys in Fake Job Scams","authors":"Jamf Threat Labs","date_accessed":"2025-12-01T12:00:00Z","date_published":"2025-11-25T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9ec0ddeb-955b-554a-a835-75b67633850e","created":"2025-12-10T14:13:43.470486Z","modified":"2025-12-10T14:13:43.624907Z"},{"id":"0d38cf1b-0698-502b-a427-71989eeae6ba","name":"FlexiSpy-Website","description":"FlexiSpy. (n.d.). FlexiSpy. Retrieved September","url":"https://www.flexispy.com/","source":"Mobile","title":"FlexiSpy","authors":"FlexiSpy","date_accessed":"1978-09-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"755f7932-c687-591c-8d39-2e6d23bec8fa","created":"2026-01-28T13:08:10.042564Z","modified":"2026-01-28T13:08:10.042567Z"},{"id":"118790a5-9738-5337-a742-0c80dd7df48e","name":"FlexiSpy-Features","description":"FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September","url":"https://www.flexispy.com/en/features-overview.htm","source":"Mobile","title":"FlexiSpy Monitoring Features","authors":"FlexiSpy","date_accessed":"1978-09-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"12de4c30-fa94-5801-a695-7757c44a085f","created":"2026-01-28T13:08:10.047311Z","modified":"2026-01-28T13:08:10.047314Z"},{"id":"db30c73e-b14f-5e8f-9c37-ea820d2123c9","name":"CyberMerchants-FlexiSpy","description":"Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September","url":"http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html","source":"Mobile","title":"FlexSpy Application Analysis","authors":"Actis B","date_accessed":"1978-09-01T00:00:00Z","date_published":"2017-04-22T00:00:00Z","owner_name":null,"tidal_id":"6b9ca642-0424-5c47-9d70-4b1e3fe77bbb","created":"2026-01-28T13:08:10.042539Z","modified":"2026-01-28T13:08:10.042542Z"},{"id":"46e483f0-3544-5737-a66b-ceb35fe82c05","name":"Digitaltrends-Celljam","description":"Trevor Mogg. (2015, June 5). Florida teacher punished after signal-jamming his students’ cell phones. Retrieved November","url":"https://www.digitaltrends.com/mobile/florida-teacher-punished-after-signal-jamming-his-students-cell-phones/","source":"Mobile","title":"Florida teacher punished after signal-jamming his students’ cell phones","authors":"Trevor Mogg","date_accessed":"1978-11-01T00:00:00Z","date_published":"2015-06-05T00:00:00Z","owner_name":null,"tidal_id":"27060041-23bc-5665-b48a-598787fc9fd3","created":"2026-01-28T13:08:10.045950Z","modified":"2026-01-28T13:08:10.045953Z"},{"id":"cf9b4bd3-92f0-405b-85e7-95e65d548b79","name":"fltMC.exe - LOLBAS Project","description":"LOLBAS. (2021, September 18). fltMC.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/FltMC/","source":"Tidal Cyber","title":"fltMC.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-09-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f854920a-5e77-595c-b4f8-9e679c561fe8","created":"2024-01-12T14:46:42.523396Z","modified":"2024-01-12T14:46:42.706276Z"},{"id":"8338ad75-89f2-47d8-b85b-7cbf331bd7cd","name":"IranThreats Kittens Dec 2017","description":"Iran Threats . (2017, December 5). Flying Kitten to Rocket Kitten, A Case of Ambiguity and Shared Code. Retrieved May 28, 2020.","url":"https://iranthreats.github.io/resources/attribution-flying-rocket-kitten/","source":"MITRE","title":"Flying Kitten to Rocket Kitten, A Case of Ambiguity and Shared Code","authors":"Iran Threats","date_accessed":"2020-05-28T00:00:00Z","date_published":"2017-12-05T00:00:00Z","owner_name":null,"tidal_id":"385b56aa-4ec1-5651-a564-b682705b7cb4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435415Z"},{"id":"a8608b83-1f96-5b29-9fc0-ddeff0b9166b","name":"Zimperium FlyTrap","description":"A. Yaswant. (2021, August 9). FlyTrap Android Malware Compromises Thousands of Facebook Accounts. Retrieved September","url":"https://www.zimperium.com/blog/flytrap-android-malware-compromises-thousands-of-facebook-accounts/","source":"Mobile","title":"FlyTrap Android Malware Compromises Thousands of Facebook Accounts","authors":"A. Yaswant","date_accessed":"1978-09-01T00:00:00Z","date_published":"2021-08-09T00:00:00Z","owner_name":null,"tidal_id":"2a0e1549-2521-56da-9f99-0032d4ba0094","created":"2026-01-28T13:08:10.046865Z","modified":"2026-01-28T13:08:10.046868Z"},{"id":"0cbc9a0b-4986-5c11-a85a-0193501a3ff8","name":"Trend Micro FlyTrap","description":"Trend Micro. (2021, August 17). FlyTrap Android Malware Is Taking Over Facebook Accounts — Protect Yourself With a Malware Scanner. Retrieved September","url":"https://news.trendmicro.com/2021/08/17/flytrap-android-malware-is-taking-over-facebook-accounts-protect-yourself-with-a-malware-scanner/","source":"Mobile","title":"FlyTrap Android Malware Is Taking Over Facebook Accounts — Protect Yourself With a Malware Scanner","authors":"Trend Micro","date_accessed":"1978-09-01T00:00:00Z","date_published":"2021-08-17T00:00:00Z","owner_name":null,"tidal_id":"05aa370d-7201-5328-a0e8-7bd213ab83dd","created":"2026-01-28T13:08:10.040987Z","modified":"2026-01-28T13:08:10.040990Z"},{"id":"1ef61100-c5e7-4725-8456-e508c5f6d68a","name":"MSTIC FoggyWeb September 2021","description":"Ramin Nafisi. (2021, September 27). FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor. Retrieved October 4, 2021.","url":"https://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/","source":"MITRE","title":"FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor","authors":"Ramin Nafisi","date_accessed":"2021-10-04T00:00:00Z","date_published":"2021-09-27T00:00:00Z","owner_name":null,"tidal_id":"d2f82c85-846d-5a3b-864e-44cb6ae817df","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419515Z"},{"id":"96560211-59b3-4eae-b8a3-2f988f6fdca3","name":"Following the CloudTrail: Generating strong AWS security signals with Sumo Logic","description":"Dan Whalen. (2019, September 10). Following the CloudTrail: Generating strong AWS security signals with Sumo Logic. Retrieved October 16, 2020.","url":"https://expel.io/blog/following-cloudtrail-generating-aws-security-signals-sumo-logic/","source":"MITRE","title":"Following the CloudTrail: Generating strong AWS security signals with Sumo Logic","authors":"Dan Whalen","date_accessed":"2020-10-16T00:00:00Z","date_published":"2019-09-10T00:00:00Z","owner_name":null,"tidal_id":"d2b6b641-91ff-58c7-900a-42da0c5d38a8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434686Z"},{"id":"739da2f2-2aea-4f65-bc4d-ec6723f90520","name":"Group IB RTM August 2019","description":"Skulkin, O. (2019, August 5). Following the RTM Forensic examination of a computer infected with a banking trojan. Retrieved May 11, 2020.","url":"https://www.group-ib.com/blog/rtm","source":"MITRE","title":"Following the RTM Forensic examination of a computer infected with a banking trojan","authors":"Skulkin, O","date_accessed":"2020-05-11T00:00:00Z","date_published":"2019-08-05T00:00:00Z","owner_name":null,"tidal_id":"b90ad6f4-7cce-5833-95cf-72b65ee76ed9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440115Z"},{"id":"abb9cb19-d30e-4048-b106-eb29a6dad7fc","name":"TrendMicro BlackTech June 2017","description":"Bermejo, L., et al. (2017, June 22). Following the Trail of BlackTech’s Cyber Espionage Campaigns. Retrieved May 5, 2020.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacktech-cyber-espionage-campaigns/","source":"MITRE, Tidal Cyber","title":"Following the Trail of BlackTech’s Cyber Espionage Campaigns","authors":"Bermejo, L., et al","date_accessed":"2020-05-05T00:00:00Z","date_published":"2017-06-22T00:00:00Z","owner_name":null,"tidal_id":"3b9199bb-dfe0-5ca3-a16c-5d6a1c01941d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.261654Z"},{"id":"8c0997e1-b285-42dd-9492-75065eac8f8b","name":"FireEye FIN6 April 2016","description":"FireEye Threat Intelligence. (2016, April). Follow the Money: Dissecting the Operations of the Cyber Crime Group FIN6. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20190807112824/https://www2.fireeye.com/rs/848-DID-242/images/rpt-fin6.pdf","source":"MITRE, Tidal Cyber","title":"Follow the Money: Dissecting the Operations of the Cyber Crime Group FIN6","authors":"FireEye Threat Intelligence","date_accessed":"2024-11-17T00:00:00Z","date_published":"2016-04-01T00:00:00Z","owner_name":null,"tidal_id":"4dc3883f-1487-5c82-9e09-176152ad834a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.278380Z"},{"id":"dbcced87-91ee-514f-98c8-29a85d967384","name":"ESET FontOnLake Analysis 2021","description":"Vladislav Hrčka. (2021, January 1). FontOnLake. Retrieved September 27, 2023.","url":"https://web-assets.esetstatic.com/wls/2021/10/eset_fontonlake.pdf","source":"MITRE","title":"FontOnLake","authors":"Vladislav Hrčka","date_accessed":"2023-09-27T00:00:00Z","date_published":"2021-01-01T00:00:00Z","owner_name":null,"tidal_id":"b6c3a7e5-4bde-5810-8a36-dc93a31e06e4","created":"2023-11-07T00:36:06.043307Z","modified":"2025-12-17T15:08:36.432795Z"},{"id":"9e40d93a-fe91-504a-a6f2-e6546067ba53","name":"amnesty_nso_pegasus","description":"Amnesty International Security Lab. (2021, July 18). Forensic Methodology Report: How to catch NSO Group’s Pegasus. Retrieved February 22, 2022.","url":"https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/","source":"MITRE","title":"Forensic Methodology Report: How to catch NSO Group’s Pegasus","authors":"Amnesty International Security Lab","date_accessed":"2022-02-22T00:00:00Z","date_published":"2021-07-18T00:00:00Z","owner_name":null,"tidal_id":"2bd84aef-f0b5-5935-a51d-92d3a3e00b2a","created":"2023-05-26T01:21:00.525416Z","modified":"2025-12-17T15:08:36.423977Z"},{"id":"fd7eaa47-3512-4dbd-b881-bc679d06cd1b","name":"Microsoft Forfiles Aug 2016","description":"Microsoft. (2016, August 31). Forfiles. Retrieved January 22, 2018.","url":"https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc753551(v=ws.11)","source":"MITRE","title":"Forfiles","authors":"Microsoft","date_accessed":"2018-01-22T00:00:00Z","date_published":"2016-08-31T00:00:00Z","owner_name":null,"tidal_id":"b11e0672-7904-5036-ad3f-3a580bb31b0b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423138Z"},{"id":"9e2c3833-b667-431c-a9e5-1b412583cc5a","name":"Forfiles.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Forfiles.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Forfiles/","source":"Tidal Cyber","title":"Forfiles.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f6a02e78-99a2-58e6-aa57-eb7d6ea67143","created":"2024-01-12T14:46:42.879725Z","modified":"2024-01-12T14:46:43.071871Z"},{"id":"62d4d685-09c4-47b6-865c-4a6096e551cd","name":"Mandiant Log4Shell March 28 2022","description":"Geoff Ackerman, Tufail Ahmed, James Maclachlan, Dallin Warne, John Wolfram, Brandon Wilbur. (2022, March 28). Forged in Fire: A Survey of MobileIron Log4Shell Exploitation. Retrieved November 1, 2023.","url":"https://www.mandiant.com/resources/blog/mobileiron-log4shell-exploitation","source":"Tidal Cyber","title":"Forged in Fire: A Survey of MobileIron Log4Shell Exploitation","authors":"Geoff Ackerman, Tufail Ahmed, James Maclachlan, Dallin Warne, John Wolfram, Brandon Wilbur","date_accessed":"2023-11-01T00:00:00Z","date_published":"2022-03-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"71b6254d-09f3-581a-8d6a-b46c9912f7de","created":"2024-06-13T20:10:44.497401Z","modified":"2024-06-13T20:10:44.683152Z"},{"id":"71d5e4ce-3785-48f9-9566-fe5151ad6dc2","name":"Proofpoint March 24 2023","description":"Proofpoint. (2023, March 24). Fork in the Ice: The New Era of IcedID | Proofpoint US. Retrieved May 10, 2023.","url":"https://www.proofpoint.com/us/blog/threat-insight/fork-ice-new-era-icedid","source":"Tidal Cyber","title":"Fork in the Ice: The New Era of IcedID | Proofpoint US","authors":"Proofpoint","date_accessed":"2023-05-10T00:00:00Z","date_published":"2023-03-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4433a755-e552-5b2e-af81-0f4fd83dc9b0","created":"2024-06-13T20:10:22.765887Z","modified":"2024-06-13T20:10:22.966599Z"},{"id":"5ec05c01-8767-44c1-9855-e1b0e5ee0002","name":"Symantec Seaduke 2015","description":"Symantec Security Response. (2015, July 13). “Forkmeiamfamous”: Seaduke, latest weapon in the Duke armory. Retrieved July 22, 2015.","url":"http://www.symantec.com/connect/blogs/forkmeiamfamous-seaduke-latest-weapon-duke-armory","source":"MITRE","title":"“Forkmeiamfamous”: Seaduke, latest weapon in the Duke armory","authors":"Symantec Security Response","date_accessed":"2015-07-22T00:00:00Z","date_published":"2015-07-13T00:00:00Z","owner_name":null,"tidal_id":"b3ac9230-9548-5782-9276-b897f7ccf8d8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439760Z"},{"id":"89b85928-a962-4230-875c-63742b3c9d37","name":"Register Uber","description":"McCarthy, K. (2015, February 28). FORK ME! Uber hauls GitHub into court to find who hacked database of 50,000 drivers. Retrieved October 19, 2020.","url":"https://www.theregister.com/2015/02/28/uber_subpoenas_github_for_hacker_details/","source":"MITRE","title":"FORK ME! Uber hauls GitHub into court to find who hacked database of 50,000 drivers","authors":"McCarthy, K","date_accessed":"2020-10-19T00:00:00Z","date_published":"2015-02-28T00:00:00Z","owner_name":null,"tidal_id":"b8280f6e-be46-5624-9308-4ab006818cb2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429534Z"},{"id":"9442e08d-0858-5aa5-b642-a6b1e46018bc","name":"format_cmd_cisco","description":"Cisco. (2022, August 16). format - Cisco IOS Configuration Fundamentals Command Reference. Retrieved July 13, 2022.","url":"https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/F_through_K.html#wp2829794668","source":"MITRE","title":"format - Cisco IOS Configuration Fundamentals Command Reference","authors":"Cisco","date_accessed":"2022-07-13T00:00:00Z","date_published":"2022-08-16T00:00:00Z","owner_name":null,"tidal_id":"ff7985a6-a1c0-5680-9380-565f7e4f8574","created":"2023-05-26T01:21:00.929807Z","modified":"2025-12-17T15:08:36.424460Z"},{"id":"02233ce3-abb2-4aed-95b8-56b65c68a665","name":"Quick Heal Blog February 17 2023","description":"Quick Heal Blog. (2023, February 17). FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data. Retrieved May 7, 2023.","url":"https://blogs.quickheal.com/formbook-malware-returns-new-variant-uses-steganography-and-in-memory-loading-of-multiple-stages-to-steal-data/","source":"Tidal Cyber","title":"FormBook Malware Returns: New Variant Uses Steganography and In-Memory Loading of multiple stages to steal data","authors":"Quick Heal Blog","date_accessed":"2023-05-07T00:00:00Z","date_published":"2023-02-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"91c5f8fd-f639-588c-be35-129c5291ba1d","created":"2024-06-13T20:10:17.621927Z","modified":"2024-06-13T20:10:17.830791Z"},{"id":"a43dd8ce-23d6-5768-8522-6973dc45e1ac","name":"Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation","description":"ALEXANDER MARVI, BRAD SLAYBAUGH, DAN EBREO, TUFAIL AHMED, MUHAMMAD UMAIR, TINA JOHNSON. (2023, March 16). Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation. Retrieved May 15, 2023.","url":"https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem","source":"MITRE","title":"Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation","authors":"ALEXANDER MARVI, BRAD SLAYBAUGH, DAN EBREO, TUFAIL AHMED, MUHAMMAD UMAIR, TINA JOHNSON","date_accessed":"2023-05-15T00:00:00Z","date_published":"2023-03-16T00:00:00Z","owner_name":null,"tidal_id":"56232297-61da-5a64-8b98-d8c8f57aca43","created":"2023-11-07T00:36:05.910086Z","modified":"2025-12-17T15:08:36.432668Z"},{"id":"7bdc5bbb-ebbd-5eb8-bd10-9087c883aea7","name":"Mandiant Fortinet Zero Day","description":"Marvi, A. et al.. (2023, March 16). Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation. Retrieved March 22, 2023.","url":"https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem","source":"MITRE","title":"Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation","authors":"Marvi, A. et al.","date_accessed":"2023-03-22T00:00:00Z","date_published":"2023-03-16T00:00:00Z","owner_name":null,"tidal_id":"c21ebc12-cc19-5e5a-b391-2d652dcbc237","created":"2023-05-26T01:21:04.796992Z","modified":"2025-12-17T15:08:36.417095Z"},{"id":"b8a97e81-a415-4689-9698-20ed0691dd6c","name":"Fortra Core Certified Exploit Library","description":"Fortra. (n.d.). Fortra Core Certified Exploit Library. Retrieved April 8, 2025.","url":"https://www.coresecurity.com/core-labs/exploits","source":"Tidal Cyber","title":"Fortra Core Certified Exploit Library","authors":"Fortra","date_accessed":"2025-04-08T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"de06551a-88e3-553c-85e7-1610e037d4b9","created":"2025-04-08T16:38:28.312053Z","modified":"2025-04-08T16:38:28.472199Z"},{"id":"ea194268-0a8f-4494-be09-ef5f679f68fe","name":"macOS Foundation","description":"Apple. (n.d.). Foundation. Retrieved July 1, 2020.","url":"https://developer.apple.com/documentation/foundation","source":"MITRE","title":"Foundation","authors":"Apple","date_accessed":"2020-07-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"69db2f26-cf47-5208-9149-18402c8c8b1c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427803Z"},{"id":"489c52a2-34cc-47ff-b42b-9d48f83b9e90","name":"SentinelOne Lazarus macOS July 2020","description":"Stokes, P. (2020, July 27). Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform. Retrieved August 7, 2020.","url":"https://www.sentinelone.com/blog/four-distinct-families-of-lazarus-malware-target-apples-macos-platform/","source":"MITRE","title":"Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform","authors":"Stokes, P","date_accessed":"2020-08-07T00:00:00Z","date_published":"2020-07-27T00:00:00Z","owner_name":null,"tidal_id":"fe42b8c3-924c-50be-8bd7-12c435e2b967","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417912Z"},{"id":"768a0ec6-b767-4044-acad-82834508640f","name":"DOJ Russia Targeting Critical Infrastructure March 2022","description":"Department of Justice. (2022, March 24). Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide. Retrieved April 5, 2022.","url":"https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical","source":"MITRE","title":"Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide","authors":"Department of Justice","date_accessed":"2022-04-05T00:00:00Z","date_published":"2022-03-24T00:00:00Z","owner_name":null,"tidal_id":"a682447b-6d4b-5b08-bb69-31c606841cf1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437448Z"},{"id":"a5ad6321-897a-4adc-9cdd-034a2538e3d6","name":"ClearkSky Fox Kitten February 2020","description":"ClearSky. (2020, February 16). Fox Kitten – Widespread Iranian Espionage-Offensive Campaign. Retrieved December 21, 2020.","url":"https://www.clearskysec.com/fox-kitten/","source":"MITRE, Tidal Cyber","title":"Fox Kitten – Widespread Iranian Espionage-Offensive Campaign","authors":"ClearSky","date_accessed":"2020-12-21T00:00:00Z","date_published":"2020-02-16T00:00:00Z","owner_name":null,"tidal_id":"27dbab24-3914-5e51-abc7-d293d8939e33","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.260133Z"},{"id":"5189bf11-876d-54f2-8f3c-f6b2bfb2e7c6","name":"Security Affairs ANSSI APT28 OCT 2023","description":"Paganini, P. (2023, October 27). France agency ANSSI warns of Russia-linked APT28 attacks on French entities. Retrieved December 3, 2024.","url":"https://securityaffairs.com/153131/apt/france-anssi-apt28.html","source":"MITRE","title":"France agency ANSSI warns of Russia-linked APT28 attacks on French entities","authors":"Paganini, P","date_accessed":"2024-12-03T00:00:00Z","date_published":"2023-10-27T00:00:00Z","owner_name":null,"tidal_id":"110f13b9-9e75-5219-b41d-dcf2098d769f","created":"2025-04-22T20:47:32.790025Z","modified":"2025-12-17T15:08:36.442857Z"},{"id":"9c8772eb-6d1d-4742-a2db-a5e1006effaa","name":"FSISAC FraudNetDoS September 2012","description":"FS-ISAC. (2012, September 17). Fraud Alert – Cyber Criminals Targeting Financial Institution Employee Credentials to Conduct Wire Transfer Fraud. Retrieved September 23, 2024.","url":"https://www.ic3.gov/Media/PDF/Y2012/FraudAlertFinancialInstitutionEmployeeCredentialsTargeted.pdf","source":"MITRE","title":"Fraud Alert – Cyber Criminals Targeting Financial Institution Employee Credentials to Conduct Wire Transfer Fraud","authors":"FS-ISAC","date_accessed":"2024-09-23T00:00:00Z","date_published":"2012-09-17T00:00:00Z","owner_name":null,"tidal_id":"e38aebc4-bdf2-59e4-8255-ea2393980368","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434502Z"},{"id":"531206c7-11ec-46bf-a35c-0464244a58c9","name":"MalwareBytes Ngrok February 2020","description":"Segura, J. (2020, February 26). Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server. Retrieved September 15, 2020.","url":"https://blog.malwarebytes.com/threat-analysis/2020/02/fraudsters-cloak-credit-card-skimmer-with-fake-content-delivery-network-ngrok-server/","source":"MITRE","title":"Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server","authors":"Segura, J","date_accessed":"2020-09-15T00:00:00Z","date_published":"2020-02-26T00:00:00Z","owner_name":null,"tidal_id":"608a4dd9-9ba8-5a90-a812-121cae41365b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441424Z"},{"id":"6b4b1fa8-e84b-58f7-b9d6-05af143049fe","name":"WSJ-Vishing-AI24","description":"Catherine Stupp. (2019, August 30). Fraudsters Used AI to Mimic CEO’s Voice in Unusual Cybercrime Case. Retrieved March 18, 2025.","url":"https://www.wsj.com/articles/fraudsters-use-ai-to-mimic-ceos-voice-in-unusual-cybercrime-case-11567157402","source":"MITRE","title":"Fraudsters Used AI to Mimic CEO’s Voice in Unusual Cybercrime Case","authors":"Catherine Stupp","date_accessed":"2025-03-18T00:00:00Z","date_published":"2019-08-30T00:00:00Z","owner_name":null,"tidal_id":"ba7487cd-4976-528c-bdbd-0da4c2f57b80","created":"2025-04-22T20:47:09.474888Z","modified":"2025-12-17T15:08:36.424557Z"},{"id":"0eff6062-2b77-414b-a26e-fb0c2958d80d","name":"Secureworks North Korea IT Workers October 16 2024","description":"Counter Threat Unit Research Team. (2024, October 16). Fraudulent North Korean IT Worker Schemes: From Insider Threats to Extortion. Retrieved May 29, 2025.","url":"https://web.archive.org/web/20241021133736/https://www.secureworks.com/blog/fraudulent-north-korean-it-worker-schemes","source":"Tidal Cyber","title":"Fraudulent North Korean IT Worker Schemes: From Insider Threats to Extortion","authors":"Counter Threat Unit Research Team","date_accessed":"2025-05-29T00:00:00Z","date_published":"2024-10-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"eacb7e0a-33a8-5925-818e-6f365eb97c0f","created":"2025-06-03T14:14:08.792541Z","modified":"2025-06-03T14:14:08.962254Z"},{"id":"ac413fbf-766c-41f4-8a48-2ade5913e6ea","name":"Microsoft Frequent freeloader part II","description":"Microsoft Threat Intelligence. (2024, December 11). Frequent freeloader part II. Retrieved February 12, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2024/12/11/frequent-freeloader-part-ii-russian-actor-secret-blizzard-using-tools-of-other-groups-to-attack-ukraine/","source":"Tidal Cyber","title":"Frequent freeloader part II","authors":"Microsoft Threat Intelligence","date_accessed":"2025-02-12T00:00:00Z","date_published":"2024-12-11T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5f9f4603-1fa4-5915-bfc4-a624fbc8cf69","created":"2025-02-18T15:17:59.842847Z","modified":"2025-02-18T15:17:59.998129Z"},{"id":"c67a2ccb-7abf-5409-a216-503e661a6b1c","name":"Akami Frog4Shell 2024","description":"Ori David. (2024, February 1). Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal. Retrieved September 24, 2024.","url":"https://www.akamai.com/blog/security-research/fritzfrog-botnet-new-capabilities-log4shell","source":"MITRE","title":"Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal","authors":"Ori David","date_accessed":"2024-09-24T00:00:00Z","date_published":"2024-02-01T00:00:00Z","owner_name":null,"tidal_id":"872c58fe-4c40-5174-a549-d373c00f1622","created":"2024-10-31T16:28:15.666352Z","modified":"2025-12-17T15:08:36.423873Z"},{"id":"cd9043b8-4d14-449b-a6b2-2e9b99103bb0","name":"ESET ComRAT May 2020","description":"Faou, M. (2020, May). From Agent.btz to ComRAT v4: A ten-year journey. Retrieved June 15, 2020.","url":"https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf","source":"MITRE","title":"From Agent.btz to ComRAT v4: A ten-year journey","authors":"Faou, M","date_accessed":"2020-06-15T00:00:00Z","date_published":"2020-05-01T00:00:00Z","owner_name":null,"tidal_id":"654244db-0387-5c57-8b37-9d843ab8f5a3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421886Z"},{"id":"062eb61b-ad37-4688-8008-7d8241ca63dd","name":"The DFIR Report September 29 2025 09 29 2025","description":"No author. (2025, September 29). From a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion – The DFIR Report. Retrieved October 3, 2025.","url":"https://thedfirreport.com/2025/09/29/from-a-single-click-how-lunar-spider-enabled-a-near-two-month-intrusion/","source":"Tidal Cyber","title":"From a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion – The DFIR Report","authors":"No author","date_accessed":"2025-10-03T12:00:00Z","date_published":"2025-09-29T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"789d457d-1865-552b-a0c5-2ae51e9ec469","created":"2025-10-07T14:06:55.727820Z","modified":"2025-10-07T14:06:55.865702Z"},{"id":"087d07a9-0d33-4253-b7c1-d55be13c0467","name":"Azure AD to AD","description":"Sean Metcalf. (2020, May 27). From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path. Retrieved September 28, 2022.","url":"https://adsecurity.org/?p=4277","source":"MITRE","title":"From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path","authors":"Sean Metcalf","date_accessed":"2022-09-28T00:00:00Z","date_published":"2020-05-27T00:00:00Z","owner_name":null,"tidal_id":"63a76aa5-26ef-57a0-b27b-a448634a1e6e","created":"2022-12-14T20:06:32.013016Z","modified":"2023-05-26T01:21:03.461681Z"},{"id":"2a673731-bb40-4981-acb9-f27077e2e844","name":"Acronis May 20 2025","description":"None Identified. (2025, May 20). From banks to battalions: SideWinder’s attacks on South Asia’s public sector. Retrieved January 20, 2026.","url":"https://www.acronis.com/en/tru/posts/from-banks-to-battalions-sidewinders-attacks-on-south-asias-public-sector/","source":"Tidal Cyber","title":"From banks to battalions: SideWinder’s attacks on South Asia’s public sector","authors":"None Identified","date_accessed":"2026-01-20T12:00:00Z","date_published":"2025-05-20T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1c434cf1-8d9c-5b1b-9720-b305fd42251f","created":"2026-01-23T20:29:38.137229Z","modified":"2026-01-23T20:29:38.290356Z"},{"id":"22cd30b9-fde9-4383-8106-1a506afa3c02","name":"The DFIR Report Bumblebee Akira July 2 2025","description":"The DFIR Report. (2025, July 2). From Bing Search to Ransomware Bumblebee and AdaptixC2 Deliver Akira. Retrieved July 31, 2025.","url":"https://thedfirreport.com/2025/08/05/from-bing-search-to-ransomware-bumblebee-and-adaptixc2-deliver-akira/","source":"Tidal Cyber","title":"From Bing Search to Ransomware Bumblebee and AdaptixC2 Deliver Akira","authors":"The DFIR Report","date_accessed":"2025-07-31T12:00:00Z","date_published":"2025-07-02T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e1166363-2ad7-5a6d-9f91-863cf6e91f32","created":"2025-08-06T14:56:44.334797Z","modified":"2025-08-06T14:56:44.476954Z"},{"id":"605b58ea-9544-49b8-b3c8-0a97b2b155dc","name":"blackmatter_blackcat","description":"Pereira, T. Huey, C. (2022, March 17). From BlackMatter to BlackCat: Analyzing two attacks from one affiliate. Retrieved May 5, 2022.","url":"https://blog.talosintelligence.com/2022/03/from-blackmatter-to-blackcat-analyzing.html","source":"MITRE","title":"From BlackMatter to BlackCat: Analyzing two attacks from one affiliate","authors":"Pereira, T. Huey, C","date_accessed":"2022-05-05T00:00:00Z","date_published":"2022-03-17T00:00:00Z","owner_name":null,"tidal_id":"e0bf87f4-0042-55d4-918c-faeb203bf8f2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430479Z"},{"id":"28fd4600-bff5-5d78-bf22-e134711d6baf","name":"Veriti RedLine Stealer MAAS April 2023","description":"Yair Herling. (2023, April 4). From ChatGPT to RedLine Stealer: The Dark Side of OpenAI and Google Bard. Retrieved September 17, 2025.","url":"https://veriti.ai/blog/veriti-research/from-chatgpt-to-redline-stealer-the-dark-side-of-openai-and-google-bard/","source":"MITRE","title":"From ChatGPT to RedLine Stealer: The Dark Side of OpenAI and Google Bard","authors":"Yair Herling","date_accessed":"2025-09-17T00:00:00Z","date_published":"2023-04-04T00:00:00Z","owner_name":null,"tidal_id":"5e87b833-2fb0-55f0-a6ee-2f7cfc7743a1","created":"2025-10-29T21:08:48.165222Z","modified":"2025-12-17T15:08:36.420233Z"},{"id":"a65d7492-04a4-46d4-85ed-134786c6828b","name":"Proofpoint June 17 2024","description":"Tommy Madjar, Dusty Miller, Selena Larson, The Proofpoint Threat Research Team. (2024, June 17). From Clipboard to Compromise A PowerShell Self-Pwn . Retrieved June 20, 2024.","url":"https://www.proofpoint.com/us/blog/threat-insight/clipboard-compromise-powershell-self-pwn","source":"Tidal Cyber","title":"From Clipboard to Compromise A PowerShell Self-Pwn","authors":"Tommy Madjar, Dusty Miller, Selena Larson, The Proofpoint Threat Research Team","date_accessed":"2024-06-20T00:00:00Z","date_published":"2024-06-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6b90a06b-d3ad-5ae1-9ce5-594cc90a2a9f","created":"2024-07-03T15:42:41.168822Z","modified":"2024-07-03T15:42:41.359890Z"},{"id":"8f00ffc0-7094-5fd9-8ed4-9c129fd93c05","name":"proofpoint-selfpwn","description":"Tommy Madjar, Dusty Miller, Selena Larson. (2024, June 17). From Clipboard to Compromise: A PowerShell Self-Pwn. Retrieved August 2, 2024.","url":"https://www.proofpoint.com/us/blog/threat-insight/clipboard-compromise-powershell-self-pwn","source":"MITRE","title":"From Clipboard to Compromise: A PowerShell Self-Pwn","authors":"Tommy Madjar, Dusty Miller, Selena Larson","date_accessed":"2024-08-02T00:00:00Z","date_published":"2024-06-17T00:00:00Z","owner_name":null,"tidal_id":"b9c0acad-55ec-5bd8-b1fb-7636aff6fc0f","created":"2024-10-31T16:28:23.632518Z","modified":"2025-12-17T15:08:36.432465Z"},{"id":"73b12dcd-1697-4c99-8049-a7cf2a223ea5","name":"Sekoia.io Blog March 31 2025","description":"Amaury G; Coline Chavane; Felix Aimé; Sekoia TDR; Nbsp; And. (2025, March 31). From Contagious to ClickFake Interview Lazarus leveraging the ClickFix tactic. Retrieved May 6, 2025.","url":"https://blog.sekoia.io/clickfake-interview-campaign-by-lazarus/","source":"Tidal Cyber","title":"From Contagious to ClickFake Interview Lazarus leveraging the ClickFix tactic","authors":"Amaury G; Coline Chavane; Felix Aimé; Sekoia TDR; Nbsp; And","date_accessed":"2025-05-06T00:00:00Z","date_published":"2025-03-31T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"95b8cedd-547d-5e42-aeeb-fc9c864e778d","created":"2025-05-06T16:28:41.139342Z","modified":"2025-05-06T16:28:41.319586Z"},{"id":"80c9681e-11bb-598c-86fd-45e13311c629","name":"Sekoia ClickFake 2025","description":"Amaury G., Coline Chavane, Felix Aimé and Sekoia TDR. (2025, March 31). From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic. Retrieved April 1, 2025.","url":"https://blog.sekoia.io/clickfake-interview-campaign-by-lazarus/","source":"MITRE","title":"From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic","authors":"Amaury G., Coline Chavane, Felix Aimé and Sekoia TDR","date_accessed":"2025-04-01T00:00:00Z","date_published":"2025-03-31T00:00:00Z","owner_name":null,"tidal_id":"e4ba6bca-4227-5d82-9559-9ffb41b614b8","created":"2025-04-22T20:47:20.272675Z","modified":"2025-12-17T15:08:36.435689Z"},{"id":"a18e19b5-9046-4c2c-bd94-2cd5061064bf","name":"Unit42 Malware Roundup December 29 2023","description":"Samantha Stallings, Brad Duncan. (2023, December 29). From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence. Retrieved January 11, 2024.","url":"https://unit42.paloaltonetworks.com/unit42-threat-intelligence-roundup/","source":"Tidal Cyber","title":"From DarkGate to AsyncRAT: Malware Detected and Shared As Unit 42 Timely Threat Intelligence","authors":"Samantha Stallings, Brad Duncan","date_accessed":"2024-01-11T00:00:00Z","date_published":"2023-12-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"20b49c33-e2ba-512d-9eb5-14c05d790be2","created":"2024-01-26T18:00:31.950716Z","modified":"2024-01-26T18:00:32.084583Z"},{"id":"5c0e0c84-2992-4098-8913-66a20ca61bf4","name":"Reaqta Mavinject","description":"Reaqta. (2017, December 16). From False Positive to True Positive: the story of Mavinject.exe, the Microsoft Injector. Retrieved September 22, 2021.","url":"https://reaqta.com/2017/12/mavinject-microsoft-injector/","source":"MITRE","title":"From False Positive to True Positive: the story of Mavinject.exe, the Microsoft Injector","authors":"Reaqta","date_accessed":"2021-09-22T00:00:00Z","date_published":"2017-12-16T00:00:00Z","owner_name":null,"tidal_id":"d0250a10-eb9a-553b-a4c3-bb8769be52e1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425850Z"},{"id":"c25f2ae7-639d-5792-812b-83a17144f41a","name":"Mandiant VMware vSphere JUL 2025","description":"Mandiant Incident Response. (2025, July 23). From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944. Retrieved October 13, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/defending-vsphere-from-unc3944","source":"MITRE","title":"From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944","authors":"Mandiant Incident Response","date_accessed":"2025-10-13T00:00:00Z","date_published":"2025-07-23T00:00:00Z","owner_name":null,"tidal_id":"a34207d2-dcf2-586d-911c-c0dbf51802f4","created":"2025-10-29T21:08:48.167031Z","modified":"2025-12-17T15:08:36.438914Z"},{"id":"3187efae-3db0-4a0b-a626-b6e244fc6597","name":"Securitylabs.datadoghq.com January 10 2024","description":"Andy Giron. (2024, January 10). \n From IRC to Instant Messaging: The Rise of Malware Communication via Chat Platforms | Datadog Security Labs\n. Retrieved January 5, 2026.","url":"https://securitylabs.datadoghq.com/articles/from-irc-to-instant-messaging-the-rise-of-malware-communication-via-chat-platforms/","source":"Tidal Cyber","title":"From IRC to Instant Messaging: The Rise of Malware Communication via Chat Platforms | Datadog Security Labs","authors":"Andy Giron","date_accessed":"2026-01-05T12:00:00Z","date_published":"2024-01-10T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d0bb71f6-e84f-54ff-8a06-955cadc91ae4","created":"2026-01-06T18:03:34.374115Z","modified":"2026-01-06T18:03:34.510301Z"},{"id":"5d5a68da-5ad3-4707-ba0d-410ac770e673","name":"Unit 42 December 17 2025","description":"Anmol Maurya, Jingwen Shi. (2025, December 17). From Linear to Complex: An Upgrade in RansomHouse Encryption. Retrieved December 19, 2025.","url":"https://unit42.paloaltonetworks.com/ransomhouse-encryption-upgrade/","source":"Tidal Cyber","title":"From Linear to Complex: An Upgrade in RansomHouse Encryption","authors":"Anmol Maurya, Jingwen Shi","date_accessed":"2025-12-19T12:00:00Z","date_published":"2025-12-17T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"be87dc77-bcc8-53ad-991c-d13ab96d7492","created":"2025-12-24T14:56:04.292927Z","modified":"2025-12-24T14:56:04.437462Z"},{"id":"3d70d9b7-88e4-411e-a59a-bc862da965a7","name":"IBM MegaCortex","description":"Del Fierro, C. Kessem, L.. (2020, January 8). From Mega to Giga: Cross-Version Comparison of Top MegaCortex Modifications. Retrieved February 15, 2021.","url":"https://securityintelligence.com/posts/from-mega-to-giga-cross-version-comparison-of-top-megacortex-modifications/","source":"MITRE","title":"From Mega to Giga: Cross-Version Comparison of Top MegaCortex Modifications","authors":"Del Fierro, C. Kessem, L.","date_accessed":"2021-02-15T00:00:00Z","date_published":"2020-01-08T00:00:00Z","owner_name":null,"tidal_id":"70ebad7d-6ed9-5def-884d-63c27806a5b2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420393Z"},{"id":"315f47e1-69e5-4dcb-94b2-59583e91dd26","name":"BiZone Lizar May 2021","description":"BI.ZONE Cyber Threats Research Team. (2021, May 13). From pentest to APT attack: cybercriminal group FIN7 disguises its malware as an ethical hacker’s toolkit. Retrieved February 2, 2022.","url":"https://bi-zone.medium.com/from-pentest-to-apt-attack-cybercriminal-group-fin7-disguises-its-malware-as-an-ethical-hackers-c23c9a75e319","source":"MITRE","title":"From pentest to APT attack: cybercriminal group FIN7 disguises its malware as an ethical hacker’s toolkit","authors":"BI.ZONE Cyber Threats Research Team","date_accessed":"2022-02-02T00:00:00Z","date_published":"2021-05-13T00:00:00Z","owner_name":null,"tidal_id":"6f84bb84-3975-574f-b986-e5b2ecd5a21a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422442Z"},{"id":"404bef37-83a1-40bd-9c69-39951710d8ef","name":"Zscaler November 4 2024","description":"Seongsu Park. (2024, November 4). From Pyongyang to Your Payroll The Rise of North Korean Remote Workers in the West. Retrieved November 5, 2024.","url":"https://www.zscaler.com/blogs/security-research/pyongyang-your-payroll-rise-north-korean-remote-workers-west","source":"Tidal Cyber","title":"From Pyongyang to Your Payroll The Rise of North Korean Remote Workers in the West","authors":"Seongsu Park","date_accessed":"2024-11-05T00:00:00Z","date_published":"2024-11-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"83cd4f33-6320-5f00-8c9d-39c43254e2ef","created":"2025-06-03T14:14:09.455322Z","modified":"2025-06-03T14:14:09.725718Z"},{"id":"1c32af8a-a0a0-5431-86d6-9cfd16addc8a","name":"Zscaler ContagiousInterview BeaverTail InvisibleFerret November 2024","description":"Seongsu Park. (2024, November 4). From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West. Retrieved October 17, 2025.","url":"https://www.zscaler.com/blogs/security-research/pyongyang-your-payroll-rise-north-korean-remote-workers-west","source":"MITRE","title":"From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West","authors":"Seongsu Park","date_accessed":"2025-10-17T00:00:00Z","date_published":"2024-11-04T00:00:00Z","owner_name":null,"tidal_id":"1791e76a-1377-56d8-a6c7-a58594db466d","created":"2025-10-29T21:08:48.164789Z","modified":"2025-12-17T15:08:36.417269Z"},{"id":"e2637cb3-c449-4609-af7b-ac78a900cc8b","name":"Kaspersky StoneDrill 2017","description":"Kaspersky Lab. (2017, March 7). From Shamoon to StoneDrill: Wipers attacking Saudi organizations and beyond. Retrieved March 14, 2019.","url":"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180722/Report_Shamoon_StoneDrill_final.pdf","source":"MITRE","title":"From Shamoon to StoneDrill: Wipers attacking Saudi organizations and beyond","authors":"Kaspersky Lab","date_accessed":"2019-03-14T00:00:00Z","date_published":"2017-03-07T00:00:00Z","owner_name":null,"tidal_id":"398d5486-c052-501b-ada7-53f625cfa24b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420337Z"},{"id":"620f5ff7-26c0-55c4-9b1b-c56ad2e1316b","name":"Proofpoint TA427 April 2024","description":"Lesnewich, G. et al. (2024, April 16). From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering. Retrieved May 3, 2024.","url":"https://www.proofpoint.com/us/blog/threat-insight/social-engineering-dmarc-abuse-ta427s-art-information-gathering","source":"MITRE","title":"From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering","authors":"Lesnewich, G. et al","date_accessed":"2024-05-03T00:00:00Z","date_published":"2024-04-16T00:00:00Z","owner_name":null,"tidal_id":"ca38a4ee-a4e9-5f7d-a641-00444683f5e4","created":"2024-10-31T16:28:28.766966Z","modified":"2025-12-17T15:08:36.435632Z"},{"id":"b5b433a1-5d12-5644-894b-c42d995c9ba5","name":"SentinelOne Agrius 2021","description":"Amitai Ben & Shushan Ehrlich. (2021, May). From Wiper to Ransomware: The Evolution of Agrius. Retrieved May 21, 2024.","url":"https://assets.sentinelone.com/sentinellabs/evol-agrius","source":"MITRE","title":"From Wiper to Ransomware: The Evolution of Agrius","authors":"Amitai Ben & Shushan Ehrlich","date_accessed":"2024-05-21T00:00:00Z","date_published":"2021-05-01T00:00:00Z","owner_name":null,"tidal_id":"749b5338-8215-5dc2-b61e-fbd75e58eaf2","created":"2024-10-31T16:28:31.039625Z","modified":"2025-12-17T15:08:36.418205Z"},{"id":"7bfcbc55-2aae-4643-942f-6db8ee8aa398","name":"Google Cloud Blog November 17 2025","description":"None Identified. (2025, November 17). Frontline Intelligence: Analysis of UNC1549 TTPs, Custom Tools, and Malware Targeting the Aerospace and Defense Ecosystem | Google Cloud Blog. Retrieved November 19, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/analysis-of-unc1549-ttps-targeting-aerospace-defense","source":"Tidal Cyber","title":"Frontline Intelligence: Analysis of UNC1549 TTPs, Custom Tools, and Malware Targeting the Aerospace and Defense Ecosystem | Google Cloud Blog","authors":"None Identified","date_accessed":"2025-11-19T12:00:00Z","date_published":"2025-11-17T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b91b5a8e-42e1-5f48-840e-1740ce6aa3a8","created":"2025-11-19T17:44:52.738667Z","modified":"2025-11-19T17:44:52.873206Z"},{"id":"679da587-c78f-5cca-8c6e-bca58e1aa737","name":"Lookout FrozenCell","description":"Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November","url":"https://blog.lookout.com/frozencell-mobile-threat","source":"Mobile","title":"FrozenCell: Multi-platform surveillance campaign against Palestinians","authors":"Michael Flossman","date_accessed":"1978-11-01T00:00:00Z","date_published":"2017-10-05T00:00:00Z","owner_name":null,"tidal_id":"fbcfc21d-6db7-5c44-99c1-2da3fc2f1cdc","created":"2026-01-28T13:08:10.041139Z","modified":"2026-01-28T13:08:10.041144Z"},{"id":"87031d31-b6d7-4860-b11b-5a0dc8774d92","name":"FsiAnyCpu.exe - LOLBAS Project","description":"LOLBAS. (2021, September 26). FsiAnyCpu.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/FsiAnyCpu/","source":"Tidal Cyber","title":"FsiAnyCpu.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-09-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0c8ef255-cca7-53c9-91c8-7910cd96d510","created":"2024-01-12T14:47:24.231656Z","modified":"2024-01-12T14:47:24.414689Z"},{"id":"4e14e87f-2ad9-4959-8cb2-8585b67931c0","name":"Fsi.exe - LOLBAS Project","description":"LOLBAS. (2021, September 26). Fsi.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Fsi/","source":"Tidal Cyber","title":"Fsi.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-09-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3b899270-e132-51c3-a539-5768c7e31bae","created":"2024-01-12T14:47:23.837422Z","modified":"2024-01-12T14:47:24.035072Z"},{"id":"07712696-b1fd-4704-b157-9e420840fb2c","name":"fsutil_behavior","description":"Microsoft. (2021, September 27). fsutil behavior. Retrieved January 14, 2022.","url":"https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/fsutil-behavior","source":"MITRE","title":"fsutil behavior","authors":"Microsoft","date_accessed":"2022-01-14T00:00:00Z","date_published":"2021-09-27T00:00:00Z","owner_name":null,"tidal_id":"e3cef44f-688a-5667-a8f5-b1be1544aacd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430472Z"},{"id":"e2305dac-4245-4fac-8813-69cb210e9cd3","name":"Fsutil.exe - LOLBAS Project","description":"LOLBAS. (2021, August 16). Fsutil.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Fsutil/","source":"Tidal Cyber","title":"Fsutil.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-08-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"655253ed-9a9f-54e4-bad7-aa211cc5d072","created":"2024-01-12T14:46:43.267221Z","modified":"2024-01-12T14:46:43.460471Z"},{"id":"970f8d16-f5b7-44e2-b81f-738b931c60d9","name":"Microsoft FTP","description":"Microsoft. (2021, July 21). ftp. Retrieved February 25, 2022.","url":"https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ftp","source":"MITRE","title":"ftp","authors":"Microsoft","date_accessed":"2022-02-25T00:00:00Z","date_published":"2021-07-21T00:00:00Z","owner_name":null,"tidal_id":"3d73335f-7221-5772-8d2d-129f66e094b3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423394Z"},{"id":"021ea6bc-abff-48de-a6bb-315dbbfa6147","name":"Linux FTP","description":"N/A. (n.d.). ftp(1) - Linux man page. Retrieved February 25, 2022.","url":"https://linux.die.net/man/1/ftp","source":"MITRE","title":"ftp(1) - Linux man page","authors":"N/A","date_accessed":"2022-02-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"82a365f6-6266-553c-9bea-5f31ec69c555","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423400Z"},{"id":"3b51993d-6062-4138-bfc6-a2c0fc5d039a","name":"Ftp.exe - LOLBAS Project","description":"LOLBAS. (2018, December 10). Ftp.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Ftp/","source":"Tidal Cyber","title":"Ftp.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-12-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"cd3f319f-0ff6-5fb9-8550-884d8a885f89","created":"2024-01-12T14:46:43.649050Z","modified":"2024-01-12T14:46:43.832273Z"},{"id":"a57a05ce-83d0-4cde-bacd-2b7281ba3833","name":"Anthropic AI-Orchestrated Campaign November 13 2025","description":"Anthropic. (2025, November 13). Full report: Disrupting the first reported AI-orchestrated cyber espionage campaign. Retrieved November 13, 2025.","url":"https://assets.anthropic.com/m/ec212e6566a0d47/original/Disrupting-the-first-reported-AI-orchestrated-cyber-espionage-campaign.pdf","source":"Tidal Cyber","title":"Full report: Disrupting the first reported AI-orchestrated cyber espionage campaign","authors":"Anthropic","date_accessed":"2025-11-13T12:00:00Z","date_published":"2025-11-13T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8bde0343-853b-5db2-90ff-0a4cc1dd1b30","created":"2025-11-19T17:44:51.383995Z","modified":"2025-11-19T17:44:51.521446Z"},{"id":"cf5fc9e5-6b1c-52c2-bce6-35d41913de38","name":"securelist_brata_0819","description":"Securelist. (2019, August 29). Fully equipped Spying Android RAT from Brazil: BRATA. Retrieved December","url":"https://securelist.com/spying-android-rat-from-brazil-brata/92775/","source":"Mobile","title":"Fully equipped Spying Android RAT from Brazil: BRATA","authors":"Securelist","date_accessed":"1978-12-01T00:00:00Z","date_published":"2019-08-29T00:00:00Z","owner_name":null,"tidal_id":"12ac5660-dffe-5beb-91f1-40aa54d75b54","created":"2026-01-28T13:08:10.040676Z","modified":"2026-01-28T13:08:10.040679Z"},{"id":"8f64819e-dc3d-48da-a84d-14eaacb0d61e","name":"Check Point Research January 10 2025","description":"Stcpresearch. (2025, January 10). FunkSec - Alleged Top Ransomware Group Powered by AI. Retrieved January 13, 2025.","url":"https://research.checkpoint.com/2025/funksec-alleged-top-ransomware-group-powered-by-ai/","source":"Tidal Cyber","title":"FunkSec - Alleged Top Ransomware Group Powered by AI","authors":"Stcpresearch","date_accessed":"2025-01-13T00:00:00Z","date_published":"2025-01-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a7316425-75f8-59d9-90f4-12f0abb1b907","created":"2025-01-16T18:37:24.254695Z","modified":"2025-01-16T18:37:24.902745Z"},{"id":"2894c3bf-6f8d-4338-8206-4dc873e3bb8d","name":"Microsoft WMI Filters","description":"Microsoft. (2008, September 11). Fun with WMI Filters in Group Policy. Retrieved March 13, 2019.","url":"https://blogs.technet.microsoft.com/askds/2008/09/11/fun-with-wmi-filters-in-group-policy/","source":"MITRE","title":"Fun with WMI Filters in Group Policy","authors":"Microsoft","date_accessed":"2019-03-13T00:00:00Z","date_published":"2008-09-11T00:00:00Z","owner_name":null,"tidal_id":"27f833b3-3eff-58e2-bf5c-47b669a959b5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441793Z"},{"id":"e18c1b56-f29d-4ea9-a425-a6af8ac6a347","name":"Cybersecurity Advisory SVR TTP May 2021","description":"NCSC, CISA, FBI, NSA. (2021, May 7). Further TTPs associated with SVR cyber actors. Retrieved July 29, 2021.","url":"https://www.ncsc.gov.uk/files/Advisory-further-TTPs-associated-with-SVR-cyber-actors.pdf","source":"MITRE","title":"Further TTPs associated with SVR cyber actors","authors":"NCSC, CISA, FBI, NSA","date_accessed":"2021-07-29T00:00:00Z","date_published":"2021-05-07T00:00:00Z","owner_name":null,"tidal_id":"299cf5a1-9483-51e0-8e34-28c2824e4897","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438124Z"},{"id":"8fb4c754-e830-5ff4-b1f2-48c48398f996","name":"Gabriel Sanchez October 2017","description":"Gabriel Sanchez 2017, October Man-In-The-Middle Attack Against Modbus TCP Illustrated with Wireshark. Retrieved 2020/01/05","url":"https://www.sans.org/reading-room/whitepapers/ICS/man-in-the-middle-attack-modbus-tcp-illustrated-wireshark-38095","source":"ICS","title":"Gabriel Sanchez October 2017","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e0e224c5-0d18-5aca-88a6-dc608cd643de","created":"2026-01-28T13:08:18.177351Z","modified":"2026-01-28T13:08:18.177354Z"},{"id":"bbf7695b-4eee-412c-b080-6abaefa14ef3","name":"Check Point Research December 17 2025","description":"samanthar@checkpoint.com. (2025, December 17). GachiLoader: Defeating Node.js Malware with API Tracing GachiLoader: Defeating Node.js Malware. Retrieved December 24, 2025.","url":"https://research.checkpoint.com/2025/gachiloader-node-js-malware-with-api-tracing/","source":"Tidal Cyber","title":"GachiLoader: Defeating Node.js Malware with API Tracing GachiLoader: Defeating Node.js Malware","authors":"samanthar@checkpoint.com","date_accessed":"2025-12-24T12:00:00Z","date_published":"2025-12-17T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8c8db184-d5dd-5d10-94f4-201fb3711331","created":"2025-12-29T17:39:49.390577Z","modified":"2025-12-29T17:39:49.530007Z"},{"id":"ebf961c5-bd68-42f3-8fd3-000946c7ae9c","name":"RiskIQ Cobalt Nov 2017","description":"Klijnsma, Y.. (2017, November 28). Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions. Retrieved October 10, 2018.","url":"https://web.archive.org/web/20190508170630/https://www.riskiq.com/blog/labs/cobalt-strike/","source":"MITRE","title":"Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions","authors":"Klijnsma, Y.","date_accessed":"2018-10-10T00:00:00Z","date_published":"2017-11-28T00:00:00Z","owner_name":null,"tidal_id":"9a709314-4994-5264-b584-ee6a618fa817","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438180Z"},{"id":"2c15d7f8-9fb3-556c-acad-01e4d9c7b82f","name":"Gallagher, S. April 2017","description":"Gallagher, S. 2017, April 12 Pirate radio: Signal spoof set off Dallas emergency sirens, not network hack. Retrieved 2020/12/01","url":"https://arstechnica.com/information-technology/2017/04/dallas-siren-hack-used-radio-signals-to-spoof-alarm-says-city-manager/","source":"ICS","title":"Gallagher, S. April 2017","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"89695d7e-f248-5aaf-a494-e7569e8f501e","created":"2026-01-28T13:08:18.176363Z","modified":"2026-01-28T13:08:18.176366Z"},{"id":"ac6491ab-6ef1-4091-8a15-50e2cbafe157","name":"Unit 42 PingPull Jun 2022","description":"Unit 42. (2022, June 13). GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool. Retrieved August 7, 2022.","url":"https://unit42.paloaltonetworks.com/pingpull-gallium/","source":"MITRE","title":"GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool","authors":"Unit 42","date_accessed":"2022-08-07T00:00:00Z","date_published":"2022-06-13T00:00:00Z","owner_name":null,"tidal_id":"ab0126eb-421e-56bb-ba64-21cfff4ebaa8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417878Z"},{"id":"5bc76b47-ff68-4031-a347-f2dc0daba203","name":"Microsoft GALLIUM December 2019","description":"MSTIC. (2019, December 12). GALLIUM: Targeting global telecom. Retrieved January 13, 2021.","url":"https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/","source":"MITRE, Tidal Cyber","title":"GALLIUM: Targeting global telecom","authors":"MSTIC","date_accessed":"2021-01-13T00:00:00Z","date_published":"2019-12-12T00:00:00Z","owner_name":null,"tidal_id":"3ba84e89-886d-5eac-b21b-e57b993545ff","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.259516Z"},{"id":"f47b3e2b-acdd-4487-88b9-de5cbe45cf33","name":"Symantec Gallmaker Oct 2018","description":"Symantec Security Response. (2018, October 10). Gallmaker: New Attack Group Eschews Malware to Live off the Land. Retrieved November 27, 2018.","url":"https://www.symantec.com/blogs/threat-intelligence/gallmaker-attack-group","source":"MITRE, Tidal Cyber","title":"Gallmaker: New Attack Group Eschews Malware to Live off the Land","authors":"Symantec Security Response","date_accessed":"2018-11-27T00:00:00Z","date_published":"2018-10-10T00:00:00Z","owner_name":null,"tidal_id":"4649726b-cb2d-51be-a594-c02f80a5305b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.280186Z"},{"id":"3800cfc2-0260-4b36-b629-7a336b9f9f10","name":"TrendMicro Gamaredon April 2020","description":"Kakara, H., Maruyama, E. (2020, April 17). Gamaredon APT Group Use Covid-19 Lure in Campaigns. Retrieved May 19, 2020.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/gamaredon-apt-group-use-covid-19-lure-in-campaigns/","source":"MITRE","title":"Gamaredon APT Group Use Covid-19 Lure in Campaigns","authors":"Kakara, H., Maruyama, E","date_accessed":"2020-05-19T00:00:00Z","date_published":"2020-04-17T00:00:00Z","owner_name":null,"tidal_id":"84c1f549-5515-536c-92ac-55bc9f7330e5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439125Z"},{"id":"a0ba01e4-864b-510b-a8d1-896e9e32cac4","name":"VenereCiscoTalos_Gamaredon_Mar2025","description":"Venere, G. (2025, March 28). Gamaredon campaign abuses LNK files to distribute Remcos backdoor. Retrieved July 23, 2025.","url":"https://blog.talosintelligence.com/gamaredon-campaign-distribute-remcos/","source":"MITRE","title":"Gamaredon campaign abuses LNK files to distribute Remcos backdoor","authors":"Venere, G","date_accessed":"2025-07-23T00:00:00Z","date_published":"2025-03-28T00:00:00Z","owner_name":null,"tidal_id":"c888f001-4893-5a23-beba-912f393cb584","created":"2025-10-29T21:08:48.167595Z","modified":"2025-12-17T15:08:36.440903Z"},{"id":"6532664d-2311-4b38-8960-f43762471729","name":"ESET Gamaredon June 2020","description":"Boutin, J. (2020, June 11). Gamaredon group grows its game. Retrieved June 16, 2020.","url":"https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/","source":"MITRE","title":"Gamaredon group grows its game","authors":"Boutin, J","date_accessed":"2020-06-16T00:00:00Z","date_published":"2020-06-11T00:00:00Z","owner_name":null,"tidal_id":"b0d28663-0e92-5549-9bd1-3cc73c88e78e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431356Z"},{"id":"fec320ed-29c1-40db-ad2e-701fda428922","name":"CERT-EE Gamaredon January 2021","description":"CERT-EE. (2021, January 27). Gamaredon Infection: From Dropper to Entry. Retrieved February 17, 2022.","url":"https://www.ria.ee/sites/default/files/content-editors/kuberturve/tale_of_gamaredon_infection.pdf","source":"MITRE","title":"Gamaredon Infection: From Dropper to Entry","authors":"CERT-EE","date_accessed":"2022-02-17T00:00:00Z","date_published":"2021-01-27T00:00:00Z","owner_name":null,"tidal_id":"b7c79194-f31b-571f-91ff-b0540b9c4b8c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440133Z"},{"id":"8bf807bc-5103-4962-9a19-c12396cdb767","name":"Trend Micro November 25 2024","description":"Leon M Chang; Theo Chen; Lenart Bermejo; Ted Lee Read time. (2024, November 25). Game of Emperor Unveiling Long Term Earth Estries Cyber Intrusions. Retrieved December 2, 2024.","url":"https://www.trendmicro.com/pt_br/research/24/k/earth-estries.html","source":"Tidal Cyber","title":"Game of Emperor Unveiling Long Term Earth Estries Cyber Intrusions","authors":"Leon M Chang; Theo Chen; Lenart Bermejo; Ted Lee Read time","date_accessed":"2024-12-02T00:00:00Z","date_published":"2024-11-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6ace67d7-5490-5e60-b6be-d5082d64c16c","created":"2024-12-02T20:28:32.247497Z","modified":"2024-12-02T20:28:32.615707Z"},{"id":"86504950-0f4f-42bc-b003-24f60ae97c99","name":"Kaspersky Winnti June 2015","description":"Tarakanov, D. (2015, June 22). Games are over: Winnti is now targeting pharmaceutical companies. Retrieved January 14, 2016.","url":"https://securelist.com/games-are-over/70991/","source":"MITRE","title":"Games are over: Winnti is now targeting pharmaceutical companies","authors":"Tarakanov, D","date_accessed":"2016-01-14T00:00:00Z","date_published":"2015-06-22T00:00:00Z","owner_name":null,"tidal_id":"01409094-971a-5d01-878c-a46e771cec1d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438872Z"},{"id":"b8d328b7-2eb3-4851-8d44-2e1bad7710c2","name":"WeLiveSecurity Gapz and Redyms Mar 2013","description":"Matrosov, A. (2013, March 19). Gapz and Redyms droppers based on Power Loader code. Retrieved December 16, 2017.","url":"https://www.welivesecurity.com/2013/03/19/gapz-and-redyms-droppers-based-on-power-loader-code/","source":"MITRE","title":"Gapz and Redyms droppers based on Power Loader code","authors":"Matrosov, A","date_accessed":"2017-12-16T00:00:00Z","date_published":"2013-03-19T00:00:00Z","owner_name":null,"tidal_id":"403bd994-a24e-5677-99a7-b57c4d91d452","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416891Z"},{"id":"072d360a-cfbb-521e-ada0-6b1f4e10eefb","name":"Gardiner, J., Cova, M., Nagaraja, S February 2014","description":"Gardiner, J., Cova, M., Nagaraja, S 2014, February Command & Control Understanding, Denying and Detecting. Retrieved 2016/04/20","url":"https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf","source":"ICS","title":"Gardiner, J., Cova, M., Nagaraja, S February 2014","authors":"","date_accessed":"2016-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"70be0039-fa03-5d57-a976-628846f0ae98","created":"2026-01-28T13:08:18.180042Z","modified":"2026-01-28T13:08:18.180045Z"},{"id":"d00f373d-2133-47c3-9b0a-104ecc9a6869","name":"theevilbit gatekeeper bypass 2021","description":"Csaba Fitzl. (2021, June 29). GateKeeper - Not a Bypass (Again). Retrieved September 22, 2021.","url":"https://theevilbit.github.io/posts/gatekeeper_not_a_bypass/","source":"MITRE","title":"GateKeeper - Not a Bypass (Again)","authors":"Csaba Fitzl","date_accessed":"2021-09-22T00:00:00Z","date_published":"2021-06-29T00:00:00Z","owner_name":null,"tidal_id":"e358f8a4-3d07-592a-9e7c-688c667856b7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427268Z"},{"id":"4bf39390-f3ca-4132-841e-b35abefe7dee","name":"Kaspersky Gauss Whitepaper","description":"Kaspersky Lab. (2012, August). Gauss: Abnormal Distribution. Retrieved January 17, 2019.","url":"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/20134940/kaspersky-lab-gauss.pdf","source":"MITRE","title":"Gauss: Abnormal Distribution","authors":"Kaspersky Lab","date_accessed":"2019-01-17T00:00:00Z","date_published":"2012-08-01T00:00:00Z","owner_name":null,"tidal_id":"d61ffce8-72e2-5daa-9a55-d189ce214fd1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436333Z"},{"id":"38216a34-5ffd-4e79-80b1-7270743b728e","name":"Kaspersky MoleRATs April 2019","description":"GReAT. (2019, April 10). Gaza Cybergang Group1, operation SneakyPastes. Retrieved May 13, 2020.","url":"https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/","source":"MITRE","title":"Gaza Cybergang Group1, operation SneakyPastes","authors":"GReAT","date_accessed":"2020-05-13T00:00:00Z","date_published":"2019-04-10T00:00:00Z","owner_name":null,"tidal_id":"cbc11940-dd52-5035-ad46-6eceb0068bff","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419325Z"},{"id":"9d1c40af-d4bc-4d4a-b667-a17378942685","name":"ESET Gazer Aug 2017","description":"ESET. (2017, August). Gazing at Gazer: Turla’s new second stage backdoor. Retrieved September 14, 2017.","url":"https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf","source":"MITRE","title":"Gazing at Gazer: Turla’s new second stage backdoor","authors":"ESET","date_accessed":"2017-09-14T00:00:00Z","date_published":"2017-08-01T00:00:00Z","owner_name":null,"tidal_id":"04a38ce9-cc64-59b2-bdc1-633e50d7edaa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419677Z"},{"id":"4bc3a8af-d0c1-514d-9edd-dcebb3344db8","name":"file_sig_table","description":"Kessler, G. (2022, December 9). GCK'S FILE SIGNATURES TABLE. Retrieved August 23, 2022.","url":"https://www.garykessler.net/library/file_sigs.html","source":"MITRE","title":"GCK'S FILE SIGNATURES TABLE","authors":"Kessler, G","date_accessed":"2022-08-23T00:00:00Z","date_published":"2022-12-09T00:00:00Z","owner_name":null,"tidal_id":"8df39b65-4bb3-5fdc-beef-493603da7c1d","created":"2023-05-26T01:21:19.395677Z","modified":"2025-04-22T20:47:30.905194Z"},{"id":"4fefd17e-1ca8-5478-b24c-017141a92bc3","name":"GCP gcloud compute disks list","description":"Google Cloud. (n.d.). gcloud compute disks list. Retrieved October 20, 2025.","url":"https://cloud.google.com/sdk/gcloud/reference/compute/disks/list","source":"MITRE","title":"gcloud compute disks list","authors":"Google Cloud","date_accessed":"2025-10-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8005400f-a120-561f-8cb9-44ad1541c9da","created":"2025-10-29T21:08:48.166636Z","modified":"2025-12-17T15:08:36.436387Z"},{"id":"eba4b850-8784-4da2-b87d-54b5bd0f58d6","name":"Google Cloud Add Metadata","description":"Google Cloud. (2022, March 31). gcloud compute instances add-metadata. Retrieved April 1, 2022.","url":"https://cloud.google.com/sdk/gcloud/reference/compute/instances/add-metadata","source":"MITRE","title":"gcloud compute instances add-metadata","authors":"Google Cloud","date_accessed":"2022-04-01T00:00:00Z","date_published":"2022-03-31T00:00:00Z","owner_name":null,"tidal_id":"7bb726e2-230c-5355-8cc5-4115637e9a16","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430891Z"},{"id":"ae09e791-a00c-487b-b0e5-7768df0679a3","name":"Google Compute Instances","description":"Google. (n.d.). gcloud compute instances list. Retrieved May 26, 2020.","url":"https://cloud.google.com/sdk/gcloud/reference/compute/instances/list","source":"MITRE","title":"gcloud compute instances list","authors":"Google","date_accessed":"2020-05-26T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"cc7815d9-ebda-5056-a3fc-e2c234f66e31","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430043Z"},{"id":"372b6cfd-abdc-41b7-be78-4b1dc0426044","name":"GCP SSH Key Add","description":"Google. (n.d.). gcloud compute os-login ssh-keys add. Retrieved October 1, 2020.","url":"https://cloud.google.com/sdk/gcloud/reference/compute/os-login/ssh-keys/add","source":"MITRE","title":"gcloud compute os-login ssh-keys add","authors":"Google","date_accessed":"2020-10-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"bf8b2e21-1980-59fe-994f-a23fb86d8f2a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432400Z"},{"id":"3ffad706-1dac-41dd-b197-06f22fec3b30","name":"Google Cloud - IAM Servie Accounts List API","description":"Google. (2020, June 23). gcloud iam service-accounts list. Retrieved August 4, 2020.","url":"https://cloud.google.com/sdk/gcloud/reference/iam/service-accounts/list","source":"MITRE","title":"gcloud iam service-accounts list","authors":"Google","date_accessed":"2020-08-04T00:00:00Z","date_published":"2020-06-23T00:00:00Z","owner_name":null,"tidal_id":"a76c299b-9780-5be0-a7e4-e4159dc81c96","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431246Z"},{"id":"ea28cf8c-8c92-48cb-b499-ffb7ff0e3cf5","name":"ESET Gelsemium June 2021","description":"Dupuy, T. and Faou, M. (2021, June). Gelsemium. Retrieved November 30, 2021.","url":"https://www.welivesecurity.com/wp-content/uploads/2021/06/eset_gelsemium.pdf","source":"MITRE","title":"Gelsemium","authors":"Dupuy, T. and Faou, M","date_accessed":"2021-11-30T00:00:00Z","date_published":"2021-06-01T00:00:00Z","owner_name":null,"tidal_id":"e09889d2-c780-51f8-929e-1bb9a1947081","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418741Z"},{"id":"344703ac-f67c-465b-8c56-c9617675a00b","name":"TechNet Scheduled Task Events","description":"Microsoft. (n.d.). General Task Registration. Retrieved December 12, 2017.","url":"https://technet.microsoft.com/library/dd315590.aspx","source":"MITRE","title":"General Task Registration","authors":"Microsoft","date_accessed":"2017-12-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a3f1394b-05e8-5699-af09-81a4815542e3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423598Z"},{"id":"8c65dbc1-33ad-470c-b172-7497c6fd2480","name":"Ebowla: Genetic Malware","description":"Morrow, T., Pitts, J. (2016, October 28). Genetic Malware: Designing Payloads for Specific Targets. Retrieved January 18, 2019.","url":"https://github.com/Genetic-Malware/Ebowla/blob/master/Eko_2016_Morrow_Pitts_Master.pdf","source":"MITRE","title":"Genetic Malware: Designing Payloads for Specific Targets","authors":"Morrow, T., Pitts, J","date_accessed":"2019-01-18T00:00:00Z","date_published":"2016-10-28T00:00:00Z","owner_name":null,"tidal_id":"4d866924-f9cf-54eb-ab2c-eef63e009729","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436339Z"},{"id":"5a974fc5-31bb-44b5-9834-ef98175402ec","name":"Proofpoint NETWIRE December 2020","description":"Proofpoint. (2020, December 2). Geofenced NetWire Campaigns. Retrieved January 7, 2021.","url":"https://www.proofpoint.com/us/blog/threat-insight/geofenced-netwire-campaigns","source":"MITRE","title":"Geofenced NetWire Campaigns","authors":"Proofpoint","date_accessed":"2021-01-07T00:00:00Z","date_published":"2020-12-02T00:00:00Z","owner_name":null,"tidal_id":"d37b36aa-6d6d-5f6c-ba36-090778ae678e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440000Z"},{"id":"739e6517-10f5-484d-8000-8818d63e7341","name":"Hartrell cd00r 2002","description":"Hartrell, Greg. (2002, August). Get a handle on cd00r: The invisible backdoor. Retrieved October 13, 2018.","url":"https://www.giac.org/paper/gcih/342/handle-cd00r-invisible-backdoor/103631","source":"MITRE","title":"Get a handle on cd00r: The invisible backdoor","authors":"Hartrell, Greg","date_accessed":"2018-10-13T00:00:00Z","date_published":"2002-08-01T00:00:00Z","owner_name":null,"tidal_id":"df8e0c2c-cf77-5eee-b846-007b236e116e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416457Z"},{"id":"ffb9c0ca-533f-4911-8c0c-a2653410a76d","name":"Kubectl Exec Get Shell","description":"The Kubernetes Authors. (n.d.). Get a Shell to a Running Container. Retrieved March 29, 2021.","url":"https://kubernetes.io/docs/tasks/debug-application-cluster/get-shell-running-container/","source":"MITRE","title":"Get a Shell to a Running Container","authors":"The Kubernetes Authors","date_accessed":"2021-03-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ebd138bd-b2f9-5ea0-b107-a38148fddaee","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431500Z"},{"id":"a4948a80-d11c-44ed-ae63-e3f5660463f9","name":"Microsoft getglobaladdresslist","description":"Microsoft. (n.d.). Get-GlobalAddressList. Retrieved October 6, 2019.","url":"https://docs.microsoft.com/en-us/powershell/module/exchange/email-addresses-and-address-books/get-globaladdresslist","source":"MITRE","title":"Get-GlobalAddressList","authors":"Microsoft","date_accessed":"2019-10-06T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7772b46c-db17-5e7c-81c5-2f72cebaa6a1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429140Z"},{"id":"228ac239-3a97-446f-8e1c-d5c0f580710c","name":"Jay GetHooks Sept 2011","description":"Satiro, J. (2011, September 14). GetHooks. Retrieved December 12, 2017.","url":"https://github.com/jay/gethooks","source":"MITRE","title":"GetHooks","authors":"Satiro, J","date_accessed":"2017-12-12T00:00:00Z","date_published":"2011-09-14T00:00:00Z","owner_name":null,"tidal_id":"5be91aaa-8cc5-5ec2-923e-73c4f59f0c86","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430593Z"},{"id":"c6a1b00c-22d4-407a-a515-fbce5c197606","name":"Microsoft Get-InboxRule","description":"Microsoft. (n.d.). Get-InboxRule. Retrieved June 10, 2021.","url":"https://docs.microsoft.com/en-us/powershell/module/exchange/get-inboxrule?view=exchange-ps","source":"MITRE","title":"Get-InboxRule","authors":"Microsoft","date_accessed":"2021-06-10T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a7f09520-6f07-5ef7-a611-ab59ee16b0a5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441375Z"},{"id":"e36f4e3a-61c9-4fdc-98de-d51a2b3b4865","name":"Microsoft Msolrole","description":"Microsoft. (n.d.). Get-MsolRole. Retrieved October 6, 2019.","url":"https://docs.microsoft.com/en-us/powershell/module/msonline/get-msolrole?view=azureadps-1.0","source":"MITRE","title":"Get-MsolRole","authors":"Microsoft","date_accessed":"2019-10-06T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"0f65e2e2-16cd-5fed-aa7c-7214a05fda94","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425514Z"},{"id":"ca28494c-d834-4afc-9237-ab78dcfc427b","name":"Microsoft msolrolemember","description":"Microsoft. (n.d.). Get-MsolRoleMember. Retrieved October 6, 2019.","url":"https://docs.microsoft.com/en-us/powershell/module/msonline/get-msolrolemember?view=azureadps-1.0","source":"MITRE","title":"Get-MsolRoleMember","authors":"Microsoft","date_accessed":"2019-10-06T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1dd1fba4-04ef-5392-aa09-c4690b547b53","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432527Z"},{"id":"585b4ed7-1f1b-5e7f-bf2b-3732e07309af","name":"JumpCloud Conditional Access Policies","description":"JumpCloud. (n.d.). Get Started: Conditional Access Policies. Retrieved January 2, 2024.","url":"https://jumpcloud.com/support/get-started-conditional-access-policies","source":"MITRE","title":"Get Started: Conditional Access Policies","authors":"JumpCloud","date_accessed":"2024-01-02T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8c88eeef-df17-5230-89fe-faad95642755","created":"2024-04-25T13:28:39.861435Z","modified":"2025-12-17T15:08:36.434841Z"},{"id":"85056eba-c587-4619-b5e4-dff9680be7b3","name":"rowland linux at 2019","description":"Craig Rowland. (2019, July 25). Getting an Attacker IP Address from a Malicious Linux At Job. Retrieved October 15, 2021.","url":"https://www.linkedin.com/pulse/getting-attacker-ip-address-from-malicious-linux-job-craig-rowland/","source":"MITRE","title":"Getting an Attacker IP Address from a Malicious Linux At Job","authors":"Craig Rowland","date_accessed":"2021-10-15T00:00:00Z","date_published":"2019-07-25T00:00:00Z","owner_name":null,"tidal_id":"8b1e9c1f-0ad8-5d65-b5e8-c9b8adbc6968","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430511Z"},{"id":"291fb8ac-a3d6-48a0-9c78-09e358634012","name":"Elastic GuLoader December 5 2023","description":"Daniel Stepanic. (2023, December 5). Getting gooey with GULOADER: deobfuscating the downloader. Retrieved February 27, 2024.","url":"https://www.elastic.co/security-labs/getting-gooey-with-guloader-downloader","source":"Tidal Cyber","title":"Getting gooey with GULOADER: deobfuscating the downloader","authors":"Daniel Stepanic","date_accessed":"2024-02-27T00:00:00Z","date_published":"2023-12-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"81f60a7f-b71e-5708-a272-8406717a0b2c","created":"2024-06-13T20:10:51.633827Z","modified":"2024-06-13T20:10:51.819389Z"},{"id":"82068e93-a3f8-4d05-9358-6fe76a0055bb","name":"BlackHatRobinSage","description":"Ryan, T. (2010). “Getting In Bed with Robin Sage.”. Retrieved March 6, 2017.","url":"http://media.blackhat.com/bh-us-10/whitepapers/Ryan/BlackHat-USA-2010-Ryan-Getting-In-Bed-With-Robin-Sage-v1.0.pdf","source":"MITRE","title":"“Getting In Bed with Robin Sage.”","authors":"Ryan, T","date_accessed":"2017-03-06T00:00:00Z","date_published":"2010-01-01T00:00:00Z","owner_name":null,"tidal_id":"d61cb8d5-71ef-5f3e-ad1f-e784066a954c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426439Z"},{"id":"7080ae79-bec4-5886-9a43-6039d0cfd32f","name":"AADInternals Root Access to Azure VMs","description":"Dr. Nestori Syynimaa. (2020, June 4). Getting root access to Azure VMs as a Azure AD Global Administrator. Retrieved March 13, 2023.","url":"https://aadinternals.com/post/azurevms/","source":"MITRE","title":"Getting root access to Azure VMs as a Azure AD Global Administrator","authors":"Dr. Nestori Syynimaa","date_accessed":"2023-03-13T00:00:00Z","date_published":"2020-06-04T00:00:00Z","owner_name":null,"tidal_id":"0d671388-18a5-5375-9a1b-5d722fa1f539","created":"2023-05-26T01:21:20.936454Z","modified":"2025-12-17T15:08:36.442820Z"},{"id":"128b4e3f-bb58-45e0-b8d9-bff9fc3ec3df","name":"Wardle Dylib Hijack Vulnerable Apps","description":"Patrick Wardle. (2019, July 2). Getting Root with Benign AppStore Apps. Retrieved March 31, 2021.","url":"https://objective-see.com/blog/blog_0x46.html","source":"MITRE","title":"Getting Root with Benign AppStore Apps","authors":"Patrick Wardle","date_accessed":"2021-03-31T00:00:00Z","date_published":"2019-07-02T00:00:00Z","owner_name":null,"tidal_id":"c8d8f719-1e9d-5331-9057-2fda24787481","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436778Z"},{"id":"6d9298d3-ad9f-5b19-949c-84bef49f5f6c","name":"Lua main page","description":"Lua. (2024, June 25). Getting started. Retrieved August 5, 2024.","url":"https://www.lua.org/start.html","source":"MITRE","title":"Getting started","authors":"Lua","date_accessed":"2024-08-05T00:00:00Z","date_published":"2024-06-25T00:00:00Z","owner_name":null,"tidal_id":"0ceb6569-75fd-5dbb-a555-c2d6b29d8786","created":"2024-10-31T16:28:24.528092Z","modified":"2025-12-17T15:08:36.433480Z"},{"id":"8305a718-e79f-5bf7-8af3-b117cf106c81","name":"2 - appv","description":"Microsoft. (2022, November 3). Getting started with App-V for Windows client. Retrieved February 6, 2024.","url":"https://learn.microsoft.com/en-us/windows/application-management/app-v/appv-getting-started","source":"MITRE","title":"Getting started with App-V for Windows client","authors":"Microsoft","date_accessed":"2024-02-06T00:00:00Z","date_published":"2022-11-03T00:00:00Z","owner_name":null,"tidal_id":"2064b322-84b1-58eb-9d6e-ed182ba19ef3","created":"2024-04-25T13:28:40.843414Z","modified":"2025-12-17T15:08:36.435861Z"},{"id":"1fca885e-f920-55fa-8580-8553c1cf3915","name":"Google NDK Getting Started","description":"Google. (2019, December 27). Getting Started with the NDK. Retrieved April","url":"https://developer.android.com/ndk/guides","source":"Mobile","title":"Getting Started with the NDK","authors":"Google","date_accessed":"1978-04-01T00:00:00Z","date_published":"2019-12-27T00:00:00Z","owner_name":null,"tidal_id":"8bc9b89d-b45a-5175-ae47-aa1d92956c84","created":"2026-01-28T13:08:10.043923Z","modified":"2026-01-28T13:08:10.043926Z"},{"id":"9c44416d-1f3d-4d99-b497-4615ed6f5546","name":"MSDN VBA in Office","description":"Austin, J. (2017, June 6). Getting Started with VBA in Office. Retrieved July 3, 2017.","url":"https://msdn.microsoft.com/en-us/vba/office-shared-vba/articles/getting-started-with-vba-in-office","source":"MITRE","title":"Getting Started with VBA in Office","authors":"Austin, J","date_accessed":"2017-07-03T00:00:00Z","date_published":"2017-06-06T00:00:00Z","owner_name":null,"tidal_id":"1157b591-ff21-5c9f-aa3d-b2b848c44f72","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431431Z"},{"id":"1b93e7ba-6afa-45ff-a9e2-3586cdae822c","name":"Windows Getting Started Drivers","description":"Viviano, A. (2021, August 17). Getting started with Windows drivers: User mode and kernel mode. Retrieved September 24, 2021.","url":"https://docs.microsoft.com/en-us/windows-hardware/drivers/gettingstarted/user-mode-and-kernel-mode","source":"MITRE","title":"Getting started with Windows drivers: User mode and kernel mode","authors":"Viviano, A","date_accessed":"2021-09-24T00:00:00Z","date_published":"2021-08-17T00:00:00Z","owner_name":null,"tidal_id":"5a51e52f-560f-5887-8c21-2dac492d3b16","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437197Z"},{"id":"4f308812-e7ce-5feb-abed-2abf86f2a1d4","name":"Pylos January 2020","description":"Joe Slowik. (2020, January 28). Getting the Story Right, and Why It Matters. Retrieved April","url":"https://pylos.co/2020/01/28/getting-the-story-right-and-why-it-matters/","source":"ICS","title":"Getting the Story Right, and Why It Matters","authors":"Joe Slowik","date_accessed":"1978-04-01T00:00:00Z","date_published":"2020-01-28T00:00:00Z","owner_name":null,"tidal_id":"0fa77987-a261-5620-8f51-ef600c5a5e0b","created":"2026-01-28T13:08:18.176019Z","modified":"2026-01-28T13:08:18.176022Z"},{"id":"b212d16f-5347-49ab-8339-432b4fd1ef50","name":"Bloxham","description":"Bloxham, B. (n.d.). Getting Windows to Play with Itself [PowerPoint slides]. Retrieved November 12, 2014.","url":"https://www.defcon.org/images/defcon-22/dc-22-presentations/Bloxham/DEFCON-22-Brady-Bloxham-Windows-API-Abuse-UPDATED.pdf","source":"MITRE","title":"Getting Windows to Play with Itself [PowerPoint slides]","authors":"Bloxham, B","date_accessed":"2014-11-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"34a587e0-2de4-52cf-9d29-8eaa3d0632fb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:10:01.141134Z"},{"id":"d4dd4817-3093-53c9-9a35-5506d90d324b","name":"SMS KitKat","description":"S.Main, D. Braun. (2013, October 14). Getting Your SMS Apps Ready for KitKat. Retrieved September","url":"https://android-developers.googleblog.com/2013/10/getting-your-sms-apps-ready-for-kitkat.html","source":"Mobile","title":"Getting Your SMS Apps Ready for KitKat","authors":"S.Main, D. Braun","date_accessed":"1978-09-01T00:00:00Z","date_published":"2013-10-14T00:00:00Z","owner_name":null,"tidal_id":"0e13e18f-c616-5396-aa6f-058b7a7fdcab","created":"2026-01-28T13:08:10.045623Z","modified":"2026-01-28T13:08:10.045626Z"},{"id":"4366217a-2325-4056-ab68-f5f4d2a0703c","name":"Microsoft GetWindowLong function","description":"Microsoft. (n.d.). GetWindowLong function. Retrieved December 16, 2017.","url":"https://msdn.microsoft.com/library/windows/desktop/ms633584.aspx","source":"MITRE","title":"GetWindowLong function","authors":"Microsoft","date_accessed":"2017-12-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"19b27c02-da99-56c4-9e52-1e678399d061","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423541Z"},{"id":"9c11c382-b420-4cf9-9db2-eaa7b60aee2d","name":"Microsoft GFlags Mar 2017","description":"Microsoft. (2017, May 23). GFlags Overview. Retrieved December 18, 2017.","url":"https://docs.microsoft.com/windows-hardware/drivers/debugger/gflags-overview","source":"MITRE","title":"GFlags Overview","authors":"Microsoft","date_accessed":"2017-12-18T00:00:00Z","date_published":"2017-05-23T00:00:00Z","owner_name":null,"tidal_id":"5e5180d1-0901-5940-a049-0e7863bc313e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430281Z"},{"id":"5d97b7d7-428e-4408-a4d3-00f52cf4bf15","name":"GfxDownloadWrapper.exe - LOLBAS Project","description":"LOLBAS. (2019, December 27). GfxDownloadWrapper.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/HonorableMentions/GfxDownloadWrapper/","source":"Tidal Cyber","title":"GfxDownloadWrapper.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2019-12-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1e052b19-ec2f-55c3-bd35-2372ca2db357","created":"2024-01-12T14:47:10.294609Z","modified":"2024-01-12T14:47:10.475931Z"},{"id":"8851f554-05c6-4fb0-807e-2ef0bc28e131","name":"Kaspersky September 30 2021","description":"Mark Lechtik. (2021, September 30). GhostEmperor From ProxyLogon to kernel mode. Retrieved October 24, 2024.","url":"https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/","source":"Tidal Cyber","title":"GhostEmperor From ProxyLogon to kernel mode","authors":"Mark Lechtik","date_accessed":"2024-10-24T00:00:00Z","date_published":"2021-09-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"12d986f0-9b39-5da3-abd5-ce5761712757","created":"2024-10-25T19:42:16.237845Z","modified":"2024-10-25T19:42:16.492461Z"},{"id":"cb0342dd-755f-581d-b2ad-424ac6175306","name":"Mandiant UNC3886 Juniper Routers MAR 2025","description":"Lamparski, L. et al. (2025, March 11). Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers. Retrieved June 24, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers","source":"MITRE","title":"Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers","authors":"Lamparski, L. et al","date_accessed":"2025-06-24T00:00:00Z","date_published":"2025-03-11T00:00:00Z","owner_name":null,"tidal_id":"f3d0f8d9-e2f1-598c-9402-565ce06d5c31","created":"2025-10-29T21:08:48.167075Z","modified":"2025-12-17T15:08:36.438973Z"},{"id":"088091e9-4c9c-44ed-99e6-0489eec57c98","name":"SOCRadar® Cyber Intelligence Inc. October 18 2023","description":"Cem Sarı. (2023, October 18). GhostLocker A New Generation of Ransomware as a Service (RaaS) - SOCRadar® Cyber Intelligence Inc.. Retrieved December 19, 2024.","url":"https://socradar.io/ghostlocker-a-new-generation-of-ransomware-as-a-service-raas/","source":"Tidal Cyber","title":"GhostLocker A New Generation of Ransomware as a Service (RaaS) - SOCRadar® Cyber Intelligence Inc.","authors":"Cem Sarı","date_accessed":"2024-12-19T00:00:00Z","date_published":"2023-10-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d4ae3a17-bcc0-50fc-b1ff-cb3927e8c4ec","created":"2025-04-11T15:06:15.654027Z","modified":"2025-04-11T15:06:15.818750Z"},{"id":"7a9f3b36-d847-5744-8906-21726b1601a8","name":"Lookout-Gooligan","description":"Lookout. (2016, December 1). Ghost Push and Gooligan: One and the same. Retrieved December","url":"https://blog.lookout.com/blog/2016/12/01/ghost-push-gooligan/","source":"Mobile","title":"Ghost Push and Gooligan: One and the same","authors":"Lookout","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-12-01T00:00:00Z","owner_name":null,"tidal_id":"32c436f7-ce32-50a6-8d60-3ddea931ecb7","created":"2026-01-28T13:08:10.039149Z","modified":"2026-01-28T13:08:10.039153Z"},{"id":"5dc5f9be-761b-4e8b-acf5-937682717758","name":"welivesecurity.com September 4 2025","description":"Fernando Tavella. (2025, September 4). GhostRedirector poisons Windows servers Backdoors with a side of Potatoes. Retrieved September 8, 2025.","url":"https://www.welivesecurity.com/en/eset-research/ghostredirector-poisons-windows-servers-backdoors-side-potatoes/","source":"Tidal Cyber","title":"GhostRedirector poisons Windows servers Backdoors with a side of Potatoes","authors":"Fernando Tavella","date_accessed":"2025-09-08T12:00:00Z","date_published":"2025-09-04T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d90db819-9fbf-5a06-8a17-382e116bd642","created":"2025-09-10T16:38:50.108794Z","modified":"2025-09-10T16:38:50.277577Z"},{"id":"2a3638f7-86a0-41e5-a3f3-ad2918cb4ad4","name":"Uptycs Inc November 3 2023","description":"Uptycs Threat Research. (2023, November 3). GhostSec offers Ransomware-as-a-Service Possibly Used to Target Israel. Retrieved December 12, 2024.","url":"https://www.uptycs.com/blog/ghostlocker-ransomware-ghostsec","source":"Tidal Cyber","title":"GhostSec offers Ransomware-as-a-Service Possibly Used to Target Israel","authors":"Uptycs Threat Research","date_accessed":"2024-12-12T00:00:00Z","date_published":"2023-11-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f9fc3a6e-c622-5b93-b133-3f004a51d6f1","created":"2025-04-11T15:06:01.235219Z","modified":"2025-04-11T15:06:01.493773Z"},{"id":"bcdd2d44-a47a-4749-b61b-025086011f17","name":"Cisco Talos Blog March 5 2024","description":"Chetan Raghuprasad. (2024, March 5). GhostSec's joint ransomware operation and evolution of their arsenal. Retrieved April 4, 2025.","url":"https://blog.talosintelligence.com/ghostsec-ghostlocker2-ransomware/","source":"Tidal Cyber","title":"GhostSec's joint ransomware operation and evolution of their arsenal","authors":"Chetan Raghuprasad","date_accessed":"2025-04-04T00:00:00Z","date_published":"2024-03-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ddb0d829-7a8f-5b80-8ec3-3482caa5084a","created":"2025-04-08T16:38:25.329854Z","modified":"2025-04-08T16:38:25.662533Z"},{"id":"6a4e524c-cd82-4705-9f0f-4ab3191fe86e","name":"Wikimedia Foundation Inc. July 26 2015","description":"Wikimedia Foundation Inc.. (2015, July 26). Ghost Security - Wikipedia. Retrieved December 12, 2024.","url":"https://en.wikipedia.org/wiki/Ghost_Security","source":"Tidal Cyber","title":"Ghost Security - Wikipedia","authors":"Wikimedia Foundation Inc.","date_accessed":"2024-12-12T00:00:00Z","date_published":"2015-07-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0eb66500-c2d7-5065-b010-5d881ca9b465","created":"2025-04-11T15:06:00.283412Z","modified":"2025-04-11T15:06:00.454690Z"},{"id":"3f87bd65-4194-5be6-93a1-acde6eaef547","name":"GhostToken GCP flaw","description":"Sergiu Gatlan. (2023, April 21). GhostToken GCP flaw let attackers backdoor Google accounts. Retrieved September 18, 2023.","url":"https://www.bleepingcomputer.com/news/security/ghosttoken-gcp-flaw-let-attackers-backdoor-google-accounts/","source":"MITRE","title":"GhostToken GCP flaw let attackers backdoor Google accounts","authors":"Sergiu Gatlan","date_accessed":"2023-09-18T00:00:00Z","date_published":"2023-04-21T00:00:00Z","owner_name":null,"tidal_id":"df26a96d-a2c3-5f36-bcfe-e1ab9e963da0","created":"2023-11-07T00:36:09.887185Z","modified":"2025-12-17T15:08:36.436818Z"},{"id":"408df760-abec-5380-a050-8f7931746f4f","name":"ThreatFabric Ginp","description":"ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April","url":"https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html","source":"Mobile","title":"Ginp - A malware patchwork borrowing from Anubis","authors":"ThreatFabric","date_accessed":"1978-04-01T00:00:00Z","date_published":"2019-11-01T00:00:00Z","owner_name":null,"tidal_id":"6a24c264-dc3e-5333-8ee1-d15132d43ddd","created":"2026-01-28T13:08:10.040726Z","modified":"2026-01-28T13:08:10.040729Z"},{"id":"1c5664df-f84e-562e-b97b-07f989462b45","name":"Hacker News GitHub Abuse 2024","description":"Dvir Sasson. (2024, May 13). GitHub Abuse Flaw Shows Why We Can't Shrug Off Abuse Vulnerabilities in Security. Retrieved March 31, 2025.","url":"https://thehackernews.com/expert-insights/2024/05/github-abuse-flaw-shows-why-we-cant.html","source":"MITRE","title":"GitHub Abuse Flaw Shows Why We Can't Shrug Off Abuse Vulnerabilities in Security","authors":"Dvir Sasson","date_accessed":"2025-03-31T00:00:00Z","date_published":"2024-05-13T00:00:00Z","owner_name":null,"tidal_id":"6cbf17dc-e3cf-57c1-839f-672439088fb2","created":"2025-04-22T20:47:16.904288Z","modified":"2025-12-17T15:08:36.432282Z"},{"id":"bb3d40d6-dc83-5cf9-8aa4-87421edb425e","name":"Unit 42 Palo Alto GitHub Actions Supply Chain Attack 2025","description":"Omer Gilm Aviad Hahami, Asi Greenholts, and Yaron Avital. (2025, March 20). GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment . Retrieved May 22, 2025.","url":"https://unit42.paloaltonetworks.com/github-actions-supply-chain-attack","source":"MITRE","title":"GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment","authors":"Omer Gilm Aviad Hahami, Asi Greenholts, and Yaron Avital","date_accessed":"2025-05-22T00:00:00Z","date_published":"2025-03-20T00:00:00Z","owner_name":null,"tidal_id":"a62ee74d-c1cc-5f30-bdd3-c661e44c4757","created":"2025-10-29T21:08:48.165567Z","modified":"2025-12-17T15:08:36.425635Z"},{"id":"8ef4bcee-673d-4bab-8e18-947f45c6fc77","name":"GitHub ADRecon","description":"adrecon. (n.d.). GitHub ADRecon. Retrieved March 5, 2024.","url":"https://github.com/adrecon/ADRecon","source":"Tidal Cyber","title":"GitHub ADRecon","authors":"adrecon","date_accessed":"2024-03-05T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"48393d55-02f0-55d7-96fc-916fa5b7ad81","created":"2024-03-07T21:00:42.095824Z","modified":"2024-03-07T21:00:42.730927Z"},{"id":"5a38800a-23df-4fc0-9d1d-1652e1e8f718","name":"GitHub June 26 2014","description":"Andrivet. (2014, June 26). GitHub - andrivetADVobfuscator Obfuscation library based on C++1114 and metaprogramming. Retrieved December 19, 2024.","url":"https://github.com/andrivet/ADVobfuscator","source":"Tidal Cyber","title":"GitHub - andrivetADVobfuscator Obfuscation library based on C++1114 and metaprogramming","authors":"Andrivet","date_accessed":"2024-12-19T00:00:00Z","date_published":"2014-06-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5f769c0c-9cbd-59ac-8fd9-c914c1e12b81","created":"2025-04-11T15:06:15.333988Z","modified":"2025-04-11T15:06:15.498048Z"},{"id":"d37e6efe-05ed-445b-b8ba-3ace0a1afa46","name":"GitHub Arvanaghi SessionGopher","description":"Arvanaghi. (n.d.). GitHub Arvanaghi SessionGopher. Retrieved November 22, 2024.","url":"https://github.com/Arvanaghi/SessionGopher","source":"Tidal Cyber","title":"GitHub Arvanaghi SessionGopher","authors":"Arvanaghi","date_accessed":"2024-11-22T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"c432f47e-1729-504f-b41a-094c96bcf483","created":"2024-11-25T18:00:51.027408Z","modified":"2024-11-25T18:00:51.428041Z"},{"id":"96524473-36c9-43c0-b1a1-4a8eadce02d8","name":"GitHub b23r0 rsocx","description":"b23r0. (n.d.). GitHub b23r0 rsocx. Retrieved June 8, 2025.","url":"https://github.com/b23r0/rsocx","source":"Tidal Cyber","title":"GitHub b23r0 rsocx","authors":"b23r0","date_accessed":"2025-06-08T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"9c507686-d363-5946-a7f9-d50a08eae0ee","created":"2025-06-10T15:50:17.909134Z","modified":"2025-06-10T15:50:18.255125Z"},{"id":"e7f1d932-4bcd-4a78-b975-f4ebbce8c05e","name":"GitHub BeichenDream BadPotato","description":"BeichenDream. (n.d.). GitHub BeichenDream BadPotato. Retrieved August 28, 2023.","url":"https://github.com/BeichenDream/BadPotato","source":"Tidal Cyber","title":"GitHub BeichenDream BadPotato","authors":"BeichenDream","date_accessed":"2023-08-28T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"c63e564d-e005-56e7-8b86-429499e5dbc3","created":"2024-06-13T20:10:40.650317Z","modified":"2024-06-13T20:10:40.846352Z"},{"id":"4cc12541-257b-419f-a2d8-139449324f19","name":"GitHub August 19 2022","description":"GitHub. (2022, August 19). GitHub · Build and ship software on a single, collaborative platform. Retrieved December 19, 2024.","url":"https://github.com/","source":"Tidal Cyber","title":"GitHub · Build and ship software on a single, collaborative platform","authors":"GitHub","date_accessed":"2024-12-19T00:00:00Z","date_published":"2022-08-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d9466b61-763f-586c-9ff2-b5437d6d92f5","created":"2025-04-11T15:06:05.944173Z","modified":"2025-04-11T15:06:06.105253Z"},{"id":"87ad7f7e-ebec-53b8-a8ff-55aa8e5e3a96","name":"Github Capture Clipboard 2019","description":"Pearce, G. (, January). Retrieved August","url":"https://github.com/grepx/android-clipboard-security","source":"Mobile","title":"Github Capture Clipboard 2019","authors":"","date_accessed":"1978-08-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"17fd08f3-8365-5eab-b517-5497627ac9ec","created":"2026-01-28T13:08:10.045721Z","modified":"2026-01-28T13:08:10.045724Z"},{"id":"4a60fb46-06b7-44ea-a9f6-8d6fa81e9363","name":"GitHub Chisel","description":"jpillora. (n.d.). GitHub Chisel. Retrieved October 20, 2023.","url":"https://github.com/jpillora/chisel","source":"Tidal Cyber","title":"GitHub Chisel","authors":"jpillora","date_accessed":"2023-10-20T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"827386a5-0b23-519a-9b99-0e4d212796f3","created":"2023-10-20T15:14:17.605573Z","modified":"2023-10-20T15:14:17.710345Z"},{"id":"adcfb01a-5b77-4b94-b776-9ed6e947097f","name":"GitHub creaktive tsh","description":"creaktive. (n.d.). GitHub creaktive tsh. Retrieved January 31, 2025.","url":"https://github.com/creaktive/tsh","source":"Tidal Cyber","title":"GitHub creaktive tsh","authors":"creaktive","date_accessed":"2025-01-31T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"68b0344b-565c-5f54-8cc7-d3cf2a5853cb","created":"2025-02-03T21:08:21.482126Z","modified":"2025-02-03T21:08:21.843935Z"},{"id":"b7f4ca2e-c273-42c8-85c2-0975ed083ee8","name":"GitHub March 18 2010","description":"Curl. (2010, March 18). GitHub - curlcurl A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. libcurl offers a myriad of powerful features. Retrieved December 19, 2024.","url":"https://github.com/curl/curl","source":"Tidal Cyber","title":"GitHub - curlcurl A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. libcurl offers a myriad of powerful features","authors":"Curl","date_accessed":"2024-12-19T00:00:00Z","date_published":"2010-03-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"dcf5450f-53f4-51ed-8819-3ed6e5a79ee8","created":"2025-04-11T15:06:19.107927Z","modified":"2025-04-11T15:06:19.279923Z"},{"id":"b595af7e-ff84-49fa-8e07-cd2abe9e1d65","name":"GitHub cybershujin Threat-Actors-use-of-Artifical-Intelligence","description":"cybershujin. (n.d.). GitHub cybershujin Threat-Actors-use-of-Artifical-Intelligence. Retrieved September 9, 2024.","url":"https://github.com/cybershujin/Threat-Actors-use-of-Artifical-Intelligence","source":"Tidal Cyber","title":"GitHub cybershujin Threat-Actors-use-of-Artifical-Intelligence","authors":"cybershujin","date_accessed":"2024-09-09T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"a892e0cc-197e-521e-8136-5b27fa051376","created":"2024-10-18T13:25:12.983389Z","modified":"2024-10-18T13:25:13.565927Z"},{"id":"322e5d90-5095-47ea-b0e2-e7e5fb45fcca","name":"Github evilginx2","description":"Gretzky, Kuba. (2019, April 10). Retrieved October 8, 2019.","url":"https://github.com/kgretzky/evilginx2","source":"MITRE","title":"Github evilginx2","authors":"","date_accessed":"2019-10-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c69919d8-53e2-515a-8829-c0da54161ab3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425115Z"},{"id":"eea178f4-80bd-49d1-84b1-f80671e9a3e4","name":"GitHub evilginx2","description":"kgretzky. (n.d.). GitHub evilginx2. Retrieved December 14, 2023.","url":"https://github.com/kgretzky/evilginx2","source":"Tidal Cyber","title":"GitHub evilginx2","authors":"kgretzky","date_accessed":"2023-12-14T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"0710e9e9-8579-5da1-9908-0064269996f1","created":"2023-12-14T19:26:19.599606Z","modified":"2023-12-14T19:26:19.700725Z"},{"id":"7f0c0c86-c042-4a69-982a-c8c70ec1199c","name":"GitHub Flangvik SharpExfiltrate","description":"Flangvik. (n.d.). GitHub Flangvik SharpExfiltrate. Retrieved June 18, 2024.","url":"https://github.com/Flangvik/SharpExfiltrate","source":"Tidal Cyber","title":"GitHub Flangvik SharpExfiltrate","authors":"Flangvik","date_accessed":"2024-06-18T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"a4ff6c95-add9-598c-b6f4-a0729bd89eb5","created":"2024-06-24T14:58:40.202269Z","modified":"2024-06-24T14:58:40.408478Z"},{"id":"0245b28e-21a4-4da2-8f0d-064277dfcbbc","name":"GitHub December 29 2022","description":"Glotlabs. (2022, December 29). GitHub - glotlabsgdrive Google Drive CLI Client. Retrieved December 19, 2024.","url":"https://github.com/glotlabs/gdrive","source":"Tidal Cyber","title":"GitHub - glotlabsgdrive Google Drive CLI Client","authors":"Glotlabs","date_accessed":"2024-12-19T00:00:00Z","date_published":"2022-12-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8599b228-38ef-5cbe-ad71-5c373d185cf6","created":"2025-04-11T15:06:12.989557Z","modified":"2025-04-11T15:06:13.149217Z"},{"id":"4de5bd9d-ebb7-42b4-81d9-279433e86434","name":"GitHub October 23 2010","description":"Gorakhargosh. (2010, October 23). GitHub - gorakhargoshwatchdog Python library and shell utilities to monitor filesystem events.. Retrieved December 19, 2024.","url":"https://github.com/gorakhargosh/watchdog","source":"Tidal Cyber","title":"GitHub - gorakhargoshwatchdog Python library and shell utilities to monitor filesystem events.","authors":"Gorakhargosh","date_accessed":"2024-12-19T00:00:00Z","date_published":"2010-10-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bfe02ee5-6417-541c-bd87-15e3f3d31a0e","created":"2025-04-11T15:06:16.939750Z","modified":"2025-04-11T15:06:17.097853Z"},{"id":"3df976c0-a6c0-4620-b39e-801721c68798","name":"GitHub October 2 2012","description":"Gorilla. (2012, October 2). GitHub - gorillamux Package gorillamux is a powerful HTTP router and URL matcher for building Go web servers with 🦍. Retrieved December 19, 2024.","url":"https://github.com/gorilla/mux","source":"Tidal Cyber","title":"GitHub - gorillamux Package gorillamux is a powerful HTTP router and URL matcher for building Go web servers with 🦍","authors":"Gorilla","date_accessed":"2024-12-19T00:00:00Z","date_published":"2012-10-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5f0f3653-0efb-5b48-b2aa-ed1d80d41a68","created":"2025-04-11T15:06:06.928674Z","modified":"2025-04-11T15:06:07.332460Z"},{"id":"c34fdd72-13eb-484c-b65b-5c5a02f91683","name":"GitHub HavocFramework Havoc WIKI","description":"HavocFramework. (2023, September 28). GitHub HavocFramework Havoc WIKI. Retrieved March 24, 2025.","url":"https://github.com/HavocFramework/Havoc/blob/main/WIKI.MD","source":"Tidal Cyber","title":"GitHub HavocFramework Havoc WIKI","authors":"HavocFramework","date_accessed":"2025-03-24T00:00:00Z","date_published":"2023-09-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8f5da8ac-92ad-5cf7-8e30-147254eb1211","created":"2025-03-25T13:15:59.609947Z","modified":"2025-03-25T13:15:59.754666Z"},{"id":"d648632a-a0e0-4aa8-a747-a92c2eb9c14c","name":"GitHub October 1 2023","description":"Keowu. (2023, October 1). GitHub - keowuBadRentdrv2 A vulnerable driver exploited by me (BYOVD) that is capable of terminating several EDRs and antivirus software in the market, rendering them ineffective, working for both x32 and x64(CVE-2023-44976).. Retrieved December 19, 2024.","url":"https://github.com/keowu/BadRentdrv2/tree/main","source":"Tidal Cyber","title":"GitHub - keowuBadRentdrv2 A vulnerable driver exploited by me (BYOVD) that is capable of terminating several EDRs and antivirus software in the market, rendering them ineffective, working for both x32 and x64(CVE-2023-44976).","authors":"Keowu","date_accessed":"2024-12-19T00:00:00Z","date_published":"2023-10-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"47a74b1e-597e-5b80-a600-9b168e6ca81a","created":"2025-04-11T15:06:04.534298Z","modified":"2025-04-11T15:06:04.727111Z"},{"id":"533dd7b7-4a56-4198-8e0b-fdf3b7225271","name":"GitHub April 1 2018","description":"Kubo. (2018, April 1). GitHub - kuboinjector Library for injecting a shared library into a Linux or Windows process. Retrieved December 19, 2024.","url":"https://github.com/kubo/injector","source":"Tidal Cyber","title":"GitHub - kuboinjector Library for injecting a shared library into a Linux or Windows process","authors":"Kubo","date_accessed":"2024-12-19T00:00:00Z","date_published":"2018-04-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"14c3cf8b-b30b-5c6e-8dc0-1d913d8dd3e4","created":"2025-04-11T15:06:17.881416Z","modified":"2025-04-11T15:06:18.037330Z"},{"id":"206a4707-06c2-4ce3-924b-15b48261a1a6","name":"GitHub December 31 2022","description":"Ldpreload. (2022, December 31). GitHub - ldpreloadMedusa LD_PRELOAD Rootkit. Retrieved December 19, 2024.","url":"https://github.com/ldpreload/Medusa","source":"Tidal Cyber","title":"GitHub - ldpreloadMedusa LD_PRELOAD Rootkit","authors":"Ldpreload","date_accessed":"2024-12-19T00:00:00Z","date_published":"2022-12-31T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8c1eb256-47a8-5e26-a738-64c9d224d89a","created":"2025-04-11T15:06:07.668015Z","modified":"2025-04-11T15:06:07.829050Z"},{"id":"d0e66686-c7c8-4f5c-8194-794ebb3667d7","name":"GitHub September 12 2016","description":"Lonng. (2016, September 12). GitHub - lonngnex Aiming to simplify the construction of JSON API service. Retrieved December 19, 2024.","url":"https://github.com/lonng/nex","source":"Tidal Cyber","title":"GitHub - lonngnex Aiming to simplify the construction of JSON API service","authors":"Lonng","date_accessed":"2024-12-19T00:00:00Z","date_published":"2016-09-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"24c85dca-5b82-5994-814f-847f0f4b8345","created":"2025-04-11T15:06:24.122357Z","modified":"2025-04-11T15:06:24.290045Z"},{"id":"0a609b90-dbaf-47bc-a642-1d180ca56498","name":"GitHub Malleable C2","description":"Mudge, R. (2014, July 14). Github Malleable-C2-Profiles safebrowsing.profile. Retrieved June 18, 2017.","url":"https://github.com/rsmudge/Malleable-C2-Profiles/blob/master/normal/safebrowsing.profile","source":"MITRE","title":"Github Malleable-C2-Profiles safebrowsing.profile","authors":"Mudge, R","date_accessed":"2017-06-18T00:00:00Z","date_published":"2014-07-14T00:00:00Z","owner_name":null,"tidal_id":"6103f46c-b7fa-512e-9c5c-d79108675f3b","created":"2022-12-14T20:06:32.013016Z","modified":"2024-10-31T16:28:38.896019Z"},{"id":"fe54e066-d88d-4df4-af50-bc03e0683ae6","name":"GitHub November 27 2023","description":"MaorSabag. (2023, November 27). GitHub - MaorSabagTrueSightKiller CPP AVEDR Killer. Retrieved December 19, 2024.","url":"https://github.com/MaorSabag/TrueSightKiller","source":"Tidal Cyber","title":"GitHub - MaorSabagTrueSightKiller CPP AVEDR Killer","authors":"MaorSabag","date_accessed":"2024-12-19T00:00:00Z","date_published":"2023-11-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6c87b3d1-50fe-506f-bc98-11982cb03120","created":"2025-04-11T15:06:11.286294Z","modified":"2025-04-11T15:06:11.544957Z"},{"id":"7ae0b5c6-c9e5-4922-9e98-6483c81a8b42","name":"GitHub masscan","description":"robertdavidgraham. (n.d.). GitHub masscan. Retrieved March 13, 2024.","url":"https://github.com/robertdavidgraham/masscan","source":"Tidal Cyber","title":"GitHub masscan","authors":"robertdavidgraham","date_accessed":"2024-03-13T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"8aeece8a-e06c-5be9-bcd5-763e4a0db34d","created":"2024-04-04T20:38:52.840825Z","modified":"2024-04-04T20:38:52.998679Z"},{"id":"6e4d67f5-cca1-4298-b21c-d7511aa264ae","name":"GitHub meganz MEGAcmd","description":"meganz. (n.d.). GitHub meganz MEGAcmd. Retrieved June 18, 2024.","url":"https://github.com/meganz/MEGAcmd","source":"Tidal Cyber","title":"GitHub meganz MEGAcmd","authors":"meganz","date_accessed":"2024-06-18T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"3d36ce91-0e91-5b23-b95e-89bfe6d8ee7a","created":"2024-06-24T14:58:39.611051Z","modified":"2024-06-24T14:58:39.820405Z"},{"id":"6e59c47d-597c-4687-942f-9f1cf1db75d5","name":"GitHub meganz MEGAsync","description":"GitHub. (n.d.). GitHub - meganz/MEGAsync: Easy automated syncing between your computers and your MEGA Cloud Drive. Retrieved June 22, 2023.","url":"https://github.com/meganz/MEGAsync","source":"Tidal Cyber","title":"GitHub - meganz/MEGAsync: Easy automated syncing between your computers and your MEGA Cloud Drive","authors":"GitHub","date_accessed":"2023-06-22T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"87988ee1-974f-5801-a52f-49ae5e79825a","created":"2023-07-14T12:56:32.112317Z","modified":"2023-07-14T12:56:32.223958Z"},{"id":"8e849116-dda0-4c31-8a53-6dee8ce418df","name":"GitHub April 21 2016","description":"MisterDaneel. (2016, April 21). GitHub - MisterDaneelpysoxy A small Socks5 Proxy Server in Python. Retrieved December 19, 2024.","url":"https://github.com/MisterDaneel/pysoxy/tree/master","source":"Tidal Cyber","title":"GitHub - MisterDaneelpysoxy A small Socks5 Proxy Server in Python","authors":"MisterDaneel","date_accessed":"2024-12-19T00:00:00Z","date_published":"2016-04-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"18599c11-09df-5cc7-bfa0-fda8708d0270","created":"2025-04-11T15:06:12.361280Z","modified":"2025-04-11T15:06:12.526267Z"},{"id":"41a39814-0a09-4c6c-bb18-9fd4c01582d0","name":"GitHub mitre stockpile abilities","description":"mitre. (n.d.). GitHub mitre stockpile abilities. Retrieved March 24, 2025.","url":"https://github.com/mitre/stockpile/tree/master/data/abilities","source":"Tidal Cyber","title":"GitHub mitre stockpile abilities","authors":"mitre","date_accessed":"2025-03-24T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"7c56455d-8db4-5961-b59c-9f1fba5576ec","created":"2025-03-25T13:16:01.000427Z","modified":"2025-03-25T13:16:01.146864Z"},{"id":"e492b58f-60a9-5518-a941-472e0d974f9a","name":"Daveshell sRDI GitHub shell code loader","description":"Nick Landers (monoxgas). (2022, June 18). GitHub monoxgas sRDI (DAVESHELL). Retrieved October 1, 2025.","url":"https://github.com/monoxgas/sRDI","source":"MITRE","title":"GitHub monoxgas sRDI (DAVESHELL)","authors":"Nick Landers (monoxgas)","date_accessed":"2025-10-01T00:00:00Z","date_published":"2022-06-18T00:00:00Z","owner_name":null,"tidal_id":"c9a31d57-130a-5331-8f25-96c7158c9518","created":"2025-10-29T21:08:48.167866Z","modified":"2025-12-17T15:08:36.442496Z"},{"id":"afb66212-8cbb-4c5d-8a85-027275c5cb01","name":"GitHub April 23 2013","description":"Nuitka. (2013, April 23). GitHub - NuitkaNuitka Nuitka is a Python compiler written in Python. It's fully compatible with Python 2.6, 2.7, 3.4-3.13. You feed it your Python app, it does a lot of clever things, and spits out an executable or extension module.. Retrieved December 19, 2024.","url":"https://github.com/Nuitka/Nuitka","source":"Tidal Cyber","title":"GitHub - NuitkaNuitka Nuitka is a Python compiler written in Python. It's fully compatible with Python 2.6, 2.7, 3.4-3.13. You feed it your Python app, it does a lot of clever things, and spits out an executable or extension module.","authors":"Nuitka","date_accessed":"2024-12-19T00:00:00Z","date_published":"2013-04-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"19e3edf8-af56-5081-8858-012301705d28","created":"2025-04-11T15:06:09.162981Z","modified":"2025-04-11T15:06:09.472531Z"},{"id":"6747f2cf-61bd-4d26-9bc1-10ce7a8e3e39","name":"GitHub - NYAN-x-CAT/AsyncRAT-C-Sharp: Open-Source Remote Administration Tool For Windows C#","description":"GitHub. (n.d.). GitHub - NYAN-x-CAT/AsyncRAT-C-Sharp: Open-Source Remote Administration Tool For Windows C#. Retrieved May 7, 2023.","url":"https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp/","source":"Tidal Cyber","title":"GitHub - NYAN-x-CAT/AsyncRAT-C-Sharp: Open-Source Remote Administration Tool For Windows C#","authors":"GitHub","date_accessed":"2023-05-07T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"3e26a0cb-c653-5065-bb5b-2641f08cc54a","created":"2024-06-13T20:10:10.993591Z","modified":"2024-06-13T20:10:11.179170Z"},{"id":"16d0dd05-763a-4503-aa88-c8867d8f202d","name":"GitHub ohpe Juicy Potato","description":"ohpe. (n.d.). GitHub ohpe Juicy Potato. Retrieved August 28, 2023.","url":"https://github.com/ohpe/juicy-potato","source":"Tidal Cyber","title":"GitHub ohpe Juicy Potato","authors":"ohpe","date_accessed":"2023-08-28T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"cd62cf28-37c4-5ee1-98f2-2779670a741f","created":"2024-06-13T20:10:41.029494Z","modified":"2024-06-13T20:10:41.219165Z"},{"id":"ab375812-def9-4491-a69f-62755fb26910","name":"GitHub outflanknl Dumpert","description":"outflanknl. (n.d.). GitHub outflanknl Dumpert. Retrieved September 5, 2024.","url":"https://github.com/outflanknl/Dumpert","source":"Tidal Cyber","title":"GitHub outflanknl Dumpert","authors":"outflanknl","date_accessed":"2024-09-05T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"75dbdef1-2fc7-5f91-9a78-dc0f567f42b1","created":"2024-09-06T15:12:29.386478Z","modified":"2024-09-06T15:12:29.938904Z"},{"id":"b76d3ed0-e484-4ed1-aa6b-892a6f34e478","name":"code_persistence_zsh","description":"Leo Pitt. (2020, November 11). Github - PersistentJXA/BashProfilePersist.js. Retrieved January 11, 2021.","url":"https://github.com/D00MFist/PersistentJXA/blob/master/BashProfilePersist.js","source":"MITRE","title":"Github - PersistentJXA/BashProfilePersist.js","authors":"Leo Pitt","date_accessed":"2021-01-11T00:00:00Z","date_published":"2020-11-11T00:00:00Z","owner_name":null,"tidal_id":"bac4b195-d489-5bcb-a27e-793f5eac04ba","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433927Z"},{"id":"017ec673-454c-492a-a65b-10d3a20dfdab","name":"Github PowerShell Empire","description":"Schroeder, W., Warner, J., Nelson, M. (n.d.). Github PowerShellEmpire. Retrieved April 28, 2016.","url":"https://github.com/PowerShellEmpire/Empire","source":"MITRE","title":"Github PowerShellEmpire","authors":"Schroeder, W., Warner, J., Nelson, M","date_accessed":"2016-04-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"042558f8-7741-5032-9984-a6f0f46ffbf3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422877Z"},{"id":"69d5cb59-6545-4405-8ca6-733db99d3ee9","name":"GitHub Pupy","description":"Nicolas Verdier. (n.d.). Retrieved January 29, 2018.","url":"https://github.com/n1nj4sec/pupy","source":"MITRE","title":"GitHub Pupy","authors":"","date_accessed":"2018-01-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7869add5-d373-5b01-9ef9-8be95a559edd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423380Z"},{"id":"9bca14cc-1302-49b3-b905-cdf48dedc32b","name":"GitHub purple-team-attack-automation - Available Modules","description":"praetorian-inc. (n.d.). GitHub purple-team-attack-automation - Available Modules. Retrieved September 8, 2023.","url":"https://github.com/praetorian-inc/purple-team-attack-automation/wiki/Available-Modules","source":"Tidal Cyber","title":"GitHub purple-team-attack-automation - Available Modules","authors":"praetorian-inc","date_accessed":"2023-09-08T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"99f3e352-5c20-5f5b-8ac4-d6f46165fe82","created":"2024-06-13T20:10:41.777419Z","modified":"2024-06-13T20:10:41.968497Z"},{"id":"dcb30328-6aa4-461b-8333-451d6af4b384","name":"GitHub random_c2_profile","description":"threatexpress. (n.d.). GitHub random_c2_profile. Retrieved September 21, 2023.","url":"https://github.com/threatexpress/random_c2_profile","source":"Tidal Cyber","title":"GitHub random_c2_profile","authors":"threatexpress","date_accessed":"2023-09-21T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"77d8e620-d628-5917-9608-8c58ad5d8497","created":"2023-09-22T15:01:24.758626Z","modified":"2023-09-22T15:01:24.890232Z"},{"id":"d995f4b2-3262-4c37-855a-61aef7d7b8a8","name":"GitHub ransomware_map","description":"cert-orangecyberdefense. (n.d.). GitHub ransomware_map. Retrieved March 13, 2024.","url":"https://github.com/cert-orangecyberdefense/ransomware_map","source":"Tidal Cyber","title":"GitHub ransomware_map","authors":"cert-orangecyberdefense","date_accessed":"2024-03-13T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"dd1e4738-6597-584b-998e-4aa842e926b4","created":"2024-04-04T20:38:52.529156Z","modified":"2024-04-04T20:38:52.691222Z"},{"id":"1644457f-75d6-4064-a11b-9217249fa5e6","name":"GitHub rsockstun","description":"llkat. (n.d.). GitHub rsockstun. Retrieved December 14, 2023.","url":"https://github.com/llkat/rsockstun","source":"Tidal Cyber","title":"GitHub rsockstun","authors":"llkat","date_accessed":"2023-12-14T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"9f906600-15e8-55ce-bf93-2e983ef75e1c","created":"2023-12-14T19:26:19.222915Z","modified":"2023-12-14T19:26:19.319157Z"},{"id":"59d32d0e-dd45-4a3f-8b67-0cae6d8eabd9","name":"GitHub February 5 2021","description":"Sadshade. (2021, February 5). GitHub - sadshadeveeam-creds Collection of scripts to retrieve stored passwords from Veeam Backup. Retrieved December 19, 2024.","url":"https://github.com/sadshade/veeam-creds","source":"Tidal Cyber","title":"GitHub - sadshadeveeam-creds Collection of scripts to retrieve stored passwords from Veeam Backup","authors":"Sadshade","date_accessed":"2024-12-19T00:00:00Z","date_published":"2021-02-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"dda16d3b-a6ea-5034-aa51-5daebf9886d3","created":"2025-04-11T15:06:14.671329Z","modified":"2025-04-11T15:06:14.821748Z"},{"id":"c29a90a7-016f-49b7-a970-334290964f19","name":"GitHub secretsdump","description":"fortra. (n.d.). GitHub secretsdump. Retrieved November 16, 2023.","url":"https://github.com/fortra/impacket/blob/master/examples/secretsdump.py","source":"Tidal Cyber","title":"GitHub secretsdump","authors":"fortra","date_accessed":"2023-11-16T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"1563ac0f-ba8c-5314-8121-ff5a6c55b5c2","created":"2023-11-17T17:09:17.993055Z","modified":"2023-11-17T17:09:18.151166Z"},{"id":"077ab224-9406-4be7-8467-2a6da8dc786d","name":"GitHub securesocketfunneling ssf","description":"securesocketfunneling. (n.d.). GitHub securesocketfunneling ssf. Retrieved July 10, 2024.","url":"https://github.com/securesocketfunneling/ssf","source":"Tidal Cyber","title":"GitHub securesocketfunneling ssf","authors":"securesocketfunneling","date_accessed":"2024-07-10T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"8a161fe4-5c62-5fc5-a402-58fbef8f86b5","created":"2024-07-10T17:59:29.757240Z","modified":"2024-07-10T17:59:30.264070Z"},{"id":"ca1956a5-72f2-43ad-a17f-a52ca97bd84e","name":"GitHub SharpChromium","description":"djhohnstein. (n.d.). GitHub SharpChromium. Retrieved December 14, 2023.","url":"https://github.com/djhohnstein/SharpChromium","source":"Tidal Cyber","title":"GitHub SharpChromium","authors":"djhohnstein","date_accessed":"2023-12-14T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"79dbf926-e2bc-5132-80a3-e81b3b92f914","created":"2023-12-14T19:26:19.043617Z","modified":"2023-12-14T19:26:19.144266Z"},{"id":"e1c405b4-b591-4469-848c-7a7dd69151c0","name":"GitHub SharpHound","description":"BloodHoundAD. (n.d.). GitHub SharpHound. Retrieved March 7, 2024.","url":"https://github.com/BloodHoundAD/SharpHound","source":"Tidal Cyber","title":"GitHub SharpHound","authors":"BloodHoundAD","date_accessed":"2024-03-07T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"9112fe42-d5e5-536b-828b-11abfa01d082","created":"2024-03-07T21:00:46.517218Z","modified":"2024-03-07T21:00:46.692910Z"},{"id":"43a2e05d-4662-4a5c-9c99-3165f0d71169","name":"GitHub SharpRoast","description":"GhostPack. (n.d.). GitHub SharpRoast. Retrieved September 22, 2023.","url":"https://github.com/GhostPack/SharpRoast","source":"Tidal Cyber","title":"GitHub SharpRoast","authors":"GhostPack","date_accessed":"2023-09-22T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"84dd875f-27e4-52a2-9ec5-88cd14aefe9e","created":"2023-09-22T15:01:26.421652Z","modified":"2023-09-22T15:01:26.568903Z"},{"id":"45ee53e9-bda7-5945-9995-533278b3ddf1","name":"GitHub SigFlip opensource tool","description":"Mohamed El Azaar (med0x2e), TimWhite (timwhitez). (2023, August 28). GitHub SigFlip. Retrieved September 30, 2025.","url":"https://github.com/med0x2e/SigFlip","source":"MITRE","title":"GitHub SigFlip","authors":"Mohamed El Azaar (med0x2e), TimWhite (timwhitez)","date_accessed":"2025-09-30T00:00:00Z","date_published":"2023-08-28T00:00:00Z","owner_name":null,"tidal_id":"75b78916-910f-5d3f-965c-e9ebbdf3266a","created":"2025-10-29T21:08:48.167896Z","modified":"2025-12-17T15:08:36.442876Z"},{"id":"cff66280-c592-4e3c-a56c-32a9620cf95c","name":"GitHub SILENTTRINITY March 2022","description":"Salvati, M (2019, August 6). SILENTTRINITY. Retrieved March 23, 2022.","url":"https://github.com/byt3bl33d3r/SILENTTRINITY","source":"MITRE","title":"GitHub SILENTTRINITY March 2022","authors":"","date_accessed":"2022-03-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6ba13048-a730-57a4-ba3a-e40ec77f2e12","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422768Z"},{"id":"9053c578-6e60-4298-8636-03251f32725d","name":"GitHub SnaffCon Snaffler","description":"SnaffCon. (n.d.). GitHub SnaffCon Snaffler. Retrieved June 8, 2025.","url":"https://github.com/SnaffCon/Snaffler","source":"Tidal Cyber","title":"GitHub SnaffCon Snaffler","authors":"SnaffCon","date_accessed":"2025-06-08T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"dfa88a19-c69c-58d1-b097-9770e94fc3ec","created":"2025-06-10T15:50:17.508271Z","modified":"2025-06-10T15:50:17.704856Z"},{"id":"f9d28db2-499f-407c-94d2-652b9ed5f928","name":"GitHub SoftEtherVPN SoftEtherVPN_Stable","description":"SoftEtherVPN. (n.d.). GitHub SoftEtherVPN SoftEtherVPN_Stable. Retrieved August 28, 2023.","url":"https://github.com/SoftEtherVPN/SoftEtherVPN_Stable","source":"Tidal Cyber","title":"GitHub SoftEtherVPN SoftEtherVPN_Stable","authors":"SoftEtherVPN","date_accessed":"2023-08-28T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"54c523f7-2579-55f2-94ce-d1834f8334e7","created":"2024-06-13T20:10:41.405396Z","modified":"2024-06-13T20:10:41.589855Z"},{"id":"c2556bcf-9cc9-4f46-8a0f-8f8d801dfdbf","name":"GitHub Terminator","description":"ZeroMemoryEx. (n.d.). GitHub Terminator. Retrieved March 13, 2024.","url":"https://github.com/ZeroMemoryEx/Terminator","source":"Tidal Cyber","title":"GitHub Terminator","authors":"ZeroMemoryEx","date_accessed":"2024-03-13T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"6d838942-f933-5d0a-8da4-37576db7a607","created":"2024-04-04T20:38:53.301925Z","modified":"2024-04-04T20:38:53.471101Z"},{"id":"755cdfb1-f2ca-4da0-afc0-dc76e22bf394","name":"GitHub tonyseek rsocks","description":"tonyseek. (n.d.). GitHub tonyseek rsocks. Retrieved November 22, 2024.","url":"https://github.com/tonyseek/rsocks","source":"Tidal Cyber","title":"GitHub tonyseek rsocks","authors":"tonyseek","date_accessed":"2024-11-22T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"d0a69490-3b96-5830-a1ec-8bcc247e06cb","created":"2024-11-25T18:00:51.643333Z","modified":"2024-11-25T18:00:51.967402Z"},{"id":"1cb1ca95-772d-49b5-b7fc-5d4fb88fb399","name":"GitHub upx upx","description":"upx. (n.d.). GitHub upx upx. Retrieved November 22, 2024.","url":"https://github.com/upx/upx","source":"Tidal Cyber","title":"GitHub upx upx","authors":"upx","date_accessed":"2024-11-22T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"03398599-795a-5259-b9fa-747c70972455","created":"2024-11-25T18:00:50.287643Z","modified":"2024-11-25T18:00:50.671259Z"},{"id":"228dd3e1-1952-447c-a500-31663a2efe45","name":"GitHub wavestone-cdt EDRSandBlast","description":"wavestone-cdt. (n.d.). GitHub wavestone-cdt EDRSandBlast. Retrieved September 5, 2024.","url":"https://github.com/wavestone-cdt/EDRSandblast","source":"Tidal Cyber","title":"GitHub wavestone-cdt EDRSandBlast","authors":"wavestone-cdt","date_accessed":"2024-09-05T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"2fc24948-234a-5398-a08b-74290bdc59c9","created":"2024-09-06T15:12:28.423156Z","modified":"2024-09-06T15:12:29.045564Z"},{"id":"5e24d78d-35a2-4776-bebb-99c488a4c078","name":"GitHub September 30 2021","description":"Wzshiming. (2021, September 30). GitHub - wzshimingsshd SSH Server. Retrieved December 19, 2024.","url":"https://github.com/wzshiming/sshd","source":"Tidal Cyber","title":"GitHub - wzshimingsshd SSH Server","authors":"Wzshiming","date_accessed":"2024-12-19T00:00:00Z","date_published":"2021-09-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"28307a78-b059-5779-a027-70ea6ea49249","created":"2025-04-11T15:06:06.598338Z","modified":"2025-04-11T15:06:06.768260Z"},{"id":"bd2a5de0-f55f-4eeb-a11f-8ec1e9f2ae2b","name":"GitHub xmrig-proxy","description":"xmrig. (n.d.). GitHub xmrig-proxy. Retrieved October 25, 2023.","url":"https://github.com/xmrig/xmrig-proxy","source":"Tidal Cyber","title":"GitHub xmrig-proxy","authors":"xmrig","date_accessed":"2023-10-25T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"d52ff66b-98c8-5547-821e-650bec9cec86","created":"2023-10-26T14:24:05.421726Z","modified":"2023-10-26T14:24:05.552415Z"},{"id":"6383d9c4-487b-40b4-b2c4-82c616a4747b","name":"GitHub February 4 2012","description":"Yarrick. (2012, February 4). GitHub - yarrickiodine Official git repo for iodine dns tunnel. Retrieved December 19, 2024.","url":"https://github.com/yarrick/iodine","source":"Tidal Cyber","title":"GitHub - yarrickiodine Official git repo for iodine dns tunnel","authors":"Yarrick","date_accessed":"2024-12-19T00:00:00Z","date_published":"2012-02-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"46e34b8d-bd40-58fa-a647-12edc9f4376b","created":"2025-04-11T15:06:08.372445Z","modified":"2025-04-11T15:06:08.536881Z"},{"id":"1dee0842-15cc-4835-b8a8-938e0c94807b","name":"GitHub Gitrob","description":"Michael Henriksen. (2018, June 9). Gitrob: Putting the Open Source in OSINT. Retrieved October 19, 2020.","url":"https://github.com/michenriksen/gitrob","source":"MITRE","title":"Gitrob: Putting the Open Source in OSINT","authors":"Michael Henriksen","date_accessed":"2020-10-19T00:00:00Z","date_published":"2018-06-09T00:00:00Z","owner_name":null,"tidal_id":"9980966d-dcc6-55ea-ab22-3a29c0ba51ce","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429541Z"},{"id":"61819211-7260-53c1-833e-eac36f209b0c","name":"Palo Alto Unit 42 North Korean IT Workers 2024","description":"Evan Gordenker. (2024, November 13). Global Companies Are Unknowingly Paying North Koreans: Here’s How to Catch Them. Retrieved March 26, 2025.","url":"https://unit42.paloaltonetworks.com/north-korean-it-workers/","source":"MITRE","title":"Global Companies Are Unknowingly Paying North Koreans: Here’s How to Catch Them","authors":"Evan Gordenker","date_accessed":"2025-03-26T00:00:00Z","date_published":"2024-11-13T00:00:00Z","owner_name":null,"tidal_id":"4ec36658-58dc-537c-a3eb-1fb6f3c58bf9","created":"2025-04-22T20:47:17.957883Z","modified":"2025-12-17T15:08:36.433377Z"},{"id":"2c696e90-11eb-4196-9946-b5c4c11ccddc","name":"FireEye DNS Hijack 2019","description":"Hirani, M., Jones, S., Read, B. (2019, January 10). Global DNS Hijacking Campaign: DNS Record Manipulation at Scale. Retrieved October 9, 2020.","url":"https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html","source":"MITRE","title":"Global DNS Hijacking Campaign: DNS Record Manipulation at Scale","authors":"Hirani, M., Jones, S., Read, B","date_accessed":"2020-10-09T00:00:00Z","date_published":"2019-01-10T00:00:00Z","owner_name":null,"tidal_id":"b10a8223-b1bb-5604-8137-b010ab474418","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431711Z"},{"id":"242d2933-ca2b-4511-803a-454727a3acc5","name":"McAfee Night Dragon","description":"McAfee® Foundstone® Professional Services and McAfee Labs™. (2011, February 10). Global Energy Cyberattacks: “Night Dragon”. Retrieved February 19, 2018.","url":"https://scadahacker.com/library/Documents/Cyber_Events/McAfee%20-%20Night%20Dragon%20-%20Global%20Energy%20Cyberattacks.pdf","source":"MITRE","title":"Global Energy Cyberattacks: “Night Dragon”","authors":"McAfee® Foundstone® Professional Services and McAfee Labs™","date_accessed":"2018-02-19T00:00:00Z","date_published":"2011-02-10T00:00:00Z","owner_name":null,"tidal_id":"a9d6beaa-94b0-5f26-a6f2-1cd2f2072789","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418687Z"},{"id":"f43e9881-4919-4ccc-b2ed-929d7838b2b4","name":"GMER Rootkits","description":"GMER. (n.d.). GMER. Retrieved December 12, 2017.","url":"http://www.gmer.net/","source":"MITRE","title":"GMER","authors":"GMER","date_accessed":"2017-12-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a50e827b-450d-5844-a466-2b5ca892d6b6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430612Z"},{"id":"8f494ff3-b02b-470b-a57d-d2275989f541","name":"Gnome Remote Desktop grd-settings","description":"Pascal Nowack. (n.d.). Retrieved September 21, 2021.","url":"https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/blob/9aa9181e/src/grd-settings.c#L207","source":"MITRE","title":"Gnome Remote Desktop grd-settings","authors":"","date_accessed":"2021-09-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"dd5962b8-a0f6-5753-ad7b-810df8ba281f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423729Z"},{"id":"c7c749d5-b1b0-4a0f-8d14-eef47cfa1279","name":"Gnome Remote Desktop gschema","description":"Pascal Nowack. (n.d.). Retrieved September 21, 2021.","url":"https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/blob/9aa9181e/src/org.gnome.desktop.remote-desktop.gschema.xml.in","source":"MITRE","title":"Gnome Remote Desktop gschema","authors":"","date_accessed":"2021-09-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a3f9e3f5-46ea-5316-a5e5-d52797fe1052","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423734Z"},{"id":"25f52172-293e-4b23-9239-201a0ddbcdf1","name":"MITRE Trustworthy Firmware Measurement","description":"Upham, K. (2014, March). Going Deep into the BIOS with MITRE Firmware Security Research. Retrieved January 5, 2016.","url":"http://www.mitre.org/publications/project-stories/going-deep-into-the-bios-with-mitre-firmware-security-research","source":"MITRE","title":"Going Deep into the BIOS with MITRE Firmware Security Research","authors":"Upham, K","date_accessed":"2016-01-05T00:00:00Z","date_published":"2014-03-01T00:00:00Z","owner_name":null,"tidal_id":"aa002c9c-29a1-5786-9cd5-4b7f7ca7401b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425438Z"},{"id":"b6b27fa9-488c-5b6d-8e12-fe8371846cd3","name":"Secureworks Gold Blackburn Mar 2022","description":"Secureworks Counter Threat Unit. (2022, March 1). Gold Blackburn Threat Profile. Retrieved June 15, 2023.","url":"https://www.secureworks.com/research/threat-profiles/gold-blackburn","source":"MITRE","title":"Gold Blackburn Threat Profile","authors":"Secureworks Counter Threat Unit","date_accessed":"2023-06-15T00:00:00Z","date_published":"2022-03-01T00:00:00Z","owner_name":null,"tidal_id":"229389c5-c842-595c-b972-4c11f7a321c6","created":"2023-11-07T00:36:14.050591Z","modified":"2025-12-17T15:08:36.437337Z"},{"id":"778babec-e7d3-4341-9e33-aab361f2b98a","name":"Secureworks GOLD CABIN","description":"Secureworks. (n.d.). GOLD CABIN Threat Profile. Retrieved March 17, 2021.","url":"https://www.secureworks.com/research/threat-profiles/gold-cabin","source":"MITRE, Tidal Cyber","title":"GOLD CABIN Threat Profile","authors":"Secureworks","date_accessed":"2021-03-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ffa18807-2ddc-5532-80ce-082a4559558c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279849Z"},{"id":"4bdfa92b-cbbd-43e6-aa3e-422561ff8d7a","name":"McAfee Gold Dragon","description":"Sherstobitoff, R., Saavedra-Morales, J. (2018, February 02). Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems. Retrieved June 6, 2018.","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/","source":"MITRE","title":"Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems","authors":"Sherstobitoff, R., Saavedra-Morales, J","date_accessed":"2018-06-06T00:00:00Z","date_published":"2018-02-02T00:00:00Z","owner_name":null,"tidal_id":"85a4a589-22be-5dd2-9676-fce6f1dec9f0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417449Z"},{"id":"39021382-296d-4be7-b504-452e14a443c9","name":"Secureworks June 1 2017","description":"Secureworks. (2017, June 1). GOLD DUPONT. Retrieved December 12, 2024.","url":"https://www.secureworks.com/research/threat-profiles/gold-dupont","source":"Tidal Cyber","title":"GOLD DUPONT","authors":"Secureworks","date_accessed":"2024-12-12T00:00:00Z","date_published":"2017-06-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"52216688-95a0-5844-888b-dc09c767addf","created":"2025-04-11T15:05:55.543529Z","modified":"2025-04-11T15:05:55.738359Z"},{"id":"48d60fc2-6b8f-5f1f-bc41-eee9dccac5a5","name":"Symantec GoldenCup","description":"R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October","url":"https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans","source":"Mobile","title":"GoldenCup: New Cyber Threat Targeting World Cup Fans","authors":"R. Iarchy, E. Rynkowski","date_accessed":"1978-10-01T00:00:00Z","date_published":"2018-07-05T00:00:00Z","owner_name":null,"tidal_id":"dec31b42-2154-573c-bd72-c167a296622b","created":"2026-01-28T13:08:10.042186Z","modified":"2026-01-28T13:08:10.042189Z"},{"id":"58083370-8126-47d3-827c-1910ed3f4b2a","name":"Cyberark Golden SAML","description":"Reiner, S. (2017, November 21). Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps. Retrieved December 17, 2020.","url":"https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps","source":"MITRE","title":"Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps","authors":"Reiner, S","date_accessed":"2020-12-17T00:00:00Z","date_published":"2017-11-21T00:00:00Z","owner_name":null,"tidal_id":"dbd3fc77-37f0-5e5f-9705-7e31f68be59f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426076Z"},{"id":"5031e82e-66e8-4ae0-be47-53daa87ddf94","name":"Trustwave GoldenSpy2 June 2020","description":"Trustwave SpiderLabs. (2020, June 26). GoldenSpy: Chapter Two – The Uninstaller. Retrieved July 23, 2020.","url":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-two-the-uninstaller/","source":"MITRE","title":"GoldenSpy: Chapter Two – The Uninstaller","authors":"Trustwave SpiderLabs","date_accessed":"2020-07-23T00:00:00Z","date_published":"2020-06-26T00:00:00Z","owner_name":null,"tidal_id":"5c517bde-c448-5c73-b0ee-05451c1a51c0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442306Z"},{"id":"e723e7b3-496f-5ab4-abaf-83859e7e912d","name":"Secureworks GOLD IONIC April 2024","description":"Counter Threat Unit Research Team. (2024, April 15). GOLD IONIC DEPLOYS INC RANSOMWARE. Retrieved June 5, 2024.","url":"https://www.secureworks.com/blog/gold-ionic-deploys-inc-ransomware","source":"MITRE","title":"GOLD IONIC DEPLOYS INC RANSOMWARE","authors":"Counter Threat Unit Research Team","date_accessed":"2024-06-05T00:00:00Z","date_published":"2024-04-15T00:00:00Z","owner_name":null,"tidal_id":"50710607-1fa5-57dd-bfc2-7a0d25d55bc6","created":"2024-10-31T16:28:31.368146Z","modified":"2025-12-17T15:08:36.422368Z"},{"id":"36035bbb-1609-4461-be27-ef4a920b814c","name":"Secureworks GOLD KINGSWOOD Threat Profile","description":"Secureworks. (n.d.). GOLD KINGSWOOD. Retrieved October 18, 2021.","url":"https://www.secureworks.com/research/threat-profiles/gold-kingswood?filter=item-financial-gain","source":"MITRE","title":"GOLD KINGSWOOD","authors":"Secureworks","date_accessed":"2021-10-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c6f8c4eb-e50d-5324-80e3-8134d6c89073","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439509Z"},{"id":"8688a0a9-d644-4b96-81bb-031f1f898652","name":"MSTIC NOBELIUM Mar 2021","description":"Nafisi, R., Lelli, A. (2021, March 4). GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence. Retrieved March 8, 2021.","url":"https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/","source":"MITRE","title":"GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence","authors":"Nafisi, R., Lelli, A","date_accessed":"2021-03-08T00:00:00Z","date_published":"2021-03-04T00:00:00Z","owner_name":null,"tidal_id":"a3a2a266-e45a-54c8-8123-98147bfb1500","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418962Z"},{"id":"b11276cb-f6dd-4e91-90cd-9c287fb3e6b1","name":"Secureworks GOLD NIAGARA Threat Profile","description":"CTU. (n.d.). GOLD NIAGARA. Retrieved September 21, 2021.","url":"https://www.secureworks.com/research/threat-profiles/gold-niagara","source":"MITRE","title":"GOLD NIAGARA","authors":"CTU","date_accessed":"2021-09-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"afce1d9b-1096-586d-bc42-32275e5f3138","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437389Z"},{"id":"b16ae37d-5244-5c1e-92a9-e494b5a9ef49","name":"Secureworks Gold Prelude Profile","description":"Secureworks. (n.d.). GOLD PRELUDE . Retrieved March 22, 2024.","url":"https://www.secureworks.com/research/threat-profiles/gold-prelude","source":"MITRE","title":"GOLD PRELUDE","authors":"Secureworks","date_accessed":"2024-03-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"da57d6c3-f2c5-5da6-96b9-30809272aebb","created":"2024-04-25T13:28:43.270875Z","modified":"2025-12-17T15:08:36.418819Z"},{"id":"3abb7995-4a62-56a6-9492-942965edf0a0","name":"Secureworks GOLD SAHARA","description":"Secureworks. (n.d.). GOLD SAHARA. Retrieved February 20, 2024.","url":"https://www.secureworks.com/research/threat-profiles/gold-sahara","source":"MITRE","title":"GOLD SAHARA","authors":"Secureworks","date_accessed":"2024-02-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7a0ecc56-5abf-58d1-a847-496f1596a02f","created":"2024-04-25T13:28:44.360907Z","modified":"2025-12-17T15:08:36.438506Z"},{"id":"1037dd5b-a209-4ea6-9a97-ac80c0f35ca3","name":"None December 11 2025","description":"None Identified. (2025, December 11). GOLD SALEM tradecraft for deploying Warlock ransomware | SOPHOS. Retrieved December 24, 2025.","url":"https://www.sophos.com/en-us/blog/gold-salem-tradecraft-for-deploying-warlock-ransomware","source":"Tidal Cyber","title":"GOLD SALEM tradecraft for deploying Warlock ransomware | SOPHOS","authors":"None Identified","date_accessed":"2025-12-24T12:00:00Z","date_published":"2025-12-11T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"230aa950-de53-5815-a359-954d2c6e5a0a","created":"2025-12-29T17:39:47.952958Z","modified":"2025-12-29T17:39:48.163369Z"},{"id":"01d1ffaa-16b3-41c4-bb5a-afe2b41f1142","name":"Secureworks GOLD SOUTHFIELD","description":"Secureworks. (n.d.). GOLD SOUTHFIELD. Retrieved October 6, 2020.","url":"https://www.secureworks.com/research/threat-profiles/gold-southfield","source":"MITRE","title":"GOLD SOUTHFIELD","authors":"Secureworks","date_accessed":"2020-10-06T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"17fd5028-a5a1-5994-bad8-91918824704b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439412Z"},{"id":"ed461683-cc69-4d15-bcc9-eeb61058ff4d","name":"Secureworks GOLD SWATHMORE","description":"Secureworks GOLD SWATHMORE. (n.d.). GOLD SWATHMORE. Retrieved March 22, 2025.","url":"https://www.secureworks.com/research/threat-profiles/gold-swathmore","source":"Tidal Cyber","title":"GOLD SWATHMORE","authors":"Secureworks GOLD SWATHMORE","date_accessed":"2025-03-22T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"70282ec6-af42-5d95-9ba5-46790f880af3","created":"2025-03-25T13:15:58.237696Z","modified":"2025-03-25T13:15:58.385834Z"},{"id":"70c87a07-38eb-53d2-8b63-013eb3ce62c8","name":"Google Chrome Remote Desktop","description":"Google. (n.d.). Retrieved March 14, 2024.","url":"https://support.google.com/chrome/answer/1649523","source":"MITRE","title":"Google Chrome Remote Desktop","authors":"","date_accessed":"2024-03-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4197494c-2458-5a29-9e32-a8f86cd85fea","created":"2024-04-25T13:28:33.368433Z","modified":"2025-12-17T15:08:36.428407Z"},{"id":"67f2719e-74fd-4bc1-9eeb-07d3095a5191","name":"Google Cloud Identity API Documentation","description":"Google. (n.d.). Retrieved March 16, 2021.","url":"https://cloud.google.com/identity/docs/reference/rest","source":"MITRE","title":"Google Cloud Identity API Documentation","authors":"","date_accessed":"2021-03-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6f3343a3-3218-558f-9c15-7bba0c96035e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425500Z"},{"id":"d956e1f6-37ca-4352-b275-84c174888b88","name":"GCPBucketBrute","description":"Spencer Gietzen. (2019, February 26). Google Cloud Platform (GCP) Bucket Enumeration and Privilege Escalation. Retrieved March 4, 2022.","url":"https://rhinosecuritylabs.com/gcp/google-cloud-platform-gcp-bucket-enumeration/","source":"MITRE","title":"Google Cloud Platform (GCP) Bucket Enumeration and Privilege Escalation","authors":"Spencer Gietzen","date_accessed":"2022-03-04T00:00:00Z","date_published":"2019-02-26T00:00:00Z","owner_name":null,"tidal_id":"2c972861-4a7b-57cd-9780-6b392a9e75f0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434114Z"},{"id":"29714b88-a1ff-4684-a3b0-35c3a2c78947","name":"ExploitDB GoogleHacking","description":"Offensive Security. (n.d.). Google Hacking Database. Retrieved October 23, 2020.","url":"https://www.exploit-db.com/google-hacking-database","source":"MITRE","title":"Google Hacking Database","authors":"Offensive Security","date_accessed":"2020-10-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9a922a4b-f1ab-5a7b-aba9-6e9b7356bba3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431026Z"},{"id":"20f88785-65a1-5c36-9e17-f7bef1c8fc14","name":"Trend Micro Anubis","description":"K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January","url":"https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html","source":"Mobile","title":"Google Play Apps Drop Anubis, Use Motion-based Evasion","authors":"K. Sun","date_accessed":"1978-01-01T00:00:00Z","date_published":"2019-01-17T00:00:00Z","owner_name":null,"tidal_id":"0a4b751c-d2ba-5eac-99fd-9e4d8420503a","created":"2026-01-28T13:08:10.047171Z","modified":"2026-01-28T13:08:10.047174Z"},{"id":"c7007fa4-bc07-59aa-820e-ffeea1486ed6","name":"Freejacked","description":"Clark, Michael. (2023, August 14). Google’s Vertex AI Platform Gets Freejacked. Retrieved February 28, 2024.","url":"https://sysdig.com/blog/googles-vertex-ai-platform-freejacked/","source":"MITRE","title":"Google’s Vertex AI Platform Gets Freejacked","authors":"Clark, Michael","date_accessed":"2024-02-28T00:00:00Z","date_published":"2023-08-14T00:00:00Z","owner_name":null,"tidal_id":"449afe0c-99a4-5ea3-98db-d80b9246ffb0","created":"2024-04-25T13:28:35.294372Z","modified":"2025-12-17T15:08:36.430199Z"},{"id":"5104f0ea-1fb6-4260-a9b6-95922b3a8e5b","name":"Google Workspace Global Access List","description":"Google. (n.d.). Retrieved March 16, 2021.","url":"https://support.google.com/a/answer/166870?hl=en","source":"MITRE","title":"Google Workspace Global Access List","authors":"","date_accessed":"2021-03-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b77b8758-07b6-56c6-a9bf-ee0fedc90713","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429127Z"},{"id":"1f837b2d-6b45-57ed-8d34-a78ce88cb998","name":"OWN-CERT Google App Script 2024","description":"L'Hutereau Arnaud. (n.d.). Google Workspace Malicious App Script analysis. Retrieved October 2, 2024.","url":"https://www.own.security/ressources/blog/google-workspace-malicious-app-script-analysis","source":"MITRE","title":"Google Workspace Malicious App Script analysis","authors":"L'Hutereau Arnaud","date_accessed":"2024-10-02T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"85595cc3-56b0-51b5-ab96-23079d967237","created":"2024-10-31T16:28:26.773285Z","modified":"2025-12-17T15:08:36.435942Z"},{"id":"903861d2-cd45-4bda-bc70-2a44c6d49aa6","name":"Trend Micro January 09 2023","description":"Trend Micro. (2023, January 9). Gootkit Loader Actively Targets Australian Healthcare Industry. Retrieved May 7, 2023.","url":"https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html","source":"Tidal Cyber","title":"Gootkit Loader Actively Targets Australian Healthcare Industry","authors":"Trend Micro","date_accessed":"2023-05-07T00:00:00Z","date_published":"2023-01-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7ce94969-7842-581b-beb0-3a7e8adbba02","created":"2024-06-13T20:10:18.020117Z","modified":"2024-06-13T20:10:18.220884Z"},{"id":"63357292-0f08-4405-a45a-34b606ab7110","name":"Sophos Gootloader","description":"Szappanos, G. & Brandt, A. (2021, March 1). “Gootloader” expands its payload delivery options. Retrieved September 30, 2022.","url":"https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/","source":"MITRE","title":"“Gootloader” expands its payload delivery options","authors":"Szappanos, G. & Brandt, A","date_accessed":"2022-09-30T00:00:00Z","date_published":"2021-03-01T00:00:00Z","owner_name":null,"tidal_id":"1e68dc38-6885-5c31-9d3b-7bbdceb7156d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417871Z"},{"id":"8512c5fd-2ddc-5de4-bb7d-8012402efbb5","name":"SentinelOne Gootloader June 2021","description":"Pirozzi, A. (2021, June 16). Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets. Retrieved May 28, 2024.","url":"https://www.sentinelone.com/labs/gootloader-initial-access-as-a-service-platform-expands-its-search-for-high-value-targets/","source":"MITRE","title":"Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets","authors":"Pirozzi, A","date_accessed":"2024-05-28T00:00:00Z","date_published":"2021-06-16T00:00:00Z","owner_name":null,"tidal_id":"d5407715-9898-59f7-b957-4b809a843acb","created":"2024-10-31T16:28:32.618853Z","modified":"2025-12-17T15:08:36.417864Z"},{"id":"1ab5b9c2-4e91-420f-9a27-661588d0bd71","name":"SentinelLabs Gootloader June 2021","description":"Antonio Pirozzi. (2021, June 16). Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets. Retrieved May 7, 2023.","url":"https://www.sentinelone.com/labs/gootloader-initial-access-as-a-service-platform-expands-its-search-for-high-value-targets/","source":"Tidal Cyber","title":"Gootloader: ‘Initial Access as a Service’ Platform Expands Its Search for High Value Targets","authors":"Antonio Pirozzi","date_accessed":"2023-05-07T00:00:00Z","date_published":"2021-06-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"45717fde-8e53-5e25-bcd6-1ca6605fa0c0","created":"2024-06-13T20:10:18.795544Z","modified":"2024-06-13T20:10:18.987046Z"},{"id":"098bf58f-3868-4892-bb4d-c78ce8817a02","name":"Cybereason Gootloader February 2023","description":"Loïc Castel, Jakes Jansen, Nitin Grover. (2023, February 14). GootLoader - SEO Poisoning and Large Payloads Leading to Compromise. Retrieved May 18, 2023.","url":"https://www.cybereason.com/hubfs/Research-Reports/THREAT%20ALERT%20GootLoader%20-%20Large%20payload%20leading%20to%20compromise%20(BLOG)%20-%20v2.1.pdf","source":"Tidal Cyber","title":"GootLoader - SEO Poisoning and Large Payloads Leading to Compromise","authors":"Loïc Castel, Jakes Jansen, Nitin Grover","date_accessed":"2023-05-18T00:00:00Z","date_published":"2023-02-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"15736fc1-2616-5318-b0e2-6dd512617918","created":"2024-06-13T20:10:28.034149Z","modified":"2024-06-13T20:10:28.218305Z"},{"id":"89cb0d2d-3043-43c4-8c19-64e1a5029ced","name":"Huntress November 05 2025","description":"Anna Pham. (2025, November 5). Gootloader | Threat Detection Overview | Huntress. Retrieved November 7, 2025.","url":"https://www.huntress.com/blog/gootloader-threat-detection-woff2-obfuscation","source":"Tidal Cyber","title":"Gootloader | Threat Detection Overview | Huntress","authors":"Anna Pham","date_accessed":"2025-11-07T12:00:00Z","date_published":"2025-11-05T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b7c3633b-83fa-5b4b-b666-4e3d9617dc31","created":"2025-11-11T13:25:41.283433Z","modified":"2025-11-11T13:25:41.434553Z"},{"id":"f1a13cad-b77e-4c38-925c-038a4fcec8d3","name":"GoTo Resolve","description":"GoTo. (n.d.). GoTo Resolve. Retrieved October 11, 2024.","url":"https://www.goto.com/it-management/resolve","source":"Tidal Cyber","title":"GoTo Resolve","authors":"GoTo","date_accessed":"2024-10-11T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"6240afe7-a3c9-5e3a-b1c7-96adfa2fa99c","created":"2024-10-14T19:18:52.129222Z","modified":"2024-10-14T19:18:52.323432Z"},{"id":"1482155f-e70d-434c-ade0-23543a4124fe","name":"SentinelOne 1 16 2023","description":"Jim Walter. (2023, January 16). Gotta Catch 'Em All . Retrieved January 1, 2024.","url":"https://www.sentinelone.com/blog/gotta-catch-em-all-understanding-the-netsupport-rat-campaigns-hiding-behind-pokemon-lures/","source":"Tidal Cyber","title":"Gotta Catch 'Em All","authors":"Jim Walter","date_accessed":"2024-01-01T00:00:00Z","date_published":"2023-01-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"cd03f9e1-5be5-5f86-9637-fe5d808cf26a","created":"2024-06-13T20:11:03.431952Z","modified":"2024-06-13T20:11:03.627505Z"},{"id":"b65442ca-18ca-42e0-8be0-7c2b66c26d02","name":"Unit 42 CARROTBAT January 2020","description":"McCabe, A. (2020, January 23). The Fractured Statue Campaign: U.S. Government Agency Targeted in Spear-Phishing Attacks. Retrieved June 2, 2020.","url":"https://unit42.paloaltonetworks.com/the-fractured-statue-campaign-u-s-government-targeted-in-spear-phishing-attacks/","source":"MITRE","title":"Government Agency Targeted in Spear-Phishing Attacks","authors":"McCabe, A. (2020, January 23)","date_accessed":"2020-06-02T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c7a01029-3310-56f1-9f43-6f315b71ea97","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417205Z"},{"id":"77624549-e170-5894-9219-a15b4aa31726","name":"Secureworks BRONZE SILHOUETTE May 2023","description":"Counter Threat Unit Research Team. (2023, May 24). Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations. Retrieved July 27, 2023.","url":"https://www.secureworks.com/blog/chinese-cyberespionage-group-bronze-silhouette-targets-us-government-and-defense-organizations","source":"MITRE","title":"Government and Defense Organizations","authors":"Counter Threat Unit Research Team. (2023, May 24)","date_accessed":"2023-07-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"cd556adb-574f-5ae4-8d03-4044cb4a4e06","created":"2023-11-07T00:36:11.300934Z","modified":"2025-12-17T15:08:36.438020Z"},{"id":"6e8fb629-4bb8-4557-9d42-385060be598f","name":"Google TAG CVE-2023-38831 October 18 2023","description":"Kate Morgan. (2023, October 18). Government-backed actors exploiting WinRAR vulnerability. Retrieved July 10, 2024.","url":"https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/","source":"Tidal Cyber","title":"Government-backed actors exploiting WinRAR vulnerability","authors":"Kate Morgan","date_accessed":"2024-07-10T00:00:00Z","date_published":"2023-10-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"46361d12-5da4-580c-9156-1c4b22d66954","created":"2024-07-10T17:59:28.239670Z","modified":"2024-07-10T17:59:28.880536Z"},{"id":"009ac8a4-7e2b-543e-82aa-ce3cc9f0c35e","name":"Google_WinRAR_vuln_2023","description":"Morgan, K. (2023, October 18). Government-backed actors exploiting WinRAR vulnerability. Retrieved July 19, 2024.","url":"https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/","source":"MITRE","title":"Government-backed actors exploiting WinRAR vulnerability","authors":"Morgan, K","date_accessed":"2024-07-19T00:00:00Z","date_published":"2023-10-18T00:00:00Z","owner_name":null,"tidal_id":"4a6b7335-65f1-5507-8ecf-bfc9347fb84e","created":"2024-10-31T16:28:37.195196Z","modified":"2025-12-17T15:08:36.441698Z"},{"id":"55cf0ced-0de3-5af8-b3e6-3c33bb445593","name":"DOJ KVBotnet 2024","description":"US Department of Justice. (2024, January 31). U.S. Government Disrupts Botnet People’s Republic of China Used to Conceal Hacking of Critical Infrastructure. Retrieved June 10, 2024.","url":"https://www.justice.gov/opa/pr/us-government-disrupts-botnet-peoples-republic-china-used-conceal-hacking-critical","source":"MITRE","title":"Government Disrupts Botnet People’s Republic of China Used to Conceal Hacking of Critical Infrastructure","authors":"US Department of Justice. (2024, January 31)","date_accessed":"2024-06-10T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"12a90165-4b71-5743-8e17-08dd8d2f37e9","created":"2024-10-31T16:28:27.758315Z","modified":"2025-12-17T15:08:36.439548Z"},{"id":"c88150b1-8c0a-4fc5-b5b7-11e242af1c43","name":"FireEye HAWKBALL Jun 2019","description":"Patil, S. and Williams, M.. (2019, June 5). Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities. Retrieved June 20, 2019.","url":"https://www.fireeye.com/blog/threat-research/2019/06/government-in-central-asia-targeted-with-hawkball-backdoor.html","source":"MITRE","title":"Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities","authors":"Patil, S. and Williams, M.","date_accessed":"2019-06-20T00:00:00Z","date_published":"2019-06-05T00:00:00Z","owner_name":null,"tidal_id":"2a0ed7cc-f1d4-505b-9a40-0c79590b093b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417052Z"},{"id":"c7bc4b25-2043-4f43-8320-590f82d0e09a","name":"CISA AA20-296A Berserk Bear December 2020","description":"CISA. (2020, December 1). Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets. Retrieved December 9, 2021.","url":"https://www.cisa.gov/uscert/ncas/alerts/aa20-296a#revisions","source":"MITRE, Tidal Cyber","title":"Government Targets","authors":"CISA. (2020, December 1)","date_accessed":"2021-12-09T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1f03f3c5-c487-59f2-8345-e923583da15a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.277913Z"},{"id":"bfbee350-3c64-5fb9-8b2f-333a234b25da","name":"Talos GPlayed","description":"V. Ventura. (2018, October 11). GPlayed Trojan - .Net playing with Google Market . Retrieved November","url":"https://blog.talosintelligence.com/2018/10/gplayedtrojan.html","source":"Mobile","title":"GPlayed Trojan - .Net playing with Google Market","authors":"V. Ventura","date_accessed":"1978-11-01T00:00:00Z","date_published":"2018-10-11T00:00:00Z","owner_name":null,"tidal_id":"a250ba97-2665-5a81-8b62-0c323961ef12","created":"2026-01-28T13:08:10.041476Z","modified":"2026-01-28T13:08:10.041482Z"},{"id":"54351cf9-8d2a-47fb-92d5-fe64b628ab06","name":"Obscuresecurity Get-GPPPassword","description":"Campbell, C. (2012, May 24). GPP Password Retrieval with PowerShell. Retrieved April 11, 2018.","url":"https://obscuresecurity.blogspot.co.uk/2012/05/gpp-password-retrieval-with-powershell.html","source":"MITRE","title":"GPP Password Retrieval with PowerShell","authors":"Campbell, C","date_accessed":"2018-04-11T00:00:00Z","date_published":"2012-05-24T00:00:00Z","owner_name":null,"tidal_id":"0035165d-f1fb-5ecf-8c86-ee8605bfcb70","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432497Z"},{"id":"88af38e8-e437-4153-80af-a1be8c6a8629","name":"Microsoft gpresult","description":"Microsoft. (2017, October 16). gpresult. Retrieved August 6, 2021.","url":"https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/gpresult","source":"MITRE","title":"gpresult","authors":"Microsoft","date_accessed":"2021-08-06T00:00:00Z","date_published":"2017-10-16T00:00:00Z","owner_name":null,"tidal_id":"410cd720-91c0-59d4-b207-fe02b6e75aad","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425791Z"},{"id":"619f57d9-d93b-4e9b-aae0-6ce89d91deb6","name":"Gpscript.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Gpscript.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Gpscript/","source":"Tidal Cyber","title":"Gpscript.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"dc59c54e-b505-5091-b442-96e5a0909f2f","created":"2024-01-12T14:46:44.016405Z","modified":"2024-01-12T14:46:44.203165Z"},{"id":"d6270492-986b-4fb6-bdbc-2e364947847c","name":"ESET Grandoreiro April 2020","description":"ESET. (2020, April 28). Grandoreiro: How engorged can an EXE get?. Retrieved November 13, 2020.","url":"https://www.welivesecurity.com/2020/04/28/grandoreiro-how-engorged-can-exe-get/","source":"MITRE","title":"Grandoreiro: How engorged can an EXE get?","authors":"ESET","date_accessed":"2020-11-13T00:00:00Z","date_published":"2020-04-28T00:00:00Z","owner_name":null,"tidal_id":"7f2905ae-e270-5746-b2d6-3e132542e2b7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420539Z"},{"id":"a2d4bca5-d57d-4a77-95c6-409f90115e2f","name":"IBM Grandoreiro April 2020","description":"Abramov, D. (2020, April 13). Grandoreiro Malware Now Targeting Banks in Spain. Retrieved November 12, 2020.","url":"https://securityintelligence.com/posts/grandoreiro-malware-now-targeting-banks-in-spain/","source":"MITRE","title":"Grandoreiro Malware Now Targeting Banks in Spain","authors":"Abramov, D","date_accessed":"2020-11-12T00:00:00Z","date_published":"2020-04-13T00:00:00Z","owner_name":null,"tidal_id":"ffbc7020-b24f-525d-be27-5b522293b59d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440222Z"},{"id":"ec648a9b-025a-52a0-a98a-7ba04388d52e","name":"Guardian Grand Theft Auto Leak 2022","description":"Keza MacDonald, Keith Stuart and Alex Hern. (2022, September 19). Grand Theft Auto 6 leak: who hacked Rockstar and what was stolen?. Retrieved August 30, 2024.","url":"https://www.theguardian.com/games/2022/sep/19/grand-theft-auto-6-leak-who-hacked-rockstar-and-what-was-stolen","source":"MITRE","title":"Grand Theft Auto 6 leak: who hacked Rockstar and what was stolen?","authors":"Keza MacDonald, Keith Stuart and Alex Hern","date_accessed":"2024-08-30T00:00:00Z","date_published":"2022-09-19T00:00:00Z","owner_name":null,"tidal_id":"1aa66695-1b92-50b3-876d-311070ceb473","created":"2024-10-31T16:28:27.518094Z","modified":"2025-12-17T15:08:36.436733Z"},{"id":"01e0c198-dd59-5dd1-b632-73cb316eafe0","name":"AWS PassRole","description":"AWS. (n.d.). Granting a user permissions to pass a role to an AWS service. Retrieved July 10, 2023.","url":"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html","source":"MITRE","title":"Granting a user permissions to pass a role to an AWS service","authors":"AWS","date_accessed":"2023-07-10T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"274e595a-6386-56fa-95b5-f342a1cd37cf","created":"2023-11-07T00:36:04.337795Z","modified":"2025-12-17T15:08:36.431039Z"},{"id":"9031357f-04ac-5c07-a59d-97b9e32edf79","name":"Microsoft Azure Storage Shared Access Signature","description":"Microsoft. (2023, June 7). Grant limited access to Azure Storage resources using shared access signatures (SAS). Retrieved March 4, 2024.","url":"https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview","source":"MITRE","title":"Grant limited access to Azure Storage resources using shared access signatures (SAS)","authors":"Microsoft","date_accessed":"2024-03-04T00:00:00Z","date_published":"2023-06-07T00:00:00Z","owner_name":null,"tidal_id":"1d2bbf4f-5696-56a3-b5be-7d40e0db5a0e","created":"2024-04-25T13:28:40.184007Z","modified":"2025-12-17T15:08:36.435160Z"},{"id":"b9733af4-ffb4-416e-884e-d51649aecbce","name":"CopyFromScreen .NET","description":"Microsoft. (n.d.). Graphics.CopyFromScreen Method. Retrieved March 24, 2020.","url":"https://docs.microsoft.com/en-us/dotnet/api/system.drawing.graphics.copyfromscreen?view=netframework-4.8","source":"MITRE","title":"Graphics.CopyFromScreen Method","authors":"Microsoft","date_accessed":"2020-03-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d2b03dd3-0795-54e5-9caa-9dd2207ad297","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423810Z"},{"id":"2d7a1d72-cc9a-4b0b-a89a-e24ca836879b","name":"Talos GravityRAT","description":"Mercer, W., Rascagneres, P. (2018, April 26). GravityRAT - The Two-Year Evolution Of An APT Targeting India. Retrieved May 16, 2018.","url":"https://blog.talosintelligence.com/2018/04/gravityrat-two-year-evolution-of-apt.html","source":"MITRE","title":"GravityRAT - The Two-Year Evolution Of An APT Targeting India","authors":"Mercer, W., Rascagneres, P","date_accessed":"2018-05-16T00:00:00Z","date_published":"2018-04-26T00:00:00Z","owner_name":null,"tidal_id":"51c44714-9198-5276-8520-d7c52dd89b49","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417226Z"},{"id":"ea47bb34-cf65-4abe-ae24-a51fad15154e","name":"None December 09 2025","description":"Insikt Group®. (2025, December 9). GrayBravo’s CastleLoader Activity Clusters Target Multiple Industries. Retrieved December 15, 2025.","url":"https://www.recordedfuture.com/research/graybravos-castleloader-activity-clusters-target-multiple-industries","source":"Tidal Cyber","title":"GrayBravo’s CastleLoader Activity Clusters Target Multiple Industries","authors":"Insikt Group®","date_accessed":"2025-12-15T12:00:00Z","date_published":"2025-12-09T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"83d225a3-70ae-5d61-8b29-79e31fc77217","created":"2025-12-17T14:17:42.981336Z","modified":"2025-12-17T14:17:43.122894Z"},{"id":"430bad8d-b4cd-4c4d-bbfe-568e99d0d9b1","name":"BroadcomSW October 10 2023","description":"Threat Hunter Team Symantec. (2023, October 10). Grayling Previously Unseen Threat Actor Targets Multiple Organizations in Taiwan. Retrieved March 24, 2025.","url":"https://www.security.com/threat-intelligence/grayling-taiwan-cyber-attacks","source":"Tidal Cyber","title":"Grayling Previously Unseen Threat Actor Targets Multiple Organizations in Taiwan","authors":"Threat Hunter Team Symantec","date_accessed":"2025-03-24T00:00:00Z","date_published":"2023-10-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"924969bb-4db5-5897-968d-dc68cd86c86b","created":"2025-03-25T13:16:01.694704Z","modified":"2025-03-25T13:16:01.833103Z"},{"id":"02ee8297-60e8-42bf-8791-2461ebc29207","name":"FireEye PowerShell Logging","description":"Dunwoody, M. (2016, February 11). Greater Visibility Through PowerShell Logging. Retrieved September 28, 2021.","url":"https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html","source":"MITRE","title":"Greater Visibility Through PowerShell Logging","authors":"Dunwoody, M","date_accessed":"2021-09-28T00:00:00Z","date_published":"2016-02-11T00:00:00Z","owner_name":null,"tidal_id":"7b3e7650-c21f-5fdd-9abf-3aa122b5caf9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437029Z"},{"id":"eb1e9dc7-b935-42ae-bbde-d2fdda5953db","name":"FireEye PowerShell Logging 2016","description":"Dunwoody, M. (2016, February 11). GREATER VISIBILITY THROUGH POWERSHELL LOGGING. Retrieved February 16, 2016.","url":"https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html","source":"MITRE","title":"GREATER VISIBILITY THROUGH POWERSHELL LOGGING","authors":"Dunwoody, M","date_accessed":"2016-02-16T00:00:00Z","date_published":"2016-02-11T00:00:00Z","owner_name":null,"tidal_id":"a219587d-976b-558d-8301-982a3f249056","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432822Z"},{"id":"f22d033c-4474-4bd7-b194-c7a4d9819a2b","name":"Glitch-Cat Green Lambert ATTCK Oct 2021","description":"Sandvik, Runa. (2021, October 18). Green Lambert and ATT&CK. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20211018145402/https://www.glitch-cat.com/blog/green-lambert-and-attack","source":"MITRE","title":"Green Lambert and ATT&CK","authors":"Sandvik, Runa","date_accessed":"2024-11-17T00:00:00Z","date_published":"2021-10-18T00:00:00Z","owner_name":null,"tidal_id":"6324947f-f71f-5ed5-afda-65a75daa639f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440581Z"},{"id":"3b09696a-1345-4283-a59b-e9a13124ef59","name":"GreenMwizi - Kenyan scamming campaign using Twitter bots","description":"blog.bushidotoken.net. (n.d.). GreenMwizi - Kenyan scamming campaign using Twitter bots. Retrieved May 7, 2023.","url":"https://blog.bushidotoken.net/2023/05/greenmwizi-kenyan-scamming-campaign.html","source":"Tidal Cyber","title":"GreenMwizi - Kenyan scamming campaign using Twitter bots","authors":"blog.bushidotoken.net","date_accessed":"2023-05-07T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"63e77223-4e16-587c-9991-0e67f07976da","created":"2024-06-13T20:10:09.593051Z","modified":"2024-06-13T20:10:09.787841Z"},{"id":"7e2233de-af50-4659-90f6-36007ea2a3dc","name":"Man7.org December 29 2019","description":"Man7.org. (2019, December 29). grep — Linux manual page. Retrieved December 19, 2024.","url":"https://man7.org/linux/man-pages/man1/grep.1.html","source":"Tidal Cyber","title":"grep — Linux manual page","authors":"Man7.org","date_accessed":"2024-12-19T00:00:00Z","date_published":"2019-12-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bad36dbd-3451-5dae-8556-bf8215941eab","created":"2025-04-11T15:06:13.661005Z","modified":"2025-04-11T15:06:13.819743Z"},{"id":"f3e70f41-6c22-465c-b872-a7ec5e6a3e67","name":"ESET GreyEnergy Oct 2018","description":"Cherepanov, A. (2018, October). GREYENERGY A successor to BlackEnergy. Retrieved November 15, 2018.","url":"https://www.welivesecurity.com/wp-content/uploads/2018/10/ESET_GreyEnergy.pdf","source":"MITRE","title":"GREYENERGY A successor to BlackEnergy","authors":"Cherepanov, A","date_accessed":"2018-11-15T00:00:00Z","date_published":"2018-10-01T00:00:00Z","owner_name":null,"tidal_id":"c74bb34f-8ce5-5818-9314-453df18ea56b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417637Z"},{"id":"1f7416d3-806f-4ef7-a759-074ec040027b","name":"elastic.co June 22 2024","description":"Joe Desimone. (2024, June 22). GrimResource - Microsoft Management Console for initial access and evasion — Elastic Security Labs. Retrieved June 25, 2024.","url":"https://www.elastic.co/security-labs/grimresource","source":"Tidal Cyber","title":"GrimResource - Microsoft Management Console for initial access and evasion — Elastic Security Labs","authors":"Joe Desimone","date_accessed":"2024-06-25T00:00:00Z","date_published":"2024-06-22T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9fadbecc-c03c-51fd-aa1e-b98e3f6b53c9","created":"2024-11-15T17:28:55.710003Z","modified":"2024-11-15T17:28:55.958764Z"},{"id":"60b7e565-683b-4775-bd93-e5487e9f8991","name":"GuidePoint Security Akira Malicious Drivers August 5 2025","description":"Jason Baker. (2025, August 5). GRITREP Observed Malicious Driver Use Associated with Akira SonicWall Campaign. Retrieved August 11, 2025.","url":"https://www.guidepointsecurity.com/blog/gritrep-akira-sonicwall/","source":"Tidal Cyber","title":"GRITREP Observed Malicious Driver Use Associated with Akira SonicWall Campaign","authors":"Jason Baker","date_accessed":"2025-08-11T12:00:00Z","date_published":"2025-08-05T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bb5f3ca5-708b-535b-89f5-45135ffd93ca","created":"2025-08-14T15:16:00.517316Z","modified":"2025-08-14T15:16:00.679491Z"},{"id":"4b26d274-497f-49bc-a2a5-b93856a49893","name":"GRIZZLY STEPPE JAR","description":"Department of Homeland Security and Federal Bureau of Investigation. (2016, December 29). GRIZZLY STEPPE – Russian Malicious Cyber Activity. Retrieved January 11, 2017.","url":"https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf","source":"MITRE","title":"GRIZZLY STEPPE – Russian Malicious Cyber Activity","authors":"Department of Homeland Security and Federal Bureau of Investigation","date_accessed":"2017-01-11T00:00:00Z","date_published":"2016-12-29T00:00:00Z","owner_name":null,"tidal_id":"b1c811ce-3cd0-54ff-8806-667a2bb02576","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437924Z"},{"id":"ffbec5e8-947a-4363-b7e1-812dfd79935a","name":"Citizen Lab Group5","description":"Scott-Railton, J., et al. (2016, August 2). Group5: Syria and the Iranian Connection. Retrieved September 26, 2016.","url":"https://citizenlab.ca/2016/08/group5-syria/","source":"MITRE, Tidal Cyber","title":"Group5: Syria and the Iranian Connection","authors":"Scott-Railton, J., et al","date_accessed":"2016-09-26T00:00:00Z","date_published":"2016-08-02T00:00:00Z","owner_name":null,"tidal_id":"5a6beebf-af72-5ea2-8633-96d6c47161f1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279486Z"},{"id":"2df546ed-6577-44b2-9b26-0a17c3622df7","name":"Group-IB Threat Intelligence Tweet October 9 2023","description":"GroupIB_TI. (2023, October 9). Group-IB Threat Intelligence Tweet October 9 2023. Retrieved October 10, 2023.","url":"https://twitter.com/GroupIB_TI/status/1711234869060358562","source":"Tidal Cyber","title":"Group-IB Threat Intelligence Tweet October 9 2023","authors":"GroupIB_TI","date_accessed":"2023-10-10T00:00:00Z","date_published":"2023-10-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"95bf8de4-128d-53d4-b49c-569b0553dedf","created":"2023-10-10T20:48:43.001231Z","modified":"2023-10-10T20:48:43.132475Z"},{"id":"aba6f2ed-a710-594c-9415-59fb5b5f795d","name":"Group IB Gustuff Mar 2019","description":"Group-IB. (2019, March 28). Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications. Retrieved September","url":"https://www.group-ib.com/blog/gustuff","source":"Mobile","title":"Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications","authors":"Group-IB","date_accessed":"1978-09-01T00:00:00Z","date_published":"2019-03-28T00:00:00Z","owner_name":null,"tidal_id":"514d3eb9-6c56-5ecd-a33c-5f58c7a1dc4f","created":"2026-01-28T13:08:10.043672Z","modified":"2026-01-28T13:08:10.043675Z"},{"id":"9b9c8c6c-c272-424e-a594-a34b7bf62477","name":"TechNet Group Policy Basics","description":"srachui. (2012, February 13). Group Policy Basics – Part 1: Understanding the Structure of a Group Policy Object. Retrieved March 5, 2019.","url":"https://blogs.technet.microsoft.com/musings_of_a_technical_tam/2012/02/13/group-policy-basics-part-1-understanding-the-structure-of-a-group-policy-object/","source":"MITRE","title":"Group Policy Basics – Part 1: Understanding the Structure of a Group Policy Object","authors":"srachui","date_accessed":"2019-03-05T00:00:00Z","date_published":"2012-02-13T00:00:00Z","owner_name":null,"tidal_id":"7a063e37-45e2-587a-91fb-dd7a93b0e62e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425798Z"},{"id":"fa3beaf1-81e7-411b-849a-24cffaf7c552","name":"Microsoft GPP 2016","description":"Microsoft. (2016, August 31). Group Policy Preferences. Retrieved March 9, 2020.","url":"https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn581922(v%3Dws.11)","source":"MITRE","title":"Group Policy Preferences","authors":"Microsoft","date_accessed":"2020-03-09T00:00:00Z","date_published":"2016-08-31T00:00:00Z","owner_name":null,"tidal_id":"df89c89f-92a4-56bd-a4a9-474b97b865f0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432502Z"},{"id":"3d3c9756-4700-5db3-b8bc-8d2958df6a42","name":"groups man page","description":"MacKenzie, D. and Youngman, J. (n.d.). groups(1) - Linux man page. Retrieved January 11, 2024.","url":"https://linux.die.net/man/1/groups","source":"MITRE","title":"groups(1) - Linux man page","authors":"MacKenzie, D. and Youngman, J","date_accessed":"2024-01-11T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"cafb25ff-7822-51c9-8264-3a629d79e6b0","created":"2024-04-25T13:28:31.588986Z","modified":"2025-12-17T15:08:36.426412Z"},{"id":"cba14230-13bc-47ad-8f3f-d798217657bd","name":"Venafi SSH Key Abuse","description":"Blachman, Y. (2020, April 22). Growing Abuse of SSH Keys: Commodity Malware Campaigns Now Equipped with SSH Capabilities. Retrieved June 24, 2020.","url":"https://www.venafi.com/blog/growing-abuse-ssh-keys-commodity-malware-campaigns-now-equipped-ssh-capabilities","source":"MITRE","title":"Growing Abuse of SSH Keys: Commodity Malware Campaigns Now Equipped with SSH Capabilities","authors":"Blachman, Y","date_accessed":"2020-06-24T00:00:00Z","date_published":"2020-04-22T00:00:00Z","owner_name":null,"tidal_id":"1a97bc7c-0c48-5563-83e3-5a0761c7367e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430859Z"},{"id":"8a7abfa0-97e8-4cac-9d76-c886e9666a16","name":"Wikibooks Grsecurity","description":"Wikibooks. (2018, August 19). Grsecurity/The RBAC System. Retrieved June 4, 2020.","url":"https://en.wikibooks.org/wiki/Grsecurity/The_RBAC_System","source":"MITRE","title":"Grsecurity/The RBAC System","authors":"Wikibooks","date_accessed":"2020-06-04T00:00:00Z","date_published":"2018-08-19T00:00:00Z","owner_name":null,"tidal_id":"5099e0cd-a98f-5675-aa3e-089e9188d40a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442630Z"},{"id":"90c72e6f-a758-41d3-905c-68f6507d046f","name":"www.recordedfuture.com January 09 2026","description":"Insikt Group®. (2026, January 9). GRU-Linked BlueDelta Evolves Credential Harvesting. Retrieved January 12, 2026.","url":"https://www.recordedfuture.com/research/gru-linked-bluedelta-evolves-credential-harvesting","source":"Tidal Cyber","title":"GRU-Linked BlueDelta Evolves Credential Harvesting","authors":"Insikt Group®","date_accessed":"2026-01-12T12:00:00Z","date_published":"2026-01-09T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"104129d7-67cf-5a63-b643-f0340bf93975","created":"2026-01-23T20:29:34.633650Z","modified":"2026-01-23T20:29:34.766049Z"},{"id":"fb8ee1dd-bf96-4d28-9d9f-807cc351190b","name":"Www.recordedfuture.com January 09 2026","description":"Insikt Group®. (2026, January 9). GRU-Linked BlueDelta Evolves Credential Harvesting. Retrieved January 12, 2026.","url":"https://www.recordedfuture.com/research/gru-linked-bluedelta-evolves-credential-harvesting","source":"Tidal Cyber","title":"GRU-Linked BlueDelta Evolves Credential Harvesting","authors":"Insikt Group®","date_accessed":"2026-01-12T12:00:00Z","date_published":"2026-01-09T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d8acc0ab-991e-5e18-846a-6a011d64b692","created":"2026-01-14T13:29:42.996384Z","modified":"2026-01-14T13:29:43.175589Z"},{"id":"ba1d07ed-2e18-4f5f-9d44-082530946f14","name":"TrueSec Gsecdump","description":"TrueSec. (n.d.). gsecdump v2.0b5. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20140328102838/https://www.truesec.se/sakerhet/verktyg/saakerhet/gsecdump_v2.0b5","source":"MITRE","title":"gsecdump v2.0b5","authors":"TrueSec","date_accessed":"2024-11-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c9553a5c-96d0-5673-9563-c7064160a0ee","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423238Z"},{"id":"0b7d8e81-da8e-4f6a-a1b7-4ed81e441b4d","name":"GTFOBins Suid","description":"Emilio Pinna, Andrea Cardaci. (n.d.). GTFOBins. Retrieved January 28, 2022.","url":"https://gtfobins.github.io/#+suid","source":"MITRE","title":"GTFOBins","authors":"Emilio Pinna, Andrea Cardaci","date_accessed":"2022-01-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c99c8f84-cafe-5b96-816e-d5269756cfd9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430682Z"},{"id":"3fad6618-5a85-4f7a-be2b-0600269d7768","name":"GTFObins at","description":"Emilio Pinna, Andrea Cardaci. (n.d.). gtfobins at. Retrieved September 28, 2021.","url":"https://gtfobins.github.io/gtfobins/at/","source":"MITRE","title":"gtfobins at","authors":"Emilio Pinna, Andrea Cardaci","date_accessed":"2021-09-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"432bbd2d-59c6-55df-a388-9110741a61bd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430517Z"},{"id":"249f1a90-d6ed-503c-998c-a9d1650509d2","name":"AWS GuardDuty EC2 finding types","description":"AWS. (n.d.). GuardDuty EC2 finding types. Retrieved September 25, 2024.","url":"https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html","source":"MITRE","title":"GuardDuty EC2 finding types","authors":"AWS","date_accessed":"2024-09-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"0d52c3fb-1efd-5468-a2cb-99002fc3ebe2","created":"2024-10-31T16:28:36.508361Z","modified":"2025-04-22T20:47:30.751848Z"},{"id":"215a79b4-c25b-5b09-912a-6b68914bb1ba","name":"AWS GuardDuty IAM finding types","description":"AWS. (n.d.). GuardDuty IAM finding types. Retrieved September 24, 2024.","url":"https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-iam.html","source":"MITRE","title":"GuardDuty IAM finding types","authors":"AWS","date_accessed":"2024-09-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4b9e2739-bb59-5418-a8d3-bb820ce73a94","created":"2024-10-31T16:28:38.044063Z","modified":"2025-04-22T20:47:32.392272Z"},{"id":"4c6101f0-25d9-5ed1-98a2-a0c468e3ff1a","name":"AWS GuardDuty RDS Protection","description":"AWS. (n.d.). GuardDuty RDS Protection. Retrieved September 24, 2024.","url":"https://docs.aws.amazon.com/guardduty/latest/ug/rds-protection.html","source":"MITRE","title":"GuardDuty RDS Protection","authors":"AWS","date_accessed":"2024-09-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8b05ecd9-0759-5aa1-92fc-6c9d2fbc3f0d","created":"2024-10-31T16:28:35.483085Z","modified":"2025-04-22T20:47:29.652790Z"},{"id":"4a435edb-18ae-4c31-beff-2b8f2e6cad34","name":"Fortinet Moses Staff February 15 2022","description":"Rotem Sde-Or. (2022, February 15). Guard Your Drive from DriveGuard: Moses Staff Campaigns Against Israeli Organizations Span Several Months. Retrieved October 23, 2023.","url":"https://www.fortinet.com/blog/threat-research/guard-your-drive-from-driveguard","source":"Tidal Cyber","title":"Guard Your Drive from DriveGuard: Moses Staff Campaigns Against Israeli Organizations Span Several Months","authors":"Rotem Sde-Or","date_accessed":"2023-10-23T00:00:00Z","date_published":"2022-02-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c3c17221-930c-5b01-830b-264b6f5fb0ff","created":"2023-10-26T14:24:04.370435Z","modified":"2023-10-26T14:24:04.816964Z"},{"id":"251fb3db-d60d-5c43-9277-b30a3c4bb898","name":"Microsoft Security","description":"Microsoft Incident Response. (2023, April 11). Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign. Retrieved February 12, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2023/04/11/guidance-for-investigating-attacks-using-cve-2022-21894-the-blacklotus-campaign/","source":"MITRE","title":"Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign","authors":"Microsoft Incident Response","date_accessed":"2025-02-12T00:00:00Z","date_published":"2023-04-11T00:00:00Z","owner_name":null,"tidal_id":"f52e7c45-d968-5cc0-8a84-dfa417dfaefc","created":"2025-04-22T20:47:10.582597Z","modified":"2025-12-17T15:08:36.425812Z"},{"id":"456ed22f-0de1-5ee4-bb8a-29e3baedc7b1","name":"Microsoft Log4j Vulnerability Exploitation December 2021","description":"Microsoft Threat Intelligence. (2021, December 11). Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability. Retrieved December 7, 2023.","url":"https://www.microsoft.com/en-us/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/","source":"MITRE","title":"Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability","authors":"Microsoft Threat Intelligence","date_accessed":"2023-12-07T00:00:00Z","date_published":"2021-12-11T00:00:00Z","owner_name":null,"tidal_id":"a3b3499d-3337-5778-a643-8f0fb88f84ff","created":"2024-04-25T13:28:52.293347Z","modified":"2025-12-17T15:08:36.441730Z"},{"id":"4ca3d540-da66-5e91-b968-5a548051219c","name":"Guidance - NIST SP800-82","description":"Keith Stouffer. (2015, May). Guide to Industrial Control Systems (ICS) Security. Retrieved March","url":"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf","source":"ICS","title":"Guide to Industrial Control Systems (ICS) Security","authors":"Keith Stouffer","date_accessed":"1978-03-01T00:00:00Z","date_published":"2015-05-01T00:00:00Z","owner_name":null,"tidal_id":"477d7f5b-9cd1-5ebf-aa00-1ccfd9858b4f","created":"2026-01-28T13:08:18.177204Z","modified":"2026-01-28T13:08:18.177208Z"},{"id":"127d22a1-fc2d-5560-a883-c27fa3b5d379","name":"NIST-SP800187","description":"Jeffrey Cichonski, Joshua M Franklin, Michael Bartock. (2017, December). Guide to LTE Security. Retrieved January","url":"http://csrc.nist.gov/publications/drafts/800-187/sp800_187_draft.pdf","source":"Mobile","title":"Guide to LTE Security","authors":"Jeffrey Cichonski, Joshua M Franklin, Michael Bartock","date_accessed":"1978-01-01T00:00:00Z","date_published":"2017-12-01T00:00:00Z","owner_name":null,"tidal_id":"31a6e84e-8ab6-55d4-9203-bf6705e61b52","created":"2026-01-28T13:08:10.045895Z","modified":"2026-01-28T13:08:10.045900Z"},{"id":"b42f119d-144a-470a-b9fe-ccbf80a78fbb","name":"Unit 42 NETWIRE April 2020","description":"Duncan, B. (2020, April 3). GuLoader: Malspam Campaign Installing NetWire RAT. Retrieved January 7, 2021.","url":"https://unit42.paloaltonetworks.com/guloader-installing-netwire-rat/","source":"MITRE","title":"GuLoader: Malspam Campaign Installing NetWire RAT","authors":"Duncan, B","date_accessed":"2021-01-07T00:00:00Z","date_published":"2020-04-03T00:00:00Z","owner_name":null,"tidal_id":"f8ca5793-ddc8-572e-b1cc-c386b679c5bd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418108Z"},{"id":"3a04cc8c-f814-4ce7-bb13-d1097f3da270","name":"ASEC January 08 2026","description":"ATCP. (2026, January 8). Guloader Malware Being Disguised as Employee Performance Reports - ASEC. Retrieved January 12, 2026.","url":"https://asec.ahnlab.com/en/91825/","source":"Tidal Cyber","title":"Guloader Malware Being Disguised as Employee Performance Reports - ASEC","authors":"ATCP","date_accessed":"2026-01-12T12:00:00Z","date_published":"2026-01-08T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1e768652-44d2-5651-b953-f38a78d469d4","created":"2026-01-14T13:29:44.823313Z","modified":"2026-01-14T13:29:45.003352Z"},{"id":"f73d99ae-5281-5622-8d49-eb2d34e99637","name":"Gummy Browsers: Targeted Browser Spoofing against State-of-the-Art Fingerprinting Techniques","description":"Zengrui Liu, Prakash Shrestha, and Nitesh Saxena. (2021, October 19). Retrieved September 22, 2025.","url":"https://arxiv.org/pdf/2110.10129","source":"MITRE","title":"Gummy Browsers: Targeted Browser Spoofing against State-of-the-Art Fingerprinting Techniques","authors":"","date_accessed":"2025-09-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6a23177c-fdb8-5980-9f36-423f6bbe5f28","created":"2025-10-29T21:08:48.166225Z","modified":"2025-12-17T15:08:36.433467Z"},{"id":"f3dc2d29-76e2-5fae-84d5-38a181ece841","name":"Talos Gustuff Apr 2019","description":"Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September","url":"https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html","source":"Mobile","title":"Gustuff banking botnet targets Australia","authors":"Vitor Ventura","date_accessed":"1978-09-01T00:00:00Z","date_published":"2019-04-09T00:00:00Z","owner_name":null,"tidal_id":"12efd08d-49a8-5a62-ab4a-6c1ce2c1fc7d","created":"2026-01-28T13:08:10.042490Z","modified":"2026-01-28T13:08:10.042493Z"},{"id":"32569f13-e383-576c-813c-52490450464d","name":"Cloud Hack Tricks GWS Apps Script","description":"HackTricks Cloud. (n.d.). GWS - App Scripts. Retrieved July 1, 2024.","url":"https://cloud.hacktricks.xyz/pentesting-cloud/workspace-security/gws-google-platforms-phishing/gws-app-scripts","source":"MITRE","title":"GWS - App Scripts","authors":"HackTricks Cloud","date_accessed":"2024-07-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"69a30d30-da73-54ab-b471-90ae2e14052b","created":"2024-10-31T16:28:26.766262Z","modified":"2025-12-17T15:08:36.435935Z"},{"id":"b00adb4c-7033-4f41-ba3a-87a2e9ac5cc6","name":"gzip Homepage","description":"gzip. (n.d.). gzip Homepage. Retrieved December 19, 2024.","url":"https://www.gzip.org/","source":"Tidal Cyber","title":"gzip Homepage","authors":"gzip","date_accessed":"2024-12-19T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"23c1bee9-c6ef-5b73-88ed-1b7dc7a7d983","created":"2025-04-11T15:06:26.947432Z","modified":"2025-04-11T15:06:27.116710Z"},{"id":"3f66ef62-ac0d-4ece-9a4b-917ae70f1617","name":"H0lyGh0st - North Korean Threat Group Strikes Back With New Ransomware","description":"www.picussecurity.com. (n.d.). H0lyGh0st - North Korean Threat Group Strikes Back With New Ransomware. Retrieved May 19, 2023.","url":"https://www.picussecurity.com/resource/h0lygh0st-north-korean-threat-group-strikes-back-with-new-ransomware","source":"Tidal Cyber","title":"H0lyGh0st - North Korean Threat Group Strikes Back With New Ransomware","authors":"www.picussecurity.com","date_accessed":"2023-05-19T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"fb584749-c735-585c-8fc9-cf6e3cae1280","created":"2024-06-13T20:10:29.146850Z","modified":"2024-06-13T20:10:29.331561Z"},{"id":"03a2faca-1a47-4f68-9f26-3fa98145f2ab","name":"Cisco H1N1 Part 1","description":"Reynolds, J.. (2016, September 13). H1N1: Technical analysis reveals new capabilities. Retrieved September 26, 2016.","url":"http://blogs.cisco.com/security/h1n1-technical-analysis-reveals-new-capabilities","source":"MITRE","title":"H1N1: Technical analysis reveals new capabilities","authors":"Reynolds, J.","date_accessed":"2016-09-26T00:00:00Z","date_published":"2016-09-13T00:00:00Z","owner_name":null,"tidal_id":"8262c17f-69b4-5acd-8f0e-69199ad3411a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422504Z"},{"id":"b53e55dc-078d-4535-a99f-c979ad8ca6e6","name":"Cisco H1N1 Part 2","description":"Reynolds, J.. (2016, September 14). H1N1: Technical analysis reveals new capabilities – part 2. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20231210122239/https://blogs.cisco.com/security/h1n1-technical-analysis-reveals-new-capabilities-part-2","source":"MITRE","title":"H1N1: Technical analysis reveals new capabilities – part 2","authors":"Reynolds, J.","date_accessed":"2024-11-17T00:00:00Z","date_published":"2016-09-14T00:00:00Z","owner_name":null,"tidal_id":"406075f7-be5b-59e4-bd46-8c836175f201","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440311Z"},{"id":"47fb06ed-b4ce-454c-9bbe-21b28309f351","name":"Wired Magecart S3 Buckets, 2019","description":"Barrett, B.. (2019, July 11). Hack Brief: A Card-Skimming Hacker Group Hit 17K Domains—and Counting. Retrieved October 4, 2019.","url":"https://www.wired.com/story/magecart-amazon-cloud-hacks/","source":"MITRE","title":"Hack Brief: A Card-Skimming Hacker Group Hit 17K Domains—and Counting","authors":"Barrett, B.","date_accessed":"2019-10-04T00:00:00Z","date_published":"2019-07-11T00:00:00Z","owner_name":null,"tidal_id":"4a18c986-a6ae-5294-980c-6dac8cb7d949","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427408Z"},{"id":"2271e76f-bfc2-52db-8d3f-f18abf883bff","name":"Wired-AndroidBypass","description":"Andy Greenberg. (2015, September 15). Hack Brief: Emergency Number Hack Bypasses Android Lock Screens. Retrieved December","url":"https://www.wired.com/2015/09/hack-brief-new-emergency-number-hack-easily-bypasses-android-lock-screens/","source":"Mobile","title":"Hack Brief: Emergency Number Hack Bypasses Android Lock Screens","authors":"Andy Greenberg","date_accessed":"1978-12-01T00:00:00Z","date_published":"2015-09-15T00:00:00Z","owner_name":null,"tidal_id":"f3bd21b6-faad-5ca1-a22a-9d09ea05f295","created":"2026-01-28T13:08:10.046232Z","modified":"2026-01-28T13:08:10.046235Z"},{"id":"3bdf88b3-8f41-4945-9292-e299bab4f98e","name":"Wired Uber Breach","description":"Andy Greenberg. (2017, January 21). Hack Brief: Uber Paid Off Hackers to Hide a 57-Million User Data Breach. Retrieved May 14, 2021.","url":"https://www.wired.com/story/uber-paid-off-hackers-to-hide-a-57-million-user-data-breach/","source":"MITRE","title":"Hack Brief: Uber Paid Off Hackers to Hide a 57-Million User Data Breach","authors":"Andy Greenberg","date_accessed":"2021-05-14T00:00:00Z","date_published":"2017-01-21T00:00:00Z","owner_name":null,"tidal_id":"223d6f61-6a8c-5897-a0e2-3366c9d96814","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434883Z"},{"id":"69eac1b0-1c50-4534-99e0-2d0fd738ab8f","name":"Trendmicro NPM Compromise","description":"Trendmicro. (2018, November 29). Hacker Infects Node.js Package to Steal from Bitcoin Wallets. Retrieved April 10, 2019.","url":"https://www.trendmicro.com/vinfo/dk/security/news/cybercrime-and-digital-threats/hacker-infects-node-js-package-to-steal-from-bitcoin-wallets","source":"MITRE","title":"Hacker Infects Node.js Package to Steal from Bitcoin Wallets","authors":"Trendmicro","date_accessed":"2019-04-10T00:00:00Z","date_published":"2018-11-29T00:00:00Z","owner_name":null,"tidal_id":"922f5f7c-f09d-5c18-b3fb-78e1a404d5fe","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425664Z"},{"id":"97d16d3a-98a0-4a7d-9f74-8877c8088ddf","name":"Data Destruction - Threat Post","description":"Mimoso, M.. (2014, June 18). Hacker Puts Hosting Service Code Spaces Out of Business. Retrieved December 15, 2020.","url":"https://threatpost.com/hacker-puts-hosting-service-code-spaces-out-of-business/106761/","source":"MITRE","title":"Hacker Puts Hosting Service Code Spaces Out of Business","authors":"Mimoso, M.","date_accessed":"2020-12-15T00:00:00Z","date_published":"2014-06-18T00:00:00Z","owner_name":null,"tidal_id":"5ac4e9fb-0cee-5a41-ba9d-3374e260a057","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435130Z"},{"id":"590687ce-0d66-584d-a6bf-8e7288f00d1e","name":"GWS Apps Script Abuse 2021","description":"Sergiu Gatlan. (2021, February 18). Hackers abuse Google Apps Script to steal credit cards, bypass CSP. Retrieved July 1, 2024.","url":"https://www.bleepingcomputer.com/news/security/hackers-abuse-google-apps-script-to-steal-credit-cards-bypass-csp/#google_vignette","source":"MITRE","title":"Hackers abuse Google Apps Script to steal credit cards, bypass CSP","authors":"Sergiu Gatlan","date_accessed":"2024-07-01T00:00:00Z","date_published":"2021-02-18T00:00:00Z","owner_name":null,"tidal_id":"fcb05ab1-3fc3-55dc-a64c-00a9eec0ac0d","created":"2024-10-31T16:28:15.863783Z","modified":"2025-12-17T15:08:36.424125Z"},{"id":"f7ab464d-255b-5d92-a878-c16c905c057b","name":"Bleeping Computer - Scriptrunner.exe","description":"Bill Toulas. (2023, January 4). Hackers abuse Windows error reporting tool to deploy malware. Retrieved July 8, 2024.","url":"https://www.bleepingcomputer.com/news/security/hackers-abuse-windows-error-reporting-tool-to-deploy-malware/","source":"MITRE","title":"Hackers abuse Windows error reporting tool to deploy malware","authors":"Bill Toulas","date_accessed":"2024-07-08T00:00:00Z","date_published":"2023-01-04T00:00:00Z","owner_name":null,"tidal_id":"74de7251-1a11-5591-889a-3b82af39c234","created":"2024-10-31T16:28:19.475424Z","modified":"2025-12-17T15:08:36.428057Z"},{"id":"2bf7e84a-805d-48aa-b911-8cd8a9dbf1cf","name":"Bloomberg Scattered Spider May 8 2024","description":"Katrina Manson. (2024, May 8). Hackers Behind MGM Attack Targeting Financial Sector in New Campaign. Retrieved May 22, 2024.","url":"https://www.bloomberg.com/news/articles/2024-05-08/notorious-scattered-spider-hacking-gang-targeting-finance-sector","source":"Tidal Cyber","title":"Hackers Behind MGM Attack Targeting Financial Sector in New Campaign","authors":"Katrina Manson","date_accessed":"2024-05-22T00:00:00Z","date_published":"2024-05-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2374625f-24c4-53ef-aac8-476c1b8e1ca3","created":"2024-05-23T19:24:35.457415Z","modified":"2024-05-23T19:24:35.898010Z"},{"id":"d25a3639-74d4-42fc-9006-58e5181147b9","name":"BleepingComputer StormBamboo August 3 2024","description":"Sergiu Gatlan. (2024, August 3). Hackers breach ISP to poison software updates with malware. Retrieved February 10, 2025.","url":"https://www.bleepingcomputer.com/news/security/hackers-breach-isp-to-poison-software-updates-with-malware/","source":"Tidal Cyber","title":"Hackers breach ISP to poison software updates with malware","authors":"Sergiu Gatlan","date_accessed":"2025-02-10T00:00:00Z","date_published":"2024-08-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a3158e3e-4332-590a-81f1-8192d94bb533","created":"2025-02-11T18:20:07.409492Z","modified":"2025-02-11T18:20:07.593136Z"},{"id":"c0938993-9e17-53b9-b859-fccbdd5b9310","name":"Lakshmanan Visual Studio Marketplace","description":"Lakshmanan, R. (2023, January 9). Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions. Retrieved March 30, 2025.","url":"https://thehackernews.com/2023/01/hackers-distributing-malicious-visual.html","source":"MITRE","title":"Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions","authors":"Lakshmanan, R","date_accessed":"2025-03-30T00:00:00Z","date_published":"2023-01-09T00:00:00Z","owner_name":null,"tidal_id":"6824192e-2615-516a-999d-e2f2ea4fcc49","created":"2025-04-22T20:47:15.186746Z","modified":"2025-12-17T15:08:36.430531Z"},{"id":"cbd360bb-f4b6-5326-8861-b05f3a2a8737","name":"Salesforce zero-day in facebook phishing attack","description":"Bill Toulas. (2023, August 2). Hackers exploited Salesforce zero-day in Facebook phishing attack. Retrieved September 18, 2023.","url":"https://www.bleepingcomputer.com/news/security/hackers-exploited-salesforce-zero-day-in-facebook-phishing-attack/","source":"MITRE","title":"Hackers exploited Salesforce zero-day in Facebook phishing attack","authors":"Bill Toulas","date_accessed":"2023-09-18T00:00:00Z","date_published":"2023-08-02T00:00:00Z","owner_name":null,"tidal_id":"95534e0a-16e9-5b11-bac0-0208bd442269","created":"2023-11-07T00:36:09.876586Z","modified":"2025-12-17T15:08:36.436804Z"},{"id":"b56c5b41-b8e0-4fef-a6d8-183bb283dc7c","name":"Fortune Dragonfly 2.0 Sept 2017","description":"Hackett, R. (2017, September 6). Hackers Have Penetrated Energy Grid, Symantec Warns. Retrieved June 6, 2018.","url":"http://fortune.com/2017/09/06/hack-energy-grid-symantec/","source":"MITRE","title":"Hackers Have Penetrated Energy Grid, Symantec Warns","authors":"Hackett, R","date_accessed":"2018-06-06T00:00:00Z","date_published":"2017-09-06T00:00:00Z","owner_name":null,"tidal_id":"6c859908-1fab-5e37-a804-c4749189bc06","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437454Z"},{"id":"c2b3a32f-0041-481b-b32e-7901764bd11c","name":"BleepingComputer September 8 2025","description":"Sergiu Gatlan. (2025, September 8). Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack. Retrieved September 9, 2025.","url":"https://www.bleepingcomputer.com/news/security/hackers-hijack-npm-packages-with-2-billion-weekly-downloads-in-supply-chain-attack/","source":"Tidal Cyber","title":"Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack","authors":"Sergiu Gatlan","date_accessed":"2025-09-09T12:00:00Z","date_published":"2025-09-08T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"50f5ab31-0cb1-5d29-ba5b-28c08ca2cc9e","created":"2025-09-10T16:38:50.801144Z","modified":"2025-09-10T16:38:50.985527Z"},{"id":"412c49eb-4c9a-5839-aedc-ffd5f2f24cb7","name":"Lisa Zahner December 2023","description":"Lisa Zahner. (2023, December 15). Hackers in Iran attack computer at Vero Utilities. Retrieved March","url":"https://veronews.com/2023/12/15/hackers-in-iran-attack-computer-at-vero-utilities/","source":"ICS","title":"Hackers in Iran attack computer at Vero Utilities","authors":"Lisa Zahner","date_accessed":"1978-03-01T00:00:00Z","date_published":"2023-12-15T00:00:00Z","owner_name":null,"tidal_id":"096eca12-18da-5a88-9bcb-bd288b5620d0","created":"2026-01-28T13:08:18.178750Z","modified":"2026-01-28T13:08:18.178753Z"},{"id":"8edafcf5-d98a-4714-8989-7cd0c540d1b5","name":"NPR August 07 2017","description":"None Identified. (2017, August 7). Hackers In Venezuela Hit Dozens Of Government Websites : The Two-Way : NPR. Retrieved January 5, 2026.","url":"https://www.npr.org/sections/thetwo-way/2017/08/07/542125867/hackers-in-venezuela-hit-dozens-of-government-websites","source":"Tidal Cyber","title":"Hackers In Venezuela Hit Dozens Of Government Websites : The Two-Way : NPR","authors":"None Identified","date_accessed":"2026-01-05T12:00:00Z","date_published":"2017-08-07T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a8f81f55-b0d4-58ce-a9bf-adea316f65d2","created":"2026-01-06T18:03:36.360082Z","modified":"2026-01-06T18:03:36.498460Z"},{"id":"53583baf-4e09-4d19-9348-6110206b88be","name":"Wired Cyber Army of Russia April 17 2024","description":"Andy Greenberg. (2024, April 17). Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities. Retrieved April 30, 2024.","url":"https://www.wired.com/story/cyber-army-of-russia-reborn-sandworm-us-cyberattacks/","source":"Tidal Cyber","title":"Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities","authors":"Andy Greenberg","date_accessed":"2024-04-30T00:00:00Z","date_published":"2024-04-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8edcb0bc-15b4-50fc-8774-70b780975095","created":"2024-06-13T20:11:01.209668Z","modified":"2024-06-13T20:11:01.395641Z"},{"id":"e9f91661-29e3-408e-bfdd-c7df22f3f400","name":"Huntress API Hash","description":"Brennan, M. (2022, February 16). Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection. Retrieved August 22, 2022.","url":"https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection","source":"MITRE","title":"Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection","authors":"Brennan, M","date_accessed":"2022-08-22T00:00:00Z","date_published":"2022-02-16T00:00:00Z","owner_name":null,"tidal_id":"1f5ff7be-61a8-5c90-b29c-93900b017d0c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436059Z"},{"id":"93b5ecd2-35a3-5bd8-9d6e-87bace012546","name":"BleepingComputer Agent Tesla steal wifi passwords","description":"Sergiu Gatlan. (2020, April 16). Hackers steal WiFi passwords using upgraded Agent Tesla malware. Retrieved September 8, 2023.","url":"https://www.bleepingcomputer.com/news/security/hackers-steal-wifi-passwords-using-upgraded-agent-tesla-malware/","source":"MITRE","title":"Hackers steal WiFi passwords using upgraded Agent Tesla malware","authors":"Sergiu Gatlan","date_accessed":"2023-09-08T00:00:00Z","date_published":"2020-04-16T00:00:00Z","owner_name":null,"tidal_id":"388f236d-4839-5263-ae91-bac998142e4b","created":"2023-11-07T00:36:01.916904Z","modified":"2025-12-17T15:08:36.428989Z"},{"id":"ce8bc906-875a-53bd-8b9c-b2191e369e4e","name":"SWAT-hospital","description":"Giles, Bruce. (2024, January 4). Hackers threaten to send SWAT teams to Fred Hutch patients' homes. Retrieved January 5, 2024.","url":"https://www.beckershospitalreview.com/cybersecurity/hackers-threaten-to-send-swat-teams-to-fred-hutch-patients-homes.html","source":"MITRE","title":"Hackers threaten to send SWAT teams to Fred Hutch patients' homes","authors":"Giles, Bruce","date_accessed":"2024-01-05T00:00:00Z","date_published":"2024-01-04T00:00:00Z","owner_name":null,"tidal_id":"70c93556-3691-5286-9a50-a2d63151128f","created":"2024-04-25T13:28:52.961779Z","modified":"2025-12-17T15:08:36.442332Z"},{"id":"f652524c-7950-4a8a-9860-0e658a9581d8","name":"PCMag FakeLogin","description":"Kan, M. (2019, October 24). Hackers Try to Phish United Nations Staffers With Fake Login Pages. Retrieved October 20, 2020.","url":"https://www.pcmag.com/news/hackers-try-to-phish-united-nations-staffers-with-fake-login-pages","source":"MITRE","title":"Hackers Try to Phish United Nations Staffers With Fake Login Pages","authors":"Kan, M","date_accessed":"2020-10-20T00:00:00Z","date_published":"2019-10-24T00:00:00Z","owner_name":null,"tidal_id":"a36c1e28-181e-50be-a0d7-52c2baedfc59","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426858Z"},{"id":"961eae0a-3dbb-5ffa-a2fe-6fff78833b24","name":"Bleeping Computer Binance Smart Chain 2023","description":"Bill Toulas. (2023, October 13). Hackers use Binance Smart Chain contracts to store malicious scripts. Retrieved May 22, 2025.","url":"https://www.bleepingcomputer.com/news/security/hackers-use-binance-smart-chain-contracts-to-store-malicious-scripts/","source":"MITRE","title":"Hackers use Binance Smart Chain contracts to store malicious scripts","authors":"Bill Toulas","date_accessed":"2025-05-22T00:00:00Z","date_published":"2023-10-13T00:00:00Z","owner_name":null,"tidal_id":"363992a6-7bc7-5601-9961-4f1e16898ef7","created":"2025-10-29T21:08:48.165896Z","modified":"2025-12-17T15:08:36.428267Z"},{"id":"70235e47-f8bb-4d16-9933-9f4923f08f5d","name":"BleepingComputer Velvet Ant June 17 2024","description":"Bill Toulas. (2024, June 17). Hackers use F5 BIG-IP malware to stealthily steal data for years. Retrieved June 20, 2024.","url":"https://www.bleepingcomputer.com/news/security/hackers-use-f5-big-ip-malware-to-stealthily-steal-data-for-years/","source":"Tidal Cyber","title":"Hackers use F5 BIG-IP malware to stealthily steal data for years","authors":"Bill Toulas","date_accessed":"2024-06-20T00:00:00Z","date_published":"2024-06-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3e8d10be-4125-52ef-947a-c84215da7a74","created":"2024-07-03T15:42:39.269955Z","modified":"2024-07-03T15:42:39.909009Z"},{"id":"6c2b41bf-653c-59c4-9420-926aa46072e7","name":"The Hacker News","description":"Ravie Lakshmanan. (2023, April 5). Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks. Retrieved March 3, 2025.","url":"https://thehackernews.com/2023/04/hackers-using-self-extracting-archives.html","source":"MITRE","title":"Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks","authors":"Ravie Lakshmanan","date_accessed":"2025-03-03T00:00:00Z","date_published":"2023-04-05T00:00:00Z","owner_name":null,"tidal_id":"24baf6f9-9f93-5088-b30f-b3c587a5358f","created":"2025-04-22T20:47:21.364621Z","modified":"2025-12-17T15:08:36.436753Z"},{"id":"b46efda2-18e0-451e-b945-28421c2d5274","name":"Krebs-Bazaar","description":"Brian Krebs. (2016, October 31). Hackforums Shutters Booter Service Bazaar. Retrieved May 15, 2017.","url":"https://krebsonsecurity.com/2016/10/hackforums-shutters-booter-service-bazaar/","source":"MITRE","title":"Hackforums Shutters Booter Service Bazaar","authors":"Brian Krebs","date_accessed":"2017-05-15T00:00:00Z","date_published":"2016-10-31T00:00:00Z","owner_name":null,"tidal_id":"7d88da9a-c00b-5c18-81e9-9561e147c33c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427193Z"},{"id":"930228c3-a93b-4664-ab7d-65af212211fc","name":"Unit 42 November 21 2023","description":"Unit 42. (2023, November 21). Hacking Employers and Seeking Employment Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors. Retrieved May 6, 2025.","url":"https://unit42.paloaltonetworks.com/two-campaigns-by-north-korea-bad-actors-target-job-hunters/","source":"Tidal Cyber","title":"Hacking Employers and Seeking Employment Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors","authors":"Unit 42","date_accessed":"2025-05-06T00:00:00Z","date_published":"2023-11-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9bb4db35-02ea-504b-b90a-7f8cb5f40c3a","created":"2025-05-06T16:28:40.344058Z","modified":"2025-05-06T16:28:40.529140Z"},{"id":"edd66284-56a0-5eef-b7e5-056b7b8b23b0","name":"PaloAlto ContagiousInterview BeaverTail InvisibleFerret November 2023","description":"Unit 42. (2023, November 21). Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors. Retrieved October 17, 2025.","url":"https://unit42.paloaltonetworks.com/two-campaigns-by-north-korea-bad-actors-target-job-hunters/","source":"MITRE","title":"Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors","authors":"Unit 42","date_accessed":"2025-10-17T00:00:00Z","date_published":"2023-11-21T00:00:00Z","owner_name":null,"tidal_id":"8fdc90ba-7f3d-587e-825d-0a3cdcd70c82","created":"2025-10-29T21:08:48.164806Z","modified":"2025-12-17T15:08:36.417276Z"},{"id":"307108c8-9c72-4f31-925b-0b9bd4b31e7b","name":"BleepingComputer Molerats Dec 2020","description":"Ilascu, I. (2020, December 14). Hacking group’s new malware abuses Google and Facebook services. Retrieved December 28, 2020.","url":"https://www.bleepingcomputer.com/news/security/hacking-group-s-new-malware-abuses-google-and-facebook-services/","source":"MITRE","title":"Hacking group’s new malware abuses Google and Facebook services","authors":"Ilascu, I","date_accessed":"2020-12-28T00:00:00Z","date_published":"2020-12-14T00:00:00Z","owner_name":null,"tidal_id":"5da61a40-6453-5d94-999c-d09198891119","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416921Z"},{"id":"8daac742-6467-40db-9fe5-87efd2a96f09","name":"Microsoft Hacking Team Breach","description":"Microsoft Secure Team. (2016, June 1). Hacking Team Breach: A Cyber Jurassic Park. Retrieved March 5, 2019.","url":"https://www.microsoft.com/security/blog/2016/06/01/hacking-team-breach-a-cyber-jurassic-park/","source":"MITRE","title":"Hacking Team Breach: A Cyber Jurassic Park","authors":"Microsoft Secure Team","date_accessed":"2019-03-05T00:00:00Z","date_published":"2016-06-01T00:00:00Z","owner_name":null,"tidal_id":"cee5bb77-dd27-5ccd-87fd-d7bc78d8519c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430141Z"},{"id":"2eb44add-7296-5490-b1f7-c00ed0952d3a","name":"TrendMicro-RCSAndroid","description":"Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December","url":"http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/","source":"Mobile","title":"Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In","authors":"Veo Zhang","date_accessed":"1978-12-01T00:00:00Z","date_published":"2015-07-21T00:00:00Z","owner_name":null,"tidal_id":"e97e3266-7b89-5976-a7ef-f93d0e879153","created":"2026-01-28T13:08:10.040217Z","modified":"2026-01-28T13:08:10.040220Z"},{"id":"8d94eac7-ac87-5497-95da-5d6ba9e07733","name":"Trend Micro ScreenCap July 2015","description":"Zhang, V. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved August","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/","source":"Mobile","title":"Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In","authors":"Zhang, V","date_accessed":"1978-08-01T00:00:00Z","date_published":"2015-07-21T00:00:00Z","owner_name":null,"tidal_id":"8312602f-a1cd-5396-a0df-85beca045086","created":"2026-01-28T13:08:10.044664Z","modified":"2026-01-28T13:08:10.044667Z"},{"id":"1c476cb2-8ce0-4559-8037-646d0ea09398","name":"Intel HackingTeam UEFI Rootkit","description":"Intel Security. (2005, July 16). HackingTeam's UEFI Rootkit Details. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20170313124421/http://www.intelsecurity.com/advanced-threat-research/content/data/HT-UEFI-rootkit.html","source":"MITRE","title":"HackingTeam's UEFI Rootkit Details","authors":"Intel Security","date_accessed":"2024-11-17T00:00:00Z","date_published":"2005-07-16T00:00:00Z","owner_name":null,"tidal_id":"4c09c2e3-f6f1-5cca-872c-b0903c322838","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425418Z"},{"id":"24796535-d516-45e9-bcc7-8f03a3f3cd73","name":"TrendMicro Hacking Team UEFI","description":"Lin, P. (2015, July 13). Hacking Team Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems. Retrieved December 11, 2015.","url":"http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9-agent-in-target-systems/","source":"MITRE","title":"Hacking Team Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems","authors":"Lin, P","date_accessed":"2015-12-11T00:00:00Z","date_published":"2015-07-13T00:00:00Z","owner_name":null,"tidal_id":"9c97c8d2-bb95-525c-822b-4b6f28ac3115","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418297Z"},{"id":"4de7960b-bd62-452b-9e64-b52a0d580858","name":"TempertonDarkHotel","description":"Temperton, J. (2015, August 10). Hacking Team zero-day used in new Darkhotel attacks. Retrieved March 9, 2017.","url":"https://www.wired.co.uk/article/darkhotel-hacking-team-cyber-espionage","source":"MITRE","title":"Hacking Team zero-day used in new Darkhotel attacks","authors":"Temperton, J","date_accessed":"2017-03-09T00:00:00Z","date_published":"2015-08-10T00:00:00Z","owner_name":null,"tidal_id":"76d65db2-8d53-54f5-9f0d-a2fd84ab6177","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436561Z"},{"id":"6dcfe3fb-c310-49cf-a657-f2cec65c5499","name":"FireEye Hacking FIN4 Video Dec 2014","description":"Vengerik, B. & Dennesen, K.. (2014, December 5). Hacking the Street? FIN4 Likely Playing the Market. Retrieved January 15, 2019.","url":"https://www2.fireeye.com/WBNR-14Q4NAMFIN4.html","source":"MITRE","title":"Hacking the Street? FIN4 Likely Playing the Market","authors":"Vengerik, B. & Dennesen, K.","date_accessed":"2019-01-15T00:00:00Z","date_published":"2014-12-05T00:00:00Z","owner_name":null,"tidal_id":"1b693ea4-7ff6-533b-b264-ffb1f424fe5c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438998Z"},{"id":"c3ac1c2a-21cc-42a9-a214-88f302371766","name":"FireEye Hacking FIN4 Dec 2014","description":"Vengerik, B. et al.. (2014, December 5). Hacking the Street? FIN4 Likely Playing the Market. Retrieved December 17, 2018.","url":"https://www.mandiant.com/sites/default/files/2021-09/rpt-fin4.pdf","source":"MITRE","title":"Hacking the Street? FIN4 Likely Playing the Market","authors":"Vengerik, B. et al.","date_accessed":"2018-12-17T00:00:00Z","date_published":"2014-12-05T00:00:00Z","owner_name":null,"tidal_id":"b7e58e48-16f5-5119-9af4-56ec8dfd30b2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439004Z"},{"id":"67ebcf71-828e-4202-b842-f071140883f8","name":"Malwarebytes OSINT Leaky Buckets - Hioureas","description":"Vasilios Hioureas. (2019, September 13). Hacking with AWS: incorporating leaky buckets into your OSINT workflow. Retrieved February 14, 2022.","url":"https://blog.malwarebytes.com/researchers-corner/2019/09/hacking-with-aws-incorporating-leaky-buckets-osint-workflow/","source":"MITRE","title":"Hacking with AWS: incorporating leaky buckets into your OSINT workflow","authors":"Vasilios Hioureas","date_accessed":"2022-02-14T00:00:00Z","date_published":"2019-09-13T00:00:00Z","owner_name":null,"tidal_id":"1cfc4d0f-0cff-568a-8002-419b97a3cc34","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430050Z"},{"id":"382b5b53-8f24-4e20-9493-ccc8187fef51","name":"Cyber Security Agency of Singapore March 9 2022","description":"Cyber Security Agency of Singapore. (2022, March 9). Hacktivism during Military Conflict The Anonymous Hacker Collective. Retrieved April 10, 2025.","url":"https://www.csa.gov.sg/resources/publications/hacktivism-during-military-conflict-the-anonymous-hacker-collective","source":"Tidal Cyber","title":"Hacktivism during Military Conflict The Anonymous Hacker Collective","authors":"Cyber Security Agency of Singapore","date_accessed":"2025-04-10T00:00:00Z","date_published":"2022-03-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8ad21056-22fc-53b4-9c55-2e8b4dcfb866","created":"2025-04-11T15:33:24.780740Z","modified":"2025-04-11T15:33:24.940219Z"},{"id":"72134c73-bdd5-4cd1-9046-1ea01c75faf3","name":"Check Point Blog August 13 2024","description":"gmcdouga. (2024, August 13). Hacktivism’s Role in Political Conflict: The Renewed Campaign of #OpVenezuela - Check Point Blog. Retrieved January 5, 2026.","url":"https://blog.checkpoint.com/research/hacktivisms-role-in-political-conflict-the-renewed-campaign-of-opvenezuela/","source":"Tidal Cyber","title":"Hacktivism’s Role in Political Conflict: The Renewed Campaign of #OpVenezuela - Check Point Blog","authors":"gmcdouga","date_accessed":"2026-01-05T12:00:00Z","date_published":"2024-08-13T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f687d718-6216-5e72-bfb3-60ea05b140ce","created":"2026-01-06T18:03:36.062285Z","modified":"2026-01-06T18:03:36.221862Z"},{"id":"e9c12a7f-ce8a-5f20-8283-509e16532d9b","name":"Microsoft Gsecdump","description":"Vincent Tiu. (2017, September 15). HackTool:Win32/Gsecdump. Retrieved January 10, 2024.","url":"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=HackTool:Win32/Gsecdump","source":"MITRE","title":"HackTool:Win32/Gsecdump","authors":"Vincent Tiu","date_accessed":"2024-01-10T00:00:00Z","date_published":"2017-09-15T00:00:00Z","owner_name":null,"tidal_id":"bb3b0b3e-7b00-5277-9819-bf56736587b7","created":"2024-04-25T13:28:51.026594Z","modified":"2025-12-17T15:08:36.440452Z"},{"id":"6a986c46-79a3-49c6-94d2-d9b1f5db08f3","name":"Microsoft HAFNIUM March 2020","description":"MSTIC. (2021, March 2). HAFNIUM targeting Exchange Servers with 0-day exploits. Retrieved March 3, 2021.","url":"https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/","source":"MITRE, Tidal Cyber","title":"HAFNIUM targeting Exchange Servers with 0-day exploits","authors":"MSTIC","date_accessed":"2021-03-03T00:00:00Z","date_published":"2021-03-02T00:00:00Z","owner_name":null,"tidal_id":"f73494d3-9a17-5cae-a084-36de556a6299","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.263204Z"},{"id":"2803d0b8-78ee-4b19-aad3-daf84cd292b5","name":"haking9 libpcap network sniffing","description":"Luis Martin Garcia. (2008, February 1). Hakin9 Issue 2/2008 Vol 3 No.2 VoIP Abuse: Storming SIP Security. Retrieved October 18, 2022.","url":"http://recursos.aldabaknocking.com/libpcapHakin9LuisMartinGarcia.pdf","source":"MITRE","title":"Hakin9 Issue 2/2008 Vol 3 No.2 VoIP Abuse: Storming SIP Security","authors":"Luis Martin Garcia","date_accessed":"2022-10-18T00:00:00Z","date_published":"2008-02-01T00:00:00Z","owner_name":null,"tidal_id":"5d176ee4-7072-5600-8d73-9c0b6999dcd0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423653Z"},{"id":"be18bd4b-38de-4be3-a67b-ec20f7070c3b","name":"Unit 42 December 11 2025","description":"Unit 42. (2025, December 11). Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite. Retrieved December 19, 2025.","url":"https://unit42.paloaltonetworks.com/hamas-affiliate-ashen-lepus-uses-new-malware-suite-ashtag/","source":"Tidal Cyber","title":"Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite","authors":"Unit 42","date_accessed":"2025-12-19T12:00:00Z","date_published":"2025-12-11T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5e279df1-f0fc-5bbf-803e-499865006bd2","created":"2025-12-24T14:56:04.024921Z","modified":"2025-12-24T14:56:04.159332Z"},{"id":"0c8bcc4a-4c9f-5d6e-9da5-13d9ba06381f","name":"checkpoint_hamas_android_malware","description":"CheckPoint Research. (2020, February 16). Hamas Android Malware On IDF Soldiers-This is How it Happened. Retrieved November","url":"https://web.archive.org/web/20240226125457/https:/research.checkpoint.com/2020/hamas-android-malware-on-idf-soldiers-this-is-how-it-happened/","source":"Mobile","title":"Hamas Android Malware On IDF Soldiers-This is How it Happened","authors":"CheckPoint Research","date_accessed":"1978-11-01T00:00:00Z","date_published":"2020-02-16T00:00:00Z","owner_name":null,"tidal_id":"ddaaa99b-6502-5f1a-8107-b00d6e02fef7","created":"2026-01-28T13:08:10.047274Z","modified":"2026-01-28T13:08:10.047278Z"},{"id":"78ead31e-7450-46e8-89cf-461ae1981994","name":"FireEye APT29","description":"FireEye Labs. (2015, July). HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group. Retrieved November 17, 2024.","url":"https://services.google.com/fh/files/misc/rpt-apt29-hammertoss-stealthy-tactics-define-en.pdf","source":"MITRE","title":"HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group","authors":"FireEye Labs","date_accessed":"2024-11-17T00:00:00Z","date_published":"2015-07-01T00:00:00Z","owner_name":null,"tidal_id":"a7b301c6-117e-54bc-ae96-3889e973a718","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417587Z"},{"id":"65a07c8c-5b29-445f-8f01-6e577df4ea62","name":"FireEye Hancitor","description":"Anubhav, A., Jallepalli, D. (2016, September 23). Hancitor (AKA Chanitor) observed using multiple attack approaches. Retrieved August 13, 2020.","url":"https://www.fireeye.com/blog/threat-research/2016/09/hancitor_aka_chanit.html","source":"MITRE","title":"Hancitor (AKA Chanitor) observed using multiple attack approaches","authors":"Anubhav, A., Jallepalli, D","date_accessed":"2020-08-13T00:00:00Z","date_published":"2016-09-23T00:00:00Z","owner_name":null,"tidal_id":"8794d08e-f630-57b7-b047-4412e7db59fe","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422264Z"},{"id":"e3d9744e-f9a5-451d-932a-acce244294d9","name":"Cyberint Handala February 20 2025","description":"Idan Dror, Hadar Eichler. (2025, February 20). Handala Hack: What We Know About the Rising Threat Actor. Retrieved July 8, 2025.","url":"https://cyberint.com/blog/threat-intelligence/handala-hack-what-we-know-about-the-rising-threat-actor/","source":"Tidal Cyber","title":"Handala Hack: What We Know About the Rising Threat Actor","authors":"Idan Dror, Hadar Eichler","date_accessed":"2025-07-08T12:00:00Z","date_published":"2025-02-20T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e16e8b27-ef62-5d23-87c5-6c25328bba67","created":"2025-07-08T16:58:16.964681Z","modified":"2025-07-08T16:58:17.140340Z"},{"id":"e1c7847d-a541-4932-9a28-92ba8b1e3bdb","name":"Trellix Handala Wiper July 26 2024 July 26 2024","description":"Max Kersten, Tomer Shloman. (2024, July 26). Handala's Wiper Targets Israel. Retrieved July 8, 2025.","url":"https://www.trellix.com/blogs/research/handalas-wiper-targets-israel/","source":"Tidal Cyber","title":"Handala's Wiper Targets Israel","authors":"Max Kersten, Tomer Shloman","date_accessed":"2025-07-08T12:00:00Z","date_published":"2024-07-26T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"77fa083c-617c-521d-9b2e-47a0bab44399","created":"2025-07-08T16:58:17.315962Z","modified":"2025-07-08T16:58:17.631581Z"},{"id":"01445b7a-a294-5a14-bf06-3d86d94cd73f","name":"Android-AppLinks","description":"Android. (n.d.). Handling App Links. Retrieved December","url":"https://developer.android.com/training/app-links/index.html","source":"Mobile","title":"Handling App Links","authors":"Android","date_accessed":"1978-12-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9512ea5d-37f3-5ae4-bc45-6f83ea0dfebf","created":"2026-01-28T13:08:10.043169Z","modified":"2026-01-28T13:08:10.043172Z"},{"id":"33955c35-e8cd-4486-b1ab-6f992319c81c","name":"NCC Group Fivehands June 2021","description":"Matthews, M. and Backhouse, W. (2021, June 15). Handy guide to a new Fivehands ransomware variant. Retrieved June 24, 2021.","url":"https://research.nccgroup.com/2021/06/15/handy-guide-to-a-new-fivehands-ransomware-variant/","source":"MITRE","title":"Handy guide to a new Fivehands ransomware variant","authors":"Matthews, M. and Backhouse, W","date_accessed":"2021-06-24T00:00:00Z","date_published":"2021-06-15T00:00:00Z","owner_name":null,"tidal_id":"ed26c135-7686-5df6-a611-8d5c9e390d2b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422409Z"},{"id":"b41de1e5-63ab-4556-a61f-3baca1873283","name":"Apple Developer Doco Hardened Runtime","description":"Apple Inc.. (2021, January 1). Hardened Runtime: Manage security protections and resource access for your macOS apps.. Retrieved March 24, 2021.","url":"https://developer.apple.com/documentation/security/hardened_runtime","source":"MITRE","title":"Hardened Runtime: Manage security protections and resource access for your macOS apps.","authors":"Apple Inc.","date_accessed":"2021-03-24T00:00:00Z","date_published":"2021-01-01T00:00:00Z","owner_name":null,"tidal_id":"de8f1238-0d61-57f7-877d-388d7242307e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440086Z"},{"id":"09a00ded-1afc-4555-894e-a151162796eb","name":"FireEye APT34 July 2019","description":"Bromiley, M., et al.. (2019, July 18). Hard Pass: Declining APT34’s Invite to Join Their Professional Network. Retrieved August 26, 2019.","url":"https://www.fireeye.com/blog/threat-research/2019/07/hard-pass-declining-apt34-invite-to-join-their-professional-network.html","source":"MITRE","title":"Hard Pass: Declining APT34’s Invite to Join Their Professional Network","authors":"Bromiley, M., et al.","date_accessed":"2019-08-26T00:00:00Z","date_published":"2019-07-18T00:00:00Z","owner_name":null,"tidal_id":"1565a4fb-adee-504c-971e-21daae34d003","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439726Z"},{"id":"d31f6612-c552-45e1-bf6b-889fe619ab5f","name":"GitHub Hashjacking","description":"Dunning, J. (2016, August 1). Hashjacking. Retrieved December 21, 2017.","url":"https://github.com/hob0/hashjacking","source":"MITRE","title":"Hashjacking","authors":"Dunning, J","date_accessed":"2017-12-21T00:00:00Z","date_published":"2016-08-01T00:00:00Z","owner_name":null,"tidal_id":"3074517e-0926-5a64-816c-db3eeb55ba59","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433951Z"},{"id":"60500553-1990-45f7-bb44-c7e0f3e135c8","name":"Google Cloud UNC2891 March 16 2022","description":"Mathew Potaczek, Takahiro Sugiyama, Logeswaran Nadarajan, Yu Nakamura, Josh Homan, Martin Co, Sylvain Hirsch. (2022, March 16). Have Your Cake and Eat it Too? An Overview of UNC2891. Retrieved January 31, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/unc2891-overview/","source":"Tidal Cyber","title":"Have Your Cake and Eat it Too? An Overview of UNC2891","authors":"Mathew Potaczek, Takahiro Sugiyama, Logeswaran Nadarajan, Yu Nakamura, Josh Homan, Martin Co, Sylvain Hirsch","date_accessed":"2025-01-31T00:00:00Z","date_published":"2022-03-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f392570e-7824-5e91-a4a9-ecab1dcfa82f","created":"2025-02-03T21:08:22.135474Z","modified":"2025-02-03T21:08:22.324436Z"},{"id":"37815e5f-f9a4-42a4-9f32-1d68175a8a19","name":"ANY.RUN September 30 2024","description":"Stanislav Gayvoronsky; ANY RUN. (2024, September 30). Havoc . Retrieved March 24, 2025.","url":"https://any.run/malware-trends/havoc","source":"Tidal Cyber","title":"Havoc","authors":"Stanislav Gayvoronsky; ANY RUN","date_accessed":"2025-03-24T00:00:00Z","date_published":"2024-09-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d749144c-816f-5415-8115-753781970c92","created":"2025-03-25T13:15:58.523330Z","modified":"2025-03-25T13:15:58.809608Z"},{"id":"e33a9147-2e60-5ba4-9124-fbec8efa61c6","name":"Havoc Framework Documentation","description":"Ungur, P. (n.d.). HAVOC. Retrieved August 4, 2025.","url":"https://havocframework.com/docs/welcome","source":"MITRE","title":"HAVOC","authors":"Ungur, P","date_accessed":"2025-08-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4b9f5a53-1200-5575-a0e8-edc3b47dfd3e","created":"2025-10-29T21:08:48.167640Z","modified":"2025-12-17T15:08:36.440933Z"},{"id":"977f1fc4-bac3-5496-861d-43a753c2af18","name":"Zscaler Havoc FEB 2023","description":"Shivtarkar, N. and Jain, S. (2023, February 14). Havoc Across the Cyberspace. Retrieved August 4, 2025.","url":"https://www.zscaler.com/blogs/security-research/havoc-across-cyberspace","source":"MITRE","title":"Havoc Across the Cyberspace","authors":"Shivtarkar, N. and Jain, S","date_accessed":"2025-08-04T00:00:00Z","date_published":"2023-02-14T00:00:00Z","owner_name":null,"tidal_id":"bf67894b-0903-5935-8603-199166ec7eec","created":"2025-10-29T21:08:48.167552Z","modified":"2025-12-17T15:08:36.440792Z"},{"id":"4601528a-959f-40f4-b5a2-53484c6cee80","name":"Zscaler February 14 2023","description":"Niraj Shivtarkar; Shatak Jain. (2023, February 14). Havoc Across the Cyberspace . Retrieved March 24, 2025.","url":"https://www.zscaler.com/blogs/security-research/havoc-across-cyberspace","source":"Tidal Cyber","title":"Havoc Across the Cyberspace","authors":"Niraj Shivtarkar; Shatak Jain","date_accessed":"2025-03-24T00:00:00Z","date_published":"2023-02-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4cd3b321-5737-5ab9-a924-4ea73a37cbbf","created":"2025-03-25T13:15:59.331148Z","modified":"2025-03-25T13:15:59.465323Z"},{"id":"e542b62e-9ff4-475e-bd67-d0c9532e4d05","name":"immersivelabs.com April 9 2024","description":"immersivelabs.com. (2024, April 9). Havoc C2 Framework – A Defensive Operator's Guide. Retrieved March 24, 2025.","url":"https://www.immersivelabs.com/resources/blog/havoc-c2-framework-a-defensive-operators-guide","source":"Tidal Cyber","title":"Havoc C2 Framework – A Defensive Operator's Guide","authors":"immersivelabs.com","date_accessed":"2025-03-24T00:00:00Z","date_published":"2024-04-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6079492e-2aaa-59ed-8682-f1796165d718","created":"2025-03-25T13:15:59.046448Z","modified":"2025-03-25T13:15:59.181056Z"},{"id":"df31de8e-1d6f-5aa5-a092-660efc2cc6ce","name":"Immersive Labs Havoc C2 APR 2024","description":"Immersive Content Team. (2024, April 9). Havoc C2 Framework – A Defensive Operator’s Guide. Retrieved August 13, 2025.","url":"https://www.immersivelabs.com/resources/blog/havoc-c2-framework-a-defensive-operators-guide","source":"MITRE","title":"Havoc C2 Framework – A Defensive Operator’s Guide","authors":"Immersive Content Team","date_accessed":"2025-08-13T00:00:00Z","date_published":"2024-04-09T00:00:00Z","owner_name":null,"tidal_id":"abe0d927-598e-5fd9-b607-ff3709efa8dd","created":"2025-10-29T21:08:48.167697Z","modified":"2025-12-17T15:08:36.441336Z"},{"id":"7499b280-46f9-5d63-a45d-d4865308d5ac","name":"Fortinet Havoc MAR 2025","description":"Wan, Y. (2025, March 3). Havoc: SharePoint with Microsoft Graph API turns into FUD C2. Retrieved August 4, 2025.","url":"https://www.fortinet.com/blog/threat-research/havoc-sharepoint-with-microsoft-graph-api-turns-into-fud-c2","source":"MITRE","title":"Havoc: SharePoint with Microsoft Graph API turns into FUD C2","authors":"Wan, Y","date_accessed":"2025-08-04T00:00:00Z","date_published":"2025-03-03T00:00:00Z","owner_name":null,"tidal_id":"e3cbb240-246f-546f-8f2c-ba69fd798d29","created":"2025-10-29T21:08:48.167566Z","modified":"2025-12-17T15:08:36.440798Z"},{"id":"7ad228a8-5450-45ec-86fc-ea038f7c6ef7","name":"FireEye HawkEye Malware July 2017","description":"Swapnil Patil, Yogesh Londhe. (2017, July 25). HawkEye Credential Theft Malware Distributed in Recent Phishing Campaign. Retrieved June 18, 2019.","url":"https://www.fireeye.com/blog/threat-research/2017/07/hawkeye-malware-distributed-in-phishing-campaign.html","source":"MITRE","title":"HawkEye Credential Theft Malware Distributed in Recent Phishing Campaign","authors":"Swapnil Patil, Yogesh Londhe","date_accessed":"2019-06-18T00:00:00Z","date_published":"2017-07-25T00:00:00Z","owner_name":null,"tidal_id":"742e2670-6f36-50ad-905f-5aec948f7bd2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428775Z"},{"id":"64061df8-f80e-4a39-9607-8d73832cbc6a","name":"HC3 Scattered Spider October 24 2024","description":"Health Sector Cybersecurity Coordination Center (HC3). (2024, October 24). HC3: Threat Actor Profile Scattered Spider. Retrieved January 27, 2025.","url":"https://www.aha.org/system/files/media/file/2024/10/hc3%20tlp%20clear%20threat%20actor%20profile%20scattered%20spider-10-24-2024.pdf","source":"Tidal Cyber","title":"HC3: Threat Actor Profile Scattered Spider","authors":"Health Sector Cybersecurity Coordination Center (HC3)","date_accessed":"2025-01-27T00:00:00Z","date_published":"2024-10-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ccbad993-b311-5d70-a2f6-614840e77a01","created":"2025-01-28T15:53:32.585223Z","modified":"2025-01-28T15:53:32.934006Z"},{"id":"95d6d1ce-ceba-48ee-88c4-0fb30058bd80","name":"Specter Ops - Cloud Credential Storage","description":"Maddalena, C.. (2018, September 12). Head in the Clouds. Retrieved October 4, 2019.","url":"https://posts.specterops.io/head-in-the-clouds-bd038bb69e48","source":"MITRE","title":"Head in the Clouds","authors":"Maddalena, C.","date_accessed":"2019-10-04T00:00:00Z","date_published":"2018-09-12T00:00:00Z","owner_name":null,"tidal_id":"cdbf6ade-155f-5bff-9965-6d38e2818588","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431968Z"},{"id":"2c8b9040-5f92-506e-bd92-75a055975af9","name":"ReliaQuest Health Care Social Engineering Campaign 2024","description":"Hayden Evans. (2024, April 4). Health Care Social Engineering Campaign. Retrieved May 22, 2025.","url":"https://www.reliaquest.com/blog/health-care-social-engineering-campaign/","source":"MITRE","title":"Health Care Social Engineering Campaign","authors":"Hayden Evans","date_accessed":"2025-05-22T00:00:00Z","date_published":"2024-04-04T00:00:00Z","owner_name":null,"tidal_id":"151b13db-1d0c-50be-94b2-8238eb77b093","created":"2025-10-29T21:08:48.166194Z","modified":"2025-12-17T15:08:36.433344Z"},{"id":"c094cc70-5ea8-5b99-840a-b8bff806b4bb","name":"Positive Technologies Hellhounds 2023","description":"PT Expert Security Center. (2023, November 29). Hellhounds: operation Lahat. Retrieved March 18, 2025.","url":"https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/hellhounds-operation-lahat","source":"MITRE","title":"Hellhounds: operation Lahat","authors":"PT Expert Security Center","date_accessed":"2025-03-18T00:00:00Z","date_published":"2023-11-29T00:00:00Z","owner_name":null,"tidal_id":"7dcf57de-ac1e-50b8-9ab8-1a092df00052","created":"2025-04-22T20:47:20.387251Z","modified":"2025-12-17T15:08:36.435782Z"},{"id":"a011b68a-30e0-4204-9bf3-fa73f2a238b4","name":"Securelist Dtrack2","description":"KONSTANTIN ZYKOV. (2019, September 23). Hello! My name is Dtrack. Retrieved September 30, 2022.","url":"https://securelist.com/my-name-is-dtrack/93338/","source":"MITRE","title":"Hello! My name is Dtrack","authors":"KONSTANTIN ZYKOV","date_accessed":"2022-09-30T00:00:00Z","date_published":"2019-09-23T00:00:00Z","owner_name":null,"tidal_id":"09faf5b2-2fe6-59bb-a304-dedb093f8fc6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424187Z"},{"id":"49bd8841-a4b5-4ced-adfa-0ad0c8625ccd","name":"Securelist Dtrack","description":"Konstantin Zykov. (2019, September 23). Hello! My name is Dtrack. Retrieved January 20, 2021.","url":"https://securelist.com/my-name-is-dtrack/93338/","source":"MITRE","title":"Hello! My name is Dtrack","authors":"Konstantin Zykov","date_accessed":"2021-01-20T00:00:00Z","date_published":"2019-09-23T00:00:00Z","owner_name":null,"tidal_id":"62cbea98-4a2d-5dab-873e-45387519dd40","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422497Z"},{"id":"23ad5a8c-cbe1-4f40-8757-f1784a4003a1","name":"Help eliminate unquoted path","description":"Mark Baggett. (2012, November 8). Help eliminate unquoted path vulnerabilities. Retrieved November 8, 2012.","url":"https://isc.sans.edu/diary/Help+eliminate+unquoted+path+vulnerabilities/14464","source":"MITRE","title":"Help eliminate unquoted path vulnerabilities","authors":"Mark Baggett","date_accessed":"2012-11-08T00:00:00Z","date_published":"2012-11-08T00:00:00Z","owner_name":null,"tidal_id":"beeba2ad-2c5d-5c19-94f9-4f730ed5a7b8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434185Z"},{"id":"9b234329-5e05-4035-af38-dd8ab20fd68e","name":"Baggett 2012","description":"Baggett, M. (2012, November 8). Help eliminate unquoted path vulnerabilities. Retrieved December 4, 2014.","url":"https://isc.sans.edu/diary/Help+eliminate+unquoted+path+vulnerabilities/14464","source":"MITRE","title":"Help eliminate unquoted path vulnerabilities","authors":"Baggett, M","date_accessed":"2014-12-04T00:00:00Z","date_published":"2012-11-08T00:00:00Z","owner_name":null,"tidal_id":"2f3612dd-feb9-526b-80be-25612cfcaa82","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434404Z"},{"id":"d86883dd-3766-4971-91c7-b205ed13cc37","name":"Default VBS macros Blocking","description":"Kellie Eickmeyer. (2022, February 7). Helping users stay safe: Blocking internet macros by default in Office. Retrieved February 7, 2022.","url":"https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805","source":"MITRE","title":"Helping users stay safe: Blocking internet macros by default in Office","authors":"Kellie Eickmeyer","date_accessed":"2022-02-07T00:00:00Z","date_published":"2022-02-07T00:00:00Z","owner_name":null,"tidal_id":"d94b1d2c-028b-5b3f-a51e-2e27fb5cf3d9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435479Z"},{"id":"8e61f3f0-277a-5e09-92d5-f57a4e1b4e02","name":"Palo Alto HenBox","description":"A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September","url":"https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/","source":"Mobile","title":"HenBox: The Chickens Come Home to Roost","authors":"A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al","date_accessed":"1978-09-01T00:00:00Z","date_published":"2018-03-13T00:00:00Z","owner_name":null,"tidal_id":"12e0c246-2651-5741-a238-98e3eab24d5c","created":"2026-01-28T13:08:10.041538Z","modified":"2026-01-28T13:08:10.041544Z"},{"id":"836621f3-83e1-4c55-8e3b-740fc9ba1e46","name":"Twitter CMSTP Usage Jan 2018","description":"Carr, N. (2018, January 31). Here is some early bad cmstp.exe... Retrieved September 12, 2024.","url":"https://x.com/ItsReallyNick/status/958789644165894146","source":"MITRE","title":"Here is some early bad cmstp.exe..","authors":"Carr, N","date_accessed":"2024-09-12T00:00:00Z","date_published":"2018-01-31T00:00:00Z","owner_name":null,"tidal_id":"4cb9420a-e1d3-5abf-8902-aac2b8963062","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429184Z"},{"id":"4fada70a-7191-40a0-a650-59ac060ff40c","name":"CyberScoop 10 02 2025","description":"Matt Kapko. (2025, October 2). Here is the email Clop attackers sent to Oracle customers | CyberScoop. Retrieved October 6, 2025.","url":"https://cyberscoop.com/extortion-email-clop-oracle-customers/","source":"Tidal Cyber","title":"Here is the email Clop attackers sent to Oracle customers | CyberScoop","authors":"Matt Kapko","date_accessed":"2025-10-06T12:00:00Z","date_published":"2025-10-02T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f7269a2e-f6de-5ee4-a054-bc485724a0e4","created":"2025-10-07T14:06:57.850352Z","modified":"2025-10-07T14:06:57.979131Z"},{"id":"07ef66e8-195b-4afe-a518-ce9e77220038","name":"ESET Hermetic Wiper February 2022","description":"ESET. (2022, February 24). HermeticWiper: New data wiping malware hits Ukraine. Retrieved March 25, 2022.","url":"https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine","source":"MITRE","title":"HermeticWiper: New data wiping malware hits Ukraine","authors":"ESET","date_accessed":"2022-03-25T00:00:00Z","date_published":"2022-02-24T00:00:00Z","owner_name":null,"tidal_id":"1bf2e8ab-98d5-5ea7-976b-f91c36a811ca","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420790Z"},{"id":"96825555-1936-4ee3-bb25-423dc16a9116","name":"SentinelOne Hermetic Wiper February 2022","description":"Guerrero-Saade, J. (2022, February 23). HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine. Retrieved March 25, 2022.","url":"https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack","source":"MITRE","title":"HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine","authors":"Guerrero-Saade, J","date_accessed":"2022-03-25T00:00:00Z","date_published":"2022-02-23T00:00:00Z","owner_name":null,"tidal_id":"f6d43259-c997-54c7-bb7e-e85a0cb64250","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420796Z"},{"id":"11838e67-5032-4352-ad1f-81ba0398a14f","name":"Dragos Hexane","description":"Dragos. (n.d.). Hexane. Retrieved October 27, 2019.","url":"https://dragos.com/resource/hexane/","source":"MITRE","title":"Hexane","authors":"Dragos","date_accessed":"2019-10-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"602cd11a-3693-53d0-b723-b0f32904b916","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437976Z"},{"id":"f6677391-cb7a-4abc-abb7-3a8cd47fbc90","name":"Sourceforge Heyoka 2022","description":"Sourceforge. (n.d.). Heyoka POC Exfiltration Tool. Retrieved October 11, 2022.","url":"https://heyoka.sourceforge.net/","source":"MITRE","title":"Heyoka POC Exfiltration Tool","authors":"Sourceforge","date_accessed":"2022-10-11T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3ca7471c-799e-513d-ad40-1089267f0816","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421954Z"},{"id":"e94a3edc-88da-5448-9598-944b64a7d391","name":"Fahl-Clipboard","description":"Fahl, S, et al. (2013). Hey, You, Get Off of My Clipboard. Retrieved September","url":"https://saschafahl.de/static/paper/pwmanagers2013.pdf","source":"Mobile","title":"Hey, You, Get Off of My Clipboard","authors":"Fahl, S, et al","date_accessed":"1978-09-01T00:00:00Z","date_published":"2013-01-01T00:00:00Z","owner_name":null,"tidal_id":"dfaab48b-5286-54ed-b0ee-bb7d0afaa975","created":"2026-01-28T13:08:10.045696Z","modified":"2026-01-28T13:08:10.045699Z"},{"id":"4e09bfcf-f5be-46c5-9ebf-8742ac8d1edc","name":"Hh.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Hh.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Hh/","source":"Tidal Cyber","title":"Hh.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"34e24be0-71fa-5eec-a9f5-7dc14ec70c41","created":"2024-01-12T14:46:44.384564Z","modified":"2024-01-12T14:46:44.569686Z"},{"id":"fa99f290-e42c-4311-9f6d-c519c9ab89fe","name":"CrowdStrike BloodHound April 2018","description":"Red Team Labs. (2018, April 24). Hidden Administrative Accounts: BloodHound to the Rescue. Retrieved October 28, 2020.","url":"https://www.crowdstrike.com/blog/hidden-administrative-accounts-bloodhound-to-the-rescue/","source":"MITRE","title":"Hidden Administrative Accounts: BloodHound to the Rescue","authors":"Red Team Labs","date_accessed":"2020-10-28T00:00:00Z","date_published":"2018-04-24T00:00:00Z","owner_name":null,"tidal_id":"627324d2-38fe-528f-b4a0-0ef5875ef6d0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422713Z"},{"id":"c748dc6c-8c19-4a5c-840f-3d47955a6c78","name":"McAfee Bankshot","description":"Sherstobitoff, R. (2018, March 08). Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant. Retrieved May 18, 2018.","url":"https://securingtomorrow.mcafee.com/mcafee-labs/hidden-cobra-targets-turkish-financial-sector-new-bankshot-implant/","source":"MITRE","title":"Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant","authors":"Sherstobitoff, R","date_accessed":"2018-05-18T00:00:00Z","date_published":"2018-03-08T00:00:00Z","owner_name":null,"tidal_id":"3232d7f2-d96e-5aab-a27b-34b4e7d4ff83","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417291Z"},{"id":"8a00b664-5a75-4365-9069-a32e0ed20a80","name":"Pfammatter - Hidden Inbox Rules","description":"Damian Pfammatter. (2018, September 17). Hidden Inbox Rules in Microsoft Exchange. Retrieved October 12, 2021.","url":"https://blog.compass-security.com/2018/09/hidden-inbox-rules-in-microsoft-exchange/","source":"MITRE","title":"Hidden Inbox Rules in Microsoft Exchange","authors":"Damian Pfammatter","date_accessed":"2021-10-12T00:00:00Z","date_published":"2018-09-17T00:00:00Z","owner_name":null,"tidal_id":"2747401b-57a4-5453-ab2e-1ebd0ec540dd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428169Z"},{"id":"1d50ce73-ad6a-5286-8ef9-0b2bfed321dc","name":"Hidden VNC","description":"Hutchins, Marcus. (2015, September 13). Hidden VNC for Beginners. Retrieved November 28, 2023.","url":"https://www.malwaretech.com/2015/09/hidden-vnc-for-beginners.html","source":"MITRE","title":"Hidden VNC for Beginners","authors":"Hutchins, Marcus","date_accessed":"2023-11-28T00:00:00Z","date_published":"2015-09-13T00:00:00Z","owner_name":null,"tidal_id":"56e4460f-11bc-58a8-9a52-1c7f7c77dde6","created":"2024-04-25T13:28:39.783088Z","modified":"2025-12-17T15:08:36.434735Z"},{"id":"dfef8451-031b-42a6-8b78-d25950cc9d23","name":"Intezer HiddenWasp Map 2019","description":"Sanmillan, I. (2019, May 29). HiddenWasp Malware Stings Targeted Linux Systems. Retrieved June 24, 2019.","url":"https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/","source":"MITRE","title":"HiddenWasp Malware Stings Targeted Linux Systems","authors":"Sanmillan, I","date_accessed":"2019-06-24T00:00:00Z","date_published":"2019-05-29T00:00:00Z","owner_name":null,"tidal_id":"7de3dcc3-e54f-5e4a-9978-cd88eb0b6792","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422551Z"},{"id":"e901df3b-76a6-41a5-9083-b28065e75aa2","name":"Apple Support Hide a User Account","description":"Apple. (2020, November 30). Hide a user account in macOS. Retrieved December 10, 2021.","url":"https://support.apple.com/en-us/HT203998","source":"MITRE","title":"Hide a user account in macOS","authors":"Apple","date_accessed":"2021-12-10T00:00:00Z","date_published":"2020-11-30T00:00:00Z","owner_name":null,"tidal_id":"2c738194-53b8-5d05-8509-59955ebf2171","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432471Z"},{"id":"cc3c1aec-3721-522c-87cb-dbc64f898951","name":"Sabanal-ART","description":"Paul Sabanal. (2015). Hiding Behind ART. Retrieved December","url":"https://www.blackhat.com/docs/asia-15/materials/asia-15-Sabanal-Hiding-Behind-ART-wp.pdf","source":"Mobile","title":"Hiding Behind ART","authors":"Paul Sabanal","date_accessed":"1978-12-01T00:00:00Z","date_published":"2015-01-01T00:00:00Z","owner_name":null,"tidal_id":"8adcc0db-1b13-57a8-931c-c595af376a8c","created":"2026-01-28T13:08:10.044912Z","modified":"2026-01-28T13:08:10.044915Z"},{"id":"d4eba34c-d76b-45b4-bcaf-0f13459daaad","name":"Malwarebytes Wow6432Node 2016","description":"Arntz, P. (2016, March 30). Hiding in Plain Sight. Retrieved August 3, 2020.","url":"https://blog.malwarebytes.com/cybercrime/2013/10/hiding-in-plain-sight/","source":"MITRE","title":"Hiding in Plain Sight","authors":"Arntz, P","date_accessed":"2020-08-03T00:00:00Z","date_published":"2016-03-30T00:00:00Z","owner_name":null,"tidal_id":"d8009901-9267-50de-b1c9-c8832737f298","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432981Z"},{"id":"a303f97a-72dd-4833-bac7-a421addc3242","name":"FireEye APT17","description":"FireEye Labs/FireEye Threat Intelligence. (2015, May 14). Hiding in Plain Sight: FireEye and Microsoft Expose Obfuscation Tactic. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20240119213200/https://www2.fireeye.com/rs/fireye/images/APT17_Report.pdf","source":"MITRE, Tidal Cyber","title":"Hiding in Plain Sight: FireEye and Microsoft Expose Obfuscation Tactic","authors":"FireEye Labs/FireEye Threat Intelligence","date_accessed":"2024-11-17T00:00:00Z","date_published":"2015-05-14T00:00:00Z","owner_name":null,"tidal_id":"06b2a220-2a81-509f-b520-733cc1502f24","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.262272Z"},{"id":"38ed8950-413b-56b5-98c3-ae6420850dc4","name":"ATTACK IQ","description":"Federico Quattrin, Nick Desler, Tin Tam, & Matthew Rutkoske. (2023, March 16). Hiding in Plain Sight: Monitoring and Testing for Living-Off-the-Land Binaries. Retrieved July 15, 2024.","url":"https://www.attackiq.com/2023/03/16/hiding-in-plain-sight/","source":"MITRE","title":"Hiding in Plain Sight: Monitoring and Testing for Living-Off-the-Land Binaries","authors":"Federico Quattrin, Nick Desler, Tin Tam, & Matthew Rutkoske","date_accessed":"2024-07-15T00:00:00Z","date_published":"2023-03-16T00:00:00Z","owner_name":null,"tidal_id":"6d7e03e2-361d-593b-8ffe-e5666c917906","created":"2024-10-31T16:28:25.483197Z","modified":"2025-12-17T15:08:36.434528Z"},{"id":"8612fb31-5806-47ca-ba43-265a590b61fb","name":"Crowdstrike Hiding in Plain Sight 2018","description":"Crowdstrike. (2018, July 18). Hiding in Plain Sight: Using the Office 365 Activities API to Investigate Business Email Compromises. Retrieved January 19, 2020.","url":"https://www.crowdstrike.com/blog/hiding-in-plain-sight-using-the-office-365-activities-api-to-investigate-business-email-compromises/","source":"MITRE","title":"Hiding in Plain Sight: Using the Office 365 Activities API to Investigate Business Email Compromises","authors":"Crowdstrike","date_accessed":"2020-01-19T00:00:00Z","date_published":"2018-07-18T00:00:00Z","owner_name":null,"tidal_id":"f93a412f-c349-5a71-bf9c-f243c25b6fa7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435905Z"},{"id":"88983d22-980d-4442-858a-3b70ec485b94","name":"Hiding Malicious Code with Module Stomping","description":"Aliz Hammond. (2019, August 15). Hiding Malicious Code with \"Module Stomping\": Part 1. Retrieved July 14, 2022.","url":"https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/","source":"MITRE","title":"Hiding Malicious Code with \"Module Stomping\": Part 1","authors":"Aliz Hammond","date_accessed":"2022-07-14T00:00:00Z","date_published":"2019-08-15T00:00:00Z","owner_name":null,"tidal_id":"49f84e8a-9129-5d86-8026-aa1a250f1a62","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436536Z"},{"id":"877a5ae4-ec5f-4f53-b69d-ba74ff9e1619","name":"SpectorOps Hiding Reg Jul 2017","description":"Reitz, B. (2017, July 14). Hiding Registry keys with PSReflect. Retrieved August 9, 2018.","url":"https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353","source":"MITRE","title":"Hiding Registry keys with PSReflect","authors":"Reitz, B","date_accessed":"2018-08-09T00:00:00Z","date_published":"2017-07-14T00:00:00Z","owner_name":null,"tidal_id":"067f4eb3-8323-59aa-bf8d-8d7f763d35ce","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429960Z"},{"id":"d006ed03-a8af-4887-9356-3481d81d43e4","name":"FireEye SUNBURST Backdoor December 2020","description":"FireEye. (2020, December 13). Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor. Retrieved January 4, 2021.","url":"https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html","source":"MITRE, Tidal Cyber","title":"Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor","authors":"FireEye","date_accessed":"2021-01-04T00:00:00Z","date_published":"2020-12-13T00:00:00Z","owner_name":null,"tidal_id":"47c31281-98f4-5e62-ac7e-ec10905071b0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.258018Z"},{"id":"42c81d97-b6ee-458e-bff3-e8c4de882cd6","name":"Redirectors_Domain_Fronting","description":"Mudge, R. (2017, February 6). High-reputation Redirectors and Domain Fronting. Retrieved July 11, 2022.","url":"https://www.cobaltstrike.com/blog/high-reputation-redirectors-and-domain-fronting/","source":"MITRE","title":"High-reputation Redirectors and Domain Fronting","authors":"Mudge, R","date_accessed":"2022-07-11T00:00:00Z","date_published":"2017-02-06T00:00:00Z","owner_name":null,"tidal_id":"c99f2cab-cb11-5ad7-bc8b-f12e8e5a80c8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428487Z"},{"id":"647f6be8-fe95-4045-8778-f7d7ff00c96c","name":"Synack Secure Kernel Extension Broken","description":"Wardle, P. (2017, September 8). High Sierra’s ‘Secure Kernel Extension Loading’ is Broken. Retrieved April 6, 2018.","url":"https://www.synack.com/2017/09/08/high-sierras-secure-kernel-extension-loading-is-broken/","source":"MITRE","title":"High Sierra’s ‘Secure Kernel Extension Loading’ is Broken","authors":"Wardle, P","date_accessed":"2018-04-06T00:00:00Z","date_published":"2017-09-08T00:00:00Z","owner_name":null,"tidal_id":"25722a02-9b37-50cd-be8e-89f7469aa65a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430956Z"},{"id":"a4c50b03-f0d7-4d29-a9de-e550be61390c","name":"modePUSH Azure Storage Explorer September 14 2024","description":"Britton Manahan. (2024, September 14). Highway Blobbery: Data Theft using Azure Storage Explorer. Retrieved September 19, 2024.","url":"https://www.modepush.com/blog/highway-blobbery-data-theft-using-azure-storage-explorer","source":"Tidal Cyber","title":"Highway Blobbery: Data Theft using Azure Storage Explorer","authors":"Britton Manahan","date_accessed":"2024-09-19T00:00:00Z","date_published":"2024-09-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7fe9654d-0d1a-526d-a091-4bbae938feb3","created":"2024-09-20T15:08:29.603115Z","modified":"2024-09-20T15:08:29.840894Z"},{"id":"8fae64f4-797d-54b8-b2d0-b99f923d572d","name":"Wietze Beukema DLL Hijacking","description":"Wietze Beukema. (2020, June 22). Hijacking DLLs in Windows. Retrieved April 8, 2025.","url":"https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows","source":"MITRE","title":"Hijacking DLLs in Windows","authors":"Wietze Beukema","date_accessed":"2025-04-08T00:00:00Z","date_published":"2020-06-22T00:00:00Z","owner_name":null,"tidal_id":"85a99558-88c5-576a-8f38-d1979cc56d02","created":"2025-04-22T20:47:11.781201Z","modified":"2025-12-17T15:08:36.427102Z"},{"id":"87feaca7-96ea-573e-a816-9ece1db78f5c","name":"Synactiv Hijacking GitHub Runners","description":"Hugo Vincent. (2024, May 22). Hijacking GitHub runners to compromise the organization. Retrieved May 22, 2025.","url":"https://www.synacktiv.com/en/publications/hijacking-github-runners-to-compromise-the-organization","source":"MITRE","title":"Hijacking GitHub runners to compromise the organization","authors":"Hugo Vincent","date_accessed":"2025-05-22T00:00:00Z","date_published":"2024-05-22T00:00:00Z","owner_name":null,"tidal_id":"07d1347c-0b16-5072-8fed-2a9ef8026cf5","created":"2025-10-29T21:08:48.166003Z","modified":"2025-12-17T15:08:36.431294Z"},{"id":"0941cf0e-75d8-4c96-bc42-c99d809e75f9","name":"Unit 42 Hildegard Malware","description":"Chen, J. et al. (2021, February 3). Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes. Retrieved April 5, 2021.","url":"https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/","source":"MITRE","title":"Hildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes","authors":"Chen, J. et al","date_accessed":"2021-04-05T00:00:00Z","date_published":"2021-02-03T00:00:00Z","owner_name":null,"tidal_id":"8f5569e5-66ba-52d0-8d84-307eb262c31c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417993Z"},{"id":"11d936fd-aba0-4eed-8007-aca71c340c59","name":"Drakonia HInvoke","description":"drakonia. (2022, August 10). HInvoke and avoiding PInvoke. Retrieved August 22, 2022.","url":"https://dr4k0nia.github.io/dotnet/coding/2022/08/10/HInvoke-and-avoiding-PInvoke.html?s=03","source":"MITRE","title":"HInvoke and avoiding PInvoke","authors":"drakonia","date_accessed":"2022-08-22T00:00:00Z","date_published":"2022-08-10T00:00:00Z","owner_name":null,"tidal_id":"3adad361-1421-55ab-9cc7-d5208be1e250","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436072Z"},{"id":"0ca87e7b-f32e-5265-9dba-c059d1ba92c6","name":"IBM MUSTANG PANDA PUBLOAD CLAIMLOADER JUNE 2025","description":"Golo Muhr, Joshua Chung. (2025, June 23). Hive0154 aka Mustang Panda shifts focus on Tibetan community to deploy Pubload backdoor. Retrieved August 4, 2025.","url":"https://www.ibm.com/think/x-force/hive0154-mustang-panda-shifts-focus-tibetan-community-deploy-pubload-backdoor","source":"MITRE","title":"Hive0154 aka Mustang Panda shifts focus on Tibetan community to deploy Pubload backdoor","authors":"Golo Muhr, Joshua Chung","date_accessed":"2025-08-04T00:00:00Z","date_published":"2025-06-23T00:00:00Z","owner_name":null,"tidal_id":"094252f5-c8ae-56b4-9f69-b114d53b3c4f","created":"2025-10-29T21:08:48.165107Z","modified":"2025-12-17T15:08:36.418170Z"},{"id":"386af393-d4be-5590-9b9e-592d30d431f8","name":"2025_IBM_PUBLOAD_TONESHELL_HIUPAN_CLAIMLOADER_MUSTANG PANDA","description":"Golo Muhr, Joshua Chung. (2025, May 15). Hive0154 targeting US, Philippines, Pakistan and Taiwan in suspected espionage campaign. Retrieved August 4, 2025.","url":"https://www.ibm.com/think/x-force/hive0154-targeting-us-philippines-pakistan-taiwan","source":"MITRE","title":"Hive0154 targeting US, Philippines, Pakistan and Taiwan in suspected espionage campaign","authors":"Golo Muhr, Joshua Chung","date_accessed":"2025-08-04T00:00:00Z","date_published":"2025-05-15T00:00:00Z","owner_name":null,"tidal_id":"61892cf5-314b-55eb-a2ec-dbd78dc8502c","created":"2025-10-29T21:08:48.165026Z","modified":"2025-12-17T15:08:36.417849Z"},{"id":"f5e43446-04ea-4dcd-be3a-22f8b10b8aa1","name":"Hive Ransomware Analysis | Kroll","description":"Stephen Green, Elio Biasiotto. (2023, February 2). Hive Ransomware Analysis | Kroll. Retrieved May 7, 2023.","url":"https://www.kroll.com/en/insights/publications/cyber/hive-ransomware-technical-analysis-initial-access-discovery","source":"Tidal Cyber","title":"Hive Ransomware Analysis | Kroll","authors":"Stephen Green, Elio Biasiotto","date_accessed":"2023-05-07T00:00:00Z","date_published":"2023-02-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"afc30d27-000c-507d-9b97-9276a8c88fcb","created":"2024-06-13T20:10:12.694695Z","modified":"2024-06-13T20:10:12.890703Z"},{"id":"ae0a88d6-bd46-4b22-bfb1-25003bfe83d7","name":"Bitdefender Hunters International November 9 2023","description":"Martin Zugec. (2023, November 9). Hive Ransomware's Offspring: Hunters International Takes the Stage. Retrieved October 4, 2024.","url":"https://www.bitdefender.com/en-us/blog/businessinsights/hive-ransomwares-offspring-hunters-international-takes-the-stage/","source":"Tidal Cyber","title":"Hive Ransomware's Offspring: Hunters International Takes the Stage","authors":"Martin Zugec","date_accessed":"2024-10-04T00:00:00Z","date_published":"2023-11-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c0437bf6-6ad8-5655-a613-7eb26270cd40","created":"2024-10-04T20:31:32.704581Z","modified":"2024-10-04T20:31:32.889771Z"},{"id":"171cfdf1-d91c-4df3-831e-89b6237e3c8b","name":"microsoft_services_registry_tree","description":"Microsoft. (2021, August 5). HKLM\\SYSTEM\\CurrentControlSet\\Services Registry Tree. Retrieved August 25, 2021.","url":"https://docs.microsoft.com/en-us/windows-hardware/drivers/install/hklm-system-currentcontrolset-services-registry-tree","source":"MITRE","title":"HKLM\\SYSTEM\\CurrentControlSet\\Services Registry Tree","authors":"Microsoft","date_accessed":"2021-08-25T00:00:00Z","date_published":"2021-08-05T00:00:00Z","owner_name":null,"tidal_id":"f2a6bf8d-3a63-5386-82f9-91ac10b8a58f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425581Z"},{"id":"cb9b5391-773f-4b56-8c41-d4f548c7b835","name":"Microsoft CurrentControlSet Services","description":"Microsoft. (2017, April 20). HKLM\\SYSTEM\\CurrentControlSet\\Services Registry Tree. Retrieved March 16, 2020.","url":"https://docs.microsoft.com/en-us/windows-hardware/drivers/install/hklm-system-currentcontrolset-services-registry-tree","source":"MITRE","title":"HKLM\\SYSTEM\\CurrentControlSet\\Services Registry Tree","authors":"Microsoft","date_accessed":"2020-03-16T00:00:00Z","date_published":"2017-04-20T00:00:00Z","owner_name":null,"tidal_id":"a3a8277b-d69e-5b34-b4a7-ce5972e873c5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434191Z"},{"id":"c8e9fee1-9981-499f-a62f-ffe59f4bb1e7","name":"Accenture Hogfish April 2018","description":"Accenture Security. (2018, April 23). Hogfish Redleaves Campaign. Retrieved July 2, 2018.","url":"http://web.archive.org/web/20220810112638/https:/www.accenture.com/t20180423T055005Z_w_/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf","source":"MITRE","title":"Hogfish Redleaves Campaign","authors":"Accenture Security","date_accessed":"2018-07-02T00:00:00Z","date_published":"2018-04-23T00:00:00Z","owner_name":null,"tidal_id":"31c9ddb5-c3f7-5f83-b638-3ccc29846890","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438680Z"},{"id":"b964139f-7c02-451d-8d22-a87975e60aa2","name":"Proofpoint Router Malvertising","description":"Kafeine. (2016, December 13). Home Routers Under Attack via Malvertising on Windows, Android Devices. Retrieved January 16, 2019.","url":"https://www.proofpoint.com/us/threat-insight/post/home-routers-under-attack-malvertising-windows-android-devices","source":"MITRE","title":"Home Routers Under Attack via Malvertising on Windows, Android Devices","authors":"Kafeine","date_accessed":"2019-01-16T00:00:00Z","date_published":"2016-12-13T00:00:00Z","owner_name":null,"tidal_id":"88fb476f-6023-5483-97cd-80a774cf972c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436326Z"},{"id":"7d22be2c-f906-4fd4-9634-520c54b84ad7","name":"Support Portal January 1 2024","description":"Support Portal. (2024, January 1). Home - Support Portal - Broadcom support portal. Retrieved December 19, 2024.","url":"https://customerconnect.vmware.com/downloads/info/slug/datacenter_cloud_infrastructure/vmware_tools/12_x","source":"Tidal Cyber","title":"Home - Support Portal - Broadcom support portal","authors":"Support Portal","date_accessed":"2024-12-19T00:00:00Z","date_published":"2024-01-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"11193523-fd7d-5727-95ff-f53934b400b9","created":"2025-04-11T15:06:16.270906Z","modified":"2025-04-11T15:06:16.427064Z"},{"id":"c4175c73-9731-57e4-ba30-47999754e71f","name":"MalwareByes Honda and Enel Ransomware June 2020","description":"MalwareBytes. (2020, June 09). Honda and Enel impacted by cyber attack suspected to be ransomware. Retrieved April","url":"https://blog.malwarebytes.com/threat-analysis/2020/06/honda-and-enel-impacted-by-cyber-attack-suspected-to-be-ransomware/","source":"ICS","title":"Honda and Enel impacted by cyber attack suspected to be ransomware","authors":"MalwareBytes","date_accessed":"1978-04-01T00:00:00Z","date_published":"2020-06-09T00:00:00Z","owner_name":null,"tidal_id":"6cc896c5-0694-5a56-827b-26b5e1551664","created":"2026-01-28T13:08:18.175943Z","modified":"2026-01-28T13:08:18.175946Z"},{"id":"a6a2710f-5f88-5f6b-a603-2427c63252df","name":"Forbes Snake Ransomware June 2020","description":"Davey Winder. (2020, June 10). Honda Hacked: Japanese Car Giant Confirms Cyber Attack On Global Operations. Retrieved April","url":"https://www.forbes.com/sites/daveywinder/2020/06/10/honda-hacked-japanese-car-giant-confirms-cyber-attack-on-global-operations-snake-ransomware/?sh=2725c35753ad","source":"ICS","title":"Honda Hacked: Japanese Car Giant Confirms Cyber Attack On Global Operations","authors":"Davey Winder","date_accessed":"1978-04-01T00:00:00Z","date_published":"2020-06-10T00:00:00Z","owner_name":null,"tidal_id":"06ec373e-b60a-54a5-a670-09ab424c3874","created":"2026-01-28T13:08:18.175917Z","modified":"2026-01-28T13:08:18.175920Z"},{"id":"300505ae-bb7a-503d-84c5-9ff021eb6f3a","name":"Trustwave Honeypot SkidMap 2023","description":"Radoslaw Zdonczyk. (2023, July 30). Honeypot Recon: New Variant of SkidMap Targeting Redis. Retrieved September 29, 2023.","url":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/honeypot-recon-new-variant-of-skidmap-targeting-redis/","source":"MITRE","title":"Honeypot Recon: New Variant of SkidMap Targeting Redis","authors":"Radoslaw Zdonczyk","date_accessed":"2023-09-29T00:00:00Z","date_published":"2023-07-30T00:00:00Z","owner_name":null,"tidal_id":"4a7d68a7-7565-5c12-a2f8-73ccccb749f2","created":"2023-11-07T00:36:02.915337Z","modified":"2025-12-17T15:08:36.429802Z"},{"id":"54997a52-f78b-4af4-8916-787bcb215ce1","name":"Microsoft Hook Overview","description":"Microsoft. (n.d.). Hooks Overview. Retrieved December 12, 2017.","url":"https://msdn.microsoft.com/library/windows/desktop/ms644959.aspx","source":"MITRE","title":"Hooks Overview","authors":"Microsoft","date_accessed":"2017-12-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e18614af-80b6-5bfd-9fd6-3da29fc8695b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430549Z"},{"id":"5fbf3a1d-eac2-44b8-a0a9-70feca168647","name":"SpectorOps Host-Based Jul 2017","description":"Atkinson, J. (2017, July 18). Host-based Threat Modeling & Indicator Design. Retrieved March 21, 2018.","url":"https://posts.specterops.io/host-based-threat-modeling-indicator-design-a9dbbb53d5ea","source":"MITRE","title":"Host-based Threat Modeling & Indicator Design","authors":"Atkinson, J","date_accessed":"2018-03-21T00:00:00Z","date_published":"2017-07-18T00:00:00Z","owner_name":null,"tidal_id":"cf73e917-c736-5d18-9bfc-4f005e6cefe4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436400Z"},{"id":"05cd6948-a5b9-5522-ba7c-c3347320066d","name":"FireEye-JSPatch","description":"Jing Xie, Zhaofeng Chen, Jimmy Su. (2016, January 27). HOT OR NOT? THE BENEFITS AND RISKS OF IOS REMOTE HOT PATCHING. Retrieved December","url":"https://www.fireeye.com/blog/threat-research/2016/01/hot_or_not_the_bene.html","source":"Mobile","title":"HOT OR NOT? THE BENEFITS AND RISKS OF IOS REMOTE HOT PATCHING","authors":"Jing Xie, Zhaofeng Chen, Jimmy Su","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-01-27T00:00:00Z","owner_name":null,"tidal_id":"9686f750-23c0-5bba-b3e5-5db3acc55668","created":"2026-01-28T13:08:10.044491Z","modified":"2026-01-28T13:08:10.044494Z"},{"id":"8c4f806c-b6f2-5bde-8525-05da6692e59c","name":"Crowdstrike AWS User Federation Persistence","description":"Vaishnav Murthy and Joel Eng. (2023, January 30). How Adversaries Can Persist with AWS User Federation. Retrieved March 10, 2023.","url":"https://www.crowdstrike.com/blog/how-adversaries-persist-with-aws-user-federation/","source":"MITRE","title":"How Adversaries Can Persist with AWS User Federation","authors":"Vaishnav Murthy and Joel Eng","date_accessed":"2023-03-10T00:00:00Z","date_published":"2023-01-30T00:00:00Z","owner_name":null,"tidal_id":"9adaf234-d2a4-55f2-b121-85709f12a12a","created":"2023-05-26T01:21:08.034376Z","modified":"2025-12-17T15:08:36.432375Z"},{"id":"ae9f8bd0-fcf9-5fa1-ae8e-e146b52c89f5","name":"Kelly Jackson Higgins","description":"Kelly Jackson Higgins. (n.d.). How a Manufacturing Firm Recovered from a Devastating Ransomware Attack. Retrieved 2019/11/03","url":"https://www.darkreading.com/attacks-breaches/how-a-manufacturing-firm-recovered-from-a-devastating-ransomware-attack/d/d-id/1334760","source":"ICS","title":"How a Manufacturing Firm Recovered from a Devastating Ransomware Attack","authors":"Kelly Jackson Higgins","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b7bc3df1-61da-5590-9dd1-f2242442e118","created":"2026-01-28T13:08:18.179646Z","modified":"2026-01-28T13:08:18.179649Z"},{"id":"6a013c48-3b58-5b87-9af5-0b7d01f27c48","name":"Andy Greenberg June 2017","description":"Andy Greenberg. (2017, June 28). How an Entire Nation Became Russia's Test Lab for Cyberwar. Retrieved September 27, 2023.","url":"https://www.wired.com/story/russian-hackers-attack-ukraine/","source":"MITRE","title":"How an Entire Nation Became Russia's Test Lab for Cyberwar","authors":"Andy Greenberg","date_accessed":"2023-09-27T00:00:00Z","date_published":"2017-06-28T00:00:00Z","owner_name":null,"tidal_id":"b82b094a-3537-5705-989f-f535b898e4d3","created":"2023-11-07T00:36:20.386907Z","modified":"2025-12-17T15:08:36.441606Z"},{"id":"f700790a-81c4-516f-b6d7-5b7c750175ae","name":"Konoth","description":"Radhesh Krishnan Konoth, Victor van der Veen, and Herbert Bos. (n.d.). How Anywhere Computing Just Killed Your Phone-Based Two-Factor Authentication. Retrieved December","url":"http://www.vvdveen.com/publications/BAndroid.pdf","source":"Mobile","title":"How Anywhere Computing Just Killed Your Phone-Based Two-Factor Authentication","authors":"Radhesh Krishnan Konoth, Victor van der Veen, and Herbert Bos","date_accessed":"1978-12-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c6ac35df-288a-5e92-bb8f-7e0d9151f67c","created":"2026-01-28T13:08:10.046148Z","modified":"2026-01-28T13:08:10.046151Z"},{"id":"0eadf116-7f53-5822-9ba4-ab595dfdf093","name":"Honan-Hacking","description":"Mat Honan. (2012, August 6). How Apple and Amazon Security Flaws Led to My Epic Hacking. Retrieved December","url":"https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/","source":"Mobile","title":"How Apple and Amazon Security Flaws Led to My Epic Hacking","authors":"Mat Honan","date_accessed":"1978-12-01T00:00:00Z","date_published":"2012-08-06T00:00:00Z","owner_name":null,"tidal_id":"6b500c0b-29d2-5fd0-a14a-024fe9aa6d82","created":"2026-01-28T13:08:10.044076Z","modified":"2026-01-28T13:08:10.044078Z"},{"id":"b52dcca4-19cb-5b95-9c5e-8b5c81fd986f","name":"Perez Sitemap XML 2023","description":"Adi Perez. (2023, February 22). How Attackers Can Misuse Sitemaps to Enumerate Users and Discover Sensitive Information. Retrieved July 18, 2024.","url":"https://medium.com/@adimenia/how-attackers-can-misuse-sitemaps-to-enumerate-users-and-discover-sensitive-information-361a5065857a","source":"MITRE","title":"How Attackers Can Misuse Sitemaps to Enumerate Users and Discover Sensitive Information","authors":"Adi Perez","date_accessed":"2024-07-18T00:00:00Z","date_published":"2023-02-22T00:00:00Z","owner_name":null,"tidal_id":"07c44fb1-2425-5d30-b9b7-4d659820b791","created":"2024-10-31T16:28:17.220846Z","modified":"2025-12-17T15:08:36.425459Z"},{"id":"4b4f0171-827d-45c3-8c89-66ea801e77e8","name":"Symantec Digital Certificates","description":"Shinotsuka, H. (2013, February 22). How Attackers Steal Private Keys from Digital Certificates. Retrieved March 31, 2016.","url":"http://www.symantec.com/connect/blogs/how-attackers-steal-private-keys-digital-certificates","source":"MITRE","title":"How Attackers Steal Private Keys from Digital Certificates","authors":"Shinotsuka, H","date_accessed":"2016-03-31T00:00:00Z","date_published":"2013-02-22T00:00:00Z","owner_name":null,"tidal_id":"78ac54c8-32e8-5de4-9628-91fb247120cb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425825Z"},{"id":"5185560e-b8f0-4c40-8c90-cb12348a0f7f","name":"ADSecurity Silver Tickets","description":"Sean Metcalf. (2015, November 17). How Attackers Use Kerberos Silver Tickets to Exploit Systems. Retrieved February 27, 2020.","url":"https://adsecurity.org/?p=2011","source":"MITRE","title":"How Attackers Use Kerberos Silver Tickets to Exploit Systems","authors":"Sean Metcalf","date_accessed":"2020-02-27T00:00:00Z","date_published":"2015-11-17T00:00:00Z","owner_name":null,"tidal_id":"70095e24-2427-5aca-b4e6-743428957d33","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434991Z"},{"id":"343c1cc0-6d34-5819-b1d7-62933c3f2898","name":"cleafy_brata_0122","description":"Federico Valentini, Francesco Lubatti. (2022, January 24). How BRATA is monitoring your bank account. Retrieved December","url":"https://www.cleafy.com/cleafy-labs/how-brata-is-monitoring-your-bank-account","source":"Mobile","title":"How BRATA is monitoring your bank account","authors":"Federico Valentini, Francesco Lubatti","date_accessed":"1978-12-01T00:00:00Z","date_published":"2022-01-24T00:00:00Z","owner_name":null,"tidal_id":"414181fe-a148-51c1-b3f3-6a426638c8a2","created":"2026-01-28T13:08:10.040622Z","modified":"2026-01-28T13:08:10.040625Z"},{"id":"4c434ca5-2544-45e0-82d9-71343d8aa960","name":"Amazon S3 Security, 2019","description":"Amazon. (2019, May 17). How can I secure the files in my Amazon S3 bucket?. Retrieved October 4, 2019.","url":"https://aws.amazon.com/premiumsupport/knowledge-center/secure-s3-resources/","source":"MITRE","title":"How can I secure the files in my Amazon S3 bucket?","authors":"Amazon","date_accessed":"2019-10-04T00:00:00Z","date_published":"2019-05-17T00:00:00Z","owner_name":null,"tidal_id":"845fe0cf-24d5-50d6-88c4-582a7dfa7241","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427395Z"},{"id":"0b0880a8-82cc-4e23-afd9-95d099c753a4","name":"Microsoft Connection Manager Oct 2009","description":"Microsoft. (2009, October 8). How Connection Manager Works. Retrieved April 11, 2018.","url":"https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc786431(v=ws.10)","source":"MITRE","title":"How Connection Manager Works","authors":"Microsoft","date_accessed":"2018-04-11T00:00:00Z","date_published":"2009-10-08T00:00:00Z","owner_name":null,"tidal_id":"44a7e3ee-0dc7-59fa-9317-d15017da7220","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429190Z"},{"id":"811eb587-effd-50ad-abb4-83221cc5d567","name":"Kaspersky-masking","description":"Dedenok, Roman. (2023, December 12). How cybercriminals disguise URLs. Retrieved January 17, 2024.","url":"https://www.kaspersky.com/blog/malicious-redirect-methods/50045/","source":"MITRE","title":"How cybercriminals disguise URLs","authors":"Dedenok, Roman","date_accessed":"2024-01-17T00:00:00Z","date_published":"2023-12-12T00:00:00Z","owner_name":null,"tidal_id":"5cdaf05c-d84a-5b34-8738-9e6a6f2cde14","created":"2024-04-25T13:28:37.382963Z","modified":"2025-12-17T15:08:36.432120Z"},{"id":"082a0fde-d9f9-45f2-915d-f14c77b62254","name":"dns_changer_trojans","description":"Abendan, O. (2012, June 14). How DNS Changer Trojans Direct Users to Threats. Retrieved October 28, 2021.","url":"https://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/125/how-dns-changer-trojans-direct-users-to-threats","source":"MITRE","title":"How DNS Changer Trojans Direct Users to Threats","authors":"Abendan, O","date_accessed":"2021-10-28T00:00:00Z","date_published":"2012-06-14T00:00:00Z","owner_name":null,"tidal_id":"2d41c27c-d49a-5deb-9018-a987ff55675c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423900Z"},{"id":"ad6dfcab-792a-4b4d-8ada-aa418e2ea1aa","name":"Entrust Enable CAPI2 Aug 2017","description":"Entrust Datacard. (2017, August 16). How do I enable CAPI 2.0 logging in Windows Vista, Windows 7 and Windows 2008 Server?. Retrieved January 31, 2018.","url":"http://www.entrust.net/knowledge-base/technote.cfm?tn=8165","source":"MITRE","title":"How do I enable CAPI 2.0 logging in Windows Vista, Windows 7 and Windows 2008 Server?","authors":"Entrust Datacard","date_accessed":"2018-01-31T00:00:00Z","date_published":"2017-08-16T00:00:00Z","owner_name":null,"tidal_id":"e881fc41-9d03-5afd-900e-2cc3ca2d31bf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429598Z"},{"id":"9254d3f5-7fc1-4710-b885-b0ddb3a3dca9","name":"Apple Culprit Access","description":"rjben. (2012, May 30). How do you find the culprit when unauthorized access to a computer is a problem?. Retrieved August 3, 2022.","url":"https://discussions.apple.com/thread/3991574","source":"MITRE","title":"How do you find the culprit when unauthorized access to a computer is a problem?","authors":"rjben","date_accessed":"2022-08-03T00:00:00Z","date_published":"2012-05-30T00:00:00Z","owner_name":null,"tidal_id":"508cafb0-7396-591c-939b-348263c20b47","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427934Z"},{"id":"55171e0e-6b6d-568c-941a-85adcafceb43","name":"SFX - Encrypted/Encoded File","description":"Jai Minton. (2023, March 31). How Falcon OverWatch Investigates Malicious Self-Extracting Archives, Decoy Files and Their Hidden Payloads. Retrieved March 29, 2024.","url":"https://www.crowdstrike.com/blog/self-extracting-archives-decoy-files-and-their-hidden-payloads/","source":"MITRE","title":"How Falcon OverWatch Investigates Malicious Self-Extracting Archives, Decoy Files and Their Hidden Payloads","authors":"Jai Minton","date_accessed":"2024-03-29T00:00:00Z","date_published":"2023-03-31T00:00:00Z","owner_name":null,"tidal_id":"b589cd6a-993f-5abe-a77a-ff3fd43f4134","created":"2024-04-25T13:28:29.834294Z","modified":"2025-12-17T15:08:36.424701Z"},{"id":"6a588eff-2b79-41c3-9834-613a628a0355","name":"DOJ FIN7 Aug 2018","description":"Department of Justice. (2018, August 01). HOW FIN7 ATTACKED AND STOLE DATA. Retrieved August 24, 2018.","url":"https://www.justice.gov/opa/press-release/file/1084361/download","source":"MITRE","title":"HOW FIN7 ATTACKED AND STOLE DATA","authors":"Department of Justice","date_accessed":"2018-08-24T00:00:00Z","date_published":"2018-08-01T00:00:00Z","owner_name":null,"tidal_id":"94d619c7-54dc-571d-9f23-09510d13f241","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442113Z"},{"id":"a9156c24-42ad-5f15-a18e-2382f84d702e","name":"Charles McLellan March 2016","description":"Charles McLellan. (2016, March 4). How hackers attacked Ukraine's power grid: Implications for Industrial IoT security. Retrieved September 27, 2023.","url":"https://www.zdnet.com/article/how-hackers-attacked-ukraines-power-grid-implications-for-industrial-iot-security/","source":"MITRE","title":"How hackers attacked Ukraine's power grid: Implications for Industrial IoT security","authors":"Charles McLellan","date_accessed":"2023-09-27T00:00:00Z","date_published":"2016-03-04T00:00:00Z","owner_name":null,"tidal_id":"dde7d979-55b4-53a1-bab7-02117fef2102","created":"2023-11-07T00:36:20.700061Z","modified":"2025-12-17T15:08:36.441892Z"},{"id":"e6136a63-81fe-4363-8d98-f7d1e85a0f2b","name":"Cyware Social Media","description":"Cyware Hacker News. (2019, October 2). How Hackers Exploit Social Media To Break Into Your Company. Retrieved October 20, 2020.","url":"https://cyware.com/news/how-hackers-exploit-social-media-to-break-into-your-company-88e8da8e","source":"MITRE","title":"How Hackers Exploit Social Media To Break Into Your Company","authors":"Cyware Hacker News","date_accessed":"2020-10-20T00:00:00Z","date_published":"2019-10-02T00:00:00Z","owner_name":null,"tidal_id":"228eb588-f042-5b99-b2ad-f992ee8b8fea","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433055Z"},{"id":"9e680ab4-5d8d-46a1-a1e8-2ca2914bb93f","name":"SpyCloud Stealers Chrome Bypass October 2 2024","description":"James. (2024, October 2). How Infostealers Are Bypassing New Chrome Security Feature to Steal User Session Cookies. Retrieved October 13, 2024.","url":"https://spycloud.com/blog/infostealers-bypass-new-chrome-security-feature/","source":"Tidal Cyber","title":"How Infostealers Are Bypassing New Chrome Security Feature to Steal User Session Cookies","authors":"James","date_accessed":"2024-10-13T00:00:00Z","date_published":"2024-10-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fdc23a38-088c-519a-b550-973765ee4a15","created":"2024-10-14T19:18:49.277032Z","modified":"2024-10-14T19:18:49.682456Z"},{"id":"68041ffb-aaae-5989-97de-8dbba13012aa","name":"iOS Mic Spyware","description":"ZecOps Research Team. (2021, November 4). How iOS Malware Can Spy on Users Silently. Retrieved April","url":"https://blog.zecops.com/research/how-ios-malware-can-spy-on-users-silently/","source":"Mobile","title":"How iOS Malware Can Spy on Users Silently","authors":"ZecOps Research Team","date_accessed":"1978-04-01T00:00:00Z","date_published":"2021-11-04T00:00:00Z","owner_name":null,"tidal_id":"87a935ec-c247-5148-8b4a-be4e131a1c2d","created":"2026-01-28T13:08:10.044466Z","modified":"2026-01-28T13:08:10.044469Z"},{"id":"3744a62b-921e-50a1-abd9-6cefbc2e726f","name":"Hydro","description":"Hydro Kevin Beaumont. (n.d.). How Lockergoga took down Hydro ransomware used in targeted attacks aimed at big business. Retrieved 2019/10/16","url":"https://www.hydro.com/en/media/on-the-agenda/cyber-attack/","source":"ICS","title":"How Lockergoga took down Hydro ransomware used in targeted attacks aimed at big business","authors":"Hydro Kevin Beaumont","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8156d3d0-f60e-5e1f-95c0-d55748c6272d","created":"2026-01-28T13:08:18.179718Z","modified":"2026-01-28T13:08:18.179721Z"},{"id":"0e90a526-3439-5400-8bfc-739ca255be61","name":"Kevin Beaumont","description":"Kevin Beaumont. (n.d.). How Lockergoga took down Hydro ransomware used in targeted attacks aimed at big business. Retrieved 2019/10/16","url":"https://doublepulsar.com/how-lockergoga-took-down-hydro-ransomware-used-in-targeted-attacks-aimed-at-big-business-c666551f5880","source":"ICS","title":"How Lockergoga took down Hydro ransomware used in targeted attacks aimed at big business","authors":"Kevin Beaumont","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"65e5879a-d644-533f-9f2f-50cc84c7c279","created":"2026-01-28T13:08:18.179742Z","modified":"2026-01-28T13:08:18.179745Z"},{"id":"d5ed35d7-0831-510a-ac65-e1d3721a521b","name":"abuse_native_linux_tools","description":"Surana, N., et al. (2022, September 8). How Malicious Actors Abuse Native Linux Tools in Attacks. Retrieved September","url":"https://www.trendmicro.com/en_za/research/22/i/how-malicious-actors-abuse-native-linux-tools-in-their-attacks.html","source":"Mobile","title":"How Malicious Actors Abuse Native Linux Tools in Attacks","authors":"Surana, N., et al","date_accessed":"1978-09-01T00:00:00Z","date_published":"2022-09-08T00:00:00Z","owner_name":null,"tidal_id":"032385df-c1cf-5f98-9746-a69609deb91c","created":"2026-01-28T13:08:10.045261Z","modified":"2026-01-28T13:08:10.045264Z"},{"id":"31352deb-6c9d-5f1d-be73-60ccd0ccae93","name":"ICS Mutexes 2015","description":"Lenny Zeltser. (2015, March 9). How Malware Generates Mutex Names to Evade Detection. Retrieved September 19, 2024.","url":"https://isc.sans.edu/diary/How+Malware+Generates+Mutex+Names+to+Evade+Detection/19429/","source":"MITRE","title":"How Malware Generates Mutex Names to Evade Detection","authors":"Lenny Zeltser","date_accessed":"2024-09-19T00:00:00Z","date_published":"2015-03-09T00:00:00Z","owner_name":null,"tidal_id":"8b028a3d-bd75-5ce0-b101-35029dedb7d4","created":"2024-10-31T16:28:20.480824Z","modified":"2025-12-17T15:08:36.429008Z"},{"id":"c5982f65-1782-452a-9667-a8732d31e89a","name":"malware_hides_service","description":"Lawrence Abrams. (2004, September 10). How Malware hides and is installed as a Service. Retrieved August 30, 2021.","url":"https://www.bleepingcomputer.com/tutorials/how-malware-hides-as-a-service/","source":"MITRE","title":"How Malware hides and is installed as a Service","authors":"Lawrence Abrams","date_accessed":"2021-08-30T00:00:00Z","date_published":"2004-09-10T00:00:00Z","owner_name":null,"tidal_id":"8c74a577-014d-5c63-b97d-da518c39be45","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425554Z"},{"id":"ce952a0d-9c0d-4a51-9564-7cc5d9e43e2c","name":"S1 macOs Persistence","description":"Stokes, P. (2019, July 17). How Malware Persists on macOS. Retrieved March 27, 2020.","url":"https://www.sentinelone.com/blog/how-malware-persists-on-macos/","source":"MITRE","title":"How Malware Persists on macOS","authors":"Stokes, P","date_accessed":"2020-03-27T00:00:00Z","date_published":"2019-07-17T00:00:00Z","owner_name":null,"tidal_id":"fd2bf006-469d-5b8c-963f-ea4b8743e4f5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428611Z"},{"id":"81a49043-cac5-40e0-a626-fd242d21c56d","name":"sentinelone macos persist Jun 2019","description":"Stokes, Phil. (2019, June 17). HOW MALWARE PERSISTS ON MACOS. Retrieved September 10, 2019.","url":"https://www.sentinelone.com/blog/how-malware-persists-on-macos/","source":"MITRE","title":"HOW MALWARE PERSISTS ON MACOS","authors":"Stokes, Phil","date_accessed":"2019-09-10T00:00:00Z","date_published":"2019-06-17T00:00:00Z","owner_name":null,"tidal_id":"84a20c9a-3cb8-5ba2-a171-3215cd055e24","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430005Z"},{"id":"561ff84d-17ce-511c-af0c-059310f3c129","name":"Kaspersky Autofill","description":"Golubev, S. (n.d.). How malware steals autofill data from browsers. Retrieved March 28, 2023.","url":"https://www.kaspersky.com/blog/browser-data-theft/27871/","source":"MITRE","title":"How malware steals autofill data from browsers","authors":"Golubev, S","date_accessed":"2023-03-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"37267693-a460-54db-810f-2cbe132e821e","created":"2023-05-26T01:21:06.290053Z","modified":"2025-12-17T15:08:36.430173Z"},{"id":"de9cda86-0b23-4bc8-b524-e74fecf99448","name":"Microsoft Threat Actor Naming","description":"diannegali, schmurky, Dansimp, chrisda, Stacyrch140. (2023, April 20). How Microsoft names threat actors. Retrieved June 22, 2023.","url":"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming","source":"Tidal Cyber","title":"How Microsoft names threat actors","authors":"diannegali, schmurky, Dansimp, chrisda, Stacyrch140","date_accessed":"2023-06-22T00:00:00Z","date_published":"2023-04-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d853eaa9-4436-5d4d-a1cb-f27a6dd688e3","created":"2024-06-13T20:10:34.530570Z","modified":"2024-06-13T20:10:34.718193Z"},{"id":"78a8137d-694e-533d-aed3-6bd48fc0cd4a","name":"Microsoft Threat Actor Naming July 2023","description":"Microsoft . (2023, July 12). How Microsoft names threat actors. Retrieved November 17, 2023.","url":"https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide","source":"MITRE","title":"How Microsoft names threat actors","authors":"Microsoft","date_accessed":"2023-11-17T00:00:00Z","date_published":"2023-07-12T00:00:00Z","owner_name":null,"tidal_id":"f33b7c7f-8395-54d1-8034-e4fa610bfa5b","created":"2024-04-25T13:28:43.138180Z","modified":"2025-12-17T15:08:36.437294Z"},{"id":"b079fff9-472d-57bf-b23b-8a9971f5c974","name":"Microsoft Naming Conventions Frequently Updated","description":"Microsoft. (2025, September 8). How Microsoft names threat actors. Retrieved September 10, 2025.","url":"https://learn.microsoft.com/en-us/unified-secops-platform/microsoft-threat-actor-naming","source":"MITRE","title":"How Microsoft names threat actors","authors":"Microsoft","date_accessed":"2025-09-10T00:00:00Z","date_published":"2025-09-08T00:00:00Z","owner_name":null,"tidal_id":"978c0b0b-c77a-51c5-b232-04bda62dd226","created":"2025-10-29T21:08:48.166868Z","modified":"2025-12-17T15:08:36.438568Z"},{"id":"80c840ab-782a-4f15-bc7b-2d2ab4e51702","name":"TheEclecticLightCompany apple notarization","description":"How Notarization Works. (2020, August 28). How notarization works. Retrieved September 13, 2021.","url":"https://eclecticlight.co/2020/08/28/how-notarization-works/","source":"MITRE","title":"How notarization works","authors":"How Notarization Works","date_accessed":"2021-09-13T00:00:00Z","date_published":"2020-08-28T00:00:00Z","owner_name":null,"tidal_id":"12e0d5d3-ede5-593c-9f45-8804ded0e383","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427289Z"},{"id":"bb6aafcb-ed30-404a-a9d9-b90503a0ec7c","name":"SentinelOne AppleScript","description":"Phil Stokes. (2020, March 16). How Offensive Actors Use AppleScript For Attacking macOS. Retrieved July 17, 2020.","url":"https://www.sentinelone.com/blog/how-offensive-actors-use-applescript-for-attacking-macos/","source":"MITRE","title":"How Offensive Actors Use AppleScript For Attacking macOS","authors":"Phil Stokes","date_accessed":"2020-07-17T00:00:00Z","date_published":"2020-03-16T00:00:00Z","owner_name":null,"tidal_id":"3ec5b886-cdd4-5e42-9723-c3d4697891b4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427756Z"},{"id":"f0a238ce-6742-5a71-9eab-f20180583aa8","name":"Machine Information Systems 2007","description":"Machine Information Systems. (2007). How PLCs Work. Retrieved 2021/01/28","url":"http://www.machine-information-systems.com/How_PLCs_Work.html","source":"ICS","title":"How PLCs Work","authors":"Machine Information Systems","date_accessed":"2021-01-01T00:00:00Z","date_published":"2007-01-01T00:00:00Z","owner_name":null,"tidal_id":"8ad28aa9-1175-5487-865f-d24154e5900c","created":"2026-01-28T13:08:18.176783Z","modified":"2026-01-28T13:08:18.176786Z"},{"id":"bcf0e74c-0e22-5e11-b16a-086f9c2a5d4a","name":"Omron","description":"Omron Machine Information Systems. (2007). How PLCs Work. Retrieved 2021/01/28","url":"https://www.omron-ap.com/service_support/FAQ/FAQ00002/index.asp#:~:text=In%20PROGRAM%20mode%2C%20the%20CPU,can%20be%20created%20or%20modified.","source":"ICS","title":"How PLCs Work","authors":"Omron Machine Information Systems","date_accessed":"2021-01-01T00:00:00Z","date_published":"2007-01-01T00:00:00Z","owner_name":null,"tidal_id":"1bf5878b-8459-5e96-bf26-aa7d69b64728","created":"2026-01-28T13:08:18.176833Z","modified":"2026-01-28T13:08:18.176836Z"},{"id":"78199414-7b5e-45d8-8bda-d6f5a7c3988b","name":"SecureWorld - How Secure Is Your Slack Channel - Dec 2021","description":"Drew Todd. (2021, December 28). How Secure Is Your Slack Channel?. Retrieved May 31, 2022.","url":"https://www.secureworld.io/industry-news/how-secure-is-your-slack-channel#:~:text=Electronic%20Arts%20hacked%20through%20Slack%20channel&text=In%20total%2C%20the%20hackers%20claim,credentials%20over%20a%20Slack%20channel.","source":"MITRE","title":"How Secure Is Your Slack Channel?","authors":"Drew Todd","date_accessed":"2022-05-31T00:00:00Z","date_published":"2021-12-28T00:00:00Z","owner_name":null,"tidal_id":"a026a360-e19b-5d53-a8b6-3f7dc627f2fa","created":"2022-12-14T20:06:32.013016Z","modified":"2023-05-26T01:21:03.785012Z"},{"id":"335480f8-8f40-4da7-b083-6a4b158496c1","name":"Windows OS Hub RDP","description":"Windows OS Hub. (2021, November 10). How to Allow Multiple RDP Sessions in Windows 10 and 11?. Retrieved March 28, 2022.","url":"http://woshub.com/how-to-allow-multiple-rdp-sessions-in-windows-10/","source":"MITRE","title":"How to Allow Multiple RDP Sessions in Windows 10 and 11?","authors":"Windows OS Hub","date_accessed":"2022-03-28T00:00:00Z","date_published":"2021-11-10T00:00:00Z","owner_name":null,"tidal_id":"ef4f5b89-14f2-518a-a460-da5318a229eb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427743Z"},{"id":"7dfa71e4-45ab-52ad-b49a-6d3df0953326","name":"Outpost24","description":"Stijn Vande Casteele. (2025, March 31). How to analyze metadata and hide it from hackers. Retrieved July 2, 2025.","url":"https://outpost24.com/blog/metadata-hackers-best-friend/","source":"MITRE","title":"How to analyze metadata and hide it from hackers","authors":"Stijn Vande Casteele","date_accessed":"2025-07-02T00:00:00Z","date_published":"2025-03-31T00:00:00Z","owner_name":null,"tidal_id":"89f9cd42-8d43-5c81-b0a5-9b49a0a89650","created":"2025-10-29T21:08:48.166324Z","modified":"2025-12-17T15:08:36.434006Z"},{"id":"724464f6-1a86-46e3-9a81-192b136c73ba","name":"Xpn Argue Like Cobalt 2019","description":"Chester, A. (2019, January 28). How to Argue like Cobalt Strike. Retrieved November 19, 2021.","url":"https://blog.xpnsec.com/how-to-argue-like-cobalt-strike/","source":"MITRE","title":"How to Argue like Cobalt Strike","authors":"Chester, A","date_accessed":"2021-11-19T00:00:00Z","date_published":"2019-01-28T00:00:00Z","owner_name":null,"tidal_id":"5c6a2dd3-78eb-59e7-9e44-ee9c10ca1690","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436950Z"},{"id":"77af0be9-174a-4330-8122-d0bd0c754973","name":"Seqrite DoubleExtension","description":"Seqrite. (n.d.). How to avoid dual attack and vulnerable files with double extension?. Retrieved July 27, 2021.","url":"https://www.seqrite.com/blog/how-to-avoid-dual-attack-and-vulnerable-files-with-double-extension/","source":"MITRE","title":"How to avoid dual attack and vulnerable files with double extension?","authors":"Seqrite","date_accessed":"2021-07-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d028ac98-2e8b-573d-916a-47ef806eafb0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425213Z"},{"id":"ee1abe19-f38b-5127-8377-f13f57f2abcb","name":"BOA Telephone Scams","description":"Bank of America. (n.d.). How to avoid telephone scams. Retrieved September 8, 2023.","url":"https://business.bofa.com/en-us/content/what-is-vishing.html","source":"MITRE","title":"How to avoid telephone scams","authors":"Bank of America","date_accessed":"2023-09-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9592a2dd-623a-586a-a5a2-47321dd6702d","created":"2023-11-07T00:36:04.105714Z","modified":"2025-12-17T15:08:36.430833Z"},{"id":"5790f25c-d1a5-5fb9-b213-0d84a6570c4c","name":"Okta Block Anonymizing Services","description":"Moussa Diallo and Brett Winterford. (2024, April 26). How to Block Anonymizing Services using Okta. Retrieved May 28, 2024.","url":"https://sec.okta.com/blockanonymizers","source":"MITRE","title":"How to Block Anonymizing Services using Okta","authors":"Moussa Diallo and Brett Winterford","date_accessed":"2024-05-28T00:00:00Z","date_published":"2024-04-26T00:00:00Z","owner_name":null,"tidal_id":"972bb578-f3aa-5914-a300-bafbb73917dc","created":"2024-10-31T16:28:37.098175Z","modified":"2025-12-17T15:08:36.441599Z"},{"id":"fab84597-99a0-4560-8c8c-11fd8c01d5fa","name":"bypass_webproxy_filtering","description":"Fehrman, B. (2017, April 13). How to Bypass Web-Proxy Filtering. Retrieved September 20, 2019.","url":"https://www.blackhillsinfosec.com/bypass-web-proxy-filtering/","source":"MITRE","title":"How to Bypass Web-Proxy Filtering","authors":"Fehrman, B","date_accessed":"2019-09-20T00:00:00Z","date_published":"2017-04-13T00:00:00Z","owner_name":null,"tidal_id":"b5e9e096-6df0-577e-94a0-a67dd5400402","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428446Z"},{"id":"0461b58e-400e-4e3e-b7c4-eed7a9b0fdd6","name":"Systemd Remote Control","description":"Aaron Kili. (2018, January 16). How to Control Systemd Services on Remote Linux Server. Retrieved July 26, 2021.","url":"https://www.tecmint.com/control-systemd-services-on-remote-linux-server/","source":"MITRE","title":"How to Control Systemd Services on Remote Linux Server","authors":"Aaron Kili","date_accessed":"2021-07-26T00:00:00Z","date_published":"2018-01-16T00:00:00Z","owner_name":null,"tidal_id":"facd5fc4-37a2-5516-92d8-995664e6dd27","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433211Z"},{"id":"68d23cb0-b812-4d77-a3aa-34e24a923a50","name":"Microsoft Admin Shares","description":"Microsoft. (n.d.). How to create and delete hidden or administrative shares on client computers. Retrieved November 20, 2014.","url":"http://support.microsoft.com/kb/314984","source":"MITRE","title":"How to create and delete hidden or administrative shares on client computers","authors":"Microsoft","date_accessed":"2014-11-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"71d81360-ec3a-5fe1-8e9d-47561f72b041","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429333Z"},{"id":"24c6027b-e0d2-4c0c-83af-4536a631ea85","name":"Delpy Mimikatz Crendential Manager","description":"Delpy, B. (2017, December 12). howto ~ credential manager saved credentials. Retrieved November 23, 2020.","url":"https://github.com/gentilkiwi/mimikatz/wiki/howto-~-credential-manager-saved-credentials","source":"MITRE","title":"howto ~ credential manager saved credentials","authors":"Delpy, B","date_accessed":"2020-11-23T00:00:00Z","date_published":"2017-12-12T00:00:00Z","owner_name":null,"tidal_id":"337897b4-1f5b-53e8-8832-a522ea05afc5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435047Z"},{"id":"e0bf051c-21ab-4454-a6b0-31ae29b6e162","name":"Stealthbits Overpass-the-Hash","description":"Warren, J. (2019, February 26). How to Detect Overpass-the-Hash Attacks. Retrieved February 4, 2021.","url":"https://stealthbits.com/blog/how-to-detect-overpass-the-hash-attacks/","source":"MITRE","title":"How to Detect Overpass-the-Hash Attacks","authors":"Warren, J","date_accessed":"2021-02-04T00:00:00Z","date_published":"2019-02-26T00:00:00Z","owner_name":null,"tidal_id":"c5007a6c-e51c-54bd-a270-1779260081ea","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431475Z"},{"id":"5bdb759e-949d-4470-a4e4-925b6579da54","name":"Stealthbits Detect PtT 2019","description":"Jeff Warren. (2019, February 19). How to Detect Pass-the-Ticket Attacks. Retrieved February 27, 2020.","url":"https://blog.stealthbits.com/detect-pass-the-ticket-attacks","source":"MITRE","title":"How to Detect Pass-the-Ticket Attacks","authors":"Jeff Warren","date_accessed":"2020-02-27T00:00:00Z","date_published":"2019-02-19T00:00:00Z","owner_name":null,"tidal_id":"d326e95e-a879-5da7-859c-647d7eb75f70","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428362Z"},{"id":"646211a7-77be-4e5a-bd02-eeb70d67113d","name":"WindowsIR Anti-Forensic Techniques","description":"Carvey, H. (2013, July 23). HowTo: Determine/Detect the use of Anti-Forensics Techniques. Retrieved June 3, 2016.","url":"http://windowsir.blogspot.com/2013/07/howto-determinedetect-use-of-anti.html","source":"MITRE","title":"HowTo: Determine/Detect the use of Anti-Forensics Techniques","authors":"Carvey, H","date_accessed":"2016-06-03T00:00:00Z","date_published":"2013-07-23T00:00:00Z","owner_name":null,"tidal_id":"11958d9f-19e2-5ebf-b33f-cc3145cad9d2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425279Z"},{"id":"64bcc943-29be-4dd8-92c8-8a5dd94cbda4","name":"Microsoft Disable Autorun","description":"Microsoft. (n.d.). How to disable the Autorun functionality in Windows. Retrieved April 20, 2016.","url":"https://support.microsoft.com/en-us/kb/967715","source":"MITRE","title":"How to disable the Autorun functionality in Windows","authors":"Microsoft","date_accessed":"2016-04-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"cf0c0626-72c9-5258-a544-c99ed980f174","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416184Z"},{"id":"c0bbc881-594a-408c-86a2-211ce6279231","name":"Superuser Linux Password Policies","description":"Matutiae, M. (2014, August 6). How to display password policy information for a user (Ubuntu)?. Retrieved April 5, 2018.","url":"https://superuser.com/questions/150675/how-to-display-password-policy-information-for-a-user-ubuntu","source":"MITRE","title":"How to display password policy information for a user (Ubuntu)?","authors":"Matutiae, M","date_accessed":"2018-04-05T00:00:00Z","date_published":"2014-08-06T00:00:00Z","owner_name":null,"tidal_id":"13bb21aa-2b53-5ab2-a65f-08d765186dfa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433848Z"},{"id":"9ac72e5a-0b00-4936-9a78-bf2694d956c9","name":"Confluence Linux Command Line","description":"Confluence Support. (2021, September 8). How to enable command line audit logging in linux. Retrieved September 23, 2021.","url":"https://confluence.atlassian.com/confkb/how-to-enable-command-line-audit-logging-in-linux-956166545.html","source":"MITRE","title":"How to enable command line audit logging in linux","authors":"Confluence Support","date_accessed":"2021-09-23T00:00:00Z","date_published":"2021-09-08T00:00:00Z","owner_name":null,"tidal_id":"cd4a950d-b70c-5381-8b90-73dd2bc3eee4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437165Z"},{"id":"cd3ca4ce-c512-4612-94cc-3cf4d4dbba56","name":"Atlassian Confluence Logging","description":"Atlassian. (2018, January 9). How to Enable User Access Logging. Retrieved April 4, 2018.","url":"https://confluence.atlassian.com/confkb/how-to-enable-user-access-logging-182943.html","source":"MITRE","title":"How to Enable User Access Logging","authors":"Atlassian","date_accessed":"2018-04-04T00:00:00Z","date_published":"2018-01-09T00:00:00Z","owner_name":null,"tidal_id":"ff987e18-228f-5484-8085-cd4f57866f29","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431455Z"},{"id":"4ea54256-42f9-4b35-8f9e-e595ab9be9ce","name":"Remote Shell Execution in Python","description":"Abdou Rockikz. (2020, July). How to Execute Shell Commands in a Remote Machine in Python. Retrieved July 26, 2021.","url":"https://www.thepythoncode.com/article/executing-bash-commands-remotely-in-python","source":"MITRE","title":"How to Execute Shell Commands in a Remote Machine in Python","authors":"Abdou Rockikz","date_accessed":"2021-07-26T00:00:00Z","date_published":"2020-07-01T00:00:00Z","owner_name":null,"tidal_id":"2ef16caa-b7e0-59de-8862-ef8162bb7222","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431252Z"},{"id":"695f3d20-7a46-5a4a-aef0-0a05a5e35304","name":"Find Wi-Fi Password on Mac","description":"Ruslana Lishchuk. (2021, March 26). How to Find a Saved Wi-Fi Password on a Mac. Retrieved September 8, 2023.","url":"https://mackeeper.com/blog/find-wi-fi-password-on-mac/","source":"MITRE","title":"How to Find a Saved Wi-Fi Password on a Mac","authors":"Ruslana Lishchuk","date_accessed":"2023-09-08T00:00:00Z","date_published":"2021-03-26T00:00:00Z","owner_name":null,"tidal_id":"c45c4365-96d6-59c8-8b75-3171383a8dab","created":"2023-11-07T00:36:01.911254Z","modified":"2025-12-17T15:08:36.428982Z"},{"id":"cf995fb6-33ac-51ea-a9ce-c18d9cfd56f1","name":"Stack Overflow","description":"Stack Overflow. (n.d.). How to find the location of the Scheduled Tasks folder. Retrieved June 19, 2024.","url":"https://stackoverflow.com/questions/2913816/how-to-find-the-location-of-the-scheduled-tasks-folder","source":"MITRE","title":"How to find the location of the Scheduled Tasks folder","authors":"Stack Overflow","date_accessed":"2024-06-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e26bdb8e-0bcc-59ad-80a5-652156ad00fd","created":"2024-10-31T16:28:15.438328Z","modified":"2025-12-17T15:08:36.423633Z"},{"id":"bce1230a-5303-4e58-97c9-3e65ecd714d3","name":"Microsoft Web Root OCT 2016","description":"Microsoft. (2016, October 20). How to: Find the Web Application Root. Retrieved July 27, 2018.","url":"","source":"MITRE","title":"How to: Find the Web Application Root","authors":"Microsoft","date_accessed":"2018-07-27T00:00:00Z","date_published":"2016-10-20T00:00:00Z","owner_name":null,"tidal_id":"9be942fc-41a0-548b-a5c8-9d84508b787e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431810Z"},{"id":"1b17e5ec-6f09-4668-949a-59be2d1f1b65","name":"Microsoft Replication ACL","description":"Microsoft. (n.d.). How to grant the \"Replicating Directory Changes\" permission for the Microsoft Metadirectory Services ADMA service account. Retrieved December 4, 2017.","url":"https://support.microsoft.com/help/303972/how-to-grant-the-replicating-directory-changes-permission-for-the-micr","source":"MITRE","title":"How to grant the \"Replicating Directory Changes\" permission for the Microsoft Metadirectory Services ADMA service account","authors":"Microsoft","date_accessed":"2017-12-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"551ab65a-6323-5d6f-927b-643628e5df3a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416162Z"},{"id":"88c3c460-3792-4881-ae7d-031c8901610d","name":"Hide GDM User Accounts","description":"Ji Mingkui. (2021, June 17). How to Hide All The User Accounts in Ubuntu 20.04, 21.04 Login Screen. Retrieved March 15, 2022.","url":"https://ubuntuhandbook.org/index.php/2021/06/hide-user-accounts-ubuntu-20-04-login-screen/","source":"MITRE","title":"How to Hide All The User Accounts in Ubuntu 20.04, 21.04 Login Screen","authors":"Ji Mingkui","date_accessed":"2022-03-15T00:00:00Z","date_published":"2021-06-17T00:00:00Z","owner_name":null,"tidal_id":"6fa086f4-9f89-5471-8a98-06024a870698","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432477Z"},{"id":"1afd9996-7fa6-5de8-bded-05a2b903db95","name":"Forbes-iPhoneSMS","description":"Andy Greenberg. (2009, July 28). How to Hijack 'Every iPhone In The World'. Retrieved December","url":"http://www.forbes.com/2009/07/28/hackers-iphone-apple-technology-security-hackers.html","source":"Mobile","title":"How to Hijack 'Every iPhone In The World'","authors":"Andy Greenberg","date_accessed":"1978-12-01T00:00:00Z","date_published":"2009-07-28T00:00:00Z","owner_name":null,"tidal_id":"1140332e-9de2-5661-a65f-bdede8dacce0","created":"2026-01-28T13:08:10.043291Z","modified":"2026-01-28T13:08:10.043297Z"},{"id":"bb325d97-5f69-4645-82d8-fdd6badecd9d","name":"Elastic COM Hijacking","description":"Ewing, P. Strom, B. (2016, September 15). How to Hunt: Detecting Persistence & Evasion with the COM. Retrieved September 15, 2016.","url":"https://www.elastic.co/blog/how-hunt-detecting-persistence-evasion-com","source":"MITRE","title":"How to Hunt: Detecting Persistence & Evasion with the COM","authors":"Ewing, P. Strom, B","date_accessed":"2016-09-15T00:00:00Z","date_published":"2016-09-15T00:00:00Z","owner_name":null,"tidal_id":"448fd2f1-e9e2-55e5-8194-03c18ccca564","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432888Z"},{"id":"29c17b60-f947-4482-afa6-c80ca5819d10","name":"Elastic Masquerade Ball","description":"Ewing, P. (2016, October 31). How to Hunt: The Masquerade Ball. Retrieved October 31, 2016.","url":"https://www.elastic.co/blog/how-hunt-masquerade-ball","source":"MITRE","title":"How to Hunt: The Masquerade Ball","authors":"Ewing, P","date_accessed":"2016-10-31T00:00:00Z","date_published":"2016-10-31T00:00:00Z","owner_name":null,"tidal_id":"57ceaebd-58af-5152-8fca-005dc2ef7972","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425877Z"},{"id":"044d0df8-61e4-4a29-8a24-0bd1227d4317","name":"Linux Loadable Kernel Module Insert and Remove LKMs","description":"Henderson, B. (2006, September 24). How To Insert And Remove LKMs. Retrieved April 9, 2018.","url":"http://tldp.org/HOWTO/Module-HOWTO/x197.html","source":"MITRE","title":"How To Insert And Remove LKMs","authors":"Henderson, B","date_accessed":"2018-04-09T00:00:00Z","date_published":"2006-09-24T00:00:00Z","owner_name":null,"tidal_id":"63fe7023-6c77-5185-880e-85801e83ff31","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430973Z"},{"id":"a1d7d368-6092-4421-99de-44e458deee21","name":"DigiCert Install SSL Cert","description":"DigiCert. (n.d.). How to Install an SSL Certificate. Retrieved April 19, 2021.","url":"https://www.digicert.com/kb/ssl-certificate-installation.htm","source":"MITRE","title":"How to Install an SSL Certificate","authors":"DigiCert","date_accessed":"2021-04-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2773309e-5487-587a-ba4b-c4d237601bcf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432102Z"},{"id":"7930af9f-c037-5f4c-a135-cf2f3b20f59d","name":"WhatsApp_LinkDevice_NoDate","description":"WhatsApp. (n.d.). How to link a device. Retrieved May","url":"https://faq.whatsapp.com/1317564962315842/?helpref=faq_content&cms_platform=web","source":"Mobile","title":"How to link a device","authors":"WhatsApp","date_accessed":"1978-05-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"262d9568-0335-519f-9a8f-ba3bfb01add3","created":"2026-01-28T13:08:10.045361Z","modified":"2026-01-28T13:08:10.045364Z"},{"id":"51584201-40a4-4e39-ad23-14453e1eea46","name":"HowToGeek ShowExtension","description":"Chris Hoffman. (2017, March 8). How to Make Windows Show File Extensions. Retrieved August 4, 2021.","url":"https://www.howtogeek.com/205086/beginner-how-to-make-windows-show-file-extensions/","source":"MITRE","title":"How to Make Windows Show File Extensions","authors":"Chris Hoffman","date_accessed":"2021-08-04T00:00:00Z","date_published":"2017-03-08T00:00:00Z","owner_name":null,"tidal_id":"c425b3f8-492c-5f47-b45a-bb9d59f63ee9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442708Z"},{"id":"c61d45fa-d6ec-5c8f-83ca-474ac43376f6","name":"AWS Monitor API Calls to EC2 Security Groups","description":"Jeff Levine. (2017, January 3). How to Monitor AWS Account Configuration Changes and API Calls to Amazon EC2 Security Groups. Retrieved September 24, 2024.","url":"https://aws.amazon.com/blogs/security/how-to-monitor-aws-account-configuration-changes-and-api-calls-to-amazon-ec2-security-groups/","source":"MITRE","title":"How to Monitor AWS Account Configuration Changes and API Calls to Amazon EC2 Security Groups","authors":"Jeff Levine","date_accessed":"2024-09-24T00:00:00Z","date_published":"2017-01-03T00:00:00Z","owner_name":null,"tidal_id":"18be5838-d356-54fa-89a9-0c8b912c01fd","created":"2024-10-31T16:28:38.389361Z","modified":"2025-04-22T20:47:32.813970Z"},{"id":"367d3f80-9b13-44fa-938a-744a95518571","name":"Microsoft RDP Removal","description":"Microsoft. (2021, September 24). How to remove entries from the Remote Desktop Connection Computer box. Retrieved June 15, 2022.","url":"https://docs.microsoft.com/troubleshoot/windows-server/remote/remove-entries-from-remote-desktop-connection-computer","source":"MITRE","title":"How to remove entries from the Remote Desktop Connection Computer box","authors":"Microsoft","date_accessed":"2022-06-15T00:00:00Z","date_published":"2021-09-24T00:00:00Z","owner_name":null,"tidal_id":"6cc26c06-3934-537c-8882-c924ba97ad32","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427921Z"},{"id":"397be6f9-a109-4185-85f7-8d994fb31eaa","name":"Startup Items Eclectic","description":"hoakley. (2021, September 16). How to run an app or tool at startup. Retrieved October 5, 2021.","url":"https://eclecticlight.co/2021/09/16/how-to-run-an-app-or-tool-at-startup/","source":"MITRE","title":"How to run an app or tool at startup","authors":"hoakley","date_accessed":"2021-10-05T00:00:00Z","date_published":"2021-09-16T00:00:00Z","owner_name":null,"tidal_id":"18a07292-ad25-53c4-a9cd-fca9597e964b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432058Z"},{"id":"1657c650-7739-5ba3-8c95-b35cb74ee79f","name":"Podman Systemd","description":"Valentin Rothberg. (2022, March 16). How to run pods as systemd services with Podman. Retrieved February 15, 2024.","url":"https://www.redhat.com/sysadmin/podman-run-pods-systemd-services","source":"MITRE","title":"How to run pods as systemd services with Podman","authors":"Valentin Rothberg","date_accessed":"2024-02-15T00:00:00Z","date_published":"2022-03-16T00:00:00Z","owner_name":null,"tidal_id":"312cea58-0fd2-50ab-b77c-0a7c3b31197f","created":"2024-04-25T13:28:38.624652Z","modified":"2025-12-17T15:08:36.433549Z"},{"id":"4cecfe1f-c1d2-4a71-ac17-0effd5f045df","name":"CrowdStrike Endpoint Security Testing Oct 2021","description":"Radu Vlad, Liviu Arsene. (2021, October 15). How to Test Endpoint Security Efficacy and What to Expect. Retrieved March 7, 2024.","url":"https://www.crowdstrike.com/blog/how-to-test-endpoint-security-with-red-teaming/","source":"Tidal Cyber","title":"How to Test Endpoint Security Efficacy and What to Expect","authors":"Radu Vlad, Liviu Arsene","date_accessed":"2024-03-07T00:00:00Z","date_published":"2021-10-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5adfc507-cc9b-5cd3-b097-5ce6bd93f743","created":"2024-03-07T21:00:46.875192Z","modified":"2024-03-07T21:00:47.050430Z"},{"id":"104db93c-c5cd-431c-ac79-d76cb1694d7c","name":"Microsoft Disable VBA Jan 2020","description":"Microsoft. (2020, January 23). How to turn off Visual Basic for Applications when you deploy Office. Retrieved September 17, 2020.","url":"https://docs.microsoft.com/en-us/previous-versions/office/troubleshoot/office-developer/turn-off-visual-basic-for-application","source":"MITRE","title":"How to turn off Visual Basic for Applications when you deploy Office","authors":"Microsoft","date_accessed":"2020-09-17T00:00:00Z","date_published":"2020-01-23T00:00:00Z","owner_name":null,"tidal_id":"7bb9e42d-cce1-5197-b199-3fc4e9495048","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442477Z"},{"id":"fdfbccf4-6c94-56a4-b208-b89d28ec2463","name":"Entra Managed Identities 2025","description":"Microsoft Entra. (2025, February 27). How to use managed identities for Azure resources on an Azure VM to acquire an access token. Retrieved March 18, 2025.","url":"https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token","source":"MITRE","title":"How to use managed identities for Azure resources on an Azure VM to acquire an access token","authors":"Microsoft Entra","date_accessed":"2025-03-18T00:00:00Z","date_published":"2025-02-27T00:00:00Z","owner_name":null,"tidal_id":"3b4b4938-fcea-5dab-8b8d-7a7be4e02d29","created":"2025-04-22T20:47:16.943009Z","modified":"2025-12-17T15:08:36.432323Z"},{"id":"38d68969-9d83-59ac-8e01-1baaf3ab4f23","name":"Red Hat Systemctl 2022","description":"Damon Garn. (2022, May 17). How to use systemctl to manage Linux services. Retrieved March 18, 2025.","url":"https://www.redhat.com/en/blog/linux-systemctl-manage-services","source":"MITRE","title":"How to use systemctl to manage Linux services","authors":"Damon Garn","date_accessed":"2025-03-18T00:00:00Z","date_published":"2022-05-17T00:00:00Z","owner_name":null,"tidal_id":"a4c2c16b-d5ef-5894-994c-9f26796b24c1","created":"2025-04-22T20:47:13.651594Z","modified":"2025-12-17T15:08:36.429113Z"},{"id":"723ec577-5ea8-4ced-b6c3-b7aaabe1d7e8","name":"Microsoft Regsvr32","description":"Microsoft. (2015, August 14). How to use the Regsvr32 tool and troubleshoot Regsvr32 error messages. Retrieved June 22, 2016.","url":"https://support.microsoft.com/en-us/kb/249873","source":"MITRE","title":"How to use the Regsvr32 tool and troubleshoot Regsvr32 error messages","authors":"Microsoft","date_accessed":"2016-06-22T00:00:00Z","date_published":"2015-08-14T00:00:00Z","owner_name":null,"tidal_id":"e19b40a4-adbf-5828-8a9a-dca36cbcc050","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430741Z"},{"id":"bde9acb0-c1c3-44e1-b3b1-cfc0898baead","name":"Microsoft SAM","description":"Microsoft. (2006, October 30). How to use the SysKey utility to secure the Windows Security Accounts Manager database. Retrieved August 3, 2016.","url":"https://support.microsoft.com/en-us/kb/310105","source":"MITRE","title":"How to use the SysKey utility to secure the Windows Security Accounts Manager database","authors":"Microsoft","date_accessed":"2016-08-03T00:00:00Z","date_published":"2006-10-30T00:00:00Z","owner_name":null,"tidal_id":"a88bbfa4-f074-57ae-8ab4-a0b720572105","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442401Z"},{"id":"6b77a2f3-39b8-4574-8dee-cde7ba9debff","name":"AWS Traffic Mirroring","description":"Amazon Web Services. (n.d.). How Traffic Mirroring works. Retrieved March 17, 2022.","url":"https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-how-it-works.html","source":"MITRE","title":"How Traffic Mirroring works","authors":"Amazon Web Services","date_accessed":"2022-03-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"71b3a8f2-d93f-524f-aa29-ba29081eae2f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427348Z"},{"id":"b3ef4b78-2ed6-4cf4-afcc-4e4cb09d806a","name":"Symantec Hydraq Persistence Jan 2010","description":"Fitzgerald, P. (2010, January 26). How Trojan.Hydraq Stays On Your Computer. Retrieved February 22, 2018.","url":"https://www.symantec.com/connect/blogs/how-trojanhydraq-stays-your-computer","source":"MITRE","title":"How Trojan.Hydraq Stays On Your Computer","authors":"Fitzgerald, P","date_accessed":"2018-02-22T00:00:00Z","date_published":"2010-01-26T00:00:00Z","owner_name":null,"tidal_id":"a760f36a-c1cb-567d-8f2e-0d11b719694c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440854Z"},{"id":"abda4184-18f9-4799-9c1f-3ba484473e35","name":"Microsoft UAC Nov 2018","description":"Montemayor, D. et al.. (2018, November 15). How User Account Control works. Retrieved June 3, 2019.","url":"https://docs.microsoft.com/windows/security/identity-protection/user-account-control/how-user-account-control-works","source":"MITRE","title":"How User Account Control works","authors":"Montemayor, D. et al.","date_accessed":"2019-06-03T00:00:00Z","date_published":"2018-11-15T00:00:00Z","owner_name":null,"tidal_id":"6ea90db4-a739-5483-b994-621c7b7cc811","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432702Z"},{"id":"bbf8d1a3-115e-4bc8-be43-47ce3b295d45","name":"TechNet How UAC Works","description":"Lich, B. (2016, May 31). How User Account Control Works. Retrieved June 3, 2016.","url":"https://technet.microsoft.com/en-us/itpro/windows/keep-secure/how-user-account-control-works","source":"MITRE","title":"How User Account Control Works","authors":"Lich, B","date_accessed":"2016-06-03T00:00:00Z","date_published":"2016-05-31T00:00:00Z","owner_name":null,"tidal_id":"49231772-c724-5c1e-bcb1-de1aed109ab6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425226Z"},{"id":"22794e37-3c55-444a-b659-e5a1a6bc2da0","name":"PWC WellMess July 2020","description":"PWC. (2020, July 16). How WellMess malware has been used to target COVID-19 vaccines. Retrieved September 24, 2020.","url":"https://www.pwc.co.uk/issues/cyber-security-services/insights/cleaning-up-after-wellmess.html","source":"MITRE","title":"How WellMess malware has been used to target COVID-19 vaccines","authors":"PWC","date_accessed":"2020-09-24T00:00:00Z","date_published":"2020-07-16T00:00:00Z","owner_name":null,"tidal_id":"a30315bc-2705-5866-9f87-3a0953f5e865","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417892Z"},{"id":"8538a963-3e67-47fe-9afd-216b93a2be00","name":"Google Election Threats October 2020","description":"Huntley, S. (2020, October 16). How We're Tackling Evolving Online Threats. Retrieved March 24, 2021.","url":"https://blog.google/threat-analysis-group/how-were-tackling-evolving-online-threats/","source":"MITRE","title":"How We're Tackling Evolving Online Threats","authors":"Huntley, S","date_accessed":"2021-03-24T00:00:00Z","date_published":"2020-10-16T00:00:00Z","owner_name":null,"tidal_id":"cb7bb088-4efe-57d5-9e87-cf55d8ae0082","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440428Z"},{"id":"aa52db88-5d03-42ae-b371-6210d7079a84","name":"Microsoft Credential Guard April 2017","description":"Lich, B., Tobin, J. (2017, April 5). How Windows Defender Credential Guard works. Retrieved November 27, 2017.","url":"https://docs.microsoft.com/windows/access-protection/credential-guard/credential-guard-how-it-works","source":"MITRE","title":"How Windows Defender Credential Guard works","authors":"Lich, B., Tobin, J","date_accessed":"2017-11-27T00:00:00Z","date_published":"2017-04-05T00:00:00Z","owner_name":null,"tidal_id":"b92c3c95-c000-54d2-bf32-c73ec124c78f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415867Z"},{"id":"6533d5df-7388-5c59-8c63-0923de34b61d","name":"NPPSPY Video","description":"Grzegorz Tworek. (2021, December 14). How winlogon.exe shares the cleartext password with custom DLLs. Retrieved March 30, 2023.","url":"https://www.youtube.com/watch?v=ggY3srD9dYs","source":"MITRE","title":"How winlogon.exe shares the cleartext password with custom DLLs","authors":"Grzegorz Tworek","date_accessed":"2023-03-30T00:00:00Z","date_published":"2021-12-14T00:00:00Z","owner_name":null,"tidal_id":"1a686d91-fe4e-57d8-8003-a5310620bae5","created":"2023-05-26T01:21:08.154314Z","modified":"2025-12-17T15:08:36.432546Z"},{"id":"38397985-a0fa-5cdc-b584-4fdbc9cb4d4e","name":"Zimperium z9","description":"zLabs. (2019, November 12). How Zimperium’s z9 Detected Unknown Mobile Malware Overlooked by the AV Industry . Retrieved January","url":"https://blog.zimperium.com/how-zimperiums-z9-detected-unknown-mobile-malware-overlooked-by-the-av-industry/","source":"Mobile","title":"How Zimperium’s z9 Detected Unknown Mobile Malware Overlooked by the AV Industry","authors":"zLabs","date_accessed":"1978-01-01T00:00:00Z","date_published":"2019-11-12T00:00:00Z","owner_name":null,"tidal_id":"e8926824-84f2-55c7-a2aa-4110a10d75ff","created":"2026-01-28T13:08:10.047386Z","modified":"2026-01-28T13:08:10.047389Z"},{"id":"fc77948f-332a-4e59-8c93-f430cbbbf68f","name":"BleepingComputer HPE January 24 2024","description":"Lawrence Abrams. (2024, January 24). HPE: Russian hackers breached its security team’s email accounts. Retrieved February 5, 2024.","url":"https://www.bleepingcomputer.com/news/security/hpe-russian-hackers-breached-its-security-teams-email-accounts/","source":"Tidal Cyber","title":"HPE: Russian hackers breached its security team’s email accounts","authors":"Lawrence Abrams","date_accessed":"2024-02-05T00:00:00Z","date_published":"2024-01-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"21af451c-241f-518f-acba-3cc29cd15217","created":"2024-06-13T20:10:46.723372Z","modified":"2024-06-13T20:10:46.910202Z"},{"id":"3ad8def7-3a8a-49bb-8f47-dea2e570c99e","name":"Cylance Sodinokibi July 2019","description":"Cylance. (2019, July 3). hreat Spotlight: Sodinokibi Ransomware. Retrieved August 4, 2020.","url":"https://threatvector.cylance.com/en_us/home/threat-spotlight-sodinokibi-ransomware.html","source":"MITRE","title":"hreat Spotlight: Sodinokibi Ransomware","authors":"Cylance","date_accessed":"2020-08-04T00:00:00Z","date_published":"2019-07-03T00:00:00Z","owner_name":null,"tidal_id":"9456ffe9-b8dc-5e82-9919-394e2ea01084","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421021Z"},{"id":"0f516aee-dd17-4cd6-b7f4-4d85248aa2b9","name":"Medium April 21 2025","description":"Ptwistedworld. (2025, April 21). HRSword EDR Killer. Retrieved June 8, 2025.","url":"https://mikellebandin.medium.com/hrsword-edr-killer-88af83ec1c7b","source":"Tidal Cyber","title":"HRSword EDR Killer","authors":"Ptwistedworld","date_accessed":"2025-06-08T00:00:00Z","date_published":"2025-04-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fe7d44ed-ffbe-562c-8688-3255fdb3b0a3","created":"2025-06-10T15:50:17.142859Z","modified":"2025-06-10T15:50:17.331482Z"},{"id":"f1f76055-91f8-4977-9392-bed347e4f181","name":"Wikipedia HTML Application","description":"Wikipedia. (2017, October 14). HTML Application. Retrieved October 27, 2017.","url":"https://en.wikipedia.org/wiki/HTML_Application","source":"MITRE","title":"HTML Application","authors":"Wikipedia","date_accessed":"2017-10-27T00:00:00Z","date_published":"2017-10-14T00:00:00Z","owner_name":null,"tidal_id":"0804953c-e547-5cb4-9aba-916d73673a41","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432005Z"},{"id":"2de103a8-8d72-40f9-b366-b908364dd090","name":"MSDN HTML Applications","description":"Microsoft. (n.d.). HTML Applications. Retrieved October 27, 2017.","url":"https://msdn.microsoft.com/library/ms536471.aspx","source":"MITRE","title":"HTML Applications","authors":"Microsoft","date_accessed":"2017-10-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1b1e4ac8-c87f-54fe-a7fc-2c8dd96137f6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432010Z"},{"id":"ae5728bd-571a-451f-9ba3-3198067135b4","name":"Microsoft HTML Help ActiveX","description":"Microsoft. (n.d.). HTML Help ActiveX Control Overview. Retrieved October 3, 2018.","url":"https://msdn.microsoft.com/windows/desktop/ms644670","source":"MITRE","title":"HTML Help ActiveX Control Overview","authors":"Microsoft","date_accessed":"2018-10-03T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"53263f1c-16e3-556c-827a-6f36838646d3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433297Z"},{"id":"457d451b-da4f-53bd-81b0-aa078e3af411","name":"Talos SVG Smuggling 2022","description":"Adam Katz and Jaeson Schultz. (2022, December 13). HTML smugglers turn to SVG images. Retrieved March 25, 2025.","url":"https://blog.talosintelligence.com/html-smugglers-turn-to-svg-images/","source":"MITRE","title":"HTML smugglers turn to SVG images","authors":"Adam Katz and Jaeson Schultz","date_accessed":"2025-03-25T00:00:00Z","date_published":"2022-12-13T00:00:00Z","owner_name":null,"tidal_id":"b9114ba1-c4ff-5fb2-bec3-3d8fa207f24f","created":"2025-04-22T20:47:16.035857Z","modified":"2025-12-17T15:08:36.431404Z"},{"id":"9a99f431-4d15-47f8-a31b-4f98671cd95d","name":"Outlflank HTML Smuggling 2018","description":"Hegt, S. (2018, August 14). HTML smuggling explained. Retrieved May 20, 2021.","url":"https://outflank.nl/blog/2018/08/14/html-smuggling-explained/","source":"MITRE","title":"HTML smuggling explained","authors":"Hegt, S","date_accessed":"2021-05-20T00:00:00Z","date_published":"2018-08-14T00:00:00Z","owner_name":null,"tidal_id":"abb6408e-2472-5d9c-bbee-f24e955653bd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435176Z"},{"id":"eb3590bf-ff12-4ccd-bf9d-cf8eacd82135","name":"CrowdStrike Linux Rootkit","description":"Kurtz, G. (2012, November 19). HTTP iframe Injecting Linux Rootkit. Retrieved December 21, 2017.","url":"https://www.crowdstrike.com/blog/http-iframe-injecting-linux-rootkit/","source":"MITRE","title":"HTTP iframe Injecting Linux Rootkit","authors":"Kurtz, G","date_accessed":"2017-12-21T00:00:00Z","date_published":"2012-11-19T00:00:00Z","owner_name":null,"tidal_id":"69eb017d-7a4a-56c0-bdf1-82f169fe8532","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424790Z"},{"id":"2da110e7-d3a8-433f-87c3-eb744adf811b","name":"Wikipedia HPKP","description":"Wikipedia. (2017, February 28). HTTP Public Key Pinning. Retrieved March 31, 2017.","url":"https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning","source":"MITRE","title":"HTTP Public Key Pinning","authors":"Wikipedia","date_accessed":"2017-03-31T00:00:00Z","date_published":"2017-02-28T00:00:00Z","owner_name":null,"tidal_id":"418d81f1-eef6-529a-851d-3b83d9ee57aa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415570Z"},{"id":"e845f741-eabe-469b-97c1-f51a2aeb18b0","name":"Cobalt Strike Arguments 2019","description":"Mudge, R. (2019, January 2). https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue/. Retrieved November 19, 2021.","url":"https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue/","source":"MITRE","title":"https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue/","authors":"Mudge, R","date_accessed":"2021-11-19T00:00:00Z","date_published":"2019-01-02T00:00:00Z","owner_name":null,"tidal_id":"d555d3c4-c423-5982-8b8a-bdba0cae56eb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436956Z"},{"id":"affa93d8-5c8b-557d-80b4-1366df13d77a","name":"Talos Discord Webhook Abuse","description":"Nick Biasini, Edmund Brumaghin, Chris Neal, and Paul Eubanks. (2021, April 7). https://blog.talosintelligence.com/collab-app-abuse/. Retrieved July 20, 2023.","url":"https://blog.talosintelligence.com/collab-app-abuse/","source":"MITRE","title":"https://blog.talosintelligence.com/collab-app-abuse/","authors":"Nick Biasini, Edmund Brumaghin, Chris Neal, and Paul Eubanks","date_accessed":"2023-07-20T00:00:00Z","date_published":"2021-04-07T00:00:00Z","owner_name":null,"tidal_id":"9e9cf6d6-2d28-57fa-9f8a-967890b6f948","created":"2023-11-07T00:36:01.611047Z","modified":"2025-12-17T15:08:36.428697Z"},{"id":"132915dc-d906-4c23-b1e3-885af817b840","name":"Red Canary Emotet Feb 2019","description":"Donohue, B.. (2019, February 13). https://redcanary.com/blog/stopping-emotet-before-it-moves-laterally/. Retrieved March 25, 2019.","url":"https://redcanary.com/blog/stopping-emotet-before-it-moves-laterally/","source":"MITRE","title":"https://redcanary.com/blog/stopping-emotet-before-it-moves-laterally/","authors":"Donohue, B.","date_accessed":"2019-03-25T00:00:00Z","date_published":"2019-02-13T00:00:00Z","owner_name":null,"tidal_id":"7184994c-6c1c-5d81-995c-f35fb823f050","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417680Z"},{"id":"db86cd0a-1188-4079-afed-1f986166a2e7","name":"TechNet Removable Media Control","description":"Microsoft. (2007, August 31). https://technet.microsoft.com/en-us/library/cc771759(v=ws.10).aspx. Retrieved April 20, 2016.","url":"https://technet.microsoft.com/en-us/library/cc772540(v=ws.10).aspx","source":"MITRE","title":"https://technet.microsoft.com/en-us/library/cc771759(v=ws.10).aspx","authors":"Microsoft","date_accessed":"2016-04-20T00:00:00Z","date_published":"2007-08-31T00:00:00Z","owner_name":null,"tidal_id":"66adbc49-edef-5a71-880d-9afe3ab988f1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416191Z"},{"id":"1ad03be3-d863-5a55-a371-42b6d3b7ed31","name":"Chromium HSTS","description":"Chromium. (n.d.). HTTP Strict Transport Security. Retrieved May 24, 2023.","url":"https://www.chromium.org/hsts/","source":"MITRE","title":"HTTP Strict Transport Security","authors":"Chromium","date_accessed":"2023-05-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"0aefb968-d821-517c-84be-eb08623b44ed","created":"2023-11-07T00:36:20.622455Z","modified":"2025-12-17T15:08:36.441830Z"},{"id":"685aa213-7902-46fb-b90a-64be5c851f73","name":"CISA AA20-301A Kimsuky","description":"CISA, FBI, CNMF. (2020, October 27). https://us-cert.cisa.gov/ncas/alerts/aa20-301a. Retrieved November 4, 2020.","url":"https://us-cert.cisa.gov/ncas/alerts/aa20-301a","source":"MITRE","title":"https://us-cert.cisa.gov/ncas/alerts/aa20-301a","authors":"CISA, FBI, CNMF","date_accessed":"2020-11-04T00:00:00Z","date_published":"2020-10-27T00:00:00Z","owner_name":null,"tidal_id":"41f3b702-37e7-5114-815f-7962e8d35adb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438407Z"},{"id":"fedb3a9d-4f9e-495c-ac92-d5457688608d","name":"FireEye Targeted Attacks Middle East Banks","description":"Singh, S., Yin, H. (2016, May 22). https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20200618235708/https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html","source":"MITRE","title":"https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html","authors":"Singh, S., Yin, H","date_accessed":"2024-11-17T00:00:00Z","date_published":"2016-05-22T00:00:00Z","owner_name":null,"tidal_id":"91741254-60f6-5797-b6ab-d8c83b0bb999","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441849Z"},{"id":"8fb3ef2f-3652-4563-8921-2c601d1b9bc9","name":"Forbes Dyre May 2017","description":"Brewster, T. (2017, May 4). https://www.forbes.com/sites/thomasbrewster/2017/05/04/dyre-hackers-stealing-millions-from-american-coporates/#601c77842a0a. Retrieved June 15, 2020.","url":"https://www.forbes.com/sites/thomasbrewster/2017/05/04/dyre-hackers-stealing-millions-from-american-coporates/#601c77842a0a","source":"MITRE","title":"https://www.forbes.com/sites/thomasbrewster/2017/05/04/dyre-hackers-stealing-millions-from-american-coporates/#601c77842a0a","authors":"Brewster, T","date_accessed":"2020-06-15T00:00:00Z","date_published":"2017-05-04T00:00:00Z","owner_name":null,"tidal_id":"9beac1e0-9d73-57ab-8c83-dd58860be2ba","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441873Z"},{"id":"17bf83f7-d1bf-4787-aa38-74ce46460ca0","name":"Orange Cyberdefense Hunt3r Kill3rs May 24 2024","description":"Orange Cyberdefense. (n.d.). Hunt3r Kill3rs Group. Retrieved January 17, 2025.","url":"https://www.orangecyberdefense.com/fileadmin/global/CyberIntelligenceBureau/Gangs_Investigations/Hunt3rKill3rsGroup/Hunt3rKill3rsGroup.pdf","source":"Tidal Cyber","title":"Hunt3r Kill3rs Group","authors":"Orange Cyberdefense","date_accessed":"2025-01-17T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"e741a76d-c055-5689-8048-ef00e55917e5","created":"2025-01-28T15:53:29.338772Z","modified":"2025-01-28T15:53:29.665567Z"},{"id":"79de4ebf-6fd5-4237-96b2-5903fbb79747","name":"SecurityWeek World Leaks July 7 2025","description":"Ionut Arghire. (2025, July 7). Hunters International Shuts Down, Offers Free Decryptors as It Morphs Into World Leaks. Retrieved July 13, 2025.","url":"https://www.securityweek.com/hunters-international-shuts-down-offers-free-decryptors-as-it-morphs-into-world-leaks/","source":"Tidal Cyber","title":"Hunters International Shuts Down, Offers Free Decryptors as It Morphs Into World Leaks","authors":"Ionut Arghire","date_accessed":"2025-07-13T12:00:00Z","date_published":"2025-07-07T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"07796f31-11f9-59b3-bbe6-de639a6c46c6","created":"2025-07-15T16:15:30.696907Z","modified":"2025-07-15T16:15:31.009927Z"},{"id":"e5944e4c-76c6-55d1-97ec-8367b7f98c28","name":"Microsoft Subscription Hijacking 2022","description":"Dor Edry. (2022, August 24). Hunt for compromised Azure subscriptions using Microsoft Defender for Cloud Apps. Retrieved September 5, 2023.","url":"https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/hunt-for-compromised-azure-subscriptions-using-microsoft/ba-p/3607121","source":"MITRE","title":"Hunt for compromised Azure subscriptions using Microsoft Defender for Cloud Apps","authors":"Dor Edry","date_accessed":"2023-09-05T00:00:00Z","date_published":"2022-08-24T00:00:00Z","owner_name":null,"tidal_id":"8ddda1f7-e3b1-551d-b818-0080f7c184dc","created":"2023-11-07T00:36:07.752953Z","modified":"2025-12-17T15:08:36.424604Z"},{"id":"e7b7aee0-486e-5936-9b01-446dce22f917","name":"Harries JustForFun 2022","description":"Jamie Harries. (2022, May 25). Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun. Retrieved September 23, 2024.","url":"https://www.crowdstrike.com/blog/how-to-hunt-for-decisivearchitect-and-justforfun-implant/","source":"MITRE","title":"Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun","authors":"Jamie Harries","date_accessed":"2024-09-23T00:00:00Z","date_published":"2022-05-25T00:00:00Z","owner_name":null,"tidal_id":"757f4699-7541-59d5-8f31-3d58d4e6c213","created":"2024-10-31T16:28:33.702209Z","modified":"2025-12-17T15:08:36.420240Z"},{"id":"f68a59a1-cb07-4f58-b755-25c91938b611","name":"crowdstrike bpf socket filters","description":"Jamie Harries. (2022, May 25). Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun. Retrieved October 18, 2022.","url":"https://www.crowdstrike.com/blog/how-to-hunt-for-decisivearchitect-and-justforfun-implant/","source":"MITRE","title":"Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun","authors":"Jamie Harries","date_accessed":"2022-10-18T00:00:00Z","date_published":"2022-05-25T00:00:00Z","owner_name":null,"tidal_id":"6ae3337e-1f26-5fc1-a795-e4cc2c86478c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423646Z"},{"id":"e3984769-f6d7-43dd-8179-7df9d441512e","name":"Koczwara Beacon Hunting Sep 2021","description":"Koczwara, M. (2021, September 7). Hunting Cobalt Strike C2 with Shodan. Retrieved October 12, 2021.","url":"https://michaelkoczwara.medium.com/cobalt-strike-c2-hunting-with-shodan-c448d501a6e2","source":"MITRE","title":"Hunting Cobalt Strike C2 with Shodan","authors":"Koczwara, M","date_accessed":"2021-10-12T00:00:00Z","date_published":"2021-09-07T00:00:00Z","owner_name":null,"tidal_id":"5a3a97a2-0ddc-577b-8106-f39c42955088","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424005Z"},{"id":"84311e46-cea1-486a-a737-c4a4946ab837","name":"Fireeye Hunting COM June 2019","description":"Hamilton, C. (2019, June 4). Hunting COM Objects. Retrieved June 10, 2019.","url":"https://www.fireeye.com/blog/threat-research/2019/06/hunting-com-objects.html","source":"MITRE","title":"Hunting COM Objects","authors":"Hamilton, C","date_accessed":"2019-06-10T00:00:00Z","date_published":"2019-06-04T00:00:00Z","owner_name":null,"tidal_id":"0bfd943a-3ddb-5b50-9ccf-da937648ffa8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426294Z"},{"id":"7dfd6a67-3935-506a-8661-1caa7eb508e2","name":"Berba hunting linux systemd","description":"Pepe Berba. (2022, January 30). Hunting for Persistence in Linux (Part 3): Systemd, Timers, and Cron. Retrieved March 20, 2023.","url":"https://pberba.github.io/security/2022/01/30/linux-threat-hunting-for-persistence-systemd-timers-cron/","source":"MITRE","title":"Hunting for Persistence in Linux (Part 3): Systemd, Timers, and Cron","authors":"Pepe Berba","date_accessed":"2023-03-20T00:00:00Z","date_published":"2022-01-30T00:00:00Z","owner_name":null,"tidal_id":"a24107de-1cd6-5998-a5ff-3b094d3f3340","created":"2023-05-26T01:21:10.457343Z","modified":"2025-12-17T15:08:36.435535Z"},{"id":"d89c7b1a-5c3c-53b7-bf49-dcd7445eba38","name":"Pepe Berba Systemd 2022","description":"Pepe Berba. (2022, February 7). Hunting for Persistence in Linux (Part 5): Systemd Generators. Retrieved April 8, 2025.","url":"https://pberba.github.io/security/2022/02/07/linux-threat-hunting-for-persistence-systemd-generators/","source":"MITRE","title":"Hunting for Persistence in Linux (Part 5): Systemd Generators","authors":"Pepe Berba","date_accessed":"2025-04-08T00:00:00Z","date_published":"2022-02-07T00:00:00Z","owner_name":null,"tidal_id":"57b0241e-e052-5517-bd8d-e273defb3624","created":"2025-04-22T20:47:20.107608Z","modified":"2025-12-17T15:08:36.435529Z"},{"id":"8cd58716-4ff1-4ba2-b980-32c52cf7dee8","name":"Elastic HuntingNMemory June 2017","description":"Desimone, J. (2017, June 13). Hunting in Memory. Retrieved December 7, 2017.","url":"https://www.endgame.com/blog/technical-blog/hunting-memory","source":"MITRE","title":"Hunting in Memory","authors":"Desimone, J","date_accessed":"2017-12-07T00:00:00Z","date_published":"2017-06-13T00:00:00Z","owner_name":null,"tidal_id":"4696809e-b341-5f14-9dd6-cbf194f3f52e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436542Z"},{"id":"22aa7792-6296-4f16-826f-d0f1c55ddb2a","name":"LogPoint Hunting LockBit","description":"LogPoint. (n.d.). Hunting LockBit Variations using Logpoint. Retrieved May 19, 2023.","url":"https://www.logpoint.com/wp-content/uploads/2022/10/hunting-lockbit-variations-using-logpoint-.pdf","source":"Tidal Cyber","title":"Hunting LockBit Variations using Logpoint","authors":"LogPoint","date_accessed":"2023-05-19T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"1a009bf6-6213-5d4f-b829-ec8e1a74bb2e","created":"2023-08-18T18:56:14.190109Z","modified":"2023-08-18T18:56:14.304600Z"},{"id":"b1524346-4de1-58fc-8099-ecca4ba89024","name":"Splunk Hunting M365 Invaders 2024","description":"Mauricio Velazco. (2024, January 4). Hunting M365 Invaders: Blue Team’s Guide to Initial Access Vectors. Retrieved April 3, 2025.","url":"https://www.splunk.com/en_us/blog/security/hunting-m365-invaders-blue-team-s-guide-to-initial-access-vectors.html","source":"MITRE","title":"Hunting M365 Invaders: Blue Team’s Guide to Initial Access Vectors","authors":"Mauricio Velazco","date_accessed":"2025-04-03T00:00:00Z","date_published":"2024-01-04T00:00:00Z","owner_name":null,"tidal_id":"7327fa0a-8283-529c-9f5d-23b4d0e591ca","created":"2025-04-22T20:47:31.584433Z","modified":"2025-04-22T20:47:31.584441Z"},{"id":"1931b80a-effb-59ec-acae-c0f17efb8cad","name":"Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023","description":"FBI et al. (2023, May 9). Hunting Russian Intelligence “Snake” Malware. Retrieved June 8, 2023.","url":"https://www.cisa.gov/sites/default/files/2023-05/aa23-129a_snake_malware_2.pdf","source":"MITRE","title":"Hunting Russian Intelligence “Snake” Malware","authors":"FBI et al","date_accessed":"2023-06-08T00:00:00Z","date_published":"2023-05-09T00:00:00Z","owner_name":null,"tidal_id":"3e8b4207-39c1-56be-b441-3e5060e45950","created":"2023-11-07T00:36:12.822489Z","modified":"2025-12-17T15:08:36.419897Z"},{"id":"f27ab4cb-1666-501a-aa96-537d2b2d1f08","name":"Falcon Sandbox smp: 28553b3a9d","description":"Hybrid Analysis. (2018, July 11). HybridAnalsysis of sample 28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7. Retrieved September 8, 2023.","url":"https://www.hybrid-analysis.com/sample/28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7?environmentId=300","source":"MITRE","title":"HybridAnalsysis of sample 28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7","authors":"Hybrid Analysis","date_accessed":"2023-09-08T00:00:00Z","date_published":"2018-07-11T00:00:00Z","owner_name":null,"tidal_id":"2f6ca278-69de-52e0-907a-cd9e28ab1cbe","created":"2023-11-07T00:36:06.450382Z","modified":"2025-12-17T15:08:36.433223Z"},{"id":"1a6ae877-ef30-4d40-abd0-fde308f1a1f0","name":"Wikipedia Hypervisor","description":"Wikipedia. (2016, May 23). Hypervisor. Retrieved June 11, 2016.","url":"https://en.wikipedia.org/wiki/Hypervisor","source":"MITRE","title":"Hypervisor","authors":"Wikipedia","date_accessed":"2016-06-11T00:00:00Z","date_published":"2016-05-23T00:00:00Z","owner_name":null,"tidal_id":"8cbf78e7-8e70-538a-9c22-40562160e0f3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429147Z"},{"id":"db1ca1bf-2f48-5ff1-9fd3-52b86f3f0726","name":"Crowdstrike Hypervisor Jackpotting Pt 2 2021","description":"Michael Dawson. (2021, August 30). Hypervisor Jackpotting, Part 2: eCrime Actors Increase Targeting of ESXi Servers with Ransomware. Retrieved March 26, 2025.","url":"https://www.crowdstrike.com/en-us/blog/hypervisor-jackpotting-ecrime-actors-increase-targeting-of-esxi-servers/","source":"MITRE","title":"Hypervisor Jackpotting, Part 2: eCrime Actors Increase Targeting of ESXi Servers with Ransomware","authors":"Michael Dawson","date_accessed":"2025-03-26T00:00:00Z","date_published":"2021-08-30T00:00:00Z","owner_name":null,"tidal_id":"664c5942-471c-584f-9183-9030022bdc9c","created":"2025-04-22T20:47:10.870367Z","modified":"2025-12-17T15:08:36.426119Z"},{"id":"2a834777-65b1-4afe-9528-c69d8bbcab6b","name":"SentinelOne May 11 2023","description":"Alex Delamotte. (2023, May 11). Hypervisor Ransomware . Retrieved January 1, 2024.","url":"https://www.sentinelone.com/labs/hypervisor-ransomware-multiple-threat-actor-groups-hop-on-leaked-babuk-code-to-build-esxi-lockers/","source":"Tidal Cyber","title":"Hypervisor Ransomware","authors":"Alex Delamotte","date_accessed":"2024-01-01T00:00:00Z","date_published":"2023-05-11T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8062891f-08b8-51f3-8a1b-40c95163c0e7","created":"2025-04-11T15:06:23.802669Z","modified":"2025-04-11T15:06:23.959227Z"},{"id":"6891eaf4-6857-4106-860c-1708d2a3bd33","name":"FireEye ADFS","description":"Bierstock, D., Baker, A. (2019, March 21). I am AD FS and So Can You. Retrieved December 17, 2020.","url":"https://www.troopers.de/troopers19/agenda/fpxwmn/","source":"MITRE","title":"I am AD FS and So Can You","authors":"Bierstock, D., Baker, A","date_accessed":"2020-12-17T00:00:00Z","date_published":"2019-03-21T00:00:00Z","owner_name":null,"tidal_id":"866500ce-de94-5e7f-ae4b-3bd4c96c6a6b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441945Z"},{"id":"0fabd95b-a8cc-5a03-9a48-ffac8e5c5e28","name":"AWS IAM Conditions","description":"AWS. (n.d.). IAM JSON policy elements: Condition. Retrieved January 2, 2024.","url":"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html","source":"MITRE","title":"IAM JSON policy elements: Condition","authors":"AWS","date_accessed":"2024-01-02T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"33c9a963-9f53-5362-a10c-f5e27cbfdaff","created":"2024-04-25T13:28:39.850587Z","modified":"2025-12-17T15:08:36.434829Z"},{"id":"f0b10964-1e8d-4361-80f6-56e4e241eff0","name":"Sophos ClickFix December 18 2025","description":"None Identified. (2025, December 18). I am not a robot: ClickFix used to deploy StealC and Qilin | SOPHOS. Retrieved December 24, 2025.","url":"https://www.sophos.com/en-us/blog/i-am-not-a-robot-clickfix-used-to-deploy-stealc-and-qilin","source":"Tidal Cyber","title":"I am not a robot: ClickFix used to deploy StealC and Qilin | SOPHOS","authors":"None Identified","date_accessed":"2025-12-24T12:00:00Z","date_published":"2025-12-18T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"102f4d59-616a-5269-a7ea-ce8754fa487e","created":"2026-01-14T13:29:38.799023Z","modified":"2026-01-14T13:29:38.955059Z"},{"id":"b2452f0e-93b0-55b7-add8-8338d171f0bf","name":"AWS EKS IAM Roles for Service Accounts","description":"Amazon Web Services. (n.d.). IAM roles for service accounts. Retrieved July 14, 2023.","url":"https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html","source":"MITRE","title":"IAM roles for service accounts","authors":"Amazon Web Services","date_accessed":"2023-07-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d11b1fb1-13af-5d53-995e-91843a869062","created":"2023-11-07T00:36:00.424300Z","modified":"2025-12-17T15:08:36.427594Z"},{"id":"fe4050f3-1a73-4e98-9bf1-e8fb73a23b7a","name":"Kaspersky IAmTheKing October 2020","description":"Ivan Kwiatkowski, Pierre Delcher, Felix Aime. (2020, October 15). IAmTheKing and the SlothfulMedia malware family. Retrieved October 15, 2020.","url":"https://securelist.com/iamtheking-and-the-slothfulmedia-malware-family/99000/","source":"MITRE","title":"IAmTheKing and the SlothfulMedia malware family","authors":"Ivan Kwiatkowski, Pierre Delcher, Felix Aime","date_accessed":"2020-10-15T00:00:00Z","date_published":"2020-10-15T00:00:00Z","owner_name":null,"tidal_id":"e356cc0c-e16e-5ea7-942f-df3841e192ea","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422590Z"},{"id":"16f6b02a-912b-42c6-8d32-4e4f11fa70ec","name":"Amazon IAM Groups","description":"Amazon. (n.d.). IAM user groups. Retrieved October 13, 2021.","url":"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html","source":"MITRE","title":"IAM user groups","authors":"Amazon","date_accessed":"2021-10-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8ddcf095-bb14-511f-b702-2994102d2192","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437109Z"},{"id":"a7dac249-f34a-557c-94ea-b16723f7a4f7","name":"IAPP","description":"IAPP. (n.d.). Retrieved March 5, 2024.","url":"https://iapp.org/resources/article/web-beacon/","source":"MITRE","title":"IAPP","authors":"","date_accessed":"2024-03-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9084c201-b578-541c-9a26-559617a1d77c","created":"2024-04-25T13:28:31.960556Z","modified":"2025-12-17T15:08:36.426844Z"},{"id":"325988b8-1c7d-4296-83d6-bfcbe533b75e","name":"CrowdStrike IceApple May 2022","description":"CrowdStrike. (2022, May). ICEAPPLE: A NOVEL INTERNET INFORMATION SERVICES (IIS) POST-EXPLOITATION FRAMEWORK. Retrieved June 27, 2022.","url":"https://www.crowdstrike.com/wp-content/uploads/2022/05/crowdstrike-iceapple-a-novel-internet-information-services-post-exploitation-framework.pdf","source":"MITRE","title":"ICEAPPLE: A NOVEL INTERNET INFORMATION SERVICES (IIS) POST-EXPLOITATION FRAMEWORK","authors":"CrowdStrike","date_accessed":"2022-06-27T00:00:00Z","date_published":"2022-05-01T00:00:00Z","owner_name":null,"tidal_id":"7ad63fb5-fe61-5aa9-8133-c4f5ea78df05","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421927Z"},{"id":"d7584086-0a3c-5047-af06-760a295442eb","name":"Trendmicro_IcedID","description":"Kenefick , I. (2022, December 23). IcedID Botnet Distributors Abuse Google PPC to Distribute Malware. Retrieved July 24, 2024.","url":"https://www.trendmicro.com/en_us/research/22/l/icedid-botnet-distributors-abuse-google-ppc-to-distribute-malware.html","source":"MITRE","title":"IcedID Botnet Distributors Abuse Google PPC to Distribute Malware","authors":"Kenefick , I","date_accessed":"2024-07-24T00:00:00Z","date_published":"2022-12-23T00:00:00Z","owner_name":null,"tidal_id":"f879da3d-9177-51ee-a333-faa21738bb42","created":"2024-10-31T16:28:35.300582Z","modified":"2025-12-17T15:08:36.439836Z"},{"id":"1a824860-6978-454d-963a-a56414a4312b","name":"ICIT China's Espionage Jul 2016","description":"Scott, J. and Spaniel, D. (2016, July 28). ICIT Brief - China’s Espionage Dynasty: Economic Death by a Thousand Cuts. Retrieved June 7, 2018.","url":"https://web.archive.org/web/20171017072306/https://icitech.org/icit-brief-chinas-espionage-dynasty-economic-death-by-a-thousand-cuts/","source":"MITRE","title":"ICIT Brief - China’s Espionage Dynasty: Economic Death by a Thousand Cuts","authors":"Scott, J. and Spaniel, D","date_accessed":"2018-06-07T00:00:00Z","date_published":"2016-07-28T00:00:00Z","owner_name":null,"tidal_id":"54ca9564-7e8d-5ef5-8770-b8136e6e0a77","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438783Z"},{"id":"25b3c18c-e017-4773-91dd-b489220d4fcb","name":"CISA ICS Advisory ICSA-10-272-01","description":"CISA. (2010, September 10). ICS Advisory (ICSA-10-272-01). Retrieved December 7, 2020.","url":"https://us-cert.cisa.gov/ics/advisories/ICSA-10-272-01","source":"MITRE","title":"ICS Advisory (ICSA-10-272-01)","authors":"CISA","date_accessed":"2020-12-07T00:00:00Z","date_published":"2010-09-10T00:00:00Z","owner_name":null,"tidal_id":"1b69cb42-7799-5e1a-bdeb-2e551a661363","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416760Z"},{"id":"403ea040-8c08-423f-99cb-d7e7852c16e4","name":"US-CERT Ukraine Feb 2016","description":"US-CERT. (2016, February 25). ICS Alert (IR-ALERT-H-16-056-01) Cyber-Attack Against Ukrainian Critical Infrastructure. Retrieved June 10, 2020.","url":"https://www.us-cert.gov/ics/alerts/IR-ALERT-H-16-056-01","source":"MITRE","title":"ICS Alert (IR-ALERT-H-16-056-01) Cyber-Attack Against Ukrainian Critical Infrastructure","authors":"US-CERT","date_accessed":"2020-06-10T00:00:00Z","date_published":"2016-02-25T00:00:00Z","owner_name":null,"tidal_id":"62dbcc6b-9ad9-5576-a87f-daae792305b0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441667Z"},{"id":"1dac8d9e-1285-530f-94bc-ab3487066113","name":"ICS-CERT April 2017","description":"ICS-CERT 2017, April 18 CS Alert (ICS-ALERT-17-102-01A) BrickerBot Permanent Denial-of-Service Attack. Retrieved 2019/10/24","url":"https://www.us-cert.gov/ics/alerts/ICS-ALERT-17-102-01A","source":"ICS","title":"ICS-CERT April 2017","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"20446e3d-edb4-5aa8-90cc-1b10e4015fd9","created":"2026-01-28T13:08:18.176559Z","modified":"2026-01-28T13:08:18.176562Z"},{"id":"a3b1f7fe-5bce-58a8-b112-01333b53e8ea","name":"ICS-CERT August 2018","description":"ICS-CERT 2018, August 27 Advisory (ICSA-15-202-01) - Siemens SIPROTEC Denial-of-Service Vulnerability. Retrieved 2019/03/14","url":"https://ics-cert.us-cert.gov/advisories/ICSA-15-202-01","source":"ICS","title":"ICS-CERT August 2018","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2f0dd8ee-9f42-5eb9-ac3d-6871e9130591","created":"2026-01-28T13:08:18.176582Z","modified":"2026-01-28T13:08:18.176586Z"},{"id":"a1cc92b8-a091-5fd9-ad56-5db63f7ef106","name":"ICS-CERT December 2014","description":"ICS-CERT 2014, December 10 ICS Alert (ICS-ALERT-14-281-01E) Ongoing Sophisticated Malware Campaign Compromising ICS (Update E). Retrieved 2019/10/11","url":"https://www.us-cert.gov/ics/alerts/ICS-ALERT-14-281-01B","source":"ICS","title":"ICS-CERT December 2014","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4118285f-e47b-5d91-a29d-482f9b20f10d","created":"2026-01-28T13:08:18.180283Z","modified":"2026-01-28T13:08:18.180286Z"},{"id":"b900ae2e-737f-5a7c-b6ee-e2aa088ac722","name":"ICS-CERT December 2018","description":"ICS-CERT 2018, December 18 Advisory (ICSA-18-107-02) - Schneider Electric Triconex Tricon (Update B). Retrieved 2019/03/08","url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02","source":"ICS","title":"ICS-CERT December 2018","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"fd2d741c-ae3d-5187-819d-17c625896c1f","created":"2026-01-28T13:08:18.180518Z","modified":"2026-01-28T13:08:18.180521Z"},{"id":"cc8f0ad5-eaa8-54aa-9547-5e739fc7e2a9","name":"ICS-CERT October 2017","description":"ICS-CERT 2017, October 21 Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved 2017/10/23","url":"https://www.us-cert.gov/ncas/alerts/TA17-293A","source":"ICS","title":"ICS-CERT October 2017","authors":"","date_accessed":"2017-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"36e3b960-aab1-5ea5-aadb-ffccb9b23960","created":"2026-01-28T13:08:18.178142Z","modified":"2026-01-28T13:08:18.178145Z"},{"id":"00401999-1530-50ac-9a88-07efe6be7c2b","name":"ICS CERT September 2018","description":"ICS CERT 2018, September 06 Advantech/Broadwin WebAccess RPC Vulnerability (Update B). Retrieved 2019/12/05","url":"https://www.us-cert.gov/ics/advisories/ICSA-11-094-02B","source":"ICS","title":"ICS CERT September 2018","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"95de455a-205e-5169-a58f-c24485782617","created":"2026-01-28T13:08:18.180255Z","modified":"2026-01-28T13:08:18.180258Z"},{"id":"8bb3147c-3178-4449-9978-f1248b1bcb0a","name":"Dragos Threat Report 2020","description":"Dragos. (n.d.). ICS Cybersecurity Year in Review 2020. Retrieved February 25, 2021.","url":"https://hub.dragos.com/hubfs/Year-in-Review/Dragos_2020_ICS_Cybersecurity_Year_In_Review.pdf?hsCtaTracking=159c0fc3-92d8-425d-aeb8-12824f2297e8%7Cf163726d-579b-4996-9a04-44e5a124d770","source":"MITRE","title":"ICS Cybersecurity Year in Review 2020","authors":"Dragos","date_accessed":"2021-02-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a72e5cb4-11ca-565b-a018-1c66b76ace47","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421547Z"},{"id":"158f088c-4d51-567d-bc58-be0b9a087c9a","name":"id man page","description":"MacKenzie, D. and Robbins, A. (n.d.). id(1) - Linux man page. Retrieved January 11, 2024.","url":"https://linux.die.net/man/1/id","source":"MITRE","title":"id(1) - Linux man page","authors":"MacKenzie, D. and Robbins, A","date_accessed":"2024-01-11T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a88ab993-2ef7-5bbb-a075-fecc9736edb7","created":"2024-04-25T13:28:31.583359Z","modified":"2025-12-17T15:08:36.426406Z"},{"id":"ed7897e5-21f0-49fa-9b26-c397eaebc88a","name":"Cisco Advisory SNMP v3 Authentication Vulnerabilities","description":"Cisco. (2008, June 10). Identifying and Mitigating Exploitation of the SNMP Version 3 Authentication Vulnerabilities. Retrieved October 19, 2020.","url":"https://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080610-SNMPv3","source":"MITRE","title":"Identifying and Mitigating Exploitation of the SNMP Version 3 Authentication Vulnerabilities","authors":"Cisco","date_accessed":"2020-10-19T00:00:00Z","date_published":"2008-06-10T00:00:00Z","owner_name":null,"tidal_id":"e7e89e39-ceed-5561-9554-f23f07d54861","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424439Z"},{"id":"b8eaf053-40e0-414e-a89e-409dbf218554","name":"Resource and Data Forks","description":"Flylib. (n.d.). Identifying Resource and Data Forks. Retrieved October 12, 2021.","url":"https://flylib.com/books/en/4.395.1.192/1/","source":"MITRE","title":"Identifying Resource and Data Forks","authors":"Flylib","date_accessed":"2021-10-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d3481307-19e2-5a60-8dc3-e1483b22ada4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433600Z"},{"id":"b55ac071-483b-4802-895f-ea4eaac1de92","name":"AWS Identity Federation","description":"Amazon. (n.d.). Identity Federation in AWS. Retrieved March 13, 2020.","url":"https://aws.amazon.com/identity/federation/","source":"MITRE","title":"Identity Federation in AWS","authors":"Amazon","date_accessed":"2020-03-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"97c4b121-8880-56f7-8aa3-78202c422466","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436306Z"},{"id":"410570e4-b578-4838-a25d-f03d92fcf3cb","name":"Microsoft GetNCCChanges","description":"Microsoft. (n.d.). IDL_DRSGetNCChanges (Opnum 3). Retrieved December 4, 2017.","url":"https://msdn.microsoft.com/library/dd207691.aspx","source":"MITRE","title":"IDL_DRSGetNCChanges (Opnum 3)","authors":"Microsoft","date_accessed":"2017-12-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"031bb574-d02a-5576-8f47-93541b2c5387","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424386Z"},{"id":"01f9a368-5933-47a1-85a9-e5883a5ca266","name":"Ie4uinit.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Ie4uinit.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Ie4uinit/","source":"Tidal Cyber","title":"Ie4uinit.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c6855826-3a0c-586c-bbe2-0e59f24ba177","created":"2024-01-12T14:46:45.216236Z","modified":"2024-01-12T14:46:45.619968Z"},{"id":"79943a49-23d6-499b-a022-7c2f8bd68aee","name":"Ieadvpack.dll - LOLBAS Project","description":"LOLBAS. (2018, May 25). Ieadvpack.dll. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Libraries/Ieadvpack/","source":"Tidal Cyber","title":"Ieadvpack.dll","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"634c5a0f-17db-5736-8ad5-f49d623c4f2b","created":"2024-01-12T14:47:11.737225Z","modified":"2024-01-12T14:47:11.923252Z"},{"id":"8be2156d-43cf-5080-8b27-be4a1c343062","name":"IEC August 2013","description":"IEC 2013, August Industrial communication networks - Network and system security - Part 3-3: System security requirements and security levels. Retrieved 2020/09/25","url":"https://webstore.iec.ch/publication/7033","source":"ICS","title":"IEC August 2013","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2e09dd6e-f3d5-504f-b904-65f82862066e","created":"2026-01-28T13:08:18.174946Z","modified":"2026-01-28T13:08:18.174949Z"},{"id":"6580999d-9487-5a0b-833f-bfbc6e8936ae","name":"IEC February 2013","description":"IEC 2013, February 20 IEC 61131-3:2013 Programmable controllers - Part 3: Programming languages. Retrieved 2019/10/22","url":"https://webstore.iec.ch/publication/4552","source":"ICS","title":"IEC February 2013","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9083bad9-e13d-5717-bc28-bba6604851a5","created":"2026-01-28T13:08:18.176273Z","modified":"2026-01-28T13:08:18.176277Z"},{"id":"de2049a9-fff5-513b-9282-7cd290c11ecb","name":"IEC February 2019","description":"IEC 2019, February Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components. Retrieved 2020/09/25","url":"https://webstore.iec.ch/publication/34421","source":"ICS","title":"IEC February 2019","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8cf32b2c-3522-5ccd-b862-645ecbff880a","created":"2026-01-28T13:08:18.174975Z","modified":"2026-01-28T13:08:18.174980Z"},{"id":"de238a18-2275-497e-adcf-453a016a24c4","name":"iediagcmd.exe - LOLBAS Project","description":"LOLBAS. (2022, March 29). iediagcmd.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Iediagcmd/","source":"Tidal Cyber","title":"iediagcmd.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-03-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"766de869-7bc0-536b-95c2-3e9a0afdaf33","created":"2024-01-12T14:46:45.802387Z","modified":"2024-01-12T14:46:45.984030Z"},{"id":"5d382527-ffbd-486e-adbe-d60508567281","name":"Wikipedia 802.1x","description":"Wikipedia. (2018, March 30). IEEE 802.1X. Retrieved April 11, 2018.","url":"https://en.wikipedia.org/wiki/IEEE_802.1X","source":"MITRE","title":"IEEE 802.1X","authors":"Wikipedia","date_accessed":"2018-04-11T00:00:00Z","date_published":"2018-03-30T00:00:00Z","owner_name":null,"tidal_id":"a12fed1f-df18-5d0e-bb0d-80bd40281873","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415766Z"},{"id":"91f31525-585d-4b71-83d7-9b7c2feacd34","name":"Ieexec.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Ieexec.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Ieexec/","source":"Tidal Cyber","title":"Ieexec.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1dca2bce-30bd-5863-8b0a-4dd18a39784f","created":"2024-01-12T14:46:46.155195Z","modified":"2024-01-12T14:46:46.339957Z"},{"id":"aab9c80d-1f1e-47ba-954d-65e7400054df","name":"Ieframe.dll - LOLBAS Project","description":"LOLBAS. (2018, May 25). Ieframe.dll. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Libraries/Ieframe/","source":"Tidal Cyber","title":"Ieframe.dll","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"afa63b26-1a0f-57ff-969c-113bac1c9ed2","created":"2024-01-12T14:47:12.092615Z","modified":"2024-01-12T14:47:12.298463Z"},{"id":"bf38dab0-b04a-52e9-80cb-0bc1b3b7fdbb","name":"lolbas project Ieframe.dll","description":"lolbas project. (n.d.). Ieframe.dll. Retrieved October 5, 2025.","url":"https://lolbas-project.github.io/lolbas/Libraries/Ieframe/","source":"MITRE","title":"Ieframe.dll","authors":"lolbas project","date_accessed":"2025-10-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d71e782b-520f-5a7d-a88b-8924ecbab53f","created":"2025-10-29T21:08:48.165375Z","modified":"2025-12-17T15:08:36.424069Z"},{"id":"32b0f0bd-53d4-5d15-bde9-57d6c0498aea","name":"IETF-PKCE","description":"N. Sakimura, J. Bradley, and N. Agarwal. (2015, September). IETF RFC 7636: Proof Key for Code Exchange by OAuth Public Clients. Retrieved December","url":"https://tools.ietf.org/html/rfc7636","source":"Mobile","title":"IETF RFC 7636: Proof Key for Code Exchange by OAuth Public Clients","authors":"N. Sakimura, J. Bradley, and N. Agarwal","date_accessed":"1978-12-01T00:00:00Z","date_published":"2015-09-01T00:00:00Z","owner_name":null,"tidal_id":"63744cfb-8594-5cd9-b6a4-f5e6e120cc23","created":"2026-01-28T13:08:10.044742Z","modified":"2026-01-28T13:08:10.044745Z"},{"id":"b799318e-0139-5b67-acee-5e14b0c7cf98","name":"IETF-OAuthNativeApps","description":"W. Denniss and J. Bradley. (2017, October). IETF RFC 8252: OAuth 2.0 for Native Apps. Retrieved November","url":"https://tools.ietf.org/html/rfc8252","source":"Mobile","title":"IETF RFC 8252: OAuth 2.0 for Native Apps","authors":"W. Denniss and J. Bradley","date_accessed":"1978-11-01T00:00:00Z","date_published":"2017-10-01T00:00:00Z","owner_name":null,"tidal_id":"f89509d1-b689-535c-8933-6e86961165df","created":"2026-01-28T13:08:10.043193Z","modified":"2026-01-28T13:08:10.043196Z"},{"id":"7bb238d4-4571-4cd0-aab2-76797570724a","name":"Wikipedia Ifconfig","description":"Wikipedia. (2016, January 26). ifconfig. Retrieved April 17, 2016.","url":"https://en.wikipedia.org/wiki/Ifconfig","source":"MITRE","title":"ifconfig","authors":"Wikipedia","date_accessed":"2016-04-17T00:00:00Z","date_published":"2016-01-26T00:00:00Z","owner_name":null,"tidal_id":"d993cdb5-8c72-5e2c-be51-57871013107b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422890Z"},{"id":"311a3863-3897-4ddf-a251-d0467a56675f","name":"EFF Manul Aug 2016","description":"Galperin, E., Et al.. (2016, August). I Got a Letter From the Government the Other Day.... Retrieved April 25, 2018.","url":"https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf","source":"MITRE","title":"I Got a Letter From the Government the Other Day...","authors":"Galperin, E., Et al.","date_accessed":"2018-04-25T00:00:00Z","date_published":"2016-08-01T00:00:00Z","owner_name":null,"tidal_id":"9c80c445-1f4c-5354-afc2-dbebf31c1659","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419957Z"},{"id":"fd450382-cca0-40c4-8144-cc90a3b0011b","name":"IIS Backdoor 2011","description":"Julien. (2011, February 2). IIS Backdoor. Retrieved June 3, 2021.","url":"https://web.archive.org/web/20170106175935/http:/esec-lab.sogeti.com/posts/2011/02/02/iis-backdoor.html","source":"MITRE","title":"IIS Backdoor","authors":"Julien","date_accessed":"2021-06-03T00:00:00Z","date_published":"2011-02-02T00:00:00Z","owner_name":null,"tidal_id":"74539564-0392-540e-9549-518b76b41218","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433723Z"},{"id":"c8db6bfd-3a08-43b3-b33b-91a32e9bd694","name":"Microsoft IIS Modules Overview 2007","description":"Microsoft. (2007, November 24). IIS Modules Overview. Retrieved June 17, 2021.","url":"https://docs.microsoft.com/en-us/iis/get-started/introduction-to-iis/iis-modules-overview","source":"MITRE","title":"IIS Modules Overview","authors":"Microsoft","date_accessed":"2021-06-17T00:00:00Z","date_published":"2007-11-24T00:00:00Z","owner_name":null,"tidal_id":"c467c0ef-9c5a-5ed4-ad25-152d72cd1d47","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433729Z"},{"id":"0cc015d9-96d0-534e-a34a-221267250f90","name":"Proofpoint TA456 Defense Contractor July 2021","description":"Miller, J. et. al. (2021, July 28). I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona. Retrieved March 11, 2024.","url":"https://www.proofpoint.com/us/blog/threat-insight/i-knew-you-were-trouble-ta456-targets-defense-contractor-alluring-social-media","source":"MITRE","title":"I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona","authors":"Miller, J. et. al","date_accessed":"2024-03-11T00:00:00Z","date_published":"2021-07-28T00:00:00Z","owner_name":null,"tidal_id":"a0d1aa5f-8b43-5e46-a2be-5620e25ca7e1","created":"2024-04-25T13:28:44.179767Z","modified":"2025-12-17T15:08:36.438934Z"},{"id":"347a1f01-02ce-488e-9100-862971c1833f","name":"Ilasm.exe - LOLBAS Project","description":"LOLBAS. (2020, March 17). Ilasm.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Ilasm/","source":"Tidal Cyber","title":"Ilasm.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-03-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a24652f5-575f-57a8-8a0c-fc63cfebf8e0","created":"2024-01-12T14:46:46.514400Z","modified":"2024-01-12T14:46:46.700092Z"},{"id":"2308c5ca-04a4-43c5-b92b-ffa6a60ae3a9","name":"anomali-rocke-tactics","description":"Anomali Threat Research. (2019, October 15). Illicit Cryptomining Threat Actor Rocke Changes Tactics, Now More Difficult to Detect. Retrieved December 17, 2020.","url":"https://www.anomali.com/blog/illicit-cryptomining-threat-actor-rocke-changes-tactics-now-more-difficult-to-detect","source":"MITRE","title":"Illicit Cryptomining Threat Actor Rocke Changes Tactics, Now More Difficult to Detect","authors":"Anomali Threat Research","date_accessed":"2020-12-17T00:00:00Z","date_published":"2019-10-15T00:00:00Z","owner_name":null,"tidal_id":"c3489ea9-3e88-58aa-97cf-6056f96904a1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433878Z"},{"id":"4c62c2cb-bee2-4fc0-aa81-65d66e71a5c2","name":"Microsoft Dev Blog IFEO Mar 2010","description":"Shanbhag, M. (2010, March 24). Image File Execution Options (IFEO). Retrieved December 18, 2017.","url":"https://blogs.msdn.microsoft.com/mithuns/2010/03/24/image-file-execution-options-ifeo/","source":"MITRE","title":"Image File Execution Options (IFEO)","authors":"Shanbhag, M","date_accessed":"2017-12-18T00:00:00Z","date_published":"2010-03-24T00:00:00Z","owner_name":null,"tidal_id":"6ea0e8c3-dc3d-53cb-a40e-b19c469088ad","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430274Z"},{"id":"9d1d6bc1-61cf-4465-b3cb-b6af36769027","name":"IMEWDBLD.exe - LOLBAS Project","description":"LOLBAS. (2020, March 5). IMEWDBLD.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/IMEWDBLD/","source":"Tidal Cyber","title":"IMEWDBLD.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-03-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ecd704a1-cae7-5d4d-9771-0912764ce5e8","created":"2024-01-12T14:46:44.756675Z","modified":"2024-01-12T14:46:44.935293Z"},{"id":"28f858c6-4c00-4c0c-bb27-9e000ba22690","name":"Imminent Unit42 Dec2019","description":"Unit 42. (2019, December 2). Imminent Monitor – a RAT Down Under. Retrieved May 5, 2020.","url":"https://unit42.paloaltonetworks.com/imminent-monitor-a-rat-down-under/","source":"MITRE","title":"Imminent Monitor – a RAT Down Under","authors":"Unit 42","date_accessed":"2020-05-05T00:00:00Z","date_published":"2019-12-02T00:00:00Z","owner_name":null,"tidal_id":"7a037ce2-18d1-539f-aa45-e03f991377d6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423117Z"},{"id":"9b88d7d6-5cf3-40d5-b624-ddf01508cb95","name":"Core Security Impacket","description":"Core Security. (n.d.). Impacket. Retrieved November 2, 2017.","url":"https://www.coresecurity.com/core-labs/open-source-tools/impacket","source":"MITRE","title":"Impacket","authors":"Core Security","date_accessed":"2017-11-02T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f1a67bd1-47ea-51d4-9422-f4f4885931cb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441961Z"},{"id":"cdaf72ce-e8f7-42ae-b815-14a7fd47e292","name":"Impacket Tools","description":"SecureAuth. (n.d.). Retrieved January 15, 2019.","url":"https://www.secureauth.com/labs/open-source-tools/impacket","source":"MITRE","title":"Impacket Tools","authors":"","date_accessed":"2019-01-15T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"53fac408-0389-5d86-a6f6-92f2a59c49b3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422810Z"},{"id":"668d7fff-8606-5aa1-895c-390b04d176d1","name":"Dragos FROSTYGOOP 2024","description":"Mark Graham, Carolyn Ahlers, Kyle O'Meara; Dragos. (2024, July). Impact of FrostyGoop ICS Malware on Connected OT Systems. Retrieved November 20, 2024.","url":"https://hub.dragos.com/hubfs/Reports/Dragos-FrostyGoop-ICS-Malware-Intel-Brief-0724_r2.pdf","source":"MITRE","title":"Impact of FrostyGoop ICS Malware on Connected OT Systems","authors":"Mark Graham, Carolyn Ahlers, Kyle O'Meara; Dragos","date_accessed":"2024-11-20T00:00:00Z","date_published":"2024-07-01T00:00:00Z","owner_name":null,"tidal_id":"b3886411-2809-5863-b1b4-15d0f67457a9","created":"2025-04-22T20:47:21.646332Z","modified":"2025-12-17T15:08:36.439528Z"},{"id":"c3e6c8da-1399-419c-96f5-7dade6fccd29","name":"EK Impeding Malware Analysis","description":"Song, C., et al. (2012, August 7). Impeding Automated Malware Analysis with Environment-sensitive Malware. Retrieved January 18, 2019.","url":"https://pdfs.semanticscholar.org/2721/3d206bc3c1e8c229fb4820b6af09e7f975da.pdf","source":"MITRE","title":"Impeding Automated Malware Analysis with Environment-sensitive Malware","authors":"Song, C., et al","date_accessed":"2019-01-18T00:00:00Z","date_published":"2012-08-07T00:00:00Z","owner_name":null,"tidal_id":"9e2518a5-50dc-5248-b0ea-6e886326f3dc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436352Z"},{"id":"d7755dbd-0b38-5776-b63a-d792a4d027a4","name":"Microsoft Impersonation and EWS in Exchange","description":"Microsoft. (2022, September 13). Impersonation and EWS in Exchange. Retrieved July 10, 2023.","url":"https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/impersonation-and-ews-in-exchange","source":"MITRE","title":"Impersonation and EWS in Exchange","authors":"Microsoft","date_accessed":"2023-07-10T00:00:00Z","date_published":"2022-09-13T00:00:00Z","owner_name":null,"tidal_id":"ae0e0fca-1393-5b15-b902-5610778d9848","created":"2023-11-07T00:36:04.361746Z","modified":"2025-12-17T15:08:36.431060Z"},{"id":"8128a83a-4a29-5b80-bd7f-91758d7f9489","name":"Google Project Zero Insomnia","description":"I. Beer. (2019, August 29). Implant Teardown. Retrieved June","url":"https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html","source":"Mobile","title":"Implant Teardown","authors":"I. Beer","date_accessed":"1978-06-01T00:00:00Z","date_published":"2019-08-29T00:00:00Z","owner_name":null,"tidal_id":"c6c3fbc3-0939-5271-bc4a-1301598d0a9b","created":"2026-01-28T13:08:10.045186Z","modified":"2026-01-28T13:08:10.045189Z"},{"id":"63c5c654-e885-4427-a644-068f4057f35f","name":"Microsoft Implementing CPL","description":"M. (n.d.). Implementing Control Panel Items. Retrieved January 18, 2018.","url":"https://msdn.microsoft.com/library/windows/desktop/cc144185.aspx","source":"MITRE","title":"Implementing Control Panel Items","authors":"M","date_accessed":"2018-01-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a1658ecf-1267-599a-abbf-020ac39a94e7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429388Z"},{"id":"21e595be-d028-4013-b3d0-811c08581709","name":"TechNet Least Privilege","description":"Microsoft. (2016, April 16). Implementing Least-Privilege Administrative Models. Retrieved June 3, 2016.","url":"https://technet.microsoft.com/en-us/library/dn487450.aspx","source":"MITRE","title":"Implementing Least-Privilege Administrative Models","authors":"Microsoft","date_accessed":"2016-06-03T00:00:00Z","date_published":"2016-04-16T00:00:00Z","owner_name":null,"tidal_id":"4e5e9a5f-ad9e-5aa0-8c40-5c897a7c7e7a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416327Z"},{"id":"1ae25634-7aeb-5ba3-a467-65fbaa394e2b","name":"Dragos Apr 2019","description":"Joe Slowik. (2019, April 10). Implications of IT Ransomware for ICS Environments. Retrieved October 27, 2019.","url":"https://dragos.com/blog/industry-news/implications-of-it-ransomware-for-ics-environments/","source":"MITRE","title":"Implications of IT Ransomware for ICS Environments","authors":"Joe Slowik","date_accessed":"2019-10-27T00:00:00Z","date_published":"2019-04-10T00:00:00Z","owner_name":null,"tidal_id":"5be2908c-607e-5561-b6d3-71785dd4c8ed","created":"2025-04-22T20:47:26.429562Z","modified":"2025-12-17T15:08:36.417594Z"},{"id":"b076c047-8387-50b4-b54c-61aed025a409","name":"Dragos IT Ransomware for ICS Environments Apr 2019","description":"Joe Slowik. (2019, April 10). Implications of IT Ransomware for ICS Environments. Retrieved October","url":"https://dragos.com/blog/industry-news/implications-of-it-ransomware-for-ics-environments/","source":"ICS","title":"Implications of IT Ransomware for ICS Environments","authors":"Joe Slowik","date_accessed":"1978-10-01T00:00:00Z","date_published":"2019-04-10T00:00:00Z","owner_name":null,"tidal_id":"e328f4b4-002e-563f-aa64-cbfe88286df7","created":"2026-01-28T13:08:18.175467Z","modified":"2026-01-28T13:08:18.175470Z"},{"id":"60187301-8d70-4023-8e6d-59cbb1468f0d","name":"Dragos IT ICS Ransomware","description":"Slowik, J.. (2019, April 10). Implications of IT Ransomware for ICS Environments. Retrieved January 28, 2021.","url":"https://www.dragos.com/blog/industry-news/implications-of-it-ransomware-for-ics-environments/","source":"MITRE","title":"Implications of IT Ransomware for ICS Environments","authors":"Slowik, J.","date_accessed":"2021-01-28T00:00:00Z","date_published":"2019-04-10T00:00:00Z","owner_name":null,"tidal_id":"e3b05215-665a-5c53-a946-728d3ed5d6d0","created":"2022-12-14T20:06:32.013016Z","modified":"2024-10-31T16:28:32.490113Z"},{"id":"33e84eb1-4835-404b-8c1a-40695c04cdb4","name":"Microsoft SolarWinds Steps","description":"Lambert, J. (2020, December 13). Important steps for customers to protect themselves from recent nation-state cyberattacks. Retrieved December 17, 2020.","url":"https://blogs.microsoft.com/on-the-issues/2020/12/13/customers-protect-nation-state-cyberattacks/","source":"MITRE","title":"Important steps for customers to protect themselves from recent nation-state cyberattacks","authors":"Lambert, J","date_accessed":"2020-12-17T00:00:00Z","date_published":"2020-12-13T00:00:00Z","owner_name":null,"tidal_id":"17fbe148-2375-5705-b6c4-b05ed5acbd9d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426055Z"},{"id":"c2bf9e2f-cd0a-411d-84bc-61454a369c6b","name":"White House Imposing Costs RU Gov April 2021","description":"White House. (2021, April 15). Imposing Costs for Harmful Foreign Activities by the Russian Government. Retrieved April 16, 2021.","url":"https://www.whitehouse.gov/briefing-room/statements-releases/2021/04/15/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government/","source":"MITRE","title":"Imposing Costs for Harmful Foreign Activities by the Russian Government","authors":"White House","date_accessed":"2021-04-16T00:00:00Z","date_published":"2021-04-15T00:00:00Z","owner_name":null,"tidal_id":"98235cc8-553e-594a-a5b1-ad2f945aed92","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438160Z"},{"id":"fde77ea9-2b4d-40d7-99c5-433bfdbcb994","name":"Malicious Driver Reporting Center","description":"Azure Edge and Platform Security Team & Microsoft 365 Defender Research Team. (2021, December 8). Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center. Retrieved April 6, 2022.","url":"https://www.microsoft.com/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/","source":"MITRE","title":"Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center","authors":"Azure Edge and Platform Security Team & Microsoft 365 Defender Research Team","date_accessed":"2022-04-06T00:00:00Z","date_published":"2021-12-08T00:00:00Z","owner_name":null,"tidal_id":"5458bdd7-367c-5e64-90bd-267c4fe86d6b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440177Z"},{"id":"5cb98fce-f386-4878-b69c-5c6440ad689c","name":"Unit 42 Inception November 2018","description":"Lancaster, T. (2018, November 5). Inception Attackers Target Europe with Year-old Office Vulnerability. Retrieved May 8, 2020.","url":"https://unit42.paloaltonetworks.com/unit42-inception-attackers-target-europe-year-old-office-vulnerability/","source":"MITRE, Tidal Cyber","title":"Inception Attackers Target Europe with Year-old Office Vulnerability","authors":"Lancaster, T","date_accessed":"2020-05-08T00:00:00Z","date_published":"2018-11-05T00:00:00Z","owner_name":null,"tidal_id":"95568d7d-c9b3-52c6-8527-17793c3faf63","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.258896Z"},{"id":"166f5c44-7d8c-45d5-8d9f-3b8bd21a2af3","name":"Symantec Inception Framework March 2018","description":"Symantec. (2018, March 14). Inception Framework: Alive and Well, and Hiding Behind Proxies. Retrieved May 8, 2020.","url":"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/inception-framework-hiding-behind-proxies","source":"MITRE, Tidal Cyber","title":"Inception Framework: Alive and Well, and Hiding Behind Proxies","authors":"Symantec","date_accessed":"2020-05-08T00:00:00Z","date_published":"2018-03-14T00:00:00Z","owner_name":null,"tidal_id":"96629fac-1ac6-561f-a004-c12f6e40135a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.278205Z"},{"id":"089f6f4e-370c-49cb-a35c-c80be0fd39de","name":"Expel AWS Attacker","description":"Brian Bahtiarian, David Blanton, Britton Manahan and Kyle Pellett. (2022, April 5). Incident report: From CLI to console, chasing an attacker in AWS. Retrieved April 7, 2022.","url":"https://expel.com/blog/incident-report-from-cli-to-console-chasing-an-attacker-in-aws/","source":"MITRE","title":"Incident report: From CLI to console, chasing an attacker in AWS","authors":"Brian Bahtiarian, David Blanton, Britton Manahan and Kyle Pellett","date_accessed":"2022-04-07T00:00:00Z","date_published":"2022-04-05T00:00:00Z","owner_name":null,"tidal_id":"d6363f03-0269-5eae-a21c-75b8353fe1d7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426926Z"},{"id":"f26d3aa4-6966-53c4-b9d1-848420377eae","name":"Dark Reading Microsoft 365 Attacks 2021","description":"Kelly Sheridan. (2021, August 5). Incident Responders Explore Microsoft 365 Attacks in the Wild. Retrieved March 17, 2023.","url":"https://www.darkreading.com/threat-intelligence/incident-responders-explore-microsoft-365-attacks-in-the-wild/d/d-id/1341591","source":"MITRE","title":"Incident Responders Explore Microsoft 365 Attacks in the Wild","authors":"Kelly Sheridan","date_accessed":"2023-03-17T00:00:00Z","date_published":"2021-08-05T00:00:00Z","owner_name":null,"tidal_id":"8e2b8dce-d4cf-577e-bc89-a830d099f027","created":"2023-05-26T01:21:09.811176Z","modified":"2025-12-17T15:08:36.434699Z"},{"id":"f5367abc-e776-41a0-b8e5-6dc60079c081","name":"Cisco Talos Q2 Trends July 26 2023","description":"Nicole Hoffman. (2023, July 26). Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical. Retrieved August 4, 2023.","url":"https://blog.talosintelligence.com/talos-ir-q2-2023-quarterly-recap/","source":"Tidal Cyber","title":"Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical","authors":"Nicole Hoffman","date_accessed":"2023-08-04T00:00:00Z","date_published":"2023-07-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a82b988d-bcf2-5325-90c4-d13a3e7559c7","created":"2024-06-13T20:10:36.435522Z","modified":"2024-06-13T20:10:36.628427Z"},{"id":"fc6797ee-135d-5357-905a-bcf16897e147","name":"Brubaker-Incontroller","description":"Nathan Brubaker, Keith Lunden, Ken Proska, Muhammad Umair, Daniel Kapellmann Zafra, Corey Hildebrandt, Rob Caldwell. (2022, April 13). INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems. Retrieved September","url":"https://www.mandiant.com/resources/incontroller-state-sponsored-ics-tool","source":"ICS","title":"INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems","authors":"Nathan Brubaker, Keith Lunden, Ken Proska, Muhammad Umair, Daniel Kapellmann Zafra, Corey Hildebrandt, Rob Caldwell","date_accessed":"1978-09-01T00:00:00Z","date_published":"2022-04-13T00:00:00Z","owner_name":null,"tidal_id":"df78583f-76cf-52ac-8407-360744aa712f","created":"2026-01-28T13:08:18.176171Z","modified":"2026-01-28T13:08:18.176174Z"},{"id":"7e793738-c132-47bf-90aa-1f0659564d16","name":"SentinelOne September 21 2023","description":"SentinelOne. (2023, September 21). Inc. Ransom. Retrieved January 1, 2024.","url":"https://www.sentinelone.com/anthology/inc-ransom/","source":"Tidal Cyber","title":"Inc. Ransom","authors":"SentinelOne","date_accessed":"2024-01-01T00:00:00Z","date_published":"2023-09-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"87094560-1320-5cae-a662-6e89d25dd07e","created":"2024-09-20T15:08:31.069543Z","modified":"2024-09-20T15:08:31.301420Z"},{"id":"fbfd6be8-acc7-5ed4-b2b7-9248c2c27682","name":"Bleeping Computer INC Ransomware March 2024","description":"Toulas, B. (2024, March 27). INC Ransom threatens to leak 3TB of NHS Scotland stolen data. Retrieved June 5, 2024.","url":"https://www.bleepingcomputer.com/news/security/inc-ransom-threatens-to-leak-3tb-of-nhs-scotland-stolen-data/","source":"MITRE","title":"INC Ransom threatens to leak 3TB of NHS Scotland stolen data","authors":"Toulas, B","date_accessed":"2024-06-05T00:00:00Z","date_published":"2024-03-27T00:00:00Z","owner_name":null,"tidal_id":"c2816b65-37bd-540a-9600-1861c4faa06f","created":"2024-10-31T16:28:31.389870Z","modified":"2025-12-17T15:08:36.438853Z"},{"id":"6f9b8f72-c55f-4268-903e-1f8a82efa5bb","name":"U.S. CISA Increased Truebot Activity July 6 2023","description":"Cybersecurity and Infrastructure Security Agency. (2023, July 6). Increased Truebot Activity Infects U.S. and Canada Based Networks. Retrieved July 6, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a","source":"Tidal Cyber","title":"Increased Truebot Activity Infects U.S. and Canada Based Networks","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-07-06T00:00:00Z","date_published":"2023-07-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0b91e834-5177-5811-9633-aa03ef9aafb2","created":"2023-07-14T12:56:32.739815Z","modified":"2023-07-14T12:56:32.833740Z"},{"id":"42e2f322-f311-4d96-9f07-9d4130c83cab","name":"Trend Micro November 13 2025","description":"None Identified. (2025, November 13). Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics | Trend Micro (US). Retrieved November 20, 2025.","url":"https://www.trendmicro.com/en_us/research/25/k/lumma-stealer-browser-fingerprinting.html","source":"Tidal Cyber","title":"Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics | Trend Micro (US)","authors":"None Identified","date_accessed":"2025-11-20T12:00:00Z","date_published":"2025-11-13T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"35c854f6-a411-578c-9226-2d44998e056d","created":"2025-12-10T14:13:38.698220Z","modified":"2025-12-10T14:13:38.943222Z"},{"id":"23b12551-0bec-4f7d-8468-f372a8ba521b","name":"Increasing Linux kernel integrity","description":"Boelen, M. (2015, October 7). Increase kernel integrity with disabled Linux kernel modules loading. Retrieved June 4, 2020.","url":"https://linux-audit.com/increase-kernel-integrity-with-disabled-linux-kernel-modules-loading/","source":"MITRE","title":"Increase kernel integrity with disabled Linux kernel modules loading","authors":"Boelen, M","date_accessed":"2020-06-04T00:00:00Z","date_published":"2015-10-07T00:00:00Z","owner_name":null,"tidal_id":"e809a95f-dcb3-5fd5-9101-73486c080601","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442613Z"},{"id":"b785ceda-fea9-4e96-87d8-38cfd1f8b5bd","name":"TechNet Scheduling Priority","description":"Microsoft. (2013, May 8). Increase scheduling priority. Retrieved December 18, 2017.","url":"https://technet.microsoft.com/library/dn221960.aspx","source":"MITRE","title":"Increase scheduling priority","authors":"Microsoft","date_accessed":"2017-12-18T00:00:00Z","date_published":"2013-05-08T00:00:00Z","owner_name":null,"tidal_id":"e8babe93-d863-597b-aab2-59e013e5df5f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416391Z"},{"id":"33919c16-4383-52a9-8ac7-286c40c18835","name":"Emerson Exchange","description":"Emerson Exchange. (n.d.). Increase Security with TPM, Secure Boot, and Trusted Boot. Retrieved 2020/09/25","url":"https://emersonexchange365.com/products/control-safety-systems/f/plc-pac-systems-industrial-computing-forum/8383/increase-security-with-tpm-secure-boot-and-trusted-boot","source":"ICS","title":"Increase Security with TPM, Secure Boot, and Trusted Boot","authors":"Emerson Exchange","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"283ff4ec-3840-544c-b13b-bd4df0fa6b71","created":"2026-01-28T13:08:18.179789Z","modified":"2026-01-28T13:08:18.179792Z"},{"id":"d7c4f03e-7dc0-4196-866b-c1a8eb943f77","name":"Revil Independence Day","description":"Loman, M. et al. (2021, July 4). Independence Day: REvil uses supply chain exploit to attack hundreds of businesses. Retrieved September 30, 2021.","url":"https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/","source":"MITRE","title":"Independence Day: REvil uses supply chain exploit to attack hundreds of businesses","authors":"Loman, M. et al","date_accessed":"2021-09-30T00:00:00Z","date_published":"2021-07-04T00:00:00Z","owner_name":null,"tidal_id":"7ec9151a-9068-532e-a7e7-26183c036745","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433144Z"},{"id":"24e5c321-c418-4010-b158-0ada2dbb4f7f","name":"Fortinet Agent Tesla June 2017","description":"Zhang, X. (2017, June 28). In-Depth Analysis of A New Variant of .NET Malware AgentTesla. Retrieved November 5, 2018.","url":"https://www.fortinet.com/blog/threat-research/in-depth-analysis-of-net-malware-javaupdtr.html","source":"MITRE","title":"In-Depth Analysis of A New Variant of .NET Malware AgentTesla","authors":"Zhang, X","date_accessed":"2018-11-05T00:00:00Z","date_published":"2017-06-28T00:00:00Z","owner_name":null,"tidal_id":"1c6b26f2-4348-55d5-887a-d280512e2281","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439988Z"},{"id":"0ea8f87d-e19d-438d-b05b-30f2ccd0ea3b","name":"NCC Group Team9 June 2020","description":"Pantazopoulos, N. (2020, June 2). In-depth analysis of the new Team9 malware family. Retrieved December 1, 2020.","url":"https://research.nccgroup.com/2020/06/02/in-depth-analysis-of-the-new-team9-malware-family/","source":"MITRE","title":"In-depth analysis of the new Team9 malware family","authors":"Pantazopoulos, N","date_accessed":"2020-12-01T00:00:00Z","date_published":"2020-06-02T00:00:00Z","owner_name":null,"tidal_id":"f3cfc11c-bbbb-54ce-b03e-2a913e3b7d03","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420650Z"},{"id":"dac5cda3-97bc-4e38-b54f-554a75a18c5b","name":"Trend Micro APT Attack Tools","description":"Wilhoit, K. (2013, March 4). In-Depth Look: APT Attack Tools of the Trade. Retrieved December 2, 2015.","url":"http://blog.trendmicro.com/trendlabs-security-intelligence/in-depth-look-apt-attack-tools-of-the-trade/","source":"MITRE","title":"In-Depth Look: APT Attack Tools of the Trade","authors":"Wilhoit, K","date_accessed":"2015-12-02T00:00:00Z","date_published":"2013-03-04T00:00:00Z","owner_name":null,"tidal_id":"94121cb8-57a7-5f6f-b45d-0ccca2070a33","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429904Z"},{"id":"59fd16cd-426f-472d-a5df-e7c1484a6481","name":"Symantec Suckfly May 2016","description":"DiMaggio, J. (2016, May 17). Indian organizations targeted in Suckfly attacks. Retrieved August 3, 2016.","url":"http://www.symantec.com/connect/blogs/indian-organizations-targeted-suckfly-attacks","source":"MITRE","title":"Indian organizations targeted in Suckfly attacks","authors":"DiMaggio, J","date_accessed":"2016-08-03T00:00:00Z","date_published":"2016-05-17T00:00:00Z","owner_name":null,"tidal_id":"5d437e08-e641-5163-b9e8-9e85feedad47","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437852Z"},{"id":"8ad57a0d-d74f-5802-ab83-4ddac1beb083","name":"Joint CSA AvosLocker Mar 2022","description":"FBI, FinCEN, Treasury. (2022, March 17). Indicators of Compromise Associated with AvosLocker Ransomware. Retrieved January 11, 2023.","url":"https://www.ic3.gov/Media/News/2022/220318.pdf","source":"MITRE","title":"Indicators of Compromise Associated with AvosLocker Ransomware","authors":"FBI, FinCEN, Treasury","date_accessed":"2023-01-11T00:00:00Z","date_published":"2022-03-17T00:00:00Z","owner_name":null,"tidal_id":"f4d2024c-aba5-5f8e-984f-a281348b8f46","created":"2023-05-26T01:21:15.306151Z","modified":"2025-12-17T15:08:36.416810Z"},{"id":"b206b4fd-7c8a-5e5c-a0a4-737a5502df80","name":"FBI BlackByte 2022","description":"US Federal Bureau of Investigation & US Secret Service. (2022, February 11). Indicators of Compromise Associated with BlackByte Ransomware. Retrieved December 16, 2024.","url":"https://www.ic3.gov/CSA/2022/220211.pdf","source":"MITRE","title":"Indicators of Compromise Associated with BlackByte Ransomware","authors":"US Federal Bureau of Investigation & US Secret Service","date_accessed":"2024-12-16T00:00:00Z","date_published":"2022-02-11T00:00:00Z","owner_name":null,"tidal_id":"17c667b3-2983-5162-b78d-61b6e3f67e50","created":"2025-04-22T20:47:22.692268Z","modified":"2025-12-17T15:08:36.420496Z"},{"id":"a1691741-9ecd-4b20-8cc9-b9bdfc1592b5","name":"FBI Flash Diavol January 2022","description":"FBI. (2022, January 19). Indicators of Compromise Associated with Diavol. Retrieved November 17, 2024.","url":"https://www.ic3.gov/CSA/2022/220120.pdf","source":"MITRE","title":"Indicators of Compromise Associated with Diavol","authors":"FBI","date_accessed":"2024-11-17T00:00:00Z","date_published":"2022-01-19T00:00:00Z","owner_name":null,"tidal_id":"43e54483-cea5-5662-b04b-2f66d3e8bdb5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418498Z"},{"id":"9fdd9ea7-57f3-5f6a-84c8-b8bce20a85bf","name":"FBI Lockbit 2.0 FEB 2022","description":"FBI. (2022, February 4). Indicators of Compromise Associated with LockBit 2.0 Ransomware. Retrieved January 24, 2025.","url":"https://www.ic3.gov/CSA/2022/220204.pdf","source":"MITRE","title":"Indicators of Compromise Associated with LockBit 2.0 Ransomware","authors":"FBI","date_accessed":"2025-01-24T00:00:00Z","date_published":"2022-02-04T00:00:00Z","owner_name":null,"tidal_id":"92682aaf-2e45-596a-8f5a-56986a8a21a3","created":"2025-04-22T20:47:28.212796Z","modified":"2025-12-17T15:08:36.420878Z"},{"id":"38b9b8a3-6fd3-4650-9192-14ee3f302705","name":"FBI Ragnar Locker 2020","description":"FBI. (2020, November 19). Indicators of Compromise Associated with Ragnar Locker Ransomware. Retrieved September 12, 2024.","url":"https://s3.documentcloud.org/documents/20413525/fbi-flash-indicators-of-compromise-ragnar-locker-ransomware-11192020-bc.pdf","source":"MITRE","title":"Indicators of Compromise Associated with Ragnar Locker Ransomware","authors":"FBI","date_accessed":"2024-09-12T00:00:00Z","date_published":"2020-11-19T00:00:00Z","owner_name":null,"tidal_id":"b7bc0248-8ec7-5196-9f99-bd818be773ed","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434558Z"},{"id":"76869199-e9fa-41b4-b045-41015e6daaec","name":"FBI FLASH APT39 September 2020","description":"FBI. (2020, September 17). Indicators of Compromise Associated with Rana Intelligence Computing, also known as Advanced Persistent Threat 39, Chafer, Cadelspy, Remexi, and ITG07. Retrieved December 10, 2020.","url":"https://www.iranwatch.org/sites/default/files/public-intelligence-alert.pdf","source":"MITRE","title":"Indicators of Compromise Associated with Rana Intelligence Computing, also known as Advanced Persistent Threat 39, Chafer, Cadelspy, Remexi, and ITG07","authors":"FBI","date_accessed":"2020-12-10T00:00:00Z","date_published":"2020-09-17T00:00:00Z","owner_name":null,"tidal_id":"eb7eb23d-94fd-5b51-8e0b-dc1b222c222d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438242Z"},{"id":"56aeab4e-b046-4426-81a8-c3b2323492f0","name":"US District Court Indictment GRU Oct 2018","description":"Brady, S . (2018, October 3). Indictment - United States vs Aleksei Sergeyevich Morenets, et al.. Retrieved October 1, 2020.","url":"https://www.justice.gov/opa/page/file/1098481/download","source":"MITRE","title":"Indictment - United States vs Aleksei Sergeyevich Morenets, et al.","authors":"Brady, S","date_accessed":"2020-10-01T00:00:00Z","date_published":"2018-10-03T00:00:00Z","owner_name":null,"tidal_id":"aca8c0c2-2731-546a-87de-7fd805f683fc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437774Z"},{"id":"cf4a8c8c-eab1-421f-b313-344aed03b42d","name":"Checkpoint IndigoZebra July 2021","description":"CheckPoint Research. (2021, July 1). IndigoZebra APT continues to attack Central Asia with evolving tools. Retrieved September 24, 2021.","url":"https://research.checkpoint.com/2021/indigozebra-apt-continues-to-attack-central-asia-with-evolving-tools/","source":"MITRE, Tidal Cyber","title":"IndigoZebra APT continues to attack Central Asia with evolving tools","authors":"CheckPoint Research","date_accessed":"2021-09-24T00:00:00Z","date_published":"2021-07-01T00:00:00Z","owner_name":null,"tidal_id":"84bb8c27-4cb1-534b-80cd-7876da6dd376","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.257602Z"},{"id":"fcf8265a-3084-4162-87d0-9e77c0a5cff0","name":"HackerNews IndigoZebra July 2021","description":"Lakshmanan, R.. (2021, July 1). IndigoZebra APT Hacking Campaign Targets the Afghan Government. Retrieved September 24, 2021.","url":"https://thehackernews.com/2021/07/indigozebra-apt-hacking-campaign.html","source":"MITRE","title":"IndigoZebra APT Hacking Campaign Targets the Afghan Government","authors":"Lakshmanan, R.","date_accessed":"2021-09-24T00:00:00Z","date_published":"2021-07-01T00:00:00Z","owner_name":null,"tidal_id":"232e0fb6-d63d-59c9-b5f5-28070ba07e61","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420414Z"},{"id":"c07f1b2b-ae56-5a1a-b607-1f3bc7e119cf","name":"3 - appv","description":"Raj Chandel. (2022, March 17). Indirect Command Execution: Defense Evasion (T1202). Retrieved February 6, 2024.","url":"https://www.hackingarticles.in/indirect-command-execution-defense-evasion-t1202/","source":"MITRE","title":"Indirect Command Execution: Defense Evasion (T1202)","authors":"Raj Chandel","date_accessed":"2024-02-06T00:00:00Z","date_published":"2022-03-17T00:00:00Z","owner_name":null,"tidal_id":"4778b814-6055-5965-b5d6-83955999e1f1","created":"2024-04-25T13:28:40.860434Z","modified":"2025-12-17T15:08:36.435879Z"},{"id":"bb79207f-3ab4-4b86-8b1c-d587724efb7c","name":"Check Point Meteor Aug 2021","description":"Check Point Research Team. (2021, August 14). Indra - Hackers Behind Recent Attacks on Iran. Retrieved February 17, 2022.","url":"https://research.checkpoint.com/2021/indra-hackers-behind-recent-attacks-on-iran/","source":"MITRE","title":"Indra - Hackers Behind Recent Attacks on Iran","authors":"Check Point Research Team","date_accessed":"2022-02-17T00:00:00Z","date_published":"2021-08-14T00:00:00Z","owner_name":null,"tidal_id":"41ccd086-4016-5dc4-9c1a-4ffecf6b432c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421817Z"},{"id":"4b77d313-ef3c-4d2f-bfde-609fa59a8f55","name":"Crowdstrike EvilCorp March 2021","description":"Podlosky, A., Feeley, B. (2021, March 17). INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions. Retrieved September 15, 2021.","url":"https://www.crowdstrike.com/blog/hades-ransomware-successor-to-indrik-spiders-wastedlocker/","source":"MITRE, Tidal Cyber","title":"INDRIK SPIDER Supersedes WastedLocker with Hades Ransomware to Circumvent OFAC Sanctions","authors":"Podlosky, A., Feeley, B","date_accessed":"2021-09-15T00:00:00Z","date_published":"2021-03-17T00:00:00Z","owner_name":null,"tidal_id":"7c286a26-bd1a-58ea-bd0f-bf0042b3c122","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.277763Z"},{"id":"c360d999-74d5-58d2-9800-ab58157bf40e","name":"Tyson Macaulay","description":"Tyson Macaulay, Michael J. Assante and Robert M. Lee. (n.d.). Industrial Control System (ICS) Security. Retrieved November","url":"https://books.google.com/books?id=oXIYBAAAQBAJ&pg=PA249&lpg=PA249&dq=loss+denial+manipulation+of+view&source=bl&ots=dV1uQ8IUff&sig=ACfU3U2NIwGjhg051D_Ytw6npyEk9xcf4w&hl=en&sa=X&ved=2ahUKEwj2wJ7y4tDlAhVmplkKHSTaDnQQ6AEwAHoECAgQAQ#v=onepage&q=loss%20denial%20manipulation%20of%20view&f=false","source":"ICS","title":"Industrial Control System (ICS) Security","authors":"Tyson Macaulay, Michael J. Assante and Robert M. Lee","date_accessed":"1978-11-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f8214c0f-d149-5ccb-b020-530425bb8e5d","created":"2026-01-28T13:08:18.176438Z","modified":"2026-01-28T13:08:18.176441Z"},{"id":"a2f08d80-ae42-5f56-93fe-9e58857625d4","name":"Corero","description":"Corero. (n.d.). Industrial Control System (ICS) Security. Retrieved November","url":"https://www.corero.com/resources/files/whitepapers/cns_whitepaper_ics.pdf","source":"ICS","title":"Industrial Control System (ICS) Security","authors":"Corero","date_accessed":"1978-11-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"988d7f9b-9df4-5b5a-9aed-2856f0f740f7","created":"2026-01-28T13:08:18.176387Z","modified":"2026-01-28T13:08:18.176393Z"},{"id":"3fce81eb-2452-580d-806a-e156a4b08546","name":"Industroyer2 Forescout July 2022","description":"Forescout. (2022, July 14). Industroyer2 and INCONTROLLER In-depth Technical Analysis of the Most Recent ICS-specific Malware. Retrieved March","url":"https://www.forescout.com/resources/industroyer2-and-incontroller-report/","source":"ICS","title":"Industroyer2 and INCONTROLLER In-depth Technical Analysis of the Most Recent ICS-specific Malware","authors":"Forescout","date_accessed":"1978-03-01T00:00:00Z","date_published":"2022-07-14T00:00:00Z","owner_name":null,"tidal_id":"898d18dd-7000-5925-9a4a-0c2ec4364782","created":"2026-01-28T13:08:18.179401Z","modified":"2026-01-28T13:08:18.179404Z"},{"id":"3ec01405-3240-5679-924f-f1194bca9a72","name":"Industroyer2 ESET April 2022","description":"ESET. (2022, April 12). Industroyer2: Industroyer reloaded. Retrieved March 30, 2023.","url":"https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/","source":"MITRE","title":"Industroyer2: Industroyer reloaded","authors":"ESET","date_accessed":"2023-03-30T00:00:00Z","date_published":"2022-04-12T00:00:00Z","owner_name":null,"tidal_id":"d4fd96fd-a5f2-509c-b307-0fa9ae0fa072","created":"2023-05-26T01:21:20.645855Z","modified":"2025-12-17T15:08:36.442483Z"},{"id":"d9e8ca96-8646-5dd9-bede-56305385b2e4","name":"Industroyer2 Blackhat ESET","description":"Anton Cherepanov, Robert Lipovsky. (2022, August). Industroyer2: Sandworm's Cyberwarfare Targets Ukraine's Power Grid. Retrieved April 6, 2023.","url":"https://www.youtube.com/watch?v=xC9iM5wVedQ","source":"MITRE","title":"Industroyer2: Sandworm's Cyberwarfare Targets Ukraine's Power Grid","authors":"Anton Cherepanov, Robert Lipovsky","date_accessed":"2023-04-06T00:00:00Z","date_published":"2022-08-01T00:00:00Z","owner_name":null,"tidal_id":"93f1b447-c5a0-54f5-9911-30bc8977ce52","created":"2023-05-26T01:21:16.214147Z","modified":"2025-12-17T15:08:36.419354Z"},{"id":"d1d1a371-a71c-558b-b3d6-651f47557e6b","name":"Dragos Crashoverride","description":"Dragos Inc. (2017, June 13). Industroyer - Dragos - 201706: Analysis of the Threat to Electic Grid Operations. Retrieved September","url":"https://www.dragos.com/wp-content/uploads/CrashOverride-01.pdf","source":"ICS","title":"Industroyer - Dragos - 201706: Analysis of the Threat to Electic Grid Operations","authors":"Dragos Inc","date_accessed":"1978-09-01T00:00:00Z","date_published":"2017-06-13T00:00:00Z","owner_name":null,"tidal_id":"48da7762-cc10-50eb-b095-2799d871178a","created":"2026-01-28T13:08:18.175361Z","modified":"2026-01-28T13:08:18.175364Z"},{"id":"48edeadc-f1e7-5fda-be96-1c41f78fc65a","name":"Industroyer2 Mandiant April 2022","description":"Daniel Kapellmann Zafra, Raymond Leong, Chris Sistrunk, Ken Proska, Corey Hildebrandt, Keith Lunden, Nathan Brubaker. (2022, April 25). INDUSTROYER.V2: Old Malware Learns New Tricks. Retrieved March 30, 2023.","url":"https://www.mandiant.com/resources/blog/industroyer-v2-old-malware-new-tricks","source":"MITRE","title":"INDUSTROYER.V2: Old Malware Learns New Tricks","authors":"Daniel Kapellmann Zafra, Raymond Leong, Chris Sistrunk, Ken Proska, Corey Hildebrandt, Keith Lunden, Nathan Brubaker","date_accessed":"2023-03-30T00:00:00Z","date_published":"2022-04-25T00:00:00Z","owner_name":null,"tidal_id":"9a4ab1e8-e413-5991-b1a0-da8391633a6b","created":"2023-05-26T01:21:20.480265Z","modified":"2025-12-17T15:08:36.442257Z"},{"id":"52190592-5809-4e7b-a19c-fc87b245025c","name":"Sixdub PowerPick Jan 2016","description":"Warner, J.. (2015, January 6). Inexorable PowerShell – A Red Teamer’s Tale of Overcoming Simple AppLocker Policies. Retrieved December 8, 2018.","url":"https://web.archive.org/web/20160327101330/http://www.sixdub.net/?p=367","source":"MITRE","title":"Inexorable PowerShell – A Red Teamer’s Tale of Overcoming Simple AppLocker Policies","authors":"Warner, J.","date_accessed":"2018-12-08T00:00:00Z","date_published":"2015-01-06T00:00:00Z","owner_name":null,"tidal_id":"669d9273-73e7-5aa2-996a-17369ba0a904","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432842Z"},{"id":"5e83d17c-dbdd-4a6c-a395-4f921b68ebec","name":"Infdefaultinstall.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Infdefaultinstall.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Infdefaultinstall/","source":"Tidal Cyber","title":"Infdefaultinstall.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f235d085-5162-59db-9c5c-fb37e3412abb","created":"2024-01-12T14:46:46.875009Z","modified":"2024-01-12T14:46:47.059278Z"},{"id":"24ae5092-42ea-4c83-bdf7-c0e5026d9559","name":"Trend Micro Exposed Docker APIs","description":"Oliveira, A. (2019, May 30). Infected Containers Target Docker via Exposed APIs. Retrieved April 6, 2021.","url":"https://www.trendmicro.com/en_us/research/19/e/infected-cryptocurrency-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims.html","source":"MITRE","title":"Infected Containers Target Docker via Exposed APIs","authors":"Oliveira, A","date_accessed":"2021-04-06T00:00:00Z","date_published":"2019-05-30T00:00:00Z","owner_name":null,"tidal_id":"d872364a-045c-5211-9268-48d9cb0b2716","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433312Z"},{"id":"4994f4e6-4ae4-58b8-8cf8-ab62b2c92d79","name":"SentinelOne Macma 2021","description":"Phil Stokes. (2021, November 15). Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma. Retrieved July 26, 2024.","url":"https://www.sentinelone.com/labs/infect-if-needed-a-deeper-dive-into-targeted-backdoor-macos-macma/","source":"MITRE","title":"Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma","authors":"Phil Stokes","date_accessed":"2024-07-26T00:00:00Z","date_published":"2021-11-15T00:00:00Z","owner_name":null,"tidal_id":"f402241c-3023-55b3-b66b-23864e85f675","created":"2024-10-31T16:28:36.612133Z","modified":"2025-12-17T15:08:36.441155Z"},{"id":"5033e741-834c-49d6-bc89-f64b9508f8b5","name":"SentinelOne MacMa Nov 2021","description":"Stokes, P. (2021, November 15). Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma. Retrieved June 30, 2022.","url":"https://www.sentinelone.com/labs/infect-if-needed-a-deeper-dive-into-targeted-backdoor-macos-macma/","source":"MITRE","title":"Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma","authors":"Stokes, P","date_accessed":"2022-06-30T00:00:00Z","date_published":"2021-11-15T00:00:00Z","owner_name":null,"tidal_id":"dc3ee7e5-8bf2-5da3-af99-db6358ede2d7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442595Z"},{"id":"a9570165-f2dd-5417-84f3-a06c71f9c7e0","name":"MITRE VMware Abuse 2024","description":"Lex Crumpton. (2024, May 22). Infiltrating Defenses: Abusing VMware in MITRE’s Cyber Intrusion. Retrieved March 26, 2025.","url":"https://medium.com/mitre-engenuity/infiltrating-defenses-abusing-vmware-in-mitres-cyber-intrusion-4ea647b83f5b","source":"MITRE","title":"Infiltrating Defenses: Abusing VMware in MITRE’s Cyber Intrusion","authors":"Lex Crumpton","date_accessed":"2025-03-26T00:00:00Z","date_published":"2024-05-22T00:00:00Z","owner_name":null,"tidal_id":"6ac009bf-2832-5884-92e3-ec0b33ee098d","created":"2025-04-22T20:47:18.364147Z","modified":"2025-12-17T15:08:36.433803Z"},{"id":"81f40284-12e5-4835-8c14-19fb894e4822","name":"OpenAI CTI Update October 2024","description":"OpenAI. (2024, October 1). Influence and cyber operations: an update. Retrieved January 31, 2025.","url":"https://cdn.openai.com/threat-intelligence-reports/influence-and-cyber-operations-an-update_October-2024.pdf","source":"Tidal Cyber","title":"Influence and cyber operations: an update","authors":"OpenAI","date_accessed":"2025-01-31T00:00:00Z","date_published":"2024-10-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8a4aedd5-5c14-52b0-95a3-3ec07a4d9dce","created":"2025-02-03T21:08:22.991837Z","modified":"2025-02-03T21:08:23.371798Z"},{"id":"616c9177-ca57-45f3-a613-d6450a94697d","name":"SANS Information Security Reading Room Securing SNMP Securing SNMP","description":"Michael Stump. (2003). Information Security Reading Room Securing SNMP: A Look atNet-SNMP (SNMPv3). Retrieved October 19, 2020.","url":"https://www.sans.org/reading-room/whitepapers/networkdevs/securing-snmp-net-snmp-snmpv3-1051","source":"MITRE","title":"Information Security Reading Room Securing SNMP: A Look atNet-SNMP (SNMPv3)","authors":"Michael Stump","date_accessed":"2020-10-19T00:00:00Z","date_published":"2003-01-01T00:00:00Z","owner_name":null,"tidal_id":"8b23548a-7774-55bb-a188-f461ace30df3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436270Z"},{"id":"227fd123-65ed-48da-af8b-3f7674f33e12","name":"InfoSec Handlers Diary Blog - SANS Internet Storm Center","description":"SANS Internet Storm Center. (n.d.). InfoSec Handlers Diary Blog - SANS Internet Storm Center. Retrieved May 7, 2023.","url":"https://isc.sans.edu/diary/rss/29626","source":"Tidal Cyber","title":"InfoSec Handlers Diary Blog - SANS Internet Storm Center","authors":"SANS Internet Storm Center","date_accessed":"2023-05-07T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"26c7d664-cfa6-5e1c-8753-a1cee8d3a4eb","created":"2024-06-13T20:10:12.305219Z","modified":"2024-06-13T20:10:12.502801Z"},{"id":"155cc2df-adf4-4b5f-a377-272947e5757e","name":"Symantec Catchamas April 2018","description":"Balanza, M. (2018, April 02). Infostealer.Catchamas. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20190508165711/https://www-west.symantec.com/content/symantec/english/en/security-center/writeup.html/2018-040209-1742-99","source":"MITRE","title":"Infostealer.Catchamas","authors":"Balanza, M","date_accessed":"2024-11-17T00:00:00Z","date_published":"2018-04-02T00:00:00Z","owner_name":null,"tidal_id":"c5f817c0-00bf-55b5-a0c9-1655a2854794","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420330Z"},{"id":"5ae03ea3-8f4b-528d-ad8b-7cab4b4bb419","name":"Cofense Anubis","description":"M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved September","url":"https://web.archive.org/web/20231222134431/https://cofense.com/blog/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/","source":"Mobile","title":"Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications","authors":"M. Feller","date_accessed":"1978-09-01T00:00:00Z","date_published":"2020-02-05T00:00:00Z","owner_name":null,"tidal_id":"972a28b1-d377-5d21-8062-4f020bff8623","created":"2026-01-28T13:08:10.041347Z","modified":"2026-01-28T13:08:10.041350Z"},{"id":"edc98a95-9206-5109-984c-4745917d4462","name":"AhnLab LummaC2 2025","description":"AhnLab SEcurity intelligence Center. (2025, January 8). Infostealer LummaC2 Spreading Through Fake CAPTCHA Verification Page. Retrieved April 23, 2025.","url":"https://asec.ahnlab.com/en/85699/","source":"MITRE","title":"Infostealer LummaC2 Spreading Through Fake CAPTCHA Verification Page","authors":"AhnLab SEcurity intelligence Center","date_accessed":"2025-04-23T00:00:00Z","date_published":"2025-01-08T00:00:00Z","owner_name":null,"tidal_id":"869f6b46-202e-5b2e-877b-f734c677c2e4","created":"2025-10-29T21:08:48.166578Z","modified":"2025-12-17T15:08:36.435676Z"},{"id":"889a21f2-e00b-44c2-aa8c-a33f5615678a","name":"TrendMicro Ursnif File Dec 2014","description":"Caragay, R. (2014, December 11). Info-Stealing File Infector Hits US, UK. Retrieved June 5, 2019.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/info-stealing-file-infector-hits-us-uk/","source":"MITRE","title":"Info-Stealing File Infector Hits US, UK","authors":"Caragay, R","date_accessed":"2019-06-05T00:00:00Z","date_published":"2014-12-11T00:00:00Z","owner_name":null,"tidal_id":"a4fd5e64-2398-5169-a39c-9f5aa9aeacec","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441129Z"},{"id":"96d479df-d312-4af7-a47d-2597a66291f1","name":"ThreatConnect Infrastructure Dec 2020","description":"ThreatConnect. (2020, December 15). Infrastructure Research and Hunting: Boiling the Domain Ocean. Retrieved October 12, 2021.","url":"https://threatconnect.com/blog/infrastructure-research-hunting/","source":"MITRE","title":"Infrastructure Research and Hunting: Boiling the Domain Ocean","authors":"ThreatConnect","date_accessed":"2021-10-12T00:00:00Z","date_published":"2020-12-15T00:00:00Z","owner_name":null,"tidal_id":"bf39e2b2-ebe0-5707-8021-669aa3fd7573","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424033Z"},{"id":"848da19d-b02d-4b78-b3c1-a72d5034fd45","name":"Google TAG Ukraine IABs September 7 2022","description":"Pierre-Marc Bureau. (2022, September 7). Initial access broker repurposing techniques in targeted attacks against Ukraine. Retrieved February 14, 2025.","url":"https://blog.google/threat-analysis-group/initial-access-broker-repurposing-techniques-in-targeted-attacks-against-ukraine/","source":"Tidal Cyber","title":"Initial access broker repurposing techniques in targeted attacks against Ukraine","authors":"Pierre-Marc Bureau","date_accessed":"2025-02-14T00:00:00Z","date_published":"2022-09-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"886a9155-96d4-57e3-ad49-a42f50e963ce","created":"2025-02-18T15:18:02.804061Z","modified":"2025-02-18T15:18:02.972749Z"},{"id":"7f6878e3-9494-4fba-abff-cad43830f03d","name":"Mandiant Access Exploits March 21 2024","description":"Michael Raggi, Adam Aprahamian, Dan Kelly, Mathew Potaczek, Marcin Siedlarz, Austin Larsen. (2024, March 21). Initial Access Brokers Exploit F5 BIG-IP and ScreenConnect. Retrieved February 14, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/initial-access-brokers-exploit-f5-screenconnect","source":"Tidal Cyber","title":"Initial Access Brokers Exploit F5 BIG-IP and ScreenConnect","authors":"Michael Raggi, Adam Aprahamian, Dan Kelly, Mathew Potaczek, Marcin Siedlarz, Austin Larsen","date_accessed":"2025-02-14T00:00:00Z","date_published":"2024-03-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c56eef83-7877-576e-8685-06a0362aadf4","created":"2025-02-18T15:18:03.784765Z","modified":"2025-02-18T15:18:03.942294Z"},{"id":"42c40ec8-f46a-48fa-bd97-818e3d3d320e","name":"elastic.co 6 21 2023","description":"Colson Wilhoit. (2023, June 21). Initial research exposing JOKERSPY — Elastic Security Labs. Retrieved April 19, 2024.","url":"https://www.elastic.co/security-labs/inital-research-of-jokerspy","source":"Tidal Cyber","title":"Initial research exposing JOKERSPY — Elastic Security Labs","authors":"Colson Wilhoit","date_accessed":"2024-04-19T00:00:00Z","date_published":"2023-06-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"50c4e4f1-e8eb-58ef-81f1-8f82d97b5dad","created":"2024-06-13T20:10:59.683439Z","modified":"2024-06-13T20:10:59.871248Z"},{"id":"ab9c01ad-905e-4f73-b64f-1c6a5fb9a375","name":"Init Man Page","description":"Kerrisk, M. (2021, March 22). INIT_MODULE(2). Retrieved September 28, 2021.","url":"https://man7.org/linux/man-pages/man2/init_module.2.html","source":"MITRE","title":"INIT_MODULE(2)","authors":"Kerrisk, M","date_accessed":"2021-09-28T00:00:00Z","date_published":"2021-03-22T00:00:00Z","owner_name":null,"tidal_id":"49bb5ced-d131-5a02-b217-921cf63264ab","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437185Z"},{"id":"8deb6edb-293f-4b9d-882a-541675864eb5","name":"Proofpoint RTF Injection","description":"Raggi, M. (2021, December 1). Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors . Retrieved December 9, 2021.","url":"https://www.proofpoint.com/us/blog/threat-insight/injection-new-black-novel-rtf-template-inject-technique-poised-widespread","source":"MITRE","title":"Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors","authors":"Raggi, M","date_accessed":"2021-12-09T00:00:00Z","date_published":"2021-12-01T00:00:00Z","owner_name":null,"tidal_id":"dc96323e-9878-5020-9fc3-dd40bebe4066","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435378Z"},{"id":"1fc24a9b-9636-482a-8413-211b42658872","name":"Check Point Research December 16 2025","description":"samanthar@checkpoint.com. (2025, December 16). Ink Dragon's Relay Network and Stealthy Offensive Operation. Retrieved December 19, 2025.","url":"https://research.checkpoint.com/2025/ink-dragons-relay-network-and-offensive-operation/","source":"Tidal Cyber","title":"Ink Dragon's Relay Network and Stealthy Offensive Operation","authors":"samanthar@checkpoint.com","date_accessed":"2025-12-19T12:00:00Z","date_published":"2025-12-16T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a596444c-dae8-599d-8a5e-d412861cd9ce","created":"2025-12-24T14:56:03.360640Z","modified":"2025-12-24T14:56:03.497540Z"},{"id":"39ad1769-3dfb-4572-ab82-1e0c4f869ec8","name":"HighTech Bridge Inline Hooking Sept 2011","description":"Mariani, B. (2011, September 6). Inline Hooking in Windows. Retrieved December 12, 2017.","url":"https://www.exploit-db.com/docs/17802.pdf","source":"MITRE","title":"Inline Hooking in Windows","authors":"Mariani, B","date_accessed":"2017-12-12T00:00:00Z","date_published":"2011-09-06T00:00:00Z","owner_name":null,"tidal_id":"724f5f61-aaab-595f-a35b-4f7096eef9ea","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430569Z"},{"id":"402745e1-a65a-4fa1-a86d-99b37221095c","name":"Stuart ELF Memory","description":"Stuart. (2018, March 31). In-Memory-Only ELF Execution (Without tmpfs). Retrieved October 4, 2021.","url":"https://magisterquis.github.io/2018/03/31/in-memory-only-elf-execution.html","source":"MITRE","title":"In-Memory-Only ELF Execution (Without tmpfs)","authors":"Stuart","date_accessed":"2021-10-04T00:00:00Z","date_published":"2018-03-31T00:00:00Z","owner_name":null,"tidal_id":"f8d7586d-4c88-5885-8cbf-389641575768","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428955Z"},{"id":"29c6575f-9e47-48cb-8162-15280002a6d5","name":"ASERT InnaputRAT April 2018","description":"ASERT Team. (2018, April 04). Innaput Actors Utilize Remote Access Trojan Since 2016, Presumably Targeting Victim Files. Retrieved July 9, 2018.","url":"https://asert.arbornetworks.com/innaput-actors-utilize-remote-access-trojan-since-2016-presumably-targeting-victim-files/","source":"MITRE","title":"Innaput Actors Utilize Remote Access Trojan Since 2016, Presumably Targeting Victim Files","authors":"ASERT Team","date_accessed":"2018-07-09T00:00:00Z","date_published":"2018-04-04T00:00:00Z","owner_name":null,"tidal_id":"45f13e7e-c0ac-5db4-9d63-9655f2f61ba5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421520Z"},{"id":"bc77fae0-e051-5131-80a4-8468585f0e5d","name":"Dhanjani-URLScheme","description":"Nitesh Dhanjani. (2010, November 8). Insecure Handling of URL Schemes in Apple’s iOS. Retrieved December","url":"http://www.dhanjani.com/blog/2010/11/insecure-handling-of-url-schemes-in-apples-ios.html","source":"Mobile","title":"Insecure Handling of URL Schemes in Apple’s iOS","authors":"Nitesh Dhanjani","date_accessed":"1978-12-01T00:00:00Z","date_published":"2010-11-08T00:00:00Z","owner_name":null,"tidal_id":"05be3d23-7ddb-5632-91c3-64785e57c4e1","created":"2026-01-28T13:08:10.045112Z","modified":"2026-01-28T13:08:10.045115Z"},{"id":"03c28ec1-ad2d-5476-973d-72f7fad8aec1","name":"SecurityScorecard Contagious Interview October 2024","description":"Ryan Sherstobitoff. (2024, October 29). Inside a North Korean Phishing Operation Targeting DevOps Employees. Retrieved October 20, 2025.","url":"https://securityscorecard.com/blog/inside-a-north-korean-phishing-operation-targeting-devops-employees/","source":"MITRE","title":"Inside a North Korean Phishing Operation Targeting DevOps Employees","authors":"Ryan Sherstobitoff","date_accessed":"2025-10-20T00:00:00Z","date_published":"2024-10-29T00:00:00Z","owner_name":null,"tidal_id":"9ac7a89e-d4c3-5cc0-ba63-3ba850a2b00c","created":"2025-10-29T21:08:48.167480Z","modified":"2025-12-17T15:08:36.440593Z"},{"id":"45a9d214-ddee-44e9-9ed1-282f05a65428","name":"Check Point Research January 07 2026","description":"alexeybu. (2026, January 7). Inside GoBruteforcer: AI-Generated Server Defaults, Weak Passwords, and Crypto-Focused Campaigns - Check Point Research. Retrieved January 12, 2026.","url":"https://research.checkpoint.com/2026/inside-gobruteforcer-ai-generated-server-defaults-weak-passwords-and-crypto-focused-campaigns/","source":"Tidal Cyber","title":"Inside GoBruteforcer: AI-Generated Server Defaults, Weak Passwords, and Crypto-Focused Campaigns - Check Point Research","authors":"alexeybu","date_accessed":"2026-01-12T12:00:00Z","date_published":"2026-01-07T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"52cba75e-f2a2-5c19-8659-f9a6e12943ad","created":"2026-01-14T13:29:45.824225Z","modified":"2026-01-14T13:29:46.001687Z"},{"id":"79e0a74f-799f-445e-a677-cc08e66f3113","name":"EclecticIQ August 16 2024","description":"EclecticIQ. (2024, August 16). Inside Intelligence Center LUNAR SPIDER Enabling Ransomware Attacks on Financial Sector with Brute Ratel C4 and Latrodectus. Retrieved March 22, 2025.","url":"https://blog.eclecticiq.com/inside-intelligence-center-lunar-spider-enabling-ransomware-attacks-on-financial-sector-with-brute-ratel-c4-and-latrodectus","source":"Tidal Cyber","title":"Inside Intelligence Center LUNAR SPIDER Enabling Ransomware Attacks on Financial Sector with Brute Ratel C4 and Latrodectus","authors":"EclecticIQ","date_accessed":"2025-03-22T00:00:00Z","date_published":"2024-08-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4a57a7d2-135c-53a8-9e1f-405eee80246c","created":"2025-03-25T13:15:57.955343Z","modified":"2025-03-25T13:15:58.102370Z"},{"id":"c249bfcf-25c4-4502-b5a4-17783d581163","name":"Microsoft Holmium June 2020","description":"Microsoft Threat Protection Intelligence Team. (2020, June 18). Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint. Retrieved June 22, 2020.","url":"https://www.microsoft.com/security/blog/2020/06/18/inside-microsoft-threat-protection-mapping-attack-chains-from-cloud-to-endpoint/","source":"MITRE","title":"Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint","authors":"Microsoft Threat Protection Intelligence Team","date_accessed":"2020-06-22T00:00:00Z","date_published":"2020-06-18T00:00:00Z","owner_name":null,"tidal_id":"7beccf60-2b15-513e-8dca-afdfb13b2d11","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439374Z"},{"id":"960ae534-6de5-5bcc-b600-db0c2de64305","name":"Metabase Q Mispadu Trojan 2023","description":"Garcia, F., Regalado, D. (2023, March 7). Inside Mispadu massive infection campaign in LATAM. Retrieved March 15, 2024.","url":"https://www.metabaseq.com/mispadu-banking-trojan/","source":"MITRE","title":"Inside Mispadu massive infection campaign in LATAM","authors":"Garcia, F., Regalado, D","date_accessed":"2024-03-15T00:00:00Z","date_published":"2023-03-07T00:00:00Z","owner_name":null,"tidal_id":"b06b3c33-bca9-5471-8995-9c4f55b3d257","created":"2024-04-25T13:28:51.014585Z","modified":"2025-12-17T15:08:36.440434Z"},{"id":"d74c88c0-25fe-419a-bf69-1603d1b3a597","name":"Sophos News December 07 2025","description":"None Identified. (2025, December 7). Inside Shanya, a packer-as-a-service fueling modern attacks – Sophos News. Retrieved December 15, 2025.","url":"https://news.sophos.com/en-us/2025/12/06/inside-shanya-a-packer-as-a-service-fueling-modern-attacks/","source":"Tidal Cyber","title":"Inside Shanya, a packer-as-a-service fueling modern attacks – Sophos News","authors":"None Identified","date_accessed":"2025-12-15T12:00:00Z","date_published":"2025-12-07T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c18ce04e-ea1f-56cb-908f-a5cb8ce9c1b7","created":"2025-12-17T14:17:42.432777Z","modified":"2025-12-17T14:17:42.574539Z"},{"id":"5cc28485-6d45-46b0-9798-e6e18dc6f772","name":"huntress.com June 18 2025","description":"Alden Schmidt. (2025, June 18). Inside the BlueNoroff Web3 macOS Intrusion Analysis . Retrieved June 20, 2025.","url":"https://www.huntress.com/blog/inside-bluenoroff-web3-intrusion-analysis","source":"Tidal Cyber","title":"Inside the BlueNoroff Web3 macOS Intrusion Analysis","authors":"Alden Schmidt","date_accessed":"2025-06-20T12:00:00Z","date_published":"2025-06-18T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b5d4176b-7134-56d3-905b-6ac383d3f32b","created":"2025-06-23T13:53:25.259023Z","modified":"2025-06-23T13:53:25.440429Z"},{"id":"28279a56-60e8-4e88-9627-accc969fa48c","name":"Group-IB DragonForce September 25 2024","description":"Nikolay Kichatov, Sharmine Low, Alexey Kashtanov. (2024, September 25). Inside the Dragon: DragonForce Ransomware Group. Retrieved December 12, 2024.","url":"https://www.group-ib.com/blog/dragonforce-ransomware/","source":"Tidal Cyber","title":"Inside the Dragon: DragonForce Ransomware Group","authors":"Nikolay Kichatov, Sharmine Low, Alexey Kashtanov","date_accessed":"2024-12-12T00:00:00Z","date_published":"2024-09-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e218d91a-f2bf-5a5f-ac3e-1d1ae71b951a","created":"2025-04-11T15:06:03.172416Z","modified":"2025-04-11T15:06:03.351010Z"},{"id":"f6c0f295-c034-4957-8cd9-e2f4b89b5671","name":"RiskIQ British Airways September 2018","description":"Klijnsma, Y. (2018, September 11). Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims. Retrieved September 9, 2020.","url":"https://web.archive.org/web/20181231220607/https://riskiq.com/blog/labs/magecart-british-airways-breach/","source":"MITRE","title":"Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims","authors":"Klijnsma, Y","date_accessed":"2020-09-09T00:00:00Z","date_published":"2018-09-11T00:00:00Z","owner_name":null,"tidal_id":"a2216968-1821-56e3-854e-984c3a804ae5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441518Z"},{"id":"7f53d9e4-f460-5d94-bc65-1ee7dacaa251","name":"Recorded Future Contagious Inteview BeaverTail InvisibleFerret OtterCookie February 2025","description":"Insikt Group. (2025, February 13). Inside the Scam: North Korea’s IT Worker Threat. Retrieved October 17, 2025.","url":"https://www.recordedfuture.com/research/inside-the-scam-north-koreas-it-worker-threat","source":"MITRE","title":"Inside the Scam: North Korea’s IT Worker Threat","authors":"Insikt Group","date_accessed":"2025-10-17T00:00:00Z","date_published":"2025-02-13T00:00:00Z","owner_name":null,"tidal_id":"84eab91f-260f-5a20-b469-87dca56be206","created":"2025-10-29T21:08:48.164753Z","modified":"2025-12-17T15:08:36.417255Z"},{"id":"8a00f5cc-04ee-4999-a455-f26675921457","name":"Recorded Future PurpleBravo February 13 2025","description":"Insikt Group. (2025, February 13). Inside the Scam: North Korea’s IT Worker Threat. Retrieved May 30, 2025.","url":"https://go.recordedfuture.com/hubfs/reports/cta-nk-2025-0213.pdf","source":"Tidal Cyber","title":"Inside the Scam: North Korea’s IT Worker Threat","authors":"Insikt Group","date_accessed":"2025-05-30T00:00:00Z","date_published":"2025-02-13T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a2bbc69f-7363-53a5-905d-08e5a2aa7752","created":"2025-06-03T14:14:09.893781Z","modified":"2025-06-03T14:14:10.084254Z"},{"id":"912b292a-6b3b-5b4e-95d3-2aa61ebdeccb","name":"ESET DEFENSOR ID","description":"L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June","url":"https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/","source":"Mobile","title":"Insidious Android malware gives up all malicious features but one to gain stealth","authors":"L. Stefanko","date_accessed":"1978-06-01T00:00:00Z","date_published":"2020-05-22T00:00:00Z","owner_name":null,"tidal_id":"ca1a751f-435b-5988-b625-d48087aac367","created":"2026-01-28T13:08:10.040596Z","modified":"2026-01-28T13:08:10.040599Z"},{"id":"cede4c72-718b-48c2-8a59-1f91555f6cf6","name":"Arbor AnnualDoSreport Jan 2018","description":"Philippe Alcoy, Steinthor Bjarnason, Paul Bowen, C.F. Chui, Kirill Kasavchnko, and Gary Sockrider of Netscout Arbor. (2018, January). Insight into the Global Threat Landscape - Netscout Arbor's 13th Annual Worldwide Infrastructure Security Report. Retrieved April 22, 2019.","url":"https://pages.arbornetworks.com/rs/082-KNA-087/images/13th_Worldwide_Infrastructure_Security_Report.pdf","source":"MITRE","title":"Insight into the Global Threat Landscape - Netscout Arbor's 13th Annual Worldwide Infrastructure Security Report","authors":"Philippe Alcoy, Steinthor Bjarnason, Paul Bowen, C.F. Chui, Kirill Kasavchnko, and Gary Sockrider of Netscout Arbor","date_accessed":"2019-04-22T00:00:00Z","date_published":"2018-01-01T00:00:00Z","owner_name":null,"tidal_id":"6b45ea17-ef97-56c2-a47b-3848cd11f221","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424783Z"},{"id":"70610469-db0d-45ab-a790-6e56309a39ec","name":"FireEye APT33 Sept 2017","description":"O'Leary, J., et al. (2017, September 20). Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware. Retrieved February 15, 2018.","url":"https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html","source":"MITRE, Tidal Cyber","title":"Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware","authors":"O'Leary, J., et al","date_accessed":"2018-02-15T00:00:00Z","date_published":"2017-09-20T00:00:00Z","owner_name":null,"tidal_id":"35da9159-bda7-57b4-8294-e30ee4c12b26","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.257770Z"},{"id":"8fbe8a88-683c-5640-840c-1389b9c9972d","name":"Microsoft Installation Procedures","description":"Microsoft. (2021, January 7). Installation Procedure Tables Group. Retrieved December 27, 2023.","url":"https://learn.microsoft.com/windows/win32/msi/installation-procedure-tables-group","source":"MITRE","title":"Installation Procedure Tables Group","authors":"Microsoft","date_accessed":"2023-12-27T00:00:00Z","date_published":"2021-01-07T00:00:00Z","owner_name":null,"tidal_id":"aa393556-d4c1-5b1e-a57e-ad922d1a840b","created":"2024-04-25T13:28:40.349711Z","modified":"2025-12-17T15:08:36.435333Z"},{"id":"7a877b67-ac4b-4d82-860a-75b5f0b8daae","name":"Installer Package Scripting Rich Trouton","description":"Rich Trouton. (2019, August 9). Installer Package Scripting: Making your deployments easier, one ! at a time. Retrieved September 27, 2022.","url":"https://cpb-us-e1.wpmucdn.com/sites.psu.edu/dist/4/24696/files/2019/07/psumac2019-345-Installer-Package-Scripting-Making-your-deployments-easier-one-at-a-time.pdf","source":"MITRE","title":"Installer Package Scripting: Making your deployments easier, one ! at a time","authors":"Rich Trouton","date_accessed":"2022-09-27T00:00:00Z","date_published":"2019-08-09T00:00:00Z","owner_name":null,"tidal_id":"17eaaad1-0f25-56f5-9be7-b64a4703eff0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435345Z"},{"id":"6e440b5d-e09a-4d65-b874-2c5babaa609d","name":"Microsoft Install Password Filter n.d","description":"Microsoft. (n.d.). Installing and Registering a Password Filter DLL. Retrieved November 21, 2017.","url":"https://msdn.microsoft.com/library/windows/desktop/ms721766.aspx","source":"MITRE","title":"Installing and Registering a Password Filter DLL","authors":"Microsoft","date_accessed":"2017-11-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"83a74cf0-626e-5ecb-a49c-0d7294196f13","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415375Z"},{"id":"5964ff2e-0860-4e00-8103-89ba6466314c","name":"Microsoft Unsigned Driver Apr 2017","description":"Microsoft. (2017, April 20). Installing an Unsigned Driver during Development and Test. Retrieved April 22, 2021.","url":"https://docs.microsoft.com/en-us/windows-hardware/drivers/install/installing-an-unsigned-driver-during-development-and-test","source":"MITRE","title":"Installing an Unsigned Driver during Development and Test","authors":"Microsoft","date_accessed":"2021-04-22T00:00:00Z","date_published":"2017-04-20T00:00:00Z","owner_name":null,"tidal_id":"a3e4b796-dbb0-5045-8091-51432c41256c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429844Z"},{"id":"7dfb2c45-862a-4c25-a65a-55abea4b0e44","name":"LOLBAS Installutil","description":"LOLBAS. (n.d.). Installutil.exe. Retrieved July 31, 2019.","url":"https://lolbas-project.github.io/lolbas/Binaries/Installutil/","source":"MITRE","title":"Installutil.exe","authors":"LOLBAS","date_accessed":"2019-07-31T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d359f3a6-faf4-5ef2-8c71-a7bb9516eb77","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426831Z"},{"id":"54d962fc-4ca6-4f5f-b383-ec87d711a764","name":"MSDN InstallUtil","description":"Microsoft. (n.d.). Installutil.exe (Installer Tool). Retrieved July 1, 2016.","url":"https://msdn.microsoft.com/en-us/library/50614e95.aspx","source":"MITRE","title":"Installutil.exe (Installer Tool)","authors":"Microsoft","date_accessed":"2016-07-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"fa7e040f-1a59-5c4d-af02-b20850ba2055","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426825Z"},{"id":"efff0080-59fc-4ba7-ac91-771358f68405","name":"AWS Instance Identity Documents","description":"Amazon. (n.d.). Instance identity documents. Retrieved April 2, 2021.","url":"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html","source":"MITRE","title":"Instance identity documents","authors":"Amazon","date_accessed":"2021-04-02T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2724fd22-0969-5458-a8b8-872aba491d75","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434546Z"},{"id":"54a17f92-d73d-469f-87b3-34fb633bd9ed","name":"AWS Instance Metadata API","description":"AWS. (n.d.). Instance Metadata and User Data. Retrieved July 18, 2019.","url":"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html","source":"MITRE","title":"Instance Metadata and User Data","authors":"AWS","date_accessed":"2019-07-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"bcac9b0f-9a24-5738-aee0-368608d52771","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425745Z"},{"id":"f85fa206-d5bf-41fc-a521-01ad6281bee7","name":"RedLock Instance Metadata API 2018","description":"Higashi, Michael. (2018, May 15). Instance Metadata API: A Modern Day Trojan Horse. Retrieved July 16, 2019.","url":"https://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse","source":"MITRE","title":"Instance Metadata API: A Modern Day Trojan Horse","authors":"Higashi, Michael","date_accessed":"2019-07-16T00:00:00Z","date_published":"2018-05-15T00:00:00Z","owner_name":null,"tidal_id":"0e63c746-a661-5bfb-a232-9f80baff4181","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425750Z"},{"id":"12a7e7df-0e9b-54cb-a817-1d608d57cb76","name":"Institute of Electrical and Electronics Engineers January 2014","description":"Institute of Electrical and Electronics Engineers 2014, January 1686-2013 - IEEE Standard for Intelligent Electronic Devices Cyber Security Capabilities. Retrieved 2020/09/17","url":"https://standards.ieee.org/standard/1686-2013.html","source":"ICS","title":"Institute of Electrical and Electronics Engineers January 2014","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1f3f1a44-b615-5255-85c3-372f9dd1de40","created":"2026-01-28T13:08:18.175186Z","modified":"2026-01-28T13:08:18.175189Z"},{"id":"f4f89926-71eb-4130-a644-8240d2bab721","name":"Nick Tyrer GitHub","description":"Tyrer, N. (n.d.). Instructions. Retrieved August 10, 2020.","url":"https://gist.github.com/NickTyrer/0598b60112eaafe6d07789f7964290d5","source":"MITRE","title":"Instructions","authors":"Tyrer, N","date_accessed":"2020-08-10T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"079c1eaa-7b6e-5d23-87f8-24ac61b47046","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431835Z"},{"id":"d15bc648-ef44-5255-ab9a-011856d6da14","name":"Intel","description":"Intel ESET Research Whitepapers 2018, September LOJAX First UEFI rootkit found in the wild, courtesy of the Sednit group. Retrieved 2020/09/25","url":"https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/security-technologies-4th-gen-core-retail-paper.pdf","source":"ICS","title":"Intel","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"58eb8c35-e2d8-5bc4-82e6-6e03974ca870","created":"2026-01-28T13:08:18.179009Z","modified":"2026-01-28T13:08:18.179012Z"},{"id":"bffb9e71-ba97-4010-9ad7-29eb330a350c","name":"Intel Hardware-based Security Technologies","description":"Intel. (2013). Intel Hardware-based Security Technologies for Intelligent Retail Devices. Retrieved May 19, 2020.","url":"https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/security-technologies-4th-gen-core-retail-paper.pdf","source":"MITRE","title":"Intel Hardware-based Security Technologies for Intelligent Retail Devices","authors":"Intel","date_accessed":"2020-05-19T00:00:00Z","date_published":"2013-01-01T00:00:00Z","owner_name":null,"tidal_id":"0a81ab61-b8f2-5ade-a168-9ab34aae2db2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440360Z"},{"id":"ad1d3f99-e5bf-41c6-871b-dd2c9d540341","name":"Red Canary Intelligence Insights July 20 2023","description":"The Red Canary Team. (2023, July 20). Intelligence Insights: July 2023. Retrieved July 28, 2023.","url":"https://redcanary.com/blog/intelligence-insights-july-2023/","source":"Tidal Cyber","title":"Intelligence Insights: July 2023","authors":"The Red Canary Team","date_accessed":"2023-07-28T00:00:00Z","date_published":"2023-07-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"099b6baa-c707-5e8c-8f6e-d966661b89d7","created":"2024-06-13T20:10:36.054227Z","modified":"2024-06-13T20:10:36.249425Z"},{"id":"0cef6940-843a-504c-832c-3a10d1b5f2f7","name":"RedCanary June Insights 2024","description":"The Red Canary Team. (2024, June 20). Intelligence Insights: June 2024. Retrieved March 14, 2025.","url":"https://redcanary.com/blog/threat-intelligence/intelligence-insights-june-2024/","source":"MITRE","title":"Intelligence Insights: June 2024","authors":"The Red Canary Team","date_accessed":"2025-03-14T00:00:00Z","date_published":"2024-06-20T00:00:00Z","owner_name":null,"tidal_id":"93df456a-e17e-5725-a5a0-fac2a8b95671","created":"2025-04-22T20:47:23.357069Z","modified":"2025-12-17T15:08:36.438470Z"},{"id":"e6bba7af-1739-4276-9711-455e9d11c27a","name":"IntelliTrace.exe - LOLBAS Project","description":"LOLBAS. (2025, September 21). IntelliTrace.exe. Retrieved December 30, 2025.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/IntelliTrace/","source":"Tidal Cyber","title":"IntelliTrace.exe","authors":"LOLBAS","date_accessed":"2025-12-30T12:00:00Z","date_published":"2025-09-21T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4340f8fc-7b3a-5d50-b686-a14bfd7e80c1","created":"2026-01-06T18:03:32.122182Z","modified":"2026-01-06T18:03:32.273720Z"},{"id":"24dd2641-839b-5a0e-b5ca-ea121ea70992","name":"checkpoint_interactive_map_apt-c-23","description":"Kayal, A. (2018, August 26). Interactive Mapping of APT-C-23. Retrieved March 4, 2024.","url":"https://web.archive.org/web/20230604112435/https://research.checkpoint.com/2018/interactive-mapping-of-apt-c-23/","source":"MITRE","title":"Interactive Mapping of APT-C-23","authors":"Kayal, A","date_accessed":"2024-03-04T00:00:00Z","date_published":"2018-08-26T00:00:00Z","owner_name":null,"tidal_id":"06dbb821-4183-5554-b266-0a6280875a73","created":"2024-04-25T13:28:44.962596Z","modified":"2025-12-17T15:08:36.439621Z"},{"id":"7d182eee-eaa8-4b6f-803d-8eb64e338663","name":"Microsoft ISAPI Extension All Incoming 2017","description":"Microsoft. (2017, June 16). Intercepting All Incoming IIS Requests. Retrieved June 3, 2021.","url":"https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525696(v=vs.90)","source":"MITRE","title":"Intercepting All Incoming IIS Requests","authors":"Microsoft","date_accessed":"2021-06-03T00:00:00Z","date_published":"2017-06-16T00:00:00Z","owner_name":null,"tidal_id":"8c679a44-5ae1-58d2-b5c3-bcabad77bb8f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433736Z"},{"id":"4889912b-4512-45c7-83d3-70ae47c5a4a0","name":"Clymb3r Function Hook Passwords Sept 2013","description":"Bialek, J. (2013, September 15). Intercepting Password Changes With Function Hooking. Retrieved November 21, 2017.","url":"https://clymb3r.wordpress.com/2013/09/15/intercepting-password-changes-with-function-hooking/","source":"MITRE","title":"Intercepting Password Changes With Function Hooking","authors":"Bialek, J","date_accessed":"2017-11-21T00:00:00Z","date_published":"2013-09-15T00:00:00Z","owner_name":null,"tidal_id":"4ece45da-d75e-5eb0-9b4a-40c2e0336629","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427704Z"},{"id":"26ad09e3-7ff2-5110-8c66-c14affc741d0","name":"International Electrotechnical Commission July 2020","description":"International Electrotechnical Commission 2020, July 17 IEC 62351 - Power systems management and associated information exchange - Data and communications security. Retrieved 2020/09/17","url":"https://webstore.iec.ch/publication/6912","source":"ICS","title":"International Electrotechnical Commission July 2020","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"14682320-1413-5307-b7fe-fc76ec69eb9f","created":"2026-01-28T13:08:18.175215Z","modified":"2026-01-28T13:08:18.175219Z"},{"id":"47612548-dad1-4bf3-aa6f-a53aefa06f6a","name":"Microsoft ICMP","description":"Microsoft. (n.d.). Internet Control Message Protocol (ICMP) Basics. Retrieved December 1, 2014.","url":"http://support.microsoft.com/KB/170292","source":"MITRE","title":"Internet Control Message Protocol (ICMP) Basics","authors":"Microsoft","date_accessed":"2014-12-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"24c09c3d-99d7-5d3a-a619-bf9ab3d2831e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434249Z"},{"id":"8335c4bb-b856-52f3-be5f-f5e600c114ed","name":"IETF RFC4949 2007","description":"Internet Engineering Task Force. (2007, August). Internet Security Glossary, Version 2. Retrieved September","url":"https://www.ietf.org/rfc/rfc4949.txt","source":"ICS","title":"Internet Security Glossary, Version 2","authors":"Internet Engineering Task Force","date_accessed":"1978-09-01T00:00:00Z","date_published":"2007-08-01T00:00:00Z","owner_name":null,"tidal_id":"a50ae894-77ed-5098-a794-29b928db7131","created":"2026-01-28T13:08:18.178603Z","modified":"2026-01-28T13:08:18.178606Z"},{"id":"05293061-ce09-49b5-916a-bb7353acfdfa","name":"Linux IPC","description":"N/A. (2021, April 1). Inter Process Communication (IPC). Retrieved March 11, 2022.","url":"https://www.geeksforgeeks.org/inter-process-communication-ipc/#:~:text=Inter%2Dprocess%20communication%20(IPC),of%20co%2Doperation%20between%20them.","source":"MITRE","title":"Inter Process Communication (IPC)","authors":"N/A","date_accessed":"2022-03-11T00:00:00Z","date_published":"2021-04-01T00:00:00Z","owner_name":null,"tidal_id":"7b7059ee-a7ea-5160-b774-431484e76aa2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433447Z"},{"id":"e4ff75cd-b8fd-4fba-a2da-379a073003ab","name":"HackerNews - 3 SaaS App Cyber Attacks - April 2022","description":"Hananel Livneh. (2022, April 7). Into the Breach: Breaking Down 3 SaaS App Cyber Attacks in 2022. Retrieved May 31, 2022.","url":"https://thehackernews.com/2022/04/into-breach-breaking-down-3-saas-app.html","source":"MITRE","title":"Into the Breach: Breaking Down 3 SaaS App Cyber Attacks in 2022","authors":"Hananel Livneh","date_accessed":"2022-05-31T00:00:00Z","date_published":"2022-04-07T00:00:00Z","owner_name":null,"tidal_id":"b153962b-75dd-504d-92bb-ac0bd045888c","created":"2022-12-14T20:06:32.013016Z","modified":"2023-05-26T01:21:03.825620Z"},{"id":"596bfbb3-72e0-4d4c-a1a9-b8d54455ffd0","name":"RedCanary Mockingbird May 2020","description":"Lambert, T. (2020, May 7). Introducing Blue Mockingbird. Retrieved May 26, 2020.","url":"https://redcanary.com/blog/blue-mockingbird-cryptominer/","source":"MITRE, Tidal Cyber","title":"Introducing Blue Mockingbird","authors":"Lambert, T","date_accessed":"2020-05-26T00:00:00Z","date_published":"2020-05-07T00:00:00Z","owner_name":null,"tidal_id":"2eae0cda-6011-5692-b32c-65df649d55ac","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.263427Z"},{"id":"0c9ff201-283a-4527-8cb8-6f0d05a4f724","name":"Fidelis Hi-Zor","description":"Fidelis Threat Research Team. (2016, January 27). Introducing Hi-Zor RAT. Retrieved March 24, 2016.","url":"https://www.fidelissecurity.com/threatgeek/archive/introducing-hi-zor-rat/","source":"MITRE","title":"Introducing Hi-Zor RAT","authors":"Fidelis Threat Research Team","date_accessed":"2016-03-24T00:00:00Z","date_published":"2016-01-27T00:00:00Z","owner_name":null,"tidal_id":"e7ac0528-1d61-5159-8801-15f9641c8082","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418832Z"},{"id":"097005e0-8887-4cb7-b821-fd96e9f1dbd9","name":"Medium December 18 2017","description":"Russel Van Tuyl. (2017, December 18). Introducing Merlin — A cross-platform post-exploitation HTTP2 Command & Control Tool. Retrieved March 24, 2025.","url":"https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a","source":"Tidal Cyber","title":"Introducing Merlin — A cross-platform post-exploitation HTTP2 Command & Control Tool","authors":"Russel Van Tuyl","date_accessed":"2025-03-24T00:00:00Z","date_published":"2017-12-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8d8a6703-673e-5ac2-a2ac-5188a67d36c0","created":"2025-03-25T13:15:59.882084Z","modified":"2025-03-25T13:16:00.295133Z"},{"id":"803f3512-1831-4535-8b16-b89fae20f944","name":"Roadtools","description":"Dirk-jan Mollema. (2020, April 16). Introducing ROADtools - The Azure AD exploration framework. Retrieved January 31, 2022.","url":"https://dirkjanm.io/introducing-roadtools-and-roadrecon-azure-ad-exploration-framework/","source":"MITRE","title":"Introducing ROADtools - The Azure AD exploration framework","authors":"Dirk-jan Mollema","date_accessed":"2022-01-31T00:00:00Z","date_published":"2020-04-16T00:00:00Z","owner_name":null,"tidal_id":"d2adbe4e-8ad6-5990-8b88-a66423abeb69","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440215Z"},{"id":"1bd78a2f-2bc6-426f-ac9f-16bf3fdf4cdf","name":"Talos ROKRAT","description":"Mercer, W., Rascagneres, P. (2017, April 03). Introducing ROKRAT. Retrieved May 21, 2018.","url":"https://blog.talosintelligence.com/2017/04/introducing-rokrat.html","source":"MITRE","title":"Introducing ROKRAT","authors":"Mercer, W., Rascagneres, P","date_accessed":"2018-05-21T00:00:00Z","date_published":"2017-04-03T00:00:00Z","owner_name":null,"tidal_id":"9dda037c-3c36-54f6-8850-49a5e0637d44","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419073Z"},{"id":"8145f894-6477-4629-81de-1dd26070ee0a","name":"Microsoft Open XML July 2017","description":"Microsoft. (2014, July 9). Introducing the Office (2007) Open XML File Formats. Retrieved July 20, 2018.","url":"https://docs.microsoft.com/previous-versions/office/developer/office-2007/aa338205(v=office.12)","source":"MITRE","title":"Introducing the Office (2007) Open XML File Formats","authors":"Microsoft","date_accessed":"2018-07-20T00:00:00Z","date_published":"2014-07-09T00:00:00Z","owner_name":null,"tidal_id":"86aa8228-78dd-52b7-b6cb-5ad4e1c4b29f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435351Z"},{"id":"44626060-3d9b-480e-b4ea-7dac27878e5e","name":"Securelist WhiteBear Aug 2017","description":"Kaspersky Lab's Global Research & Analysis Team. (2017, August 30). Introducing WhiteBear. Retrieved September 21, 2017.","url":"https://securelist.com/introducing-whitebear/81638/","source":"MITRE","title":"Introducing WhiteBear","authors":"Kaspersky Lab's Global Research & Analysis Team","date_accessed":"2017-09-21T00:00:00Z","date_published":"2017-08-30T00:00:00Z","owner_name":null,"tidal_id":"ba55d76c-90ff-52b4-825b-24ececad8960","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419691Z"},{"id":"b552cf89-1880-48de-9088-c755c38821c1","name":"MalwareBytes ADS July 2015","description":"Arntz, P. (2015, July 22). Introduction to Alternate Data Streams. Retrieved March 21, 2018.","url":"https://blog.malwarebytes.com/101/2015/07/introduction-to-alternate-data-streams/","source":"MITRE","title":"Introduction to Alternate Data Streams","authors":"Arntz, P","date_accessed":"2018-03-21T00:00:00Z","date_published":"2015-07-22T00:00:00Z","owner_name":null,"tidal_id":"9380d09b-4fa6-5eef-90ab-a24b0ac30378","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426265Z"},{"id":"b23abcb8-3004-4a42-8ada-58cdbd65e171","name":"Apple AppleScript","description":"Apple. (2016, January 25). Introduction to AppleScript Language Guide. Retrieved March 28, 2020.","url":"https://developer.apple.com/library/archive/documentation/AppleScript/Conceptual/AppleScriptLangGuide/introduction/ASLR_intro.html","source":"MITRE","title":"Introduction to AppleScript Language Guide","authors":"Apple","date_accessed":"2020-03-28T00:00:00Z","date_published":"2016-01-25T00:00:00Z","owner_name":null,"tidal_id":"1b6294ec-0455-529b-9327-dea5e2c3c5cc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427750Z"},{"id":"29f4cc6b-1fa5-434d-ab4f-6bb169e2287a","name":"Microsoft Outlook Files","description":"Microsoft. (n.d.). Introduction to Outlook Data Files (.pst and .ost). Retrieved February 19, 2020.","url":"https://support.office.com/en-us/article/introduction-to-outlook-data-files-pst-and-ost-222eaf92-a995-45d9-bde2-f331f60e2790","source":"MITRE","title":"Introduction to Outlook Data Files (.pst and .ost)","authors":"Microsoft","date_accessed":"2020-02-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a8dcac8b-a23c-5799-95ea-34dce187a26c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425949Z"},{"id":"ba04b0d0-1c39-5f48-824c-110ee7affbf3","name":"Microsoft Intro Print Processors","description":"Microsoft. (2023, June 26). Introduction to print processors. Retrieved September 27, 2023.","url":"https://learn.microsoft.com/windows-hardware/drivers/print/introduction-to-print-processors","source":"MITRE","title":"Introduction to print processors","authors":"Microsoft","date_accessed":"2023-09-27T00:00:00Z","date_published":"2023-06-26T00:00:00Z","owner_name":null,"tidal_id":"abb83af7-8d2c-5e8b-a84e-d5aaeeb5d24c","created":"2023-11-07T00:35:59.588385Z","modified":"2025-12-17T15:08:36.426979Z"},{"id":"444c8983-47ef-45b4-a3a6-5566f4fa2732","name":"Microsoft Services","description":"Microsoft. (2017, March 30). Introduction to Windows Service Applications. Retrieved September 28, 2021.","url":"https://docs.microsoft.com/en-us/dotnet/framework/windows-services/introduction-to-windows-service-applications","source":"MITRE","title":"Introduction to Windows Service Applications","authors":"Microsoft","date_accessed":"2021-09-28T00:00:00Z","date_published":"2017-03-30T00:00:00Z","owner_name":null,"tidal_id":"97f0f417-d187-584a-8089-de3e5e1f0fdf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437250Z"},{"id":"563249e1-edda-48fc-ac90-f198dd71619e","name":"Red Canary NETWIRE January 2020","description":"Lambert, T. (2020, January 29). Intro to Netwire. Retrieved January 7, 2021.","url":"https://redcanary.com/blog/netwire-remote-access-trojan-on-linux/","source":"MITRE","title":"Intro to Netwire","authors":"Lambert, T","date_accessed":"2021-01-07T00:00:00Z","date_published":"2020-01-29T00:00:00Z","owner_name":null,"tidal_id":"027781f5-e642-5ccd-ac82-269d74bdd62b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439969Z"},{"id":"bf5b3773-29cc-539a-a0f0-a6d1d63dee2d","name":"Discord Intro to Webhooks","description":"D. (n.d.). Intro to Webhooks. Retrieved July 20, 2023.","url":"https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks","source":"MITRE","title":"Intro to Webhooks","authors":"D","date_accessed":"2023-07-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ab2f5b07-4b20-574e-b025-e2109e615ac8","created":"2023-11-07T00:36:01.591575Z","modified":"2025-12-17T15:08:36.428683Z"},{"id":"763d859d-5655-5a94-ab98-6a2b4f79ed5d","name":"unit 42","description":"Tom Fakterman, Chen Erlich, & Assaf Dahan. (2024, February 22). Intruders in the Library: Exploring DLL Hijacking. Retrieved January 30, 2025.","url":"https://unit42.paloaltonetworks.com/dll-hijacking-techniques/","source":"MITRE","title":"Intruders in the Library: Exploring DLL Hijacking","authors":"Tom Fakterman, Chen Erlich, & Assaf Dahan","date_accessed":"2025-01-30T00:00:00Z","date_published":"2024-02-22T00:00:00Z","owner_name":null,"tidal_id":"e07fbfd9-580a-5783-8833-2f9fe35cbf86","created":"2025-04-22T20:47:11.773268Z","modified":"2025-12-17T15:08:36.427096Z"},{"id":"cca306e5-f9da-4782-a06f-ba3ad70e34ca","name":"GitHub Inveigh","description":"Robertson, K. (2015, April 2). Inveigh: Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool. Retrieved March 11, 2019.","url":"https://github.com/Kevin-Robertson/Inveigh","source":"MITRE","title":"Inveigh: Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool","authors":"Robertson, K","date_accessed":"2019-03-11T00:00:00Z","date_published":"2015-04-02T00:00:00Z","owner_name":null,"tidal_id":"b5705e32-0d99-5aab-9819-c955cc3f15d8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439957Z"},{"id":"242bd97d-dad0-49af-9ed6-f150542b8ded","name":"Microsoft Security Blog October 06 2025","description":"Microsoft Threat Intelligence. (2025, October 6). Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability | Microsoft Security Blog. Retrieved October 10, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/","source":"Tidal Cyber","title":"Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability | Microsoft Security Blog","authors":"Microsoft Threat Intelligence","date_accessed":"2025-10-10T12:00:00Z","date_published":"2025-10-06T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"09adde8f-adbe-53f9-8cbc-a581c6745a7a","created":"2025-10-13T17:28:44.514210Z","modified":"2025-10-13T17:28:44.657117Z"},{"id":"71ffc061-2231-4841-bcee-c30f713f08a1","name":"Google Cloud October 24 2024","description":"Mandiant. (2024, October 24). Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575) . Retrieved October 25, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575","source":"Tidal Cyber","title":"Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)","authors":"Mandiant","date_accessed":"2024-10-25T00:00:00Z","date_published":"2024-10-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ef15348f-6b25-5468-89e8-0e91bbb27e6f","created":"2024-10-25T19:42:17.280574Z","modified":"2024-10-25T19:42:17.469240Z"},{"id":"e93e16fc-4ae4-4f1f-9d80-dc48c1c30e25","name":"Summit Route Malicious AMIs","description":"Piper, S.. (2018, September 24). Investigating Malicious AMIs. Retrieved March 30, 2021.","url":"https://summitroute.com/blog/2018/09/24/investigating_malicious_amis/","source":"MITRE","title":"Investigating Malicious AMIs","authors":"Piper, S.","date_accessed":"2021-03-30T00:00:00Z","date_published":"2018-09-24T00:00:00Z","owner_name":null,"tidal_id":"96aedf24-59ee-5ea3-9f5b-81d77aa3775c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433511Z"},{"id":"d315547d-26e3-5130-a794-658eecf1e0df","name":"Huntress INC Ransom Group August 2023","description":"Team Huntress. (2023, August 11). Investigating New INC Ransom Group Activity. Retrieved June 5, 2024.","url":"https://www.huntress.com/blog/investigating-new-inc-ransom-group-activity","source":"MITRE","title":"Investigating New INC Ransom Group Activity","authors":"Team Huntress","date_accessed":"2024-06-05T00:00:00Z","date_published":"2023-08-11T00:00:00Z","owner_name":null,"tidal_id":"a393e687-3bef-57a6-9049-11388f838a95","created":"2024-10-31T16:28:34.893711Z","modified":"2025-12-17T15:08:36.422382Z"},{"id":"37c82ff5-f565-445b-9fa5-bb172b5f425c","name":"Huntress INC Ransomware August 11 2023","description":"Team Huntress. (2023, August 11). Investigating New INC Ransom Group Activity. Retrieved October 4, 2024.","url":"https://www.huntress.com/blog/investigating-new-inc-ransom-group-activity","source":"Tidal Cyber","title":"Investigating New INC Ransom Group Activity","authors":"Team Huntress","date_accessed":"2024-10-04T00:00:00Z","date_published":"2023-08-11T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2dbcd25e-5a1f-5aa3-b705-f8304911a714","created":"2024-10-04T20:31:34.645398Z","modified":"2024-10-04T20:31:34.845903Z"},{"id":"07d9d2c6-dd79-42a5-9024-ba0e66b1913b","name":"inv_ps_attacks","description":"Hastings, M. (2014, July 16). Investigating PowerShell Attacks. Retrieved December 1, 2021.","url":"https://powershellmagazine.com/2014/07/16/investigating-powershell-attacks/","source":"MITRE","title":"Investigating PowerShell Attacks","authors":"Hastings, M","date_accessed":"2021-12-01T00:00:00Z","date_published":"2014-07-16T00:00:00Z","owner_name":null,"tidal_id":"40054fd9-f6a5-5a06-b99c-715ac5b51fc7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431897Z"},{"id":"bd3f04cd-04ef-41f0-9a15-d9f0a3ed1db9","name":"Kazanciyan 2014","description":"Kazanciyan, R. & Hastings, M. (2014). Defcon 22 Presentation. Investigating PowerShell Attacks [slides]. Retrieved November 3, 2014.","url":"https://www.defcon.org/images/defcon-22/dc-22-presentations/Kazanciyan-Hastings/DEFCON-22-Ryan-Kazanciyan-Matt-Hastings-Investigating-Powershell-Attacks.pdf","source":"MITRE","title":"Investigating PowerShell Attacks [slides]","authors":"Kazanciyan, R. & Hastings, M. (2014)","date_accessed":"2014-11-03T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5bc4f591-9afc-5880-b2ab-e287ecc1bf3b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:10:01.160043Z"},{"id":"896d30b9-30aa-4323-945b-30ed4113a2b8","name":"Censys December 15 2025","description":"HubSpot, Inc.. (2025, December 15). Investigating the Infrastructure Behind DDoSia's Attacks. Retrieved December 19, 2025.","url":"https://censys.com/blog/ddosia-infrastructure","source":"Tidal Cyber","title":"Investigating the Infrastructure Behind DDoSia's Attacks","authors":"HubSpot, Inc.","date_accessed":"2025-12-19T12:00:00Z","date_published":"2025-12-15T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3aefc715-cb9c-5501-b34b-6120620a8c00","created":"2025-12-24T14:56:03.735509Z","modified":"2025-12-24T14:56:03.896706Z"},{"id":"7a1131ab-e4b1-4569-8e28-3650312cc804","name":"Beek Use of VHD Dec 2020","description":"Beek, C. (2020, December 3). Investigating the Use of VHD Files By Cybercriminals. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20201203131725/https://christiaanbeek.medium.com/investigating-the-use-of-vhd-files-by-cybercriminals-3f1f08304316","source":"MITRE","title":"Investigating the Use of VHD Files By Cybercriminals","authors":"Beek, C","date_accessed":"2024-11-17T00:00:00Z","date_published":"2020-12-03T00:00:00Z","owner_name":null,"tidal_id":"eba381e9-0dfd-56b8-a057-79a4e573f3bb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431737Z"},{"id":"629fa1d8-06cb-405c-a2f7-c511b54cd727","name":"ESET InvisiMole June 2018","description":"Hromcová, Z. (2018, June 07). InvisiMole: Surprisingly equipped spyware, undercover since 2013. Retrieved July 10, 2018.","url":"https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/","source":"MITRE","title":"InvisiMole: Surprisingly equipped spyware, undercover since 2013","authors":"Hromcová, Z","date_accessed":"2018-07-10T00:00:00Z","date_published":"2018-06-07T00:00:00Z","owner_name":null,"tidal_id":"55d5879e-a261-58fb-a258-2e29ae8f59dc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418157Z"},{"id":"d10cfda8-8fd8-4ada-8c61-dba6065b0bac","name":"ESET InvisiMole June 2020","description":"Hromcova, Z. and Cherpanov, A. (2020, June). INVISIMOLE: THE HIDDEN PART OF THE STORY. Retrieved July 16, 2020.","url":"https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf","source":"MITRE","title":"INVISIMOLE: THE HIDDEN PART OF THE STORY","authors":"Hromcova, Z. and Cherpanov, A","date_accessed":"2020-07-16T00:00:00Z","date_published":"2020-06-01T00:00:00Z","owner_name":null,"tidal_id":"5380043e-4a57-5e63-a84a-2d879fe34252","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418164Z"},{"id":"26c1b8f4-ff59-409e-b616-04eee38a8a9f","name":"GitHub OmerYa Invisi-Shell","description":"Yair, O. (2019, August 19). Invisi-Shell. Retrieved June 24, 2020.","url":"https://github.com/OmerYa/Invisi-Shell","source":"MITRE","title":"Invisi-Shell","authors":"Yair, O","date_accessed":"2020-06-24T00:00:00Z","date_published":"2019-08-19T00:00:00Z","owner_name":null,"tidal_id":"46eece2a-892f-51f6-bc5e-8c469dd01db2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436993Z"},{"id":"d2f7fe4a-1a3a-5b26-8247-4f05c96974bf","name":"Invoke-DOSfuscation","description":"Bohannon, D. (2018, March 19). Invoke-DOSfuscation. Retrieved March 17, 2023.","url":"https://github.com/danielbohannon/Invoke-DOSfuscation","source":"MITRE","title":"Invoke-DOSfuscation","authors":"Bohannon, D","date_accessed":"2023-03-17T00:00:00Z","date_published":"2018-03-19T00:00:00Z","owner_name":null,"tidal_id":"a8331e3c-e029-56e9-97fc-28905b8bef2d","created":"2023-05-26T01:21:10.173855Z","modified":"2025-12-17T15:08:36.435239Z"},{"id":"4a2a7b5a-c1c4-4a1e-bef0-193799c80570","name":"MicrosoftLearn January 1 2024","description":"MicrosoftLearn. (2024, January 1). Invoke-Expression (Microsoft.PowerShell.Utility) - PowerShell. Retrieved December 19, 2024.","url":"https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-expression?view=powershell-7.2","source":"Tidal Cyber","title":"Invoke-Expression (Microsoft.PowerShell.Utility) - PowerShell","authors":"MicrosoftLearn","date_accessed":"2024-12-19T00:00:00Z","date_published":"2024-01-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"227efb9d-2475-59b1-8cf1-ddcae53e10c3","created":"2025-04-11T15:06:19.897087Z","modified":"2025-04-11T15:06:20.081908Z"},{"id":"8db88e6f-3d45-4896-87e9-75b24c8628f3","name":"PowerSploit Invoke Kerberoast","description":"Schroeder, W. & Hart M. (2016, October 31). Invoke-Kerberoast. Retrieved March 23, 2018.","url":"https://powersploit.readthedocs.io/en/latest/Recon/Invoke-Kerberoast/","source":"MITRE","title":"Invoke-Kerberoast","authors":"Schroeder, W. & Hart M","date_accessed":"2018-03-23T00:00:00Z","date_published":"2016-10-31T00:00:00Z","owner_name":null,"tidal_id":"e4677208-ed89-582d-873c-4bdabd26cda0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442541Z"},{"id":"a358bf8f-166e-4726-adfd-415e953d4ffe","name":"Empire InvokeKerberoast Oct 2016","description":"EmpireProject. (2016, October 31). Invoke-Kerberoast.ps1. Retrieved March 22, 2018.","url":"https://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Invoke-Kerberoast.ps1","source":"MITRE","title":"Invoke-Kerberoast.ps1","authors":"EmpireProject","date_accessed":"2018-03-22T00:00:00Z","date_published":"2016-10-31T00:00:00Z","owner_name":null,"tidal_id":"68c48446-233b-5fef-a34b-368e4e95fe53","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433648Z"},{"id":"e92aed6b-348b-4dab-8292-fee0698e4a85","name":"Github PowerSploit Ninjacopy","description":"Bialek, J. (2015, December 16). Invoke-NinjaCopy.ps1. Retrieved June 2, 2016.","url":"https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-NinjaCopy.ps1","source":"MITRE","title":"Invoke-NinjaCopy.ps1","authors":"Bialek, J","date_accessed":"2016-06-02T00:00:00Z","date_published":"2015-12-16T00:00:00Z","owner_name":null,"tidal_id":"e9544119-2c04-57ad-935e-5397810e3f4f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424530Z"},{"id":"4cc6a80f-d758-524b-9519-5b839d4918bd","name":"Invoke-Obfuscation","description":"Bohannon, D. (2016, September 24). Invoke-Obfuscation. Retrieved March 17, 2023.","url":"https://github.com/danielbohannon/Invoke-Obfuscation","source":"MITRE","title":"Invoke-Obfuscation","authors":"Bohannon, D","date_accessed":"2023-03-17T00:00:00Z","date_published":"2016-09-24T00:00:00Z","owner_name":null,"tidal_id":"723e13b5-8ebd-5d6d-ab6e-73f3885a958e","created":"2023-05-26T01:21:10.168166Z","modified":"2025-12-17T15:08:36.435233Z"},{"id":"956b3d80-4e19-4cab-a65f-ad86f233aa12","name":"GitHub Invoke-Obfuscation","description":"Bohannon, D.. (2017, March 13). Invoke-Obfuscation - PowerShell Obfuscator. Retrieved June 18, 2017.","url":"https://github.com/danielbohannon/Invoke-Obfuscation","source":"MITRE","title":"Invoke-Obfuscation - PowerShell Obfuscator","authors":"Bohannon, D.","date_accessed":"2017-06-18T00:00:00Z","date_published":"2017-03-13T00:00:00Z","owner_name":null,"tidal_id":"2dd767a0-e9cd-5942-9d9b-eb5aa34b7590","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441532Z"},{"id":"449c873c-c5af-45b8-8bd7-505d2181a05c","name":"GitHub PSImage","description":"Barrett Adams . (n.d.). Invoke-PSImage . Retrieved September 30, 2022.","url":"https://github.com/peewpw/Invoke-PSImage","source":"MITRE","title":"Invoke-PSImage","authors":"Barrett Adams","date_accessed":"2022-09-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"472b26d3-4c2b-5eff-a58f-332a0e8022bc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424166Z"},{"id":"dd210b79-bd5f-4282-9542-4d1ae2f16438","name":"GitHub Invoke-PSImage","description":"Adams, B. (2017, December 17). Invoke-PSImage. Retrieved April 10, 2018.","url":"https://github.com/peewpw/Invoke-PSImage","source":"MITRE","title":"Invoke-PSImage","authors":"Adams, B","date_accessed":"2018-04-10T00:00:00Z","date_published":"2017-12-17T00:00:00Z","owner_name":null,"tidal_id":"67e6dfd0-73a6-5072-89cd-3e1f9e2e2ca8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423260Z"},{"id":"cf75a442-c6c0-4e83-87bf-8bb42839452b","name":"GitHub - PowerSploit Invoke-Shellcode","description":"PowerShellMafia. (2016, December 14). Invoke-Shellcode. Retrieved May 25, 2023.","url":"https://github.com/PowerShellMafia/PowerSploit/blob/master/CodeExecution/Invoke-Shellcode.ps1","source":"Tidal Cyber","title":"Invoke-Shellcode","authors":"PowerShellMafia","date_accessed":"2023-05-25T00:00:00Z","date_published":"2016-12-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6650bb5c-a406-5600-8875-8a84ac0b6bd6","created":"2024-06-13T20:10:31.146583Z","modified":"2024-06-13T20:10:31.332960Z"},{"id":"4ce05edd-da25-4559-8489-b78cdd2c0f3d","name":"Wikipedia Xen","description":"Xen. (n.d.). In Wikipedia. Retrieved November 13, 2014.","url":"http://en.wikipedia.org/wiki/Xen","source":"MITRE","title":"In Wikipedia","authors":"Xen","date_accessed":"2014-11-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"578bc0e0-b896-5c39-9346-3a37d5e90358","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429152Z"},{"id":"7b9c678c-811a-4347-a742-e2f16906ee7a","name":"GitHub July 29 2019","description":"Avast. (2019, July 29). iocBobik at master · avastioc. Retrieved December 12, 2024.","url":"https://github.com/avast/ioc/tree/master/Bobik","source":"Tidal Cyber","title":"iocBobik at master · avastioc","authors":"Avast","date_accessed":"2024-12-12T00:00:00Z","date_published":"2019-07-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f02ef569-26b9-5ec6-b261-1386b9534455","created":"2025-04-11T15:06:03.886538Z","modified":"2025-04-11T15:06:04.057786Z"},{"id":"3852fe26-53ad-504f-9328-7e249d121ebd","name":"ORB Mandiant","description":"Raggi, Michael. (2024, May 22). IOC Extinction? China-Nexus Cyber Espionage Actors Use ORB Networks to Raise Cost on Defenders. Retrieved July 8, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks","source":"MITRE","title":"IOC Extinction? China-Nexus Cyber Espionage Actors Use ORB Networks to Raise Cost on Defenders","authors":"Raggi, Michael","date_accessed":"2024-07-08T00:00:00Z","date_published":"2024-05-22T00:00:00Z","owner_name":null,"tidal_id":"b1de0e2b-5798-5e2c-a03a-b15e64a140be","created":"2024-10-31T16:28:24.412438Z","modified":"2025-12-17T15:08:36.427219Z"},{"id":"c73cce3a-e35f-594e-8100-ba7cdfa4b90a","name":"Kaspersky-iOSBypass","description":"Chris Brook. (2016, November 17). iOS 10 Passcode Bypass Can Access Photos, Contacts. Retrieved December","url":"https://threatpost.com/ios-10-passcode-bypass-can-access-photos-contacts/122033/","source":"Mobile","title":"iOS 10 Passcode Bypass Can Access Photos, Contacts","authors":"Chris Brook","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-11-17T00:00:00Z","owner_name":null,"tidal_id":"79d10129-a7c3-5476-8114-36f2954b30d7","created":"2026-01-28T13:08:10.046259Z","modified":"2026-01-28T13:08:10.046263Z"},{"id":"07f944e5-768f-5815-8b14-17b5355c437d","name":"Elcomsoft-iOSRestricted","description":"Oleg Afonin. (2018, September 20). iOS 12 Enhances USB Restricted Mode. Retrieved September","url":"https://blog.elcomsoft.com/2018/09/ios-12-enhances-usb-restricted-mode/","source":"Mobile","title":"iOS 12 Enhances USB Restricted Mode","authors":"Oleg Afonin","date_accessed":"1978-09-01T00:00:00Z","date_published":"2018-09-20T00:00:00Z","owner_name":null,"tidal_id":"eb2b9650-0d31-5771-8b79-0ad1de951c71","created":"2026-01-28T13:08:10.047765Z","modified":"2026-01-28T13:08:10.047768Z"},{"id":"8f3a98da-6de4-5fbd-97ab-69b72ccc721c","name":"FirshSecureList LightSpy 2020","description":"Firsh, A., et al. (2020, March 26). iOS exploit chain deploys LightSpy feature-rich malware. Retrieved January","url":"https://securelist.com/ios-exploit-chain-deploys-lightspy-malware/96407/","source":"Mobile","title":"iOS exploit chain deploys LightSpy feature-rich malware","authors":"Firsh, A., et al","date_accessed":"1978-01-01T00:00:00Z","date_published":"2020-03-26T00:00:00Z","owner_name":null,"tidal_id":"49e268ff-a62d-532e-b565-4601de91b0ae","created":"2026-01-28T13:08:10.047639Z","modified":"2026-01-28T13:08:10.047642Z"},{"id":"85455083-1584-512b-88f2-47e923702425","name":"FireEye-Masque2","description":"Hui Xue, Tao Wei, Yulong Zhang, Song Jin, Zhaofeng Chen. (2015, February 19). IOS MASQUE ATTACK REVIVED: BYPASSING PROMPT FOR TRUST AND APP URL SCHEME HIJACKING. Retrieved December","url":"https://www.fireeye.com/blog/threat-research/2015/02/ios_masque_attackre.html","source":"Mobile","title":"IOS MASQUE ATTACK REVIVED: BYPASSING PROMPT FOR TRUST AND APP URL SCHEME HIJACKING","authors":"Hui Xue, Tao Wei, Yulong Zhang, Song Jin, Zhaofeng Chen","date_accessed":"1978-12-01T00:00:00Z","date_published":"2015-02-19T00:00:00Z","owner_name":null,"tidal_id":"c24df7e6-8c17-518d-a2e1-e8978b5110c2","created":"2026-01-28T13:08:10.045060Z","modified":"2026-01-28T13:08:10.045063Z"},{"id":"859eef47-0330-520e-be5d-49ad154ce809","name":"Apple-iOSSecurityGuide","description":"Apple. (2016, May). iOS Security. Retrieved December","url":"https://www.apple.com/business/docs/iOS_Security_Guide.pdf","source":"Mobile","title":"iOS Security","authors":"Apple","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-05-01T00:00:00Z","owner_name":null,"tidal_id":"09bad101-29be-5b3a-8676-76c9d75704f8","created":"2026-01-28T13:08:10.045745Z","modified":"2026-01-28T13:08:10.045748Z"},{"id":"9910b0aa-f276-54da-a4df-fd47b42efb10","name":"iOS URL Scheme","description":"Ostorlab. (n.d.). iOS URL Scheme Hijacking. Retrieved February 9, 2024.","url":"https://docs.ostorlab.co/kb/IPA_URL_SCHEME_HIJACKING/index.html","source":"MITRE","title":"iOS URL Scheme Hijacking","authors":"Ostorlab","date_accessed":"2024-02-09T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ff987b33-eedb-587e-8829-243fadef2eb9","created":"2024-04-25T13:28:33.456793Z","modified":"2025-12-17T15:08:36.428499Z"},{"id":"23844282-1331-5ec7-867f-d96791537ec4","name":"MobileIron-XARA","description":"Michael T. Raggo. (2015, October 1). iOS URL Scheme Hijacking (XARA) Attack Analysis and Countermeasures. Retrieved December","url":"https://www.mobileiron.com/en/smartwork-blog/ios-url-scheme-hijacking-xara-attack-analysis-and-countermeasures","source":"Mobile","title":"iOS URL Scheme Hijacking (XARA) Attack Analysis and Countermeasures","authors":"Michael T. Raggo","date_accessed":"1978-12-01T00:00:00Z","date_published":"2015-10-01T00:00:00Z","owner_name":null,"tidal_id":"6c019e2c-f549-5b2d-a4b4-bfd089f2516d","created":"2026-01-28T13:08:10.045085Z","modified":"2026-01-28T13:08:10.045090Z"},{"id":"9167d9c1-b4f7-54bc-96a9-c0e1a0b46b0c","name":"Trend Micro iOS URL Hijacking","description":"L. Wu, Y. Zhou, M. Li. (2019, July 12). iOS URL Scheme Susceptible to Hijacking. Retrieved September","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/","source":"Mobile","title":"iOS URL Scheme Susceptible to Hijacking","authors":"L. Wu, Y. Zhou, M. Li","date_accessed":"1978-09-01T00:00:00Z","date_published":"2019-07-12T00:00:00Z","owner_name":null,"tidal_id":"52ff9e02-49c5-5efc-88d1-df2bc956eb47","created":"2026-01-28T13:08:10.044717Z","modified":"2026-01-28T13:08:10.044720Z"},{"id":"8a6e6f59-70fb-48bf-96d2-318dd92df995","name":"TechNet Ipconfig","description":"Microsoft. (n.d.). Ipconfig. Retrieved April 17, 2016.","url":"https://technet.microsoft.com/en-us/library/bb490921.aspx","source":"MITRE","title":"Ipconfig","authors":"Microsoft","date_accessed":"2016-04-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3f774d01-0040-5c64-9862-62a982e1a54e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422816Z"},{"id":"c6ffe974-f304-598c-bc4d-5da607c73802","name":"cisco_ip_ssh_pubkey_ch_cmd","description":"Cisco. (2021, August 23). ip ssh pubkey-chain. Retrieved July 13, 2022.","url":"https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/d1/sec-d1-cr-book/sec-cr-i3.html#wp1254331478","source":"MITRE","title":"ip ssh pubkey-chain","authors":"Cisco","date_accessed":"2022-07-13T00:00:00Z","date_published":"2021-08-23T00:00:00Z","owner_name":null,"tidal_id":"d2d73a1a-176f-58e1-97fb-bfafcbc390b0","created":"2023-05-26T01:21:06.891113Z","modified":"2025-12-17T15:08:36.430877Z"},{"id":"0a6166a3-5649-4117-97f4-7b8b5b559929","name":"Symantec Chafer Dec 2015","description":"Symantec Security Response. (2015, December 7). Iran-based attackers use back door threats to spy on Middle Eastern targets. Retrieved April 17, 2019.","url":"https://www.symantec.com/connect/blogs/iran-based-attackers-use-back-door-threats-spy-middle-eastern-targets","source":"MITRE","title":"Iran-based attackers use back door threats to spy on Middle Eastern targets","authors":"Symantec Security Response","date_accessed":"2019-04-17T00:00:00Z","date_published":"2015-12-07T00:00:00Z","owner_name":null,"tidal_id":"51fbfd01-235b-5bff-85ff-c663d53a6888","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420955Z"},{"id":"783f4aee-84d9-43dc-accc-99fee6b1ff92","name":"U.S. CISA Pioneer Kitten August 28 2024","description":"Cybersecurity and Infrastructure Security Agency. (2024, August 28). Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations. Retrieved August 29, 2024.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a","source":"Tidal Cyber","title":"Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2024-08-29T00:00:00Z","date_published":"2024-08-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"63aec224-76f4-5190-affa-f3c16d03a2db","created":"2024-08-30T18:11:21.873246Z","modified":"2024-08-30T18:11:22.947379Z"},{"id":"1bbc9446-9214-4fcd-bc7c-bf528370b4f8","name":"CISA AA20-259A Iran-Based Actor September 2020","description":"CISA. (2020, September 15). Iran-Based Threat Actor Exploits VPN Vulnerabilities. Retrieved December 21, 2020.","url":"https://us-cert.cisa.gov/ncas/alerts/aa20-259a","source":"MITRE","title":"Iran-Based Threat Actor Exploits VPN Vulnerabilities","authors":"CISA","date_accessed":"2020-12-21T00:00:00Z","date_published":"2020-09-15T00:00:00Z","owner_name":null,"tidal_id":"706ef3b5-d697-5261-89bf-650879c9e8f1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437524Z"},{"id":"be89be75-c33f-4c58-8bf0-979c1debaad7","name":"U.S. CISA Iran Voter Data November 3 2020","description":"Cybersecurity and Infrastructure Security Agency. (2020, November 3). Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data. Retrieved October 25, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-304a","source":"Tidal Cyber","title":"Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-10-25T00:00:00Z","date_published":"2020-11-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fb790df9-a500-586e-bae2-d7a89331036f","created":"2023-10-26T14:24:06.200512Z","modified":"2023-10-26T14:24:06.324190Z"},{"id":"9789d60b-a417-42dc-b690-24ccb77b8658","name":"ClearSky MuddyWater June 2019","description":"ClearSky. (2019, June). Iranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal. Retrieved May 14, 2020.","url":"https://www.clearskysec.com/wp-content/uploads/2019/06/Clearsky-Iranian-APT-group-%E2%80%98MuddyWater%E2%80%99-Adds-Exploits-to-Their-Arsenal.pdf","source":"MITRE","title":"Iranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal","authors":"ClearSky","date_accessed":"2020-05-14T00:00:00Z","date_published":"2019-06-01T00:00:00Z","owner_name":null,"tidal_id":"4bfe0af3-6d19-57cf-a938-3d47914fd1a4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438255Z"},{"id":"a2d79c6a-16d6-4dbd-b8a5-845dcc36212d","name":"Talos MuddyWater Jan 2022","description":"Malhortra, A and Ventura, V. (2022, January 31). Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables. Retrieved June 22, 2022.","url":"https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html","source":"MITRE","title":"Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables","authors":"Malhortra, A and Ventura, V","date_accessed":"2022-06-22T00:00:00Z","date_published":"2022-01-31T00:00:00Z","owner_name":null,"tidal_id":"988eaada-5d31-5330-9e5c-50a0ead1502a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438262Z"},{"id":"4883b3b1-0160-53f4-acf7-a378e53c24cc","name":"TAG APT42","description":"Google Threat Analysis Group. (2024, August 14). Iranian backed group steps up phishing campaigns against Israel, U.S.. Retrieved October 9, 2024.","url":"https://blog.google/threat-analysis-group/iranian-backed-group-steps-up-phishing-campaigns-against-israel-us/","source":"MITRE","title":"Iranian backed group steps up phishing campaigns against Israel, U.S.","authors":"Google Threat Analysis Group","date_accessed":"2024-10-09T00:00:00Z","date_published":"2024-08-14T00:00:00Z","owner_name":null,"tidal_id":"766a9b95-2a91-5d66-90d9-6565f46fddba","created":"2025-04-22T20:47:31.139329Z","modified":"2025-12-17T15:08:36.441381Z"},{"id":"669836b5-4069-49af-a919-2cb32bf94d4b","name":"Google TAG APT42 August 14 2024","description":"Google Threat Analysis Group. (2024, August 14). Iranian backed group steps up phishing campaigns against Israel, U.S.. Retrieved August 30, 2024.","url":"https://blog.google/threat-analysis-group/iranian-backed-group-steps-up-phishing-campaigns-against-israel-us/","source":"Tidal Cyber","title":"Iranian backed group steps up phishing campaigns against Israel, U.S.","authors":"Google Threat Analysis Group","date_accessed":"2024-08-30T00:00:00Z","date_published":"2024-08-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2e1335cf-420e-593a-a753-c5199dfe1514","created":"2024-08-30T18:11:26.112402Z","modified":"2024-08-30T18:11:26.480191Z"},{"id":"24ea6a5d-2593-4639-8616-72988bf2fa07","name":"BitDefender Chafer May 2020","description":"Rusu, B. (2020, May 21). Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia. Retrieved May 22, 2020.","url":"https://www.bitdefender.com/blog/labs/iranian-chafer-apt-targeted-air-transportation-and-government-in-kuwait-and-saudi-arabia/","source":"MITRE","title":"Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia","authors":"Rusu, B","date_accessed":"2020-05-22T00:00:00Z","date_published":"2020-05-21T00:00:00Z","owner_name":null,"tidal_id":"f85819a4-12ff-595c-9d06-13b9c855be9d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439784Z"},{"id":"c8edb9ae-a3c9-4647-a46c-d846b174ae5d","name":"elliptic.co June 18 2025","description":"Elliptic. (2025, June 18). Iranian crypto exchange Nobitex hacked for over $90 million by pro-Israel group. Retrieved June 20, 2025.","url":"https://www.elliptic.co/blog/iranian-crypto-exchange-nobitex-hacked-pro-israel-group","source":"Tidal Cyber","title":"Iranian crypto exchange Nobitex hacked for over $90 million by pro-Israel group","authors":"Elliptic","date_accessed":"2025-06-20T12:00:00Z","date_published":"2025-06-18T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"14f77456-5b0d-53b1-931c-a2be4caf286f","created":"2025-06-23T13:53:27.250495Z","modified":"2025-06-23T13:53:27.446703Z"},{"id":"a70a4487-eaae-43b3-bfe0-0677fd911959","name":"U.S. CISA Iranian Actors Critical Infrastructure October 16 2024","description":"Cybersecurity and Infrastructure Security Agency. (2024, October 16). Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations. Retrieved October 17, 2024.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-290a","source":"Tidal Cyber","title":"Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2024-10-17T00:00:00Z","date_published":"2024-10-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6b1c8dc3-4e7f-5ccd-9abe-e354e72a4634","created":"2024-10-18T13:25:15.732236Z","modified":"2024-10-18T13:25:16.023372Z"},{"id":"a83365fb-aae4-57ca-9d11-1ad14d27976f","name":"RecordedFuture IranianResponse 2020","description":"INSIKT GROUP. (2020, January 7). Iranian Cyber Response to Death of IRGC Head Would Likely Use Reported TTPs and Previous Access. Retrieved May 22, 2024.","url":"https://www.recordedfuture.com/blog/iranian-cyber-response","source":"MITRE","title":"Iranian Cyber Response to Death of IRGC Head Would Likely Use Reported TTPs and Previous Access","authors":"INSIKT GROUP","date_accessed":"2024-05-22T00:00:00Z","date_published":"2020-01-07T00:00:00Z","owner_name":null,"tidal_id":"41ed21cb-5533-5fed-a0cd-15e45f43d334","created":"2024-10-31T16:28:37.324267Z","modified":"2025-12-17T15:08:36.441812Z"},{"id":"e53ea724-6783-4616-a6ca-30316aeca03e","name":"ClearSky Dream Job November 12 2024","description":"ClearSky Research Team. (2024, November 12). Iranian “Dream Job” campaign. Retrieved November 13, 2024.","url":"https://www.clearskysec.com/wp-content/uploads/2024/11/Iranian-Dream-Job-ver1.pdf","source":"Tidal Cyber","title":"Iranian “Dream Job” campaign","authors":"ClearSky Research Team","date_accessed":"2024-11-13T00:00:00Z","date_published":"2024-11-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2383cc62-4cbf-56fd-99a2-14c774becc9d","created":"2024-11-15T17:28:54.694075Z","modified":"2024-11-15T17:28:55.081500Z"},{"id":"e76570e1-43ab-4819-80bc-895ede67a205","name":"DHS CISA AA22-055A MuddyWater February 2022","description":"FBI, CISA, CNMF, NCSC-UK. (2022, February 24). Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks. Retrieved September 27, 2022.","url":"https://www.cisa.gov/uscert/ncas/alerts/aa22-055a","source":"MITRE","title":"Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks","authors":"FBI, CISA, CNMF, NCSC-UK","date_accessed":"2022-09-27T00:00:00Z","date_published":"2022-02-24T00:00:00Z","owner_name":null,"tidal_id":"c049a175-87d2-5d84-a322-e51b39ed8081","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419827Z"},{"id":"daae1f54-8471-4620-82d5-023d04144acd","name":"U.S. CISA Advisory November 25 2022","description":"Cybersecurity and Infrastructure Security Agency. (2022, November 25). Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. Retrieved October 25, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-320a","source":"Tidal Cyber","title":"Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-10-25T00:00:00Z","date_published":"2022-11-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"544bf51d-d0ee-5d48-a930-a4adcab05bae","created":"2023-10-26T14:24:04.944090Z","modified":"2023-10-26T14:24:05.073228Z"},{"id":"d7014279-bc6a-43d4-953a-a6bc1d97a13b","name":"U.S. CISA Iranian Government Actors November 19 2021","description":"Cybersecurity and Infrastructure Security Agency. (2021, November 19). Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities. Retrieved October 25, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-321a","source":"Tidal Cyber","title":"Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-10-25T00:00:00Z","date_published":"2021-11-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"38584385-c3ad-54f2-aa7c-b5b2a379bf6f","created":"2023-10-26T14:24:05.919524Z","modified":"2023-10-26T14:24:06.065350Z"},{"id":"9abb4bbb-bad3-4d22-b235-c8a35465f2ce","name":"NEWSCASTER2014","description":"Lennon, M. (2014, May 29). Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation. Retrieved March 1, 2017.","url":"https://www.securityweek.com/iranian-hackers-targeted-us-officials-elaborate-social-media-attack-operation","source":"MITRE","title":"Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation","authors":"Lennon, M","date_accessed":"2017-03-01T00:00:00Z","date_published":"2014-05-29T00:00:00Z","owner_name":null,"tidal_id":"e6c6fd29-b3ff-5e42-a62d-534cb6f6383c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426432Z"},{"id":"671e1559-c7dc-4cb4-a9a1-21776f2ae56a","name":"CYBERCOM Iranian Intel Cyber January 2022","description":"Cyber National Mission Force. (2022, January 12). Iranian intel cyber suite of malware uses open source tools. Retrieved September 30, 2022.","url":"https://www.cybercom.mil/Media/News/Article/2897570/iranian-intel-cyber-suite-of-malware-uses-open-source-tools/","source":"MITRE","title":"Iranian intel cyber suite of malware uses open source tools","authors":"Cyber National Mission Force","date_accessed":"2022-09-30T00:00:00Z","date_published":"2022-01-12T00:00:00Z","owner_name":null,"tidal_id":"0b8d8759-8dbc-5692-84db-2de8fe306ef0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419819Z"},{"id":"728b20b0-f702-4dbe-afea-50270648a3a2","name":"U.S. CISA IRGC Actors September 14 2022","description":"Cybersecurity and Infrastructure Security Agency. (2022, September 14). Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations. Retrieved October 25, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-257a","source":"Tidal Cyber","title":"Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-10-25T00:00:00Z","date_published":"2022-09-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"966ee6a8-8f29-51f7-847b-132462cb3fd0","created":"2023-10-26T14:24:05.678882Z","modified":"2023-10-26T14:24:05.808590Z"},{"id":"90b611e8-8769-50ff-8aaf-bba90901d3d5","name":"Jamie Tarabay and Katrina Manson December 2023","description":"Jamie Tarabay and Katrina Manson. (2023, December 22). Iranian-Linked Hacks Expose Failure to Safeguard US Water System. Retrieved March","url":"https://www.bloomberg.com/news/articles/2023-12-22/iranian-linked-hacks-expose-failure-to-safeguard-us-water-system","source":"ICS","title":"Iranian-Linked Hacks Expose Failure to Safeguard US Water System","authors":"Jamie Tarabay and Katrina Manson","date_accessed":"1978-03-01T00:00:00Z","date_published":"2023-12-22T00:00:00Z","owner_name":null,"tidal_id":"9634fbb6-684e-5da8-a920-9ad6ab34d57f","created":"2026-01-28T13:08:18.179204Z","modified":"2026-01-28T13:08:18.179207Z"},{"id":"f9de25b4-5539-4a33-84b5-f26a84544859","name":"Secureworks Cobalt Gypsy Feb 2017","description":"Counter Threat Unit Research Team. (2017, February 15). Iranian PupyRAT Bites Middle Eastern Organizations. Retrieved December 27, 2017.","url":"https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations","source":"MITRE","title":"Iranian PupyRAT Bites Middle Eastern Organizations","authors":"Counter Threat Unit Research Team","date_accessed":"2017-12-27T00:00:00Z","date_published":"2017-02-15T00:00:00Z","owner_name":null,"tidal_id":"62cdaf7c-97f1-5832-ba2b-af00fdc342a7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442208Z"},{"id":"090da2a7-1a9d-5828-ab08-18cc285ea504","name":"Proofpoint Iranian Aligned Attacks JAN 2020","description":"Proofpoint. (2020, January 10). Iranian State-Sponsored and Aligned Attacks: What You Need to Know and Steps to Protect Yourself. Retrieved January 16, 2025.","url":"https://www.proofpoint.com/us/corporate-blog/post/iranian-state-sponsored-and-aligned-attacks-what-you-need-know-and-steps-protect","source":"MITRE","title":"Iranian State-Sponsored and Aligned Attacks: What You Need to Know and Steps to Protect Yourself","authors":"Proofpoint","date_accessed":"2025-01-16T00:00:00Z","date_published":"2020-01-10T00:00:00Z","owner_name":null,"tidal_id":"f8277180-8283-52b6-a1b3-8c206e2fe9d2","created":"2025-04-22T20:47:23.911569Z","modified":"2025-12-17T15:08:36.437505Z"},{"id":"f19f9ad4-bb31-443b-9c26-87946469a0c3","name":"ClearSky OilRig Jan 2017","description":"ClearSky Cybersecurity. (2017, January 5). Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford. Retrieved May 3, 2017.","url":"http://www.clearskysec.com/oilrig/","source":"MITRE","title":"Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford","authors":"ClearSky Cybersecurity","date_accessed":"2017-05-03T00:00:00Z","date_published":"2017-01-05T00:00:00Z","owner_name":null,"tidal_id":"c4224b1b-1b5d-5a44-8a16-2b5cdf9055e6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437481Z"},{"id":"82cddfa6-9463-49bb-8bdc-0c7d6b0e1472","name":"FireEye MuddyWater Mar 2018","description":"Singh, S. et al.. (2018, March 13). Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign. Retrieved April 11, 2018.","url":"https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-group-updates-ttps-in-spear-phishing-campaign.html","source":"MITRE","title":"Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign","authors":"Singh, S. et al.","date_accessed":"2018-04-11T00:00:00Z","date_published":"2018-03-13T00:00:00Z","owner_name":null,"tidal_id":"171d9498-6070-5ae4-9ee0-635d899aaa67","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438280Z"},{"id":"593e8f9f-88ec-4bdc-90c3-1a320fa8a041","name":"Check Point APT34 April 2021","description":"Check Point. (2021, April 8). Iran’s APT34 Returns with an Updated Arsenal. Retrieved May 5, 2021.","url":"https://research.checkpoint.com/2021/irans-apt34-returns-with-an-updated-arsenal/","source":"MITRE","title":"Iran’s APT34 Returns with an Updated Arsenal","authors":"Check Point","date_accessed":"2021-05-05T00:00:00Z","date_published":"2021-04-08T00:00:00Z","owner_name":null,"tidal_id":"cc42b464-d5c4-5ee1-b07a-a4d0d1923b49","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421941Z"},{"id":"5b1f92f0-fa2f-4c19-9ec5-164e5f957e73","name":"CyberScoop June 17 2025","description":"Matt Kapko. (2025, June 17). Iran's Bank Sepah disrupted by cyberattack claimed by pro-Israel hacktivist group. Retrieved June 20, 2025.","url":"https://cyberscoop.com/iran-bank-sepah-cyberattack/","source":"Tidal Cyber","title":"Iran's Bank Sepah disrupted by cyberattack claimed by pro-Israel hacktivist group","authors":"Matt Kapko","date_accessed":"2025-06-20T12:00:00Z","date_published":"2025-06-17T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ff68095b-7c67-53a0-b321-34e9a398a834","created":"2025-06-23T13:53:25.960171Z","modified":"2025-06-23T13:53:26.140446Z"},{"id":"08053c85-68ba-538b-b2f6-7ea0df654900","name":"Microsoft Iran Cyber 2023","description":"Microsoft Threat Intelligence. (2023, May 2). Iran turning to cyber-enabled influence operations for greater effect. Retrieved May 21, 2024.","url":"https://www.microsoft.com/en-us/security/business/security-insider/wp-content/uploads/2023/05/Iran-turning-to-cyber-enabled-influence-operations-for-greater-effect-05022023.pdf","source":"MITRE","title":"Iran turning to cyber-enabled influence operations for greater effect","authors":"Microsoft Threat Intelligence","date_accessed":"2024-05-21T00:00:00Z","date_published":"2023-05-02T00:00:00Z","owner_name":null,"tidal_id":"2d09df21-3d13-5bbb-9656-c94467bfc3c6","created":"2024-10-31T16:28:31.053961Z","modified":"2025-12-17T15:08:36.439144Z"},{"id":"b310dfa4-f4ee-4a0c-82af-b0fdef1a1f58","name":"Dark Reading APT39 JAN 2019","description":"Higgins, K. (2019, January 30). Iran Ups its Traditional Cyber Espionage Tradecraft. Retrieved May 22, 2020.","url":"https://www.darkreading.com/attacks-breaches/iran-ups-its-traditional-cyber-espionage-tradecraft/d/d-id/1333764","source":"MITRE","title":"Iran Ups its Traditional Cyber Espionage Tradecraft","authors":"Higgins, K","date_accessed":"2020-05-22T00:00:00Z","date_published":"2019-01-30T00:00:00Z","owner_name":null,"tidal_id":"cd2b34ac-87c5-5247-9087-c3fde461ffe3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438249Z"},{"id":"51a18523-5276-4a67-8644-2bc6997d043c","name":"U.S. CISA IRGC-Affiliated PLC Activity December 2023","description":"Cybersecurity and Infrastructure Security Agency. (2023, December 1). IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities. Retrieved December 5, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a","source":"Tidal Cyber","title":"IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-12-05T00:00:00Z","date_published":"2023-12-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f2f3e59a-ef1d-5114-acbc-ba4bdcb88736","created":"2023-12-06T16:45:14.253342Z","modified":"2023-12-06T16:45:14.617765Z"},{"id":"36191a48-4661-42ea-b194-2915c9b184f3","name":"Secureworks IRON HEMLOCK Profile","description":"Secureworks CTU. (n.d.). IRON HEMLOCK. Retrieved February 22, 2022.","url":"http://www.secureworks.com/research/threat-profiles/iron-hemlock","source":"MITRE","title":"IRON HEMLOCK","authors":"Secureworks CTU","date_accessed":"2022-02-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9138aec3-61c4-5a53-9af7-64c87717c4cd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438137Z"},{"id":"af5cb7da-61e0-49dc-8132-c019ce5ea6d3","name":"Secureworks IRON HUNTER Profile","description":"Secureworks CTU. (n.d.). IRON HUNTER. Retrieved February 22, 2022.","url":"http://www.secureworks.com/research/threat-profiles/iron-hunter","source":"MITRE","title":"IRON HUNTER","authors":"Secureworks CTU","date_accessed":"2022-02-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"eaddea81-9c45-5b2c-8b4a-539c784028df","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437845Z"},{"id":"b82ba824-4543-41ec-a686-6479d5f67b4d","name":"Secureworks IRON LIBERTY","description":"Secureworks. (n.d.). IRON LIBERTY. Retrieved October 15, 2020.","url":"https://www.secureworks.com/research/threat-profiles/iron-liberty","source":"MITRE","title":"IRON LIBERTY","authors":"Secureworks","date_accessed":"2020-10-15T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"fa3ca6aa-f9c7-53b5-958a-506a2c38a560","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439034Z"},{"id":"f04c89f7-d951-4ebc-a5e4-2cc69476c43f","name":"Unit 42 IronNetInjector February 2021","description":"Reichel, D. (2021, February 19). IronNetInjector: Turla’s New Malware Loading Tool. Retrieved February 24, 2021.","url":"https://unit42.paloaltonetworks.com/ironnetinjector/","source":"MITRE","title":"IronNetInjector: Turla’s New Malware Loading Tool","authors":"Reichel, D","date_accessed":"2021-02-24T00:00:00Z","date_published":"2021-02-19T00:00:00Z","owner_name":null,"tidal_id":"5773ab7d-d628-51f6-bd2c-d79ee140889c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423247Z"},{"id":"c1ff66d6-3ea3-4347-8a8b-447cd8b48dab","name":"Secureworks IRON RITUAL Profile","description":"Secureworks CTU. (n.d.). IRON RITUAL. Retrieved February 24, 2022.","url":"https://www.secureworks.com/research/threat-profiles/iron-ritual","source":"MITRE","title":"IRON RITUAL","authors":"Secureworks CTU","date_accessed":"2022-02-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d48cc000-dda8-581d-b27d-4878f17da0f2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438143Z"},{"id":"d0890d4f-e7ca-4280-a54e-d147f6dd72aa","name":"Trend Micro Iron Tiger April 2021","description":"Lunghi, D. and Lu, K. (2021, April 9). Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware. Retrieved November 12, 2021.","url":"https://www.trendmicro.com/en_us/research/21/d/iron-tiger-apt-updates-toolkit-with-evolved-sysupdate-malware-va.html","source":"MITRE","title":"Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware","authors":"Lunghi, D. and Lu, K","date_accessed":"2021-11-12T00:00:00Z","date_published":"2021-04-09T00:00:00Z","owner_name":null,"tidal_id":"d18b0faf-eef1-5c0f-9cc5-1bc5d9189f06","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416557Z"},{"id":"1acc2a21-4456-5fbc-9732-87550cea8b53","name":"Lunghi Iron Tiger Linux","description":"Daniel Lunghi. (2023, March 1). Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting. Retrieved March 20, 2023.","url":"https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html","source":"MITRE","title":"Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting","authors":"Daniel Lunghi","date_accessed":"2023-03-20T00:00:00Z","date_published":"2023-03-01T00:00:00Z","owner_name":null,"tidal_id":"4d21ea1e-990e-55f0-8f86-fc9f6acb3746","created":"2023-05-26T01:21:18.339258Z","modified":"2025-12-17T15:08:36.439932Z"},{"id":"45969d87-02c1-4074-b708-59f4c3e39426","name":"Secureworks IRON TILDEN Profile","description":"Secureworks CTU. (n.d.). IRON TILDEN. Retrieved February 24, 2022.","url":"https://www.secureworks.com/research/threat-profiles/iron-tilden","source":"MITRE","title":"IRON TILDEN","authors":"Secureworks CTU","date_accessed":"2022-02-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"38f71530-edc6-5bb5-942c-80a3ddf91e57","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419058Z"},{"id":"2fc5b9dc-3745-4760-b116-5cc5abb9101d","name":"Secureworks IRON TWILIGHT Profile","description":"Secureworks CTU. (n.d.). IRON TWILIGHT. Retrieved February 28, 2022.","url":"https://www.secureworks.com/research/threat-profiles/iron-twilight","source":"MITRE","title":"IRON TWILIGHT","authors":"Secureworks CTU","date_accessed":"2022-02-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4c88a849-bf43-5907-b3df-0bf793e688a0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437963Z"},{"id":"0d28c882-5175-4bcf-9c82-e6c4394326b6","name":"Secureworks IRON TWILIGHT Active Measures March 2017","description":"Secureworks CTU. (2017, March 30). IRON TWILIGHT Supports Active Measures. Retrieved February 28, 2022.","url":"https://www.secureworks.com/research/iron-twilight-supports-active-measures","source":"MITRE, Tidal Cyber","title":"IRON TWILIGHT Supports Active Measures","authors":"Secureworks CTU","date_accessed":"2022-02-28T00:00:00Z","date_published":"2017-03-30T00:00:00Z","owner_name":null,"tidal_id":"880983a5-342f-5925-8781-c8451081c78b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.278508Z"},{"id":"900753b3-c5a2-4fb5-ab7b-d38df867077b","name":"Secureworks IRON VIKING","description":"Secureworks. (2020, May 1). IRON VIKING Threat Profile. Retrieved June 10, 2020.","url":"https://www.secureworks.com/research/threat-profiles/iron-viking","source":"MITRE","title":"IRON VIKING Threat Profile","authors":"Secureworks","date_accessed":"2020-06-10T00:00:00Z","date_published":"2020-05-01T00:00:00Z","owner_name":null,"tidal_id":"1966ad9f-cd06-51eb-ad22-a9c98d6c5379","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437825Z"},{"id":"e0337ce9-2ca9-4877-b116-8c4d9d864df0","name":"ESET Hermetic Wizard March 2022","description":"ESET. (2022, March 1). IsaacWiper and HermeticWizard: New wiper and worm targetingUkraine. Retrieved April 10, 2022.","url":"https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine","source":"MITRE","title":"IsaacWiper and HermeticWizard: New wiper and worm targetingUkraine","authors":"ESET","date_accessed":"2022-04-10T00:00:00Z","date_published":"2022-03-01T00:00:00Z","owner_name":null,"tidal_id":"9afea7f3-03ad-5819-b844-8d82ea2fd823","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422657Z"},{"id":"7d42501b-5a6e-4916-aa58-64ce6c00501e","name":"Microsoft ISAPICGIRestriction 2016","description":"Microsoft. (2016, September 26). ISAPI/CGI Restrictions . Retrieved June 3, 2021.","url":"https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/isapicgirestriction/","source":"MITRE","title":"ISAPI/CGI Restrictions ","authors":"Microsoft","date_accessed":"2021-06-03T00:00:00Z","date_published":"2016-09-26T00:00:00Z","owner_name":null,"tidal_id":"541449cb-176c-5695-9477-0257a2929df4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442126Z"},{"id":"d00a692f-b990-4757-8acd-56818462ac0c","name":"Microsoft ISAPI Extension Overview 2017","description":"Microsoft. (2017, June 16). ISAPI Extension Overview. Retrieved June 3, 2021.","url":"https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525172(v=vs.90)","source":"MITRE","title":"ISAPI Extension Overview","authors":"Microsoft","date_accessed":"2021-06-03T00:00:00Z","date_published":"2017-06-16T00:00:00Z","owner_name":null,"tidal_id":"3572af91-cd5a-52a0-8222-90242e366135","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433742Z"},{"id":"2fdbf1ba-0480-4d70-9981-3b5967656472","name":"Microsoft ISAPI Filter Overview 2017","description":"Microsoft. (2017, June 16). ISAPI Filter Overview. Retrieved June 3, 2021.","url":"https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms524610(v=vs.90)","source":"MITRE","title":"ISAPI Filter Overview","authors":"Microsoft","date_accessed":"2021-06-03T00:00:00Z","date_published":"2017-06-16T00:00:00Z","owner_name":null,"tidal_id":"37a968fd-14ed-5385-a890-97ae3ce91827","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433748Z"},{"id":"93330fc1-2ade-4c4e-8f83-76487428c61e","name":"iscsicpl.exe - LOLBAS Project","description":"LOLBAS. (2025, August 17). iscsicpl.exe. Retrieved December 30, 2025.","url":"https://lolbas-project.github.io/lolbas/Binaries/Iscsicpl/","source":"Tidal Cyber","title":"iscsicpl.exe","authors":"LOLBAS","date_accessed":"2025-12-30T12:00:00Z","date_published":"2025-08-17T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"90847390-2b4f-5975-b197-90c6203446c5","created":"2026-01-06T18:03:30.154758Z","modified":"2026-01-06T18:03:30.298288Z"},{"id":"cf42e04a-3593-51ff-bb0b-60d681dc4cd6","name":"welivesecurity TCC","description":"Marc-Etienne M.Léveillé. (2022, July 19). I see what you did there: A look at the CloudMensis macOS spyware. Retrieved March 21, 2024.","url":"https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/","source":"MITRE","title":"I see what you did there: A look at the CloudMensis macOS spyware","authors":"Marc-Etienne M.Léveillé","date_accessed":"2024-03-21T00:00:00Z","date_published":"2022-07-19T00:00:00Z","owner_name":null,"tidal_id":"b7898c16-c77e-5edf-8456-98ba882a5945","created":"2024-04-25T13:28:40.935007Z","modified":"2025-12-17T15:08:36.435962Z"},{"id":"31262b8d-27fb-4976-9d53-4fb39b5b835a","name":"iSight Sandworm Oct 2014","description":"Ward, S.. (2014, October 14). iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20160503234007/https:/www.isightpartners.com/2014/10/cve-2014-4114/","source":"MITRE","title":"iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign","authors":"Ward, S.","date_accessed":"2024-11-17T00:00:00Z","date_published":"2014-10-14T00:00:00Z","owner_name":null,"tidal_id":"a9af9ac1-2177-5a45-bae9-bbbd72d224c1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441006Z"},{"id":"3009e3d3-def9-4838-9b54-8586858fb3e2","name":"DataBreaches KillSec December 8 2024","description":"Dissent. (2024, December 8). Is KillSec3 Trying to Extort Victims Using Publicly Leaked Data?. Retrieved February 14, 2024.","url":"https://databreaches.net/2024/12/08/is-killsec3-trying-to-extort-victims-using-publicly-leaked-data/","source":"Tidal Cyber","title":"Is KillSec3 Trying to Extort Victims Using Publicly Leaked Data?","authors":"Dissent","date_accessed":"2024-02-14T00:00:00Z","date_published":"2024-12-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6b43b82b-76f5-5fc4-b549-21b314f72c63","created":"2025-02-18T15:18:01.637944Z","modified":"2025-02-18T15:18:02.171623Z"},{"id":"f21ea3e2-7983-44d2-b78f-80d84bbc4f52","name":"CrySyS Blog TeamSpy","description":"CrySyS Lab. (2013, March 20). TeamSpy – Obshie manevri. Ispolzovat’ tolko s razreshenija S-a. Retrieved April 11, 2018.","url":"https://blog.crysys.hu/2013/03/teamspy/","source":"MITRE","title":"Ispolzovat’ tolko s razreshenija S-a","authors":"CrySyS Lab. (2013, March 20)","date_accessed":"2018-04-11T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9a012bec-7508-5dff-bb8d-d60551d291ed","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428400Z"},{"id":"38b0cf78-88d0-487f-b2b0-81264f457dd0","name":"NYTStuxnet","description":"William J. Broad, John Markoff, and David E. Sanger. (2011, January 15). Israeli Test on Worm Called Crucial in Iran Nuclear Delay. Retrieved March 1, 2017.","url":"https://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html","source":"MITRE","title":"Israeli Test on Worm Called Crucial in Iran Nuclear Delay","authors":"William J. Broad, John Markoff, and David E. Sanger","date_accessed":"2017-03-01T00:00:00Z","date_published":"2011-01-15T00:00:00Z","owner_name":null,"tidal_id":"10058f88-21da-5310-837d-37c7185c3fb0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430205Z"},{"id":"c67ddc5e-9e6c-40c0-9876-ee191cda7658","name":"Microsoft Issues with BITS July 2011","description":"Microsoft. (2011, July 19). Issues with BITS. Retrieved January 12, 2018.","url":"https://technet.microsoft.com/library/dd939934.aspx","source":"MITRE","title":"Issues with BITS","authors":"Microsoft","date_accessed":"2018-01-12T00:00:00Z","date_published":"2011-07-19T00:00:00Z","owner_name":null,"tidal_id":"3985c7b1-7993-5ab5-8834-26838e6e3d6d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434619Z"},{"id":"66da7fcb-421b-4e2f-b575-222f465d5901","name":"Ready.gov IT DRP","description":"Ready.gov. (n.d.). IT Disaster Recovery Plan. Retrieved March 15, 2019.","url":"https://www.ready.gov/business/implementation/IT","source":"MITRE","title":"IT Disaster Recovery Plan","authors":"Ready.gov","date_accessed":"2019-03-15T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3ab7c770-69fe-516a-b388-6811a9d102f1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415494Z"},{"id":"32569f59-14fb-4581-8a42-3bf49fb189e9","name":"Security Intelligence ITG08 April 2020","description":"Villadsen, O. (2020, April 7). ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework. Retrieved October 8, 2020.","url":"https://securityintelligence.com/posts/itg08-aka-fin6-partners-with-trickbot-gang-uses-anchor-framework/","source":"MITRE","title":"ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework","authors":"Villadsen, O","date_accessed":"2020-10-08T00:00:00Z","date_published":"2020-04-07T00:00:00Z","owner_name":null,"tidal_id":"9bee31a5-dffa-501b-8324-ef78114a33d7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437885Z"},{"id":"a6faa495-db01-43e8-9db3-d446570802bc","name":"Talos Frankenstein June 2019","description":"Adamitis, D. et al. (2019, June 4). It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign. Retrieved May 11, 2020.","url":"https://blog.talosintelligence.com/2019/06/frankenstein-campaign.html","source":"MITRE","title":"It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign","authors":"Adamitis, D. et al","date_accessed":"2020-05-11T00:00:00Z","date_published":"2019-06-04T00:00:00Z","owner_name":null,"tidal_id":"3ac1ccf5-ab61-5716-9934-af3d3131f2dd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437370Z"},{"id":"09d3ccc1-cd8a-4675-88c0-84110f5b8e8b","name":"AdSecurity Forging Trust Tickets","description":"Metcalf, S. (2015, July 15). It’s All About Trust – Forging Kerberos Trust Tickets to Spoof Access across Active Directory Trusts. Retrieved February 14, 2019.","url":"https://adsecurity.org/?p=1588","source":"MITRE","title":"It’s All About Trust – Forging Kerberos Trust Tickets to Spoof Access across Active Directory Trusts","authors":"Metcalf, S","date_accessed":"2019-02-14T00:00:00Z","date_published":"2015-07-15T00:00:00Z","owner_name":null,"tidal_id":"dc9b9ff4-3771-562c-af07-1719067620dc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431330Z"},{"id":"0c7c6dfa-2ba9-4f74-aeca-d97dd3a3a1cc","name":"It’s Always DarkGate Before the Dawn","description":"Micah Babinski. (2020, October 16). It’s Always DarkGate Before the Dawn. Retrieved October 20, 2023.","url":"https://micahbabinski.medium.com/its-always-darkgate-before-the-dawn-d6cf1ec56f7e","source":"Tidal Cyber","title":"It’s Always DarkGate Before the Dawn","authors":"Micah Babinski","date_accessed":"2023-10-20T00:00:00Z","date_published":"2020-10-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6363addb-5055-54fe-9311-b7c733e693a1","created":"2024-01-26T18:00:35.200911Z","modified":"2024-01-26T18:00:35.322718Z"},{"id":"0418012c-af7e-47b0-b690-85fd634532e4","name":"huntress.com November 14 2024","description":"Team Huntress. (2024, November 14). It's Not Safe To Pay SafePay. Retrieved April 14, 2025.","url":"https://www.huntress.com/blog/its-not-safe-to-pay-safepay","source":"Tidal Cyber","title":"It's Not Safe To Pay SafePay","authors":"Team Huntress","date_accessed":"2025-04-14T00:00:00Z","date_published":"2024-11-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"edac53fc-46e0-5978-8fa9-2afbc1731ef7","created":"2025-04-15T17:47:10.235356Z","modified":"2025-04-15T17:47:10.645925Z"},{"id":"a9394372-3981-4f41-ad66-9db343e773b1","name":"CitizenLab KeyBoy Nov 2016","description":"Hulcoop, A., et al. (2016, November 17). It’s Parliamentary KeyBoy and the targeting of the Tibetan Community. Retrieved June 13, 2019.","url":"https://citizenlab.ca/2016/11/parliament-keyboy/","source":"MITRE","title":"It’s Parliamentary KeyBoy and the targeting of the Tibetan Community","authors":"Hulcoop, A., et al","date_accessed":"2019-06-13T00:00:00Z","date_published":"2016-11-17T00:00:00Z","owner_name":null,"tidal_id":"b7cf12ec-fa03-5d43-8efb-fc1c754ca346","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419004Z"},{"id":"2ca502a2-664c-4b85-9d6c-1bc96dfb8332","name":"Twitter ItsReallyNick Status Update APT32 PubPrn","description":"Carr, N. (2017, December 22). ItsReallyNick Status Update. Retrieved September 12, 2024.","url":"https://x.com/ItsReallyNick/status/944321013084573697","source":"MITRE","title":"ItsReallyNick Status Update","authors":"Carr, N","date_accessed":"2024-09-12T00:00:00Z","date_published":"2017-12-22T00:00:00Z","owner_name":null,"tidal_id":"e925dba2-d8a8-533e-801b-f1e72d4833d5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441322Z"},{"id":"ab2655ae-542c-4e5c-93b6-8db3c2c1543b","name":"orangecyberdefense.com February 9 2024","description":"orangecyberdefense.com. (2024, February 9). Ivanti Connect Secure Journey to the core of the DSLog backdoor. Retrieved December 19, 2024.","url":"https://www.orangecyberdefense.com/global/blog/research/ivanti-connect-secure-journey-to-the-core-of-the-dslog-backdoor","source":"Tidal Cyber","title":"Ivanti Connect Secure Journey to the core of the DSLog backdoor","authors":"orangecyberdefense.com","date_accessed":"2024-12-19T00:00:00Z","date_published":"2024-02-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bdccdb3e-617c-560c-8394-949199c22760","created":"2025-04-11T15:06:17.255876Z","modified":"2025-04-11T15:06:17.410609Z"},{"id":"b96fa4f2-864d-5d88-9a29-b117da8f8c5c","name":"Volexity Ivanti Global Exploitation January 2024","description":"Gurkok, C. et al. (2024, January 15). Ivanti Connect Secure VPN Exploitation Goes Global. Retrieved February 27, 2024.","url":"https://www.volexity.com/blog/2024/01/15/ivanti-connect-secure-vpn-exploitation-goes-global/","source":"MITRE","title":"Ivanti Connect Secure VPN Exploitation Goes Global","authors":"Gurkok, C. et al","date_accessed":"2024-02-27T00:00:00Z","date_published":"2024-01-15T00:00:00Z","owner_name":null,"tidal_id":"aba0997c-3ba1-58ef-b39f-b86ec6dd3530","created":"2024-04-25T13:28:42.207360Z","modified":"2025-12-17T15:08:36.439393Z"},{"id":"d34943fb-4a7a-4cda-bbe5-3c1f5c00b8a9","name":"Google Cloud January 8 2025","description":"Mandiant. (2025, January 8). Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation . Retrieved January 10, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day","source":"Tidal Cyber","title":"Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation","authors":"Mandiant","date_accessed":"2025-01-10T00:00:00Z","date_published":"2025-01-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6ff58721-78d8-53e9-982a-60329921fc2c","created":"2025-01-13T21:01:04.732762Z","modified":"2025-01-13T21:01:05.356987Z"},{"id":"fcea0121-cd45-4b05-8c3f-f8dad8c790b3","name":"Trend Micro IXESHE 2012","description":"Sancho, D., et al. (2012, May 22). IXESHE An APT Campaign. Retrieved June 7, 2019.","url":"https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_ixeshe.pdf","source":"MITRE","title":"IXESHE An APT Campaign","authors":"Sancho, D., et al","date_accessed":"2019-06-07T00:00:00Z","date_published":"2012-05-22T00:00:00Z","owner_name":null,"tidal_id":"3b0e31b4-2630-52f9-aaf3-2ef137d90d3f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440267Z"},{"id":"246ef02d-e5d5-548a-be29-f6442f225500","name":"Jacqueline O'Leary et al. September 2017","description":"Jacqueline O'Leary et al. 2017, September 20 Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware. Retrieved 2019/12/02","url":"https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html","source":"ICS","title":"Jacqueline O'Leary et al. September 2017","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f5fb0f10-e2df-57af-8368-6eeddc9ef17e","created":"2026-01-28T13:08:18.178913Z","modified":"2026-01-28T13:08:18.178916Z"},{"id":"5a9e4f0f-83d6-4f18-a358-a9ad450c2734","name":"James TermServ DLL","description":"James. (2019, July 14). @James_inthe_box. Retrieved September 12, 2024.","url":"https://x.com/james_inthe_box/status/1150495335812177920","source":"MITRE","title":"@James_inthe_box","authors":"James","date_accessed":"2024-09-12T00:00:00Z","date_published":"2019-07-14T00:00:00Z","owner_name":null,"tidal_id":"41a45c68-2d0d-5f5e-a491-f2cce1b17a9c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427718Z"},{"id":"8b8fedb6-0922-441a-8e17-6bd92055a9b0","name":"Jamfsoftware 3 29 2024","description":"March. (2024, March 29). Jamf Threat Labs dissects infostealer malware. Retrieved April 5, 2024.","url":"https://www.jamf.com/blog/infostealers-pose-threat-to-macos/","source":"Tidal Cyber","title":"Jamf Threat Labs dissects infostealer malware","authors":"March","date_accessed":"2024-04-05T00:00:00Z","date_published":"2024-03-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0c143137-3638-54fa-b895-a1edfa78ded1","created":"2024-06-13T20:10:58.205668Z","modified":"2024-06-13T20:10:58.391346Z"},{"id":"29f3e378-9541-51a7-bce5-9d327ba4bba8","name":"JamPlus manual","description":"Perforce Software, Inc.. (n.d.). JamPlus manual: Quick Start Guide. Retrieved March 21, 2025.","url":"https://jamplus.github.io/jamplus/quick_start.html","source":"MITRE","title":"JamPlus manual: Quick Start Guide","authors":"Perforce Software, Inc.","date_accessed":"2025-03-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e830a3e0-16e8-54d9-a2dd-4d5ab20bae84","created":"2025-04-22T20:47:16.232830Z","modified":"2025-12-17T15:08:36.431590Z"},{"id":"28a7bbd8-d664-4234-9311-2befe0238b5b","name":"Symantec Cicada November 2020","description":"Symantec. (2020, November 17). Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign. Retrieved December 17, 2020.","url":"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage","source":"MITRE","title":"Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign","authors":"Symantec","date_accessed":"2020-12-17T00:00:00Z","date_published":"2020-11-17T00:00:00Z","owner_name":null,"tidal_id":"8edde3bf-8da8-5064-bf1b-e52a3e4700fd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438692Z"},{"id":"3300c819-e236-40a2-a886-ce460876a2ca","name":"Microsoft Security Blog June 30 2025","description":"Microsoft Threat Intelligence. (2025, June 30). Jasper Sleet North Korean remote IT workers' evolving tactics to infiltrate organizations . Retrieved July 3, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2025/06/30/jasper-sleet-north-korean-remote-it-workers-evolving-tactics-to-infiltrate-organizations/","source":"Tidal Cyber","title":"Jasper Sleet North Korean remote IT workers' evolving tactics to infiltrate organizations","authors":"Microsoft Threat Intelligence","date_accessed":"2025-07-03T12:00:00Z","date_published":"2025-06-30T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e508e7df-0c8a-5903-8d42-9223f9629a50","created":"2025-07-08T16:58:14.396103Z","modified":"2025-07-08T16:58:14.750413Z"},{"id":"79715346-7f8d-4436-8752-b039d85b220a","name":"Wikipedia JavaScript","description":"Wikimedia Foundation, Inc.. (n.d.). JavaScript. Retrieved December 19, 2024.","url":"https://en.wikipedia.org/wiki/JavaScript","source":"Tidal Cyber","title":"JavaScript","authors":"Wikimedia Foundation, Inc.","date_accessed":"2024-12-19T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"2ef645be-dd81-54ba-b721-232ab8016ee4","created":"2025-04-11T15:06:26.037375Z","modified":"2025-04-11T15:06:26.192288Z"},{"id":"f55dc056-4d5e-4071-a296-df0e069c4874","name":"Heimdal Security December 2 2020","description":"Andra Zaharia. (2020, December 2). JavaScript Malware – a Growing Trend Explained for Everyday Users. Retrieved December 19, 2024.","url":"https://heimdalsecurity.com/blog/javascript-malware-explained/","source":"Tidal Cyber","title":"JavaScript Malware – a Growing Trend Explained for Everyday Users","authors":"Andra Zaharia","date_accessed":"2024-12-19T00:00:00Z","date_published":"2020-12-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"462b82ee-9b2b-58a2-8b38-f5e952f00512","created":"2025-04-11T15:06:10.289460Z","modified":"2025-04-11T15:06:10.456795Z"},{"id":"deb97163-323a-493a-9c73-b41c8c5e5cd1","name":"Carbon Black JCry May 2019","description":"Lee, S.. (2019, May 14). JCry Ransomware. Retrieved June 18, 2019.","url":"https://www.carbonblack.com/2019/05/14/cb-tau-threat-intelligence-notification-jcry-ransomware-pretends-to-be-adobe-flash-player-update-installer/","source":"MITRE","title":"JCry Ransomware","authors":"Lee, S.","date_accessed":"2019-06-18T00:00:00Z","date_published":"2019-05-14T00:00:00Z","owner_name":null,"tidal_id":"6f739615-5046-54a9-8073-826f4f521a4d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421008Z"},{"id":"58f23f90-5b93-5e6a-9b6d-86f351df6d89","name":"Jeff Jones May 2018","description":"Jeff Jones 2018, May 10 Dragos Releases Details on Suspected Russian Infrastructure Hacking Team ALLANITE. Retrieved 2020/01/03","url":"https://www.eisac.com/public-news-detail?id=115909","source":"ICS","title":"Jeff Jones May 2018","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f53adee8-03d7-5cfe-a29b-1b54784ffdab","created":"2026-01-28T13:08:18.179919Z","modified":"2026-01-28T13:08:18.179922Z"},{"id":"07179529-dcf8-5a8d-b997-ebed068198ef","name":"Wang","description":"Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee. (2013, August). Jekyll on iOS: When Benign Apps Become Evil. Retrieved December","url":"https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/wang_tielei","source":"Mobile","title":"Jekyll on iOS: When Benign Apps Become Evil","authors":"Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee","date_accessed":"1978-12-01T00:00:00Z","date_published":"2013-08-01T00:00:00Z","owner_name":null,"tidal_id":"6e8ad1a3-60f9-5dc0-9684-32f3a5e73b78","created":"2026-01-28T13:08:10.046207Z","modified":"2026-01-28T13:08:10.046210Z"},{"id":"f5a42615-0e4e-4d43-937d-05d2efe636cf","name":"ClearSky CopyKittens March 2017","description":"ClearSky Cyber Security. (2017, March 30). Jerusalem Post and other Israeli websites compromised by Iranian threat agent CopyKitten. Retrieved August 21, 2017.","url":"http://www.clearskysec.com/copykitten-jpost/","source":"MITRE, Tidal Cyber","title":"Jerusalem Post and other Israeli websites compromised by Iranian threat agent CopyKitten","authors":"ClearSky Cyber Security","date_accessed":"2017-08-21T00:00:00Z","date_published":"2017-03-30T00:00:00Z","owner_name":null,"tidal_id":"c86724ca-cbe4-53f4-8c9e-7a0440dedbe3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.280193Z"},{"id":"c2a10cde-2c20-4090-9e8d-ca60edf07a2e","name":"Joe Sandbox 23893f035f8564dfea5030b9fdd54120d96072bb","description":"Joe Sandbox. (n.d.). Joe Sandbox 23893f035f8564dfea5030b9fdd54120d96072bb. Retrieved October 20, 2023.","url":"https://www.joesandbox.com/analysis/1280109/0/html","source":"Tidal Cyber","title":"Joe Sandbox 23893f035f8564dfea5030b9fdd54120d96072bb","authors":"Joe Sandbox","date_accessed":"2023-10-20T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"5ad5688d-fc27-505f-a119-e33578ddbb4c","created":"2024-01-26T18:00:34.441071Z","modified":"2024-01-26T18:00:34.583879Z"},{"id":"c573ca84-6d2e-5df9-a8bb-7e4f5f590aaf","name":"Joe Slowik April 2019","description":"Joe Slowik 2019, April 10 Implications of IT Ransomware for ICS Environments. Retrieved 2019/10/27","url":"https://dragos.com/blog/industry-news/implications-of-it-ransomware-for-ics-environments/","source":"ICS","title":"Joe Slowik April 2019","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d45d6f40-c3b3-5613-af8c-4d56d128fa70","created":"2026-01-28T13:08:18.177278Z","modified":"2026-01-28T13:08:18.177281Z"},{"id":"7297ee41-b26e-5762-8b0f-7dcdf780f86a","name":"Joe Slowik August 2019","description":"Joe Slowik. (2019, August 15) CRASHOVERRIDE: Reassessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack. Retrieved October 22, 2019","url":"https://dragos.com/wp-content/uploads/CRASHOVERRIDE.pdf","source":"MITRE","title":"Joe Slowik August 2019","authors":"","date_accessed":"2019-10-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"0594b200-3368-5bee-9e6b-c88f2cfdb35c","created":"2023-05-26T01:21:20.543646Z","modified":"2025-12-17T15:08:36.442319Z"},{"id":"eaaecdb0-5232-5294-ba99-9d0eac4d70be","name":"John Bill May 2017","description":"John Bill 2017, May 12 Hacked Cyber Security Railways. Retrieved 2019/10/17","url":"https://www.londonreconnections.com/2017/hacked-cyber-security-railways/","source":"ICS","title":"John Bill May 2017","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f9e6ac66-a01e-53c4-afa5-c9f3313238fd","created":"2026-01-28T13:08:18.176486Z","modified":"2026-01-28T13:08:18.176490Z"},{"id":"8f73a709-fb7e-4d9e-9743-4ba39ea26ea8","name":"US District Court of DC Phosphorus Complaint 2019","description":"US District Court of DC. (2019, March 14). MICROSOFT CORPORATION v. JOHN DOES 1-2, CONTROLLING A COMPUTER NETWORK AND THEREBY INJURING PLAINTIFF AND ITS CUSTOMERS. Retrieved March 8, 2021.","url":"https://noticeofpleadings.com/phosphorus/files/Complaint.pdf","source":"MITRE","title":"JOHN DOES 1-2, CONTROLLING A COMPUTER NETWORK AND THEREBY INJURING PLAINTIFF AND ITS CUSTOMERS","authors":"US District Court of DC. (2019, March 14)","date_accessed":"2021-03-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5b2cb578-1811-569b-b3dd-494c6d8e2ac2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438095Z"},{"id":"601d88c5-4789-4fa8-a9ab-abc8137f061c","name":"NCSC Joint Report Public Tools","description":"The Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), CERT New Zealand, the UK National Cyber Security Centre (UK NCSC) and the US National Cybersecurity and Communications Integration Center (NCCIC). (2018, October 11). Joint report on publicly available hacking tools. Retrieved March 11, 2019.","url":"https://www.ncsc.gov.uk/report/joint-report-on-publicly-available-hacking-tools","source":"MITRE","title":"Joint report on publicly available hacking tools","authors":"The Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), CERT New Zealand, the UK National Cyber Security Centre (UK NCSC) and the US National Cybersecurity and Communications Integration Center (NCCIC)","date_accessed":"2019-03-11T00:00:00Z","date_published":"2018-10-11T00:00:00Z","owner_name":null,"tidal_id":"8d2ec19e-edb3-56b2-90cd-f778ea7fd12c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422286Z"},{"id":"336a6549-a95d-5763-bbaf-5ef0d3141800","name":"USG Joint Statement SolarWinds January 2021","description":"FBI, CISA, ODNI, NSA. (2022, January 5). Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA). Retrieved March 26, 2023.","url":"https://www.cisa.gov/news-events/news/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure","source":"MITRE","title":"Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA)","authors":"FBI, CISA, ODNI, NSA","date_accessed":"2023-03-26T00:00:00Z","date_published":"2022-01-05T00:00:00Z","owner_name":null,"tidal_id":"29f08523-0a6f-5e0d-9b73-37e7db595c68","created":"2023-05-26T01:21:11.489496Z","modified":"2025-12-17T15:08:36.437542Z"},{"id":"1b6d033d-0bae-51f7-995d-c61df0b856a2","name":"Josh Rinaldi April 2016","description":"Josh Rinaldi 2016, April Still a Thrill: OPC UA Device Discovery. Retrieved 2020/09/25","url":"https://www.rtautomation.com/rtas-blog/still-a-thrill-opc-ua-device-discovery/","source":"ICS","title":"Josh Rinaldi April 2016","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3b5241d5-1906-5c9a-8e6a-4bd90574e189","created":"2026-01-28T13:08:18.180136Z","modified":"2026-01-28T13:08:18.180139Z"},{"id":"45b83e8c-6a53-5c91-8279-8562fa5f2019","name":"Jos Wetzels January 2018","description":"Jos Wetzels 2018, January 16 Analyzing the TRITON industrial malware. Retrieved 2019/10/22","url":"https://www.midnightbluelabs.com/blog/2018/1/16/analyzing-the-triton-industrial-malware","source":"ICS","title":"Jos Wetzels January 2018","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1240be34-ac96-5cea-afc3-9770e44b021a","created":"2026-01-28T13:08:18.175793Z","modified":"2026-01-28T13:08:18.175799Z"},{"id":"ae25ff74-05eb-46d7-9c60-4c149b7c7f1f","name":"Jsc.exe - LOLBAS Project","description":"LOLBAS. (2019, May 31). Jsc.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Jsc/","source":"Tidal Cyber","title":"Jsc.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2019-05-31T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"61d21333-9315-5a52-b9bd-a4d1f9b61802","created":"2024-01-12T14:46:47.243051Z","modified":"2024-01-12T14:46:47.425071Z"},{"id":"f0deea18-742c-5bc7-883d-716eeb248d1f","name":"Julian Gutmanis March 2019","description":"Julian Gutmanis 2019, March 11 Triton - A Report From The Trenches. Retrieved 2019/03/11","url":"https://www.youtube.com/watch?v=XwSJ8hloGvY","source":"ICS","title":"Julian Gutmanis March 2019","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"86d9ca50-3523-5468-bb10-d94ab394982b","created":"2026-01-28T13:08:18.175820Z","modified":"2026-01-28T13:08:18.175823Z"},{"id":"4deb0627-60a3-5403-af58-ed8a59d9fdc8","name":"Julian Rrushi, Hassan Farhangi, Clay Howey, Kelly Carmichael, Joey Dabell December 2015","description":"Julian Rrushi, Hassan Farhangi, Clay Howey, Kelly Carmichael, Joey Dabell 2015, December 08 A Quantitative Evaluation of the Target Selection of Havex ICS Malware Plugin. Retrieved 2019/04/01","url":"https://pdfs.semanticscholar.org/18df/43ef1690b0fae15a36f770001160aefbc6c5.pdf","source":"ICS","title":"Julian Rrushi, Hassan Farhangi, Clay Howey, Kelly Carmichael, Joey Dabell December 2015","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"914415f5-d020-563e-9dcc-c9d55d970fec","created":"2026-01-28T13:08:18.179670Z","modified":"2026-01-28T13:08:18.179673Z"},{"id":"2da2d3c6-cf19-49c8-8a82-2119b14d4e03","name":"Unit42 Jumpy Pisces October 30 2024","description":"Unit 42. (2024, October 30). Jumpy Pisces Engages in Play Ransomware. Retrieved March 22, 2025.","url":"https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/","source":"Tidal Cyber","title":"Jumpy Pisces Engages in Play Ransomware","authors":"Unit 42","date_accessed":"2025-03-22T00:00:00Z","date_published":"2024-10-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"88a197f7-1354-5245-85a3-668128162b31","created":"2025-03-25T13:15:56.489603Z","modified":"2025-03-25T13:15:56.832595Z"},{"id":"3b87bd85-c6dd-4bd9-9427-33b5bd84db4a","name":"Juniper Netscreen of the Dead","description":"Graeme Neilson . (2009, August). Juniper Netscreen of the Dead. Retrieved October 20, 2020.","url":"https://www.blackhat.com/presentations/bh-usa-09/NEILSON/BHUSA09-Neilson-NetscreenDead-SLIDES.pdf","source":"MITRE","title":"Juniper Netscreen of the Dead","authors":"Graeme Neilson","date_accessed":"2020-10-20T00:00:00Z","date_published":"2009-08-01T00:00:00Z","owner_name":null,"tidal_id":"e0fac934-e7e4-56e2-8ee1-0551b71cf1b7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434985Z"},{"id":"2a026718-388a-5121-89c8-6fa714c41356","name":"Junnosuke Yagi March 2017","description":"Junnosuke Yagi 2017, March 07 Trojan.Stonedrill. Retrieved 2019/12/05","url":"https://www.symantec.com/security-center/writeup/2017-030708-4403-99","source":"ICS","title":"Junnosuke Yagi March 2017","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"84b8a16d-d919-5617-a0ff-140118cafcdc","created":"2026-01-28T13:08:18.178937Z","modified":"2026-01-28T13:08:18.178940Z"},{"id":"e9eab0c1-9347-51b6-80e8-e1a3e8dd0714","name":"Censys RedPenguin MAR 2025","description":"Censys Research Team. (2025, March 14). JunOS and RedPenguin. Retrieved June 24, 2025.","url":"https://censys.com/blog/junos-and-redpenguin","source":"MITRE","title":"JunOS and RedPenguin","authors":"Censys Research Team","date_accessed":"2025-06-24T00:00:00Z","date_published":"2025-03-14T00:00:00Z","owner_name":null,"tidal_id":"c144908a-a824-5c94-88c1-597c2bc406bc","created":"2025-10-29T21:08:48.167625Z","modified":"2025-12-17T15:08:36.440927Z"},{"id":"09c99ca2-5f10-5f78-9ba3-5e0e79ce8d96","name":"Microsoft PS JEA","description":"Microsoft. (2022, November 17). Just Enough Administration. Retrieved March 27, 2023.","url":"https://learn.microsoft.com/powershell/scripting/learn/remoting/jea/overview?view=powershell-7.3","source":"MITRE","title":"Just Enough Administration","authors":"Microsoft","date_accessed":"2023-03-27T00:00:00Z","date_published":"2022-11-17T00:00:00Z","owner_name":null,"tidal_id":"11018e64-6435-5d34-92c1-5f1dd4c78339","created":"2023-05-26T01:21:20.703458Z","modified":"2025-12-17T15:08:36.442553Z"},{"id":"fbaae2c6-3ab1-4e37-becc-30c53e5b02c4","name":"U.S. DoJ PlugX Disruption January 14 2025","description":"Office of Public Affairs. (2025, January 14). Justice Department and FBI Conduct International Operation to Delete Malware Used by China-Backed Hackers. Retrieved January 27, 2025.","url":"https://www.justice.gov/opa/pr/justice-department-and-fbi-conduct-international-operation-delete-malware-used-china-backed","source":"Tidal Cyber","title":"Justice Department and FBI Conduct International Operation to Delete Malware Used by China-Backed Hackers","authors":"Office of Public Affairs","date_accessed":"2025-01-27T00:00:00Z","date_published":"2025-01-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f9932522-a092-59ca-b8ee-4c5b70bd4f1d","created":"2025-01-28T15:53:33.838209Z","modified":"2025-01-28T15:53:34.105193Z"},{"id":"26a554dc-39c0-4638-902d-7e84fe01b961","name":"U.S. Justice Department GRU Botnet February 2024","description":"Office of Public Affairs. (2024, February 15). Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU). Retrieved February 29, 2024.","url":"https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian","source":"Tidal Cyber","title":"Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU)","authors":"Office of Public Affairs","date_accessed":"2024-02-29T00:00:00Z","date_published":"2024-02-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"96025d6f-46c6-5db3-807d-ec38b0a0db53","created":"2024-03-01T20:23:28.394864Z","modified":"2024-03-01T20:23:28.558381Z"},{"id":"957488f8-c2a8-54b0-a3cb-7b510640a2c4","name":"Justice GRU 2024","description":"Office of Public Affairs. (2024, February 15). Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU). Retrieved March 28, 2024.","url":"https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian","source":"MITRE","title":"Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU)","authors":"Office of Public Affairs","date_accessed":"2024-03-28T00:00:00Z","date_published":"2024-02-15T00:00:00Z","owner_name":null,"tidal_id":"26d693ac-4f5b-54ef-99ef-337d77f7906b","created":"2024-04-25T13:28:30.599963Z","modified":"2025-12-17T15:08:36.425335Z"},{"id":"e26d1951-fadf-46c5-96af-3845929fd470","name":"U.S. DOJ Lumma Stealer Domain Seizures May 21 2025","description":"Office of Public Affairs. (2025, May 21). Justice Department Seizes Domains Behind Major Information-Stealing Malware Operation. Retrieved May 22, 2025.","url":"https://www.justice.gov/opa/pr/justice-department-seizes-domains-behind-major-information-stealing-malware-operation","source":"Tidal Cyber","title":"Justice Department Seizes Domains Behind Major Information-Stealing Malware Operation","authors":"Office of Public Affairs","date_accessed":"2025-05-22T00:00:00Z","date_published":"2025-05-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e8db36f3-2434-582b-ba1a-04a7019abd0f","created":"2025-05-23T14:41:31.542317Z","modified":"2025-05-23T14:41:31.714489Z"},{"id":"42dad2a3-5b33-4be4-a19b-58a27fb3ee5d","name":"Azure Active Directory Reconnaisance","description":"Dr. Nestori Syynimaa. (2020, June 13). Just looking: Azure Active Directory reconnaissance as an outsider. Retrieved May 27, 2022.","url":"https://o365blog.com/post/just-looking/","source":"MITRE","title":"Just looking: Azure Active Directory reconnaissance as an outsider","authors":"Dr. Nestori Syynimaa","date_accessed":"2022-05-27T00:00:00Z","date_published":"2020-06-13T00:00:00Z","owner_name":null,"tidal_id":"44d19e48-74b3-530e-8f9b-35104caafc35","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430789Z"},{"id":"16565eaf-44fb-44f4-b490-40dc1160ff2b","name":"Azure AD Recon","description":"Dr. Nestori Syynimaa. (2020, June 13). Just looking: Azure Active Directory reconnaissance as an outsider. Retrieved February 1, 2022.","url":"https://o365blog.com/post/just-looking","source":"MITRE","title":"Just looking: Azure Active Directory reconnaissance as an outsider","authors":"Dr. Nestori Syynimaa","date_accessed":"2022-02-01T00:00:00Z","date_published":"2020-06-13T00:00:00Z","owner_name":null,"tidal_id":"584ef8cf-e6a9-5d99-8e74-aa4868592e25","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442509Z"},{"id":"719c1ed7-4375-456a-a0ca-875039f783b2","name":"F5 Security Incident October 15 2025","description":"F5. (2025, October 15). K000154696: F5 Security Incident. Retrieved October 16, 2025.","url":"https://my.f5.com/manage/s/article/K000154696","source":"Tidal Cyber","title":"K000154696: F5 Security Incident","authors":"F5","date_accessed":"2025-10-16T12:00:00Z","date_published":"2025-10-15T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"177daa32-9c87-573b-ac81-d9cf47aa253c","created":"2025-10-17T17:09:11.819240Z","modified":"2025-10-17T17:09:11.988895Z"},{"id":"ef1fbb40-da6f-41d0-a44a-9ff444e2ad89","name":"intezer-kaiji-malware","description":"Paul Litvak. (2020, May 4). Kaiji: New Chinese Linux malware turning to Golang. Retrieved December 17, 2020.","url":"https://www.intezer.com/blog/research/kaiji-new-chinese-linux-malware-turning-to-golang/","source":"MITRE","title":"Kaiji: New Chinese Linux malware turning to Golang","authors":"Paul Litvak","date_accessed":"2020-12-17T00:00:00Z","date_published":"2020-05-04T00:00:00Z","owner_name":null,"tidal_id":"dc6469a1-380c-53d0-9f2a-79d5d3826d62","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423803Z"},{"id":"459fcde2-7ac3-4640-a5bc-cd8750e54962","name":"Kali Redsnarf","description":"NCC Group PLC. (2016, November 1). Kali Redsnarf. Retrieved December 11, 2017.","url":"https://github.com/nccgroup/redsnarf","source":"MITRE","title":"Kali Redsnarf","authors":"NCC Group PLC","date_accessed":"2017-12-11T00:00:00Z","date_published":"2016-11-01T00:00:00Z","owner_name":null,"tidal_id":"598fddd7-0bf1-5f02-b417-9166670702fc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429494Z"},{"id":"58d5bc0b-8548-4c3a-8302-e07df3b961ff","name":"TrustedSignal Service Failure","description":"Hull, D. (2014, May 3). Kansa: Service related collectors and analysis. Retrieved October 10, 2019.","url":"https://trustedsignal.blogspot.com/2014/05/kansa-service-related-collectors-and.html","source":"MITRE","title":"Kansa: Service related collectors and analysis","authors":"Hull, D","date_accessed":"2019-10-10T00:00:00Z","date_published":"2014-05-03T00:00:00Z","owner_name":null,"tidal_id":"3d782e52-869f-5594-816f-b49ec7921fda","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427987Z"},{"id":"d854f84a-4d70-4ef4-9197-d8f5396feabb","name":"Kansa Service related collectors","description":"Hull, D.. (2014, May 3). Kansa: Service related collectors and analysis. Retrieved October 10, 2019.","url":"https://trustedsignal.blogspot.com/2014/05/kansa-service-related-collectors-and.html","source":"MITRE","title":"Kansa: Service related collectors and analysis","authors":"Hull, D.","date_accessed":"2019-10-10T00:00:00Z","date_published":"2014-05-03T00:00:00Z","owner_name":null,"tidal_id":"7c32b5ff-31a8-5980-8f0d-a0e969620ded","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425547Z"},{"id":"0160d4fa-0a68-5310-a96f-840748d63acf","name":"WithSecure Kapeka 2024","description":"Mohammad Kazem Hassan Nejad, WithSecure. (2024, April 17). KAPEKA A novel backdoor spotted in Eastern Europe. Retrieved January 6, 2025.","url":"https://labs.withsecure.com/content/dam/labs/docs/WithSecure-Research-Kapeka.pdf","source":"MITRE","title":"KAPEKA A novel backdoor spotted in Eastern Europe","authors":"Mohammad Kazem Hassan Nejad, WithSecure","date_accessed":"2025-01-06T00:00:00Z","date_published":"2024-04-17T00:00:00Z","owner_name":null,"tidal_id":"9f50d02a-a146-5919-9568-23d5f24b024a","created":"2025-04-22T20:47:28.197808Z","modified":"2025-12-17T15:08:36.420865Z"},{"id":"ca7ae918-5fbb-472a-b9fa-8e0eaee93af7","name":"U.S. CISA Karakurt December 12 2023","description":"Cybersecurity and Infrastructure Security Agency. (2023, December 12). Karakurt Data Extortion Group. Retrieved May 1, 2024.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-152a","source":"Tidal Cyber","title":"Karakurt Data Extortion Group","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2024-05-01T00:00:00Z","date_published":"2023-12-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"41f342b0-c5e6-5e68-9d06-1d82d2fdf494","created":"2024-05-07T16:51:29.630880Z","modified":"2024-05-07T16:51:30.317464Z"},{"id":"5a9a79fa-532b-582b-9741-cb732803cd22","name":"CISA Karakurt 2022","description":"Cybersecurity Infrastructure and Defense Agency. (2022, June 2). Karakurt Data Extortion Group. Retrieved March 10, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-152a","source":"MITRE","title":"Karakurt Data Extortion Group","authors":"Cybersecurity Infrastructure and Defense Agency","date_accessed":"2023-03-10T00:00:00Z","date_published":"2022-06-02T00:00:00Z","owner_name":null,"tidal_id":"5078b672-fa69-51fc-b251-2b2df1e020e1","created":"2023-05-26T01:21:09.923612Z","modified":"2025-12-17T15:08:36.434953Z"},{"id":"68e20387-77cc-59e0-8534-0fdcc82337d2","name":"Karen Scarfone; Paul Hoffman September 2009","description":"Karen Scarfone; Paul Hoffman 2009, September Guidelines on Firewalls and Firewall Policy. Retrieved 2020/09/25","url":"https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-41r1.pdf","source":"ICS","title":"Karen Scarfone; Paul Hoffman September 2009","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"bf31e85d-07e3-563c-a8ff-35ad262c5ba9","created":"2026-01-28T13:08:18.179352Z","modified":"2026-01-28T13:08:18.179355Z"},{"id":"0f9fca8c-4ab8-41e8-b034-3a1f41f5cb0d","name":"Kaspersky October 24 2023","description":"GReAT. (2023, October 24). Kaspersky crimeware report GoPIX, Lumar, and Rhysida.. Retrieved October 10, 2024.","url":"https://securelist.com/crimeware-report-gopix-lumar-rhysida/110871/","source":"Tidal Cyber","title":"Kaspersky crimeware report GoPIX, Lumar, and Rhysida.","authors":"GReAT","date_accessed":"2024-10-10T00:00:00Z","date_published":"2023-10-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"34e7db1a-2fcc-5943-9f44-2d679412f5ca","created":"2024-10-14T19:18:51.477269Z","modified":"2024-10-14T19:18:51.682460Z"},{"id":"bbb9bcb5-cd44-4dcb-a7e5-f6c4cf93f74f","name":"Kaspersky Lab SynAck May 2018","description":"Bettencourt, J. (2018, May 7). Kaspersky Lab finds new variant of SynAck ransomware using sophisticated Doppelgänging technique. Retrieved May 24, 2018.","url":"https://usa.kaspersky.com/about/press-releases/2018_synack-doppelganging","source":"MITRE","title":"Kaspersky Lab finds new variant of SynAck ransomware using sophisticated Doppelgänging technique","authors":"Bettencourt, J","date_accessed":"2018-05-24T00:00:00Z","date_published":"2018-05-07T00:00:00Z","owner_name":null,"tidal_id":"9dc2646b-ac7b-530f-a02d-0f2c38851b28","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416588Z"},{"id":"87ba0b63-53c9-4e1d-a855-897aed86b813","name":"Huntress 08 14 2025","description":"Harlan Carvey, Lindsey O'Donnell-Welch. (2025, August 14). Kawabunga, Dude, You've Been Ransomed! | Huntress. Retrieved September 29, 2025.","url":"https://www.huntress.com/blog/kawalocker-ransomware-deployed","source":"Tidal Cyber","title":"Kawabunga, Dude, You've Been Ransomed! | Huntress","authors":"Harlan Carvey, Lindsey O'Donnell-Welch","date_accessed":"2025-09-29T12:00:00Z","date_published":"2025-08-14T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f118223a-fba0-5b34-a068-bdc66afaa8de","created":"2025-10-07T14:06:54.380492Z","modified":"2025-10-07T14:06:54.526739Z"},{"id":"07e64ee6-3d3e-49e4-bb06-ff5897e26ea9","name":"Unit 42 Kazuar May 2017","description":"Levene, B, et al. (2017, May 03). Kazuar: Multiplatform Espionage Backdoor with API Access. Retrieved July 17, 2018.","url":"https://researchcenter.paloaltonetworks.com/2017/05/unit42-kazuar-multiplatform-espionage-backdoor-api-access/","source":"MITRE","title":"Kazuar: Multiplatform Espionage Backdoor with API Access","authors":"Levene, B, et al","date_accessed":"2018-07-17T00:00:00Z","date_published":"2017-05-03T00:00:00Z","owner_name":null,"tidal_id":"4a024ae2-1c2a-550b-a137-710580d6a3a0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418617Z"},{"id":"11f46b1e-a141-4d25-bff0-e955251be7f5","name":"Citizen Lab Stealth Falcon May 2016","description":"Marczak, B. and Scott-Railton, J.. (2016, May 29). Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents. Retrieved June 8, 2016.","url":"https://citizenlab.org/2016/05/stealth-falcon/","source":"MITRE, Tidal Cyber","title":"Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents","authors":"Marczak, B. and Scott-Railton, J.","date_accessed":"2016-06-08T00:00:00Z","date_published":"2016-05-29T00:00:00Z","owner_name":null,"tidal_id":"ab1aafd3-4ec1-5a89-96ea-6cef7c3ce8f3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279408Z"},{"id":"3daabff5-61b9-5f69-843d-faf12c18e626","name":"GitHub Security Lab GitHub Actions Security 2021","description":"Jaroslav Lobačevski. (2021, August 3). Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests. Retrieved May 22, 2025.","url":"https://securitylab.github.com/resources/github-actions-preventing-pwn-requests/","source":"MITRE","title":"Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests","authors":"Jaroslav Lobačevski","date_accessed":"2025-05-22T00:00:00Z","date_published":"2021-08-03T00:00:00Z","owner_name":null,"tidal_id":"1bcf735a-0076-5fbf-aa47-98cc89ef06f3","created":"2025-10-29T21:08:48.166017Z","modified":"2025-12-17T15:08:36.431301Z"},{"id":"2aa44ed8-bc22-5cac-830c-9c9be6e0a30b","name":"GitHub Security Labs GitHub Actions Security Part 2 2021","description":"Jaroslav Lobačevski. (2021, August 4). Keeping your GitHub Actions and workflows secure Part 2: Untrusted input. Retrieved May 22, 2025.","url":"https://securitylab.github.com/resources/github-actions-untrusted-input/","source":"MITRE","title":"Keeping your GitHub Actions and workflows secure Part 2: Untrusted input","authors":"Jaroslav Lobačevski","date_accessed":"2025-05-22T00:00:00Z","date_published":"2021-08-04T00:00:00Z","owner_name":null,"tidal_id":"8ce62537-8ea9-524e-b00d-3b53583507d7","created":"2025-10-29T21:08:48.166033Z","modified":"2025-12-17T15:08:36.431307Z"},{"id":"3b6231fb-5b52-4a3a-a21f-0881901d0037","name":"Github KeeThief","description":"Lee, C., Schoreder, W. (n.d.). KeeThief. Retrieved February 8, 2021.","url":"https://github.com/GhostPack/KeeThief","source":"MITRE","title":"KeeThief","authors":"Lee, C., Schoreder, W","date_accessed":"2021-02-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2e21aa7f-968a-5859-9348-0879977009d5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427233Z"},{"id":"04baaff1-39ef-5b63-a6e5-53877029503d","name":"Keith Stouffer May 2015","description":"Keith Stouffer 2015, May Guide to Industrial Control Systems (ICS) Security. Retrieved 2018/03/28","url":"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf","source":"ICS","title":"Keith Stouffer May 2015","authors":"","date_accessed":"2018-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"deef86bd-4a47-5ed1-bb85-a88814da503d","created":"2026-01-28T13:08:18.177303Z","modified":"2026-01-28T13:08:18.177306Z"},{"id":"0b69f0f5-dd4a-4926-9369-8253a0c3ddea","name":"Kekeo","description":"Benjamin Delpy. (n.d.). Kekeo. Retrieved October 4, 2021.","url":"https://github.com/gentilkiwi/kekeo","source":"MITRE","title":"Kekeo","authors":"Benjamin Delpy","date_accessed":"2021-10-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8649dff6-8d58-5ad3-9173-331ce70a5a04","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427892Z"},{"id":"2cc6c0a3-b401-4097-814e-ee0991299fc4","name":"Www.ransomlook.io December 11 2023","description":"None Identified. (2023, December 11). kelvin security details. Retrieved January 5, 2026.","url":"https://www.ransomlook.io/group/kelvin%20security","source":"Tidal Cyber","title":"kelvin security details","authors":"None Identified","date_accessed":"2026-01-05T12:00:00Z","date_published":"2023-12-11T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"63309027-e62b-5bff-84a1-a2c399afcdc4","created":"2026-01-06T18:03:36.625828Z","modified":"2026-01-06T18:03:36.764960Z"},{"id":"88c71739-d5c2-407e-9bd1-b66e0f2cf443","name":"www.ransomlook.io December 11 2023","description":"None Identified. (2023, December 11). kelvin security details. Retrieved January 5, 2026.","url":"https://www.ransomlook.io/group/kelvin%20security","source":"Tidal Cyber","title":"kelvin security details","authors":"None Identified","date_accessed":"2026-01-05T12:00:00Z","date_published":"2023-12-11T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7ae3eda9-c4fb-595b-bd22-1d44eaabba34","created":"2026-01-23T20:29:33.831876Z","modified":"2026-01-23T20:29:33.961817Z"},{"id":"69f7cffb-a236-5ffa-9f96-3ffbd8c4f2d0","name":"Google Cloud Threat Intelligence COSCMICENERGY 2023","description":"COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises. (2023, May 25). Ken Proska, Daniel Kapellmann Zafra, Keith Lunden, Corey Hildebrandt, Rushikesh Nandedkar, Nathan Brubaker. Retrieved March 18, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/cosmicenergy-ot-malware-russian-response/","source":"MITRE","title":"Ken Proska, Daniel Kapellmann Zafra, Keith Lunden, Corey Hildebrandt, Rushikesh Nandedkar, Nathan Brubaker","authors":"COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises","date_accessed":"2025-03-18T00:00:00Z","date_published":"2023-05-25T00:00:00Z","owner_name":null,"tidal_id":"784496ca-2476-5652-89f8-a835f13d6312","created":"2025-04-22T20:47:20.456955Z","modified":"2025-12-17T15:08:36.435838Z"},{"id":"6f1f8bc3-421e-46ff-88e3-48fcc6f7b76a","name":"Harmj0y Kerberoast Nov 2016","description":"Schroeder, W. (2016, November 1). Kerberoasting Without Mimikatz. Retrieved March 23, 2018.","url":"https://www.harmj0y.net/blog/powershell/kerberoasting-without-mimikatz/","source":"MITRE","title":"Kerberoasting Without Mimikatz","authors":"Schroeder, W","date_accessed":"2018-03-23T00:00:00Z","date_published":"2016-11-01T00:00:00Z","owner_name":null,"tidal_id":"a9495f4b-9403-5cd0-ac6e-8d05b2bc6548","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433641Z"},{"id":"5f78a554-2d5c-49af-8c6c-6e10f9aec997","name":"ADSecurity Kerberos Ring Decoder","description":"Sean Metcalf. (2014, September 12). Kerberos, Active Directory’s Secret Decoder Ring. Retrieved February 27, 2020.","url":"https://adsecurity.org/?p=227","source":"MITRE","title":"Kerberos, Active Directory’s Secret Decoder Ring","authors":"Sean Metcalf","date_accessed":"2020-02-27T00:00:00Z","date_published":"2014-09-12T00:00:00Z","owner_name":null,"tidal_id":"209b9c5f-8054-5e42-8913-d89a723fd6f4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428387Z"},{"id":"8e09346b-03ce-4627-a365-f2f63089d1e0","name":"macOS kerberos framework MIT","description":"Massachusetts Institute of Technology. (2007, October 27). Kerberos for Macintosh Preferences Documentation. Retrieved October 6, 2021.","url":"http://web.mit.edu/macdev/KfM/Common/Documentation/preferences.html","source":"MITRE","title":"Kerberos for Macintosh Preferences Documentation","authors":"Massachusetts Institute of Technology","date_accessed":"2021-10-06T00:00:00Z","date_published":"2007-10-27T00:00:00Z","owner_name":null,"tidal_id":"471cf34e-0f28-5ae1-bc46-905a329d1347","created":"2022-12-14T20:06:32.013016Z","modified":"2024-04-25T13:28:33.300425Z"},{"id":"2d8790db-b088-40d0-be99-acd3e695c7a6","name":"Microsoft Kerberos Golden Ticket","description":"Microsoft. (2015, March 24). Kerberos Golden Ticket Check (Updated). Retrieved February 27, 2020.","url":"https://gallery.technet.microsoft.com/scriptcenter/Kerberos-Golden-Ticket-b4814285","source":"MITRE","title":"Kerberos Golden Ticket Check (Updated)","authors":"Microsoft","date_accessed":"2020-02-27T00:00:00Z","date_published":"2015-03-24T00:00:00Z","owner_name":null,"tidal_id":"b7288c4b-dad8-5f6a-b9b4-392d1a0c2949","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428374Z"},{"id":"268f9cfa-71f4-4cb1-96f3-c61e71892d30","name":"CERT-EU Golden Ticket Protection","description":"Abolins, D., Boldea, C., Socha, K., Soria-Machado, M. (2016, April 26). Kerberos Golden Ticket Protection. Retrieved July 13, 2017.","url":"https://cert.europa.eu/static/WhitePapers/UPDATED%20-%20CERT-EU_Security_Whitepaper_2014-007_Kerberos_Golden_Ticket_Protection_v1_4.pdf","source":"MITRE","title":"Kerberos Golden Ticket Protection","authors":"Abolins, D., Boldea, C., Socha, K., Soria-Machado, M","date_accessed":"2017-07-13T00:00:00Z","date_published":"2016-04-26T00:00:00Z","owner_name":null,"tidal_id":"462f90a9-e83b-5ff9-b84c-4cea05fabdf4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415618Z"},{"id":"aac51d49-9a72-4456-8539-8a5f5d0ef7d7","name":"AdSecurity Kerberos GT Aug 2015","description":"Metcalf, S. (2015, August 7). Kerberos Golden Tickets are Now More Golden. Retrieved December 1, 2017.","url":"https://adsecurity.org/?p=1640","source":"MITRE","title":"Kerberos Golden Tickets are Now More Golden","authors":"Metcalf, S","date_accessed":"2017-12-01T00:00:00Z","date_published":"2015-08-07T00:00:00Z","owner_name":null,"tidal_id":"479eb32f-5f69-5f04-84aa-f6b3044a043e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416219Z"},{"id":"6e61f3e1-35e6-44f4-9bc4-60b2bcb71b15","name":"ADSecurity Kerberos and KRBTGT","description":"Sean Metcalf. (2014, November 10). Kerberos & KRBTGT: Active Directory’s Domain Kerberos Service Account. Retrieved January 30, 2020.","url":"https://adsecurity.org/?p=483","source":"MITRE","title":"Kerberos & KRBTGT: Active Directory’s Domain Kerberos Service Account","authors":"Sean Metcalf","date_accessed":"2020-01-30T00:00:00Z","date_published":"2014-11-10T00:00:00Z","owner_name":null,"tidal_id":"1fd5db7f-bbc8-5bfc-a48f-0b878ecaa001","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431350Z"},{"id":"328953ed-93c7-46c0-9a05-53dc44d294fe","name":"Microsoft Kerberos Preauth 2014","description":"Sanyal, M.. (2014, March 18). Kerberos Pre-Authentication: Why It Should Not Be Disabled. Retrieved August 25, 2020.","url":"https://social.technet.microsoft.com/wiki/contents/articles/23559.kerberos-pre-authentication-why-it-should-not-be-disabled.aspx","source":"MITRE","title":"Kerberos Pre-Authentication: Why It Should Not Be Disabled","authors":"Sanyal, M.","date_accessed":"2020-08-25T00:00:00Z","date_published":"2014-03-18T00:00:00Z","owner_name":null,"tidal_id":"03fdd447-bde1-5c78-945d-49ae130bd9fb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427974Z"},{"id":"5aea042f-4eb1-4092-89be-3db695053470","name":"Linux Kerberos Tickets","description":"Trevor Haskell. (2020, April 1). Kerberos Tickets on Linux Red Teams. Retrieved October 4, 2021.","url":"https://www.fireeye.com/blog/threat-research/2020/04/kerberos-tickets-on-linux-red-teams.html","source":"MITRE","title":"Kerberos Tickets on Linux Red Teams","authors":"Trevor Haskell","date_accessed":"2021-10-04T00:00:00Z","date_published":"2020-04-01T00:00:00Z","owner_name":null,"tidal_id":"4061c522-f2cf-58b6-b9cc-99c4ac66a8fd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427905Z"},{"id":"03528f7e-6367-58dc-91ea-7c9f516b829c","name":"HackerNews-Allwinner","description":"Mohit Kumar. (2016, May 11). Kernel Backdoor found in Gadgets Powered by Popular Chinese ARM Maker. Retrieved September","url":"https://thehackernews.com/2016/05/android-kernal-exploit.html","source":"Mobile","title":"Kernel Backdoor found in Gadgets Powered by Popular Chinese ARM Maker","authors":"Mohit Kumar","date_accessed":"1978-09-01T00:00:00Z","date_published":"2016-05-11T00:00:00Z","owner_name":null,"tidal_id":"283854ae-e539-5bec-a748-81d0cd5057bc","created":"2026-01-28T13:08:10.038888Z","modified":"2026-01-28T13:08:10.038891Z"},{"id":"b75466f2-c20e-4c4a-b71b-e91fb39cfcd3","name":"Kernel Self Protection Project","description":"Kernel.org. (2020, February 6). Kernel Self-Protection. Retrieved June 4, 2020.","url":"https://www.kernel.org/doc/html/latest/security/self-protection.html","source":"MITRE","title":"Kernel Self-Protection","authors":"Kernel.org","date_accessed":"2020-06-04T00:00:00Z","date_published":"2020-02-06T00:00:00Z","owner_name":null,"tidal_id":"fbdce009-a6a8-5919-9c01-2c8489b08fea","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442619Z"},{"id":"ebe699c6-2285-583f-b85e-75491ec1f07e","name":"Kernkraftwerk Gundremmingen April 2016","description":"Kernkraftwerk Gundremmingen 2016, April 25 Detektion von Bro-Schadsoftware an mehreren Rechnern. Retrieved 2019/10/14","url":"https://www.kkw-gundremmingen.de/presse.php?id=571","source":"ICS","title":"Kernkraftwerk Gundremmingen April 2016","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"84424e70-8b7f-5de7-99b3-61aad21b07d3","created":"2026-01-28T13:08:18.178015Z","modified":"2026-01-28T13:08:18.178018Z"},{"id":"e549add8-1dfd-40d6-8974-35e1a38a707b","name":"Rapid7 KeyBoy Jun 2013","description":"Guarnieri, C., Schloesser M. (2013, June 7). KeyBoy, Targeted Attacks against Vietnam and India. Retrieved June 14, 2019.","url":"https://blog.rapid7.com/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india/","source":"MITRE","title":"KeyBoy, Targeted Attacks against Vietnam and India","authors":"Guarnieri, C., Schloesser M","date_accessed":"2019-06-14T00:00:00Z","date_published":"2013-06-07T00:00:00Z","owner_name":null,"tidal_id":"9bd52beb-59fb-5a8d-b18c-b914cba740ba","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418996Z"},{"id":"4e499819-b910-4c07-a8b4-a7d40f2c0ac4","name":"Keychain Items Apple Dev API","description":"Apple. (n.d.). Keychain Items. Retrieved April 12, 2022.","url":"https://developer.apple.com/documentation/security/keychain_services/keychain_items","source":"MITRE","title":"Keychain Items","authors":"Apple","date_accessed":"2022-04-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"37ac28b4-2f14-50ac-a5b3-987a47363887","created":"2022-12-14T20:06:32.013016Z","modified":"2025-04-22T20:47:32.061920Z"},{"id":"15629a0b-0d9c-5bfa-9f15-6628d746d2fa","name":"Apple Keychain Services","description":"Apple, Inc. (n.d.). Keychain Services. Retrieved June","url":"https://developer.apple.com/documentation/security/keychain_services","source":"Mobile","title":"Keychain Services","authors":"Apple, Inc","date_accessed":"1978-06-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"05accc79-fa83-5fa1-85f6-428131824607","created":"2026-01-28T13:08:10.043218Z","modified":"2026-01-28T13:08:10.043220Z"},{"id":"0754f48d-dad8-480c-953c-256be4dfcfc3","name":"Keychain Services Apple","description":"Apple. (n.d.). Keychain Services. Retrieved April 11, 2022.","url":"https://developer.apple.com/documentation/security/keychain_services","source":"MITRE","title":"Keychain Services","authors":"Apple","date_accessed":"2022-04-11T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6533a179-6cae-54da-83b7-e07c26d05280","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425955Z"},{"id":"8aac5356-31cb-4e0b-a766-9aa07d977acd","name":"Wikipedia keychain","description":"Wikipedia. (n.d.). Keychain (software). Retrieved July 5, 2017.","url":"https://en.wikipedia.org/wiki/Keychain_(software)","source":"MITRE","title":"Keychain (software)","authors":"Wikipedia","date_accessed":"2017-07-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d554625d-804b-5e69-9e1a-a1bdecb7984b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432956Z"},{"id":"75db8c88-e547-4d1b-8f22-6ace2b3d7ad4","name":"Keyctl-unmask","description":"Mark Manning. (2020, July 23). Keyctl-unmask: \"Going Florida\" on The State Of Containerizing Linux Keyrings. Retrieved July 6, 2022.","url":"https://www.antitree.com/2020/07/keyctl-unmask-going-florida-on-the-state-of-containerizing-linux-keyrings/","source":"MITRE","title":"Keyctl-unmask: \"Going Florida\" on The State Of Containerizing Linux Keyrings","authors":"Mark Manning","date_accessed":"2022-07-06T00:00:00Z","date_published":"2020-07-23T00:00:00Z","owner_name":null,"tidal_id":"0220d1bc-8e95-5ab4-876f-18cb767e4fa2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429087Z"},{"id":"f89df182-d3e6-5593-a2ed-3caa26567e5d","name":"Xiao-KeyRaider","description":"Claud Xiao. (2015, August 30). KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia. Retrieved December","url":"http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/","source":"Mobile","title":"KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia","authors":"Claud Xiao","date_accessed":"1978-12-01T00:00:00Z","date_published":"2015-08-30T00:00:00Z","owner_name":null,"tidal_id":"8f3ca74c-9c47-5c99-82be-46fd04cf3e30","created":"2026-01-28T13:08:10.040299Z","modified":"2026-01-28T13:08:10.040302Z"},{"id":"4ba76434-f5ca-4a1d-b111-9292f6debfdb","name":"Google Cloud Encryption Key Rotation","description":"Google. (n.d.). Key rotation. Retrieved October 18, 2019.","url":"https://cloud.google.com/kms/docs/key-rotation","source":"MITRE","title":"Key rotation","authors":"Google","date_accessed":"2019-10-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f5f9d3df-f696-53d7-ad95-bad0a214de41","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441749Z"},{"id":"9689c7fb-c167-5c6c-98cd-a14d2ee5e10a","name":"CyberCX SaaS Domain Hijacking 2025","description":"Tony Mau. (2025, May 29). Keys to the (SaaS) kingdom. Retrieved May 30, 2025.","url":"https://cybercx.com.au/blog/keys-to-the-saas-kingdom/","source":"MITRE","title":"Keys to the (SaaS) kingdom","authors":"Tony Mau","date_accessed":"2025-05-30T00:00:00Z","date_published":"2025-05-29T00:00:00Z","owner_name":null,"tidal_id":"3c8a34c9-fd2f-5ced-938f-f9145c5823b4","created":"2025-10-29T21:08:48.166423Z","modified":"2025-12-17T15:08:36.434317Z"},{"id":"9d22f13d-af6d-47b5-93ed-5e4b85b94978","name":"KillDisk Ransomware","description":"Catalin Cimpanu. (2016, December 29). KillDisk Disk-Wiping Malware Adds Ransomware Component. Retrieved January 12, 2021.","url":"https://www.bleepingcomputer.com/news/security/killdisk-disk-wiping-malware-adds-ransomware-component/","source":"MITRE","title":"KillDisk Disk-Wiping Malware Adds Ransomware Component","authors":"Catalin Cimpanu","date_accessed":"2021-01-12T00:00:00Z","date_published":"2016-12-29T00:00:00Z","owner_name":null,"tidal_id":"80defbc6-9b0d-582b-a405-67fedab42e7e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422003Z"},{"id":"8ae31db0-2744-4366-9747-55fc4679dbf5","name":"Trend Micro KillDisk 1","description":"Fernando Merces, Byron Gelera, Martin Co. (2018, June 7). KillDisk Variant Hits Latin American Finance Industry. Retrieved January 12, 2021.","url":"https://www.trendmicro.com/en_us/research/18/f/new-killdisk-variant-hits-latin-american-financial-organizations-again.html","source":"MITRE","title":"KillDisk Variant Hits Latin American Finance Industry","authors":"Fernando Merces, Byron Gelera, Martin Co","date_accessed":"2021-01-12T00:00:00Z","date_published":"2018-06-07T00:00:00Z","owner_name":null,"tidal_id":"0554e052-3b03-5f94-ab19-3e6572050b94","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422016Z"},{"id":"62d9a4c9-e669-4dd4-a584-4f3e3e54f97f","name":"Trend Micro KillDisk 2","description":"Gilbert Sison, Rheniel Ramos, Jay Yaneza, Alfredo Oliveira. (2018, January 15). KillDisk Variant Hits Latin American Financial Groups. Retrieved January 12, 2021.","url":"https://www.trendmicro.com/en_us/research/18/a/new-killdisk-variant-hits-financial-organizations-in-latin-america.html","source":"MITRE","title":"KillDisk Variant Hits Latin American Financial Groups","authors":"Gilbert Sison, Rheniel Ramos, Jay Yaneza, Alfredo Oliveira","date_accessed":"2021-01-12T00:00:00Z","date_published":"2018-01-15T00:00:00Z","owner_name":null,"tidal_id":"7a8bc1be-cdaf-5751-be8e-148ea71bfac9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422023Z"},{"id":"19d7ccc6-76ed-4b12-af50-f810fbc22037","name":"Killing IOS diversity myth","description":"Ang Cui, Jatin Kataria, Salvatore J. Stolfo. (2011, August). Killing the myth of Cisco IOS diversity: recent advances in reliable shellcode design. Retrieved October 20, 2020.","url":"https://www.usenix.org/legacy/event/woot/tech/final_files/Cui.pdf","source":"MITRE","title":"Killing the myth of Cisco IOS diversity: recent advances in reliable shellcode design","authors":"Ang Cui, Jatin Kataria, Salvatore J. Stolfo","date_accessed":"2020-10-20T00:00:00Z","date_published":"2011-08-01T00:00:00Z","owner_name":null,"tidal_id":"122f2a7d-eae7-578e-aff3-456458f9903c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434966Z"},{"id":"538070d6-fbdb-4cc9-8ddf-c331e4375cfb","name":"Killing the myth of Cisco IOS rootkits","description":"Sebastian 'topo' Muñiz. (2008, May). Killing the myth of Cisco IOS rootkits. Retrieved October 20, 2020.","url":"https://drwho.virtadpt.net/images/killing_the_myth_of_cisco_ios_rootkits.pdf","source":"MITRE","title":"Killing the myth of Cisco IOS rootkits","authors":"Sebastian 'topo' Muñiz","date_accessed":"2020-10-20T00:00:00Z","date_published":"2008-05-01T00:00:00Z","owner_name":null,"tidal_id":"cf234848-a7b8-54a6-af85-6db421f1360f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434959Z"},{"id":"628a9288-ae87-4deb-92ce-081ba88c15be","name":"Vedere Labs Killnet 2022","description":"Vedere Labs. (2022, June 2). Killnet: Analysis of Attacks from a Prominent Pro-Russian Hacktivist Group. Retrieved October 9, 2023.","url":"https://www.forescout.com/resources/analysis-of-killnet-report/","source":"Tidal Cyber","title":"Killnet: Analysis of Attacks from a Prominent Pro-Russian Hacktivist Group","authors":"Vedere Labs","date_accessed":"2023-10-09T00:00:00Z","date_published":"2022-06-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"18ce6ff0-f5e1-5356-87a0-d2e8b4dea506","created":"2023-10-10T20:48:39.927463Z","modified":"2023-10-10T20:48:40.088935Z"},{"id":"502cc03b-350b-4e2d-9436-364c43a0a203","name":"Flashpoint Glossary Killnet","description":"Flashpoint. (n.d.). Killnet: Inside the World’s Most Prominent Pro-Kremlin Hacktivist Collective. Retrieved October 10, 2023.","url":"https://flashpoint.io/intelligence-101/killnet/","source":"Tidal Cyber","title":"Killnet: Inside the World’s Most Prominent Pro-Kremlin Hacktivist Collective","authors":"Flashpoint","date_accessed":"2023-10-10T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"c42f5e4a-1176-5670-93a4-0fe5a3e011cd","created":"2023-10-10T20:48:40.233703Z","modified":"2023-10-10T20:48:40.465765Z"},{"id":"9afb764a-84fb-4fea-b925-d7d36a24ac14","name":"Cyber Express KillSec June 26 2024","description":"Ashish Khaitan. (2024, June 26). KillSec Unveils Feature-Rich RaaS Platform with Encryption, DDoS Tools, and Data Stealer. Retrieved November 24, 2024.","url":"https://thecyberexpress.com/killsec-launches-raas-program/","source":"Tidal Cyber","title":"KillSec Unveils Feature-Rich RaaS Platform with Encryption, DDoS Tools, and Data Stealer","authors":"Ashish Khaitan","date_accessed":"2024-11-24T00:00:00Z","date_published":"2024-06-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"41b4d1c9-c6a9-58cd-a2bf-f08f62412655","created":"2024-11-25T18:00:52.182616Z","modified":"2024-11-25T18:00:52.414903Z"},{"id":"9a497c56-f1d3-4889-8c1a-14b013f14668","name":"Malwarebytes Kimsuky June 2021","description":"Jazi, H. (2021, June 1). Kimsuky APT continues to target South Korean government using AppleSeed backdoor. Retrieved June 10, 2021.","url":"https://blog.malwarebytes.com/threat-analysis/2021/06/kimsuky-apt-continues-to-target-south-korean-government-using-appleseed-backdoor/","source":"MITRE, Tidal Cyber","title":"Kimsuky APT continues to target South Korean government using AppleSeed backdoor","authors":"Jazi, H","date_accessed":"2021-06-10T00:00:00Z","date_published":"2021-06-01T00:00:00Z","owner_name":null,"tidal_id":"1f1a42a1-1a0a-584b-b5b8-a1c67b23c14c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.257730Z"},{"id":"8b0dd1d7-dc9c-50d3-a47e-20304591ac40","name":"Kimsuky Malwarebytes","description":"Hossein Jazi. (2021, June 1). Kimsuky APT continues to target South Korean government using AppleSeed backdoor. Retrieved January 10, 2024.","url":"https://www.malwarebytes.com/blog/threat-intelligence/2021/06/kimsuky-apt-continues-to-target-south-korean-government-using-appleseed-backdoor","source":"MITRE","title":"Kimsuky APT continues to target South Korean government using AppleSeed backdoor","authors":"Hossein Jazi","date_accessed":"2024-01-10T00:00:00Z","date_published":"2021-06-01T00:00:00Z","owner_name":null,"tidal_id":"fa23cf82-789b-5b50-a1ad-f3084b6fe94f","created":"2024-04-25T13:28:53.461714Z","modified":"2025-12-17T15:08:36.442802Z"},{"id":"7ee5dc4e-1c53-5f12-806d-37b290c6f569","name":"Zscaler Kimsuky TRANSLATEXT","description":"Park, S. (2024, June 27). Kimsuky deploys TRANSLATEXT to target South Korean academia. Retrieved October 14, 2024.","url":"https://www.zscaler.com/blogs/security-research/kimsuky-deploys-translatext-target-south-korean-academia#technical-analysis","source":"MITRE","title":"Kimsuky deploys TRANSLATEXT to target South Korean academia","authors":"Park, S","date_accessed":"2024-10-14T00:00:00Z","date_published":"2024-06-27T00:00:00Z","owner_name":null,"tidal_id":"2f71d66c-5fab-5462-b531-d084225452fb","created":"2025-04-22T20:47:26.823420Z","modified":"2025-12-17T15:08:36.418320Z"},{"id":"5fbb0dcb-c882-597f-ade8-4b8afb8b55a8","name":"S2W Troll Stealer 2024","description":"Jiho Kim & Sebin Lee, S2W. (2024, February 7). Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer (English ver.). Retrieved January 17, 2025.","url":"https://medium.com/s2wblog/kimsuky-disguised-as-a-korean-company-signed-with-a-valid-certificate-to-distribute-troll-stealer-cfa5d54314e2","source":"MITRE","title":"Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer (English ver.)","authors":"Jiho Kim & Sebin Lee, S2W","date_accessed":"2025-01-17T00:00:00Z","date_published":"2024-02-07T00:00:00Z","owner_name":null,"tidal_id":"fccbcdd4-f0d4-54c3-b7d0-bbb6d6bc657e","created":"2025-04-22T20:47:28.014091Z","modified":"2025-12-17T15:08:36.420608Z"},{"id":"e9a8db17-8b10-44c2-a0e1-88e6bcfb67f1","name":"VirusBulletin Kimsuky October 2019","description":"Kim, J. et al. (2019, October). KIMSUKY GROUP: TRACKING THE KING OF THE SPEAR PHISHING. Retrieved November 2, 2020.","url":"https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-kimsuky-group-tracking-king-spearphishing/","source":"MITRE","title":"KIMSUKY GROUP: TRACKING THE KING OF THE SPEAR PHISHING","authors":"Kim, J. et al","date_accessed":"2020-11-02T00:00:00Z","date_published":"2019-10-01T00:00:00Z","owner_name":null,"tidal_id":"5fa0f3f8-7128-584e-b9b5-9d99d74ffa52","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440342Z"},{"id":"317e7e68-f7b2-4976-9604-7fba5dabce62","name":"AhnLab Kimsuky Meterpreter May 15 2025","description":"ASEC. (2025, May 15). Kimsuky Group Using Meterpreter to Attack Web Servers. Retrieved June 9, 2025.","url":"https://asec.ahnlab.com/en/53046/","source":"Tidal Cyber","title":"Kimsuky Group Using Meterpreter to Attack Web Servers","authors":"ASEC","date_accessed":"2025-06-09T00:00:00Z","date_published":"2025-05-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"16d5732d-1d08-545d-bc21-5cbacf26fe7d","created":"2025-06-10T15:50:19.803210Z","modified":"2025-06-10T15:50:20.040881Z"},{"id":"8e52db6b-5ac3-448a-93f6-96a21787a346","name":"EST Kimsuky April 2019","description":"Alyac. (2019, April 3). Kimsuky Organization Steals Operation Stealth Power. Retrieved August 13, 2019.","url":"https://blog.alyac.co.kr/2234","source":"MITRE","title":"Kimsuky Organization Steals Operation Stealth Power","authors":"Alyac","date_accessed":"2019-08-13T00:00:00Z","date_published":"2019-04-03T00:00:00Z","owner_name":null,"tidal_id":"29af3575-dc61-54fd-8134-1e0c2a9ce6d9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438389Z"},{"id":"45d64462-2bed-46e8-ac52-9d4914608a93","name":"ThreatConnect Kimsuky September 2020","description":"ThreatConnect. (2020, September 28). Kimsuky Phishing Operations Putting In Work. Retrieved October 30, 2020.","url":"https://threatconnect.com/blog/kimsuky-phishing-operations-putting-in-work/","source":"MITRE","title":"Kimsuky Phishing Operations Putting In Work","authors":"ThreatConnect","date_accessed":"2020-10-30T00:00:00Z","date_published":"2020-09-28T00:00:00Z","owner_name":null,"tidal_id":"40f4619d-af8a-5a0a-af71-57cbb717e739","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438426Z"},{"id":"e060d834-1dfa-4451-b921-7aa26a2ffa30","name":"ENKI Kimsuky KimJongRAT November 21 2025","description":"EnkiWhiteHat. (2025, November 21). Kimsuky’s Ongoing Evolution of KimJongRAT and Expanding Threats | Enki White Hat. Retrieved December 1, 2025.","url":"https://www.enki.co.kr/en/media-center/blog/kimsuky-s-ongoing-evolution-of-kimjongrat-and-expanding-threats","source":"Tidal Cyber","title":"Kimsuky’s Ongoing Evolution of KimJongRAT and Expanding Threats | Enki White Hat","authors":"EnkiWhiteHat","date_accessed":"2025-12-01T12:00:00Z","date_published":"2025-11-21T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"69c8881e-5d79-5177-b313-87930012e061","created":"2025-12-10T14:13:44.701526Z","modified":"2025-12-10T14:13:44.851020Z"},{"id":"b72dd3a1-62ca-4a05-96a8-c4bddb17db50","name":"BRI Kimsuky April 2019","description":"BRI. (2019, April). Kimsuky unveils APT campaign 'Smoke Screen' aimed at Korea and America. Retrieved October 7, 2019.","url":"https://brica.de/alerts/alert/public/1255063/kimsuky-unveils-apt-campaign-smoke-screen-aimed-at-korea-and-america/","source":"MITRE","title":"Kimsuky unveils APT campaign 'Smoke Screen' aimed at Korea and America","authors":"BRI","date_accessed":"2019-10-07T00:00:00Z","date_published":"2019-04-01T00:00:00Z","owner_name":null,"tidal_id":"60c8d8a5-dd89-5af7-94e1-54dce872bdb8","created":"2022-12-14T20:06:32.013016Z","modified":"2024-04-25T13:28:43.301396Z"},{"id":"7ea15475-c6fa-5684-aea9-c47bee9f5d54","name":"Google Mandiant Storm-0501 Sabbath Ransomware November 2021","description":"Tyler McLellan, Brandan Schondorfer. (2021, November 29). Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again. Retrieved October 19, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/sabbath-ransomware-affiliate/","source":"MITRE","title":"Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again","authors":"Tyler McLellan, Brandan Schondorfer","date_accessed":"2025-10-19T00:00:00Z","date_published":"2021-11-29T00:00:00Z","owner_name":null,"tidal_id":"cf078c85-9883-536c-8f33-0199c112e753","created":"2025-10-29T21:08:48.167016Z","modified":"2025-12-17T15:08:36.438724Z"},{"id":"ab3a20a5-2df1-4f8e-989d-baa96ffaca74","name":"Mandiant Sabbath Ransomware November 29 2021","description":"Tyler McLellan, Brandan Schondorfer. (2021, November 29). Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again. Retrieved October 3, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/sabbath-ransomware-affiliate/","source":"Tidal Cyber","title":"Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again","authors":"Tyler McLellan, Brandan Schondorfer","date_accessed":"2024-10-03T00:00:00Z","date_published":"2021-11-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8abe99bc-51ef-5071-a445-f54c5941a87a","created":"2024-10-04T20:31:32.320768Z","modified":"2024-10-04T20:31:32.520605Z"},{"id":"f500340f-23fc-406a-97ef-0de787ef8cec","name":"Microsoft Klist","description":"Microsoft. (2021, March 3). klist. Retrieved October 14, 2021.","url":"https://docs.microsoft.com/windows-server/administration/windows-commands/klist","source":"MITRE","title":"klist","authors":"Microsoft","date_accessed":"2021-10-14T00:00:00Z","date_published":"2021-03-03T00:00:00Z","owner_name":null,"tidal_id":"cfe0dc6e-471a-5b7f-acaf-f009758c78fd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428380Z"},{"id":"0119687c-b46b-4b5f-a6d8-affa14258392","name":"FireEye Know Your Enemy FIN8 Aug 2016","description":"Elovitz, S. & Ahl, I. (2016, August 18). Know Your Enemy: New Financially-Motivated & Spear-Phishing Group. Retrieved February 26, 2018.","url":"https://www2.fireeye.com/WBNR-Know-Your-Enemy-UNC622-Spear-Phishing.html","source":"MITRE","title":"Know Your Enemy: New Financially-Motivated & Spear-Phishing Group","authors":"Elovitz, S. & Ahl, I","date_accessed":"2018-02-26T00:00:00Z","date_published":"2016-08-18T00:00:00Z","owner_name":null,"tidal_id":"586a4959-56a2-5ed0-8a61-15e7e9dd2f39","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418933Z"},{"id":"eab1f4a9-7b55-55e8-a137-d60c926925a6","name":"Samsung Knox Mobile Threat Defense","description":"Samsung Knox Partner Program. (n.d.). Knox for Mobile Threat Defense. Retrieved March","url":"https://partner.samsungknox.com/mtd","source":"Mobile","title":"Knox for Mobile Threat Defense","authors":"Samsung Knox Partner Program","date_accessed":"1978-03-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"91a5a777-56d3-52a9-b363-986a8c380399","created":"2026-01-28T13:08:10.043093Z","modified":"2026-01-28T13:08:10.043096Z"},{"id":"54cbf1bd-9aed-4f82-8c15-6e88dd5d8d64","name":"Github Koadic","description":"Magius, J., et al. (2017, July 19). Koadic. Retrieved September 27, 2024.","url":"https://github.com/offsecginger/koadic","source":"MITRE","title":"Koadic","authors":"Magius, J., et al","date_accessed":"2024-09-27T00:00:00Z","date_published":"2017-07-19T00:00:00Z","owner_name":null,"tidal_id":"2c415d43-defd-51a3-9fc5-a752d5b13d43","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423360Z"},{"id":"883a9417-f7f6-4aa6-8708-8c320d4e0a7a","name":"ESET Kobalos Feb 2021","description":"M.Leveille, M., Sanmillan, I. (2021, February 2). Kobalos – A complex Linux threat to high performance computing infrastructure. Retrieved August 24, 2021.","url":"https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/","source":"MITRE","title":"Kobalos – A complex Linux threat to high performance computing infrastructure","authors":"M.Leveille, M., Sanmillan, I","date_accessed":"2021-08-24T00:00:00Z","date_published":"2021-02-02T00:00:00Z","owner_name":null,"tidal_id":"490628ea-46e2-53f5-b6b2-3e1a113a5534","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420658Z"},{"id":"4cb69c58-4e47-4fb9-9eef-8a0b5447a553","name":"Talos Konni May 2017","description":"Rascagneres, P. (2017, May 03). KONNI: A Malware Under The Radar For Years. Retrieved November 5, 2018.","url":"https://blog.talosintelligence.com/2017/05/konni-malware-under-radar-for-years.html","source":"MITRE","title":"KONNI: A Malware Under The Radar For Years","authors":"Rascagneres, P","date_accessed":"2018-11-05T00:00:00Z","date_published":"2017-05-03T00:00:00Z","owner_name":null,"tidal_id":"32690400-47d2-53d7-a9b0-038497517252","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420007Z"},{"id":"5dbb84dc-a991-4fa7-8528-639b1430ca02","name":"Malwarebytes KONNI Evolves Jan 2022","description":"Santos, R. (2022, January 26). KONNI evolves into stealthier RAT. Retrieved April 13, 2022.","url":"https://blog.malwarebytes.com/threat-intelligence/2022/01/konni-evolves-into-stealthier-rat/","source":"MITRE","title":"KONNI evolves into stealthier RAT","authors":"Santos, R","date_accessed":"2022-04-13T00:00:00Z","date_published":"2022-01-26T00:00:00Z","owner_name":null,"tidal_id":"118f79e8-30e5-590e-8ffb-1722f8d06323","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441287Z"},{"id":"bf8b2bf0-cca3-437b-a640-715f9cc945f7","name":"Talos Group123","description":"Mercer, W., Rascagneres, P. (2018, January 16). Korea In The Crosshairs. Retrieved May 21, 2018.","url":"https://blog.talosintelligence.com/2018/01/korea-in-crosshairs.html","source":"MITRE","title":"Korea In The Crosshairs","authors":"Mercer, W., Rascagneres, P","date_accessed":"2018-05-21T00:00:00Z","date_published":"2018-01-16T00:00:00Z","owner_name":null,"tidal_id":"56bd2987-6225-5019-88be-8a4b6b6a6f77","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419080Z"},{"id":"5aae1cd7-4e24-40a5-90d8-1f6431851a8f","name":"Kube Kubectl","description":"kubernetes. (n.d.). kubectl. Retrieved October 13, 2021.","url":"https://kubernetes.io/docs/reference/kubectl/kubectl/","source":"MITRE","title":"kubectl","authors":"kubernetes","date_accessed":"2021-10-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e3d0faad-6c98-5cf3-99de-ed665fef0a9d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437005Z"},{"id":"57527fb9-d076-4ce1-afb5-e7bdb9c9d74c","name":"Kubernetes Kubelet","description":"The Kubernetes Authors. (n.d.). Kubelet. Retrieved March 29, 2021.","url":"https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/","source":"MITRE","title":"Kubelet","authors":"The Kubernetes Authors","date_accessed":"2021-03-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6a756fcb-612c-5c2c-9ef3-9bc58293f3f0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431506Z"},{"id":"354d242c-227e-4827-b559-dc1650d37acd","name":"Kubernetes CronJob","description":"The Kubernetes Authors. (n.d.). Kubernetes CronJob. Retrieved March 29, 2021.","url":"https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/","source":"MITRE","title":"Kubernetes CronJob","authors":"The Kubernetes Authors","date_accessed":"2021-03-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1e56646d-5229-5b8d-aa4b-333d45af10c5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425141Z"},{"id":"e423b14c-dd39-4b36-9b95-96efbcaf0a12","name":"Kubernetes Hardening Guide","description":"National Security Agency, Cybersecurity and Infrastructure Security Agency. (2022, March). Kubernetes Hardening Guide. Retrieved April 1, 2022.","url":"https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF","source":"MITRE","title":"Kubernetes Hardening Guide","authors":"National Security Agency, Cybersecurity and Infrastructure Security Agency","date_accessed":"2022-04-01T00:00:00Z","date_published":"2022-03-01T00:00:00Z","owner_name":null,"tidal_id":"43e3c605-1b04-5f99-a9fb-c9cb3fd397a5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441316Z"},{"id":"21a4388d-dbf8-487b-a2a2-67927b099e4a","name":"Kubernetes Jobs","description":"The Kubernetes Authors. (n.d.). Kubernetes Jobs. Retrieved March 30, 2021.","url":"https://kubernetes.io/docs/concepts/workloads/controllers/job/","source":"MITRE","title":"Kubernetes Jobs","authors":"The Kubernetes Authors","date_accessed":"2021-03-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c3389639-7469-5724-8bbc-ddc6c18f9b2f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425147Z"},{"id":"85852b3e-f6a3-5406-9dd5-a649358a53de","name":"AppSecco Kubernetes Namespace Breakout 2020","description":"Abhisek Datta. (2020, March 18). Kubernetes Namespace Breakout using Insecure Host Path Volume — Part 1. Retrieved January 16, 2024.","url":"https://blog.appsecco.com/kubernetes-namespace-breakout-using-insecure-host-path-volume-part-1-b382f2a6e216","source":"MITRE","title":"Kubernetes Namespace Breakout using Insecure Host Path Volume — Part 1","authors":"Abhisek Datta","date_accessed":"2024-01-16T00:00:00Z","date_published":"2020-03-18T00:00:00Z","owner_name":null,"tidal_id":"04750083-e278-5b69-8417-7123dba2a13a","created":"2024-04-25T13:28:34.956523Z","modified":"2025-12-17T15:08:36.429867Z"},{"id":"02f23351-df83-4aae-a0bd-614ed91bc683","name":"Kubernetes Dashboard","description":"The Kubernetes Authors. (n.d.). Kubernetes Web UI (Dashboard). Retrieved March 29, 2021.","url":"https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/","source":"MITRE","title":"Kubernetes Web UI (Dashboard)","authors":"The Kubernetes Authors","date_accessed":"2021-03-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c785329e-e702-57a0-89fc-d5d90de17bdc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429898Z"},{"id":"e86abbd9-f349-4d90-8ec9-899fe1637f94","name":"Intezer App Service Phishing","description":"Paul Litvak. (2020, October 8). Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure. Retrieved August 18, 2022.","url":"https://www.intezer.com/blog/malware-analysis/kud-i-enter-your-server-new-vulnerabilities-in-microsoft-azure/","source":"MITRE","title":"Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure","authors":"Paul Litvak","date_accessed":"2022-08-18T00:00:00Z","date_published":"2020-10-08T00:00:00Z","owner_name":null,"tidal_id":"76e867d4-23df-5072-97f0-883725f3cab5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429429Z"},{"id":"1c5ee0d2-4d6c-4a5f-9790-79bfb7abc53f","name":"Alintanahin 2014","description":"Alintanahin, K. (2014, March 13). Kunming Attack Leads to Gh0st RAT Variant. Retrieved November 12, 2014.","url":"http://blog.trendmicro.com/trendlabs-security-intelligence/kunming-attack-leads-to-gh0st-rat-variant/","source":"MITRE","title":"Kunming Attack Leads to Gh0st RAT Variant","authors":"Alintanahin, K","date_accessed":"2014-11-12T00:00:00Z","date_published":"2014-03-13T00:00:00Z","owner_name":null,"tidal_id":"ca39c5ab-0856-5ea6-b7d4-f4cae3cd6d86","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442654Z"},{"id":"68e374c7-33d9-56e9-974f-7a3c8280f399","name":"Kyle Wilhoit","description":"Kyle Wilhoit Daavid Hentunen, Antti Tikkanen 2014, June 23 Havex Hunts For ICS/SCADA Systems. Retrieved 2019/04/01","url":"https://www.youtube.com/watch?v=eywmb7UDODY&feature=youtu.be&t=939","source":"ICS","title":"Kyle Wilhoit","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a4b4eb30-2579-5df7-ae4d-360f02ebcbcb","created":"2026-01-28T13:08:18.179862Z","modified":"2026-01-28T13:08:18.179867Z"},{"id":"8fcbd99a-1fb8-4ca3-9efd-a98734d4397d","name":"Wits End and Shady PowerShell Profiles","description":"DeRyke, A.. (2019, June 7). Lab Notes: Persistence and Privilege Elevation using the Powershell Profile. Retrieved July 8, 2019.","url":"https://witsendandshady.blogspot.com/2019/06/lab-notes-persistence-and-privilege.html","source":"MITRE","title":"Lab Notes: Persistence and Privilege Elevation using the Powershell Profile","authors":"DeRyke, A.","date_accessed":"2019-07-08T00:00:00Z","date_published":"2019-06-07T00:00:00Z","owner_name":null,"tidal_id":"bc1ca0b2-a003-5989-8943-2b7b2798a1a5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424818Z"},{"id":"aa0820ed-62ae-578a-adbe-e6597551f069","name":"Sysdig Cryptojacking Proxyjacking 2023","description":"Miguel Hernandez. (2023, August 17). LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab . Retrieved September 25, 2024.","url":"https://sysdig.com/blog/labrat-cryptojacking-proxyjacking-campaign/","source":"MITRE","title":"LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab","authors":"Miguel Hernandez","date_accessed":"2024-09-25T00:00:00Z","date_published":"2023-08-17T00:00:00Z","owner_name":null,"tidal_id":"17cbc0c5-652f-5ef5-a932-4f35b3c944b0","created":"2024-10-31T16:28:25.769892Z","modified":"2025-12-17T15:08:36.434810Z"},{"id":"920e7b38-6f0f-522c-9e73-9e81da1343f7","name":"Lacework AI Resource Hijacking 2024","description":"Detecting AI resource-hijacking with Composite Alerts. (2024, June 6). Lacework Labs. Retrieved July 1, 2024.","url":"https://www.lacework.com/blog/detecting-ai-resource-hijacking-with-composite-alerts","source":"MITRE","title":"Lacework Labs","authors":"Detecting AI resource-hijacking with Composite Alerts","date_accessed":"2024-07-01T00:00:00Z","date_published":"2024-06-06T00:00:00Z","owner_name":null,"tidal_id":"42206929-244a-54d3-891e-c8bc877fb236","created":"2024-10-31T16:28:23.563352Z","modified":"2025-12-17T15:08:36.432394Z"},{"id":"18e41da7-8dd3-569b-a54d-253aa8cd22ff","name":"AWS Lambda Execution Role","description":"AWS. (n.d.). Lambda execution role. Retrieved February 28, 2024.","url":"https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html","source":"MITRE","title":"Lambda execution role","authors":"AWS","date_accessed":"2024-02-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a1f34af3-3e62-5d6d-9d0f-ace628ecd121","created":"2024-04-25T13:28:38.194505Z","modified":"2025-12-17T15:08:36.433012Z"},{"id":"50bfea15-3925-5ecb-ad4e-1ad23ba489ff","name":"Langner November 2018","description":"Langner 2018, November Why Ethernet/IP changes the OT asset discovery game. Retrieved 2020/09/25","url":"https://www.langner.com/2018/11/why-ethernet-ip-changes-the-ot-asset-discovery-game/","source":"ICS","title":"Langner November 2018","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2f9549bc-b4da-5540-a730-4da15515e3cf","created":"2026-01-28T13:08:18.180183Z","modified":"2026-01-28T13:08:18.180186Z"},{"id":"d2e7c69d-8a10-51ca-af7b-22d08f4dfe45","name":"NCC Group LAPSUS Apr 2022","description":"Brown, D., et al. (2022, April 28). LAPSUS$: Recent techniques, tactics and procedures. Retrieved December 22, 2022.","url":"https://research.nccgroup.com/2022/04/28/lapsus-recent-techniques-tactics-and-procedures/","source":"MITRE","title":"LAPSUS$: Recent techniques, tactics and procedures","authors":"Brown, D., et al","date_accessed":"2022-12-22T00:00:00Z","date_published":"2022-04-28T00:00:00Z","owner_name":null,"tidal_id":"015ed4ba-58dc-55fe-9e2a-41dc24359fc4","created":"2023-11-07T00:36:19.440843Z","modified":"2025-12-17T15:08:36.440824Z"},{"id":"6c9f4312-6c9d-401c-b20f-12ce50c94a96","name":"BBC LAPSUS Apr 2022","description":"BBC. (2022, April 1). LAPSUS: Two UK Teenagers Charged with Hacking for Gang. Retrieved June 9, 2022.","url":"https://www.bbc.com/news/technology-60953527","source":"MITRE","title":"LAPSUS: Two UK Teenagers Charged with Hacking for Gang","authors":"BBC","date_accessed":"2022-06-09T00:00:00Z","date_published":"2022-04-01T00:00:00Z","owner_name":null,"tidal_id":"e924c0b3-d51c-523a-a1c3-97bfd62fa015","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438629Z"},{"id":"70ad987a-c49c-526e-bc0b-719cccd59cf7","name":"PaloAlto StrelaStealer 2024","description":"Benjamin Chang, Goutam Tripathy, Pranay Kumar Chhaparwal, Anmol Maurya & Vishwa Thothathri, Palo Alto Networks. (2024, March 22). Large-Scale StrelaStealer Campaign in Early 2024. Retrieved December 31, 2024.","url":"https://unit42.paloaltonetworks.com/strelastealer-campaign/","source":"MITRE","title":"Large-Scale StrelaStealer Campaign in Early 2024","authors":"Benjamin Chang, Goutam Tripathy, Pranay Kumar Chhaparwal, Anmol Maurya & Vishwa Thothathri, Palo Alto Networks","date_accessed":"2024-12-31T00:00:00Z","date_published":"2024-03-22T00:00:00Z","owner_name":null,"tidal_id":"1244e0d1-aa4b-5222-a2ea-6e9a11764769","created":"2025-04-22T20:47:27.949397Z","modified":"2025-12-17T15:08:36.420511Z"},{"id":"81c02ecf-04b0-4e8a-b4d2-a4e26f684b3b","name":"LARVA-208 Profile","description":"PRODAFT. (2025, February 27). LARVA-208 Profile. Retrieved February 28, 2025.","url":"https://catalyst.prodaft.com/public/report/larva-208/overview","source":"Tidal Cyber","title":"LARVA-208 Profile","authors":"PRODAFT","date_accessed":"2025-02-28T00:00:00Z","date_published":"2025-02-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0feccf7a-d260-5904-ade9-b84d16663c52","created":"2025-03-04T15:54:56.033354Z","modified":"2025-03-04T15:54:56.206102Z"},{"id":"953dc856-d906-4d87-a421-4e708f30208c","name":"Enigma Excel DCOM Sept 2017","description":"Nelson, M. (2017, September 11). Lateral Movement using Excel.Application and DCOM. Retrieved November 21, 2017.","url":"https://enigma0x3.net/2017/09/11/lateral-movement-using-excel-application-and-dcom/","source":"MITRE","title":"Lateral Movement using Excel.Application and DCOM","authors":"Nelson, M","date_accessed":"2017-11-21T00:00:00Z","date_published":"2017-09-11T00:00:00Z","owner_name":null,"tidal_id":"dd307fbe-b154-5f10-8f6e-1293a7255deb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430702Z"},{"id":"48c8b8c4-1ce2-4fbc-a95d-dc8b39304200","name":"Enigma Outlook DCOM Lateral Movement Nov 2017","description":"Nelson, M. (2017, November 16). Lateral Movement using Outlook's CreateObject Method and DotNetToJScript. Retrieved November 21, 2017.","url":"https://enigma0x3.net/2017/11/16/lateral-movement-using-outlooks-createobject-method-and-dotnettojscript/","source":"MITRE","title":"Lateral Movement using Outlook's CreateObject Method and DotNetToJScript","authors":"Nelson, M","date_accessed":"2017-11-21T00:00:00Z","date_published":"2017-11-16T00:00:00Z","owner_name":null,"tidal_id":"35a15d75-868c-5772-bd8e-766c0472f4a7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427027Z"},{"id":"ecc1023d-ef37-46e3-8dce-8fd5bb6a10dc","name":"Enigma MMC20 COM Jan 2017","description":"Nelson, M. (2017, January 5). Lateral Movement using the MMC20 Application COM Object. Retrieved November 21, 2017.","url":"https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/","source":"MITRE","title":"Lateral Movement using the MMC20 Application COM Object","authors":"Nelson, M","date_accessed":"2017-11-21T00:00:00Z","date_published":"2017-01-05T00:00:00Z","owner_name":null,"tidal_id":"609a6435-cca8-508c-90be-1d13889dd47d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427020Z"},{"id":"62a14d3b-c61b-4c96-ad28-0519745121e3","name":"Enigma DCOM Lateral Movement Jan 2017","description":"Nelson, M. (2017, January 23). Lateral Movement via DCOM: Round 2. Retrieved November 21, 2017.","url":"https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/","source":"MITRE","title":"Lateral Movement via DCOM: Round 2","authors":"Nelson, M","date_accessed":"2017-11-21T00:00:00Z","date_published":"2017-01-23T00:00:00Z","owner_name":null,"tidal_id":"6d990dcd-1879-5d48-81b5-83bc02ca8b36","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430695Z"},{"id":"f9ca049c-5cab-4d80-a84b-1695365871e3","name":"Jacobsen 2014","description":"Jacobsen, K. (2014, May 16). Lateral Movement with PowerShell[slides]. Retrieved November 12, 2014.","url":"https://www.slideshare.net/kieranjacobsen/lateral-movement-with-power-shell-2","source":"MITRE","title":"Lateral Movement with PowerShell[slides]","authors":"Jacobsen, K","date_accessed":"2014-11-12T00:00:00Z","date_published":"2014-05-16T00:00:00Z","owner_name":null,"tidal_id":"2c6cfc93-cccf-5c12-b2c9-e6e20868314d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:10:01.167624Z"},{"id":"499c7ced-17e7-592b-ad58-5e3a40328554","name":"Zscaler PAKLOG CorkLog SplatCloak Splatdropper April 2025","description":"Sudeep Singh. (2025, April 16). Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2. Retrieved September 12, 2025.","url":"https://www.zscaler.com/blogs/security-research/latest-mustang-panda-arsenal-paklog-corklog-and-splatcloak-p2","source":"MITRE","title":"Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2","authors":"Sudeep Singh","date_accessed":"2025-09-12T00:00:00Z","date_published":"2025-04-16T00:00:00Z","owner_name":null,"tidal_id":"7c5c7c20-6334-5aaa-8df7-d42e98212c7f","created":"2025-10-29T21:08:48.164693Z","modified":"2025-12-17T15:08:36.416928Z"},{"id":"443f560c-2bc7-575d-aab1-1cfa74064b5f","name":"Zscaler","description":"Sudeep Singh. (2025, April 16). Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1. Retrieved July 21, 2025.","url":"https://www.zscaler.com/blogs/security-research/latest-mustang-panda-arsenal-toneshell-and-starproxy-p1","source":"MITRE","title":"Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1","authors":"Sudeep Singh","date_accessed":"2025-07-21T00:00:00Z","date_published":"2025-04-16T00:00:00Z","owner_name":null,"tidal_id":"688dcdf6-80ed-5038-bf58-488f7132ab48","created":"2025-10-29T21:08:48.164876Z","modified":"2025-12-17T15:08:36.417380Z"},{"id":"9a942e75-3541-5b8d-acde-8f2a3447184a","name":"Bitsight Latrodectus June 2024","description":"Batista, J. (2024, June 17). Latrodectus, are you coming back?. Retrieved September 13, 2024.","url":"https://www.bitsight.com/blog/latrodectus-are-you-coming-back","source":"MITRE","title":"Latrodectus, are you coming back?","authors":"Batista, J","date_accessed":"2024-09-13T00:00:00Z","date_published":"2024-06-17T00:00:00Z","owner_name":null,"tidal_id":"6eede37f-0f6d-52e8-b7a3-394fdb8c6e13","created":"2024-10-31T16:28:30.933908Z","modified":"2025-12-17T15:08:36.419724Z"},{"id":"23f46e51-cfb9-516f-88a6-824893293deb","name":"Latrodectus APR 2024","description":"Proofpoint Threat Research and Team Cymru S2 Threat Research. (2024, April 4). Latrodectus: This Spider Bytes Like Ice . Retrieved May 31, 2024.","url":"https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice","source":"MITRE","title":"Latrodectus: This Spider Bytes Like Ice","authors":"Proofpoint Threat Research and Team Cymru S2 Threat Research","date_accessed":"2024-05-31T00:00:00Z","date_published":"2024-04-04T00:00:00Z","owner_name":null,"tidal_id":"ac1a5de1-fec0-5ece-885a-5a6f96816937","created":"2024-10-31T16:28:25.748979Z","modified":"2025-12-17T15:08:36.419731Z"},{"id":"26bd50ba-c359-4804-b574-7ec731b37fa6","name":"Launchctl Man","description":"SS64. (n.d.). launchctl. Retrieved March 28, 2020.","url":"https://ss64.com/osx/launchctl.html","source":"MITRE","title":"launchctl","authors":"SS64","date_accessed":"2020-03-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"bf39ed62-e159-5d6e-97db-15f70a093e03","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431846Z"},{"id":"51d1e4d9-265a-48ca-834b-4daa1f386bb4","name":"LaunchDaemon Hijacking","description":"Bradley Kemp. (2021, May 10). LaunchDaemon Hijacking: privilege escalation and persistence via insecure folder permissions. Retrieved July 26, 2021.","url":"https://bradleyjkemp.dev/post/launchdaemon-hijacking/","source":"MITRE","title":"LaunchDaemon Hijacking: privilege escalation and persistence via insecure folder permissions","authors":"Bradley Kemp","date_accessed":"2021-07-26T00:00:00Z","date_published":"2021-05-10T00:00:00Z","owner_name":null,"tidal_id":"9fd5c4ca-c21d-5f47-8643-38f672473b11","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429985Z"},{"id":"1bcd2a93-93e7-48d8-ad25-6f09e94123aa","name":"launchd Keywords for plists","description":"Dennis German. (2020, November 20). launchd Keywords for plists. Retrieved October 7, 2021.","url":"https://www.real-world-systems.com/docs/launchdPlist.1.html","source":"MITRE","title":"launchd Keywords for plists","authors":"Dennis German","date_accessed":"2021-10-07T00:00:00Z","date_published":"2020-11-20T00:00:00Z","owner_name":null,"tidal_id":"b93f5f83-5b6c-5d6a-ae7d-e23644cf82c5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429998Z"},{"id":"d081019d-16e4-5a4f-9dca-d621a8ed7989","name":"LauncherApps getActivityList","description":"Android. (n.d.). LauncherApps: getActivityList. Retrieved March","url":"https://developer.android.com/reference/kotlin/android/content/pm/LauncherApps#getactivitylist","source":"Mobile","title":"LauncherApps: getActivityList","authors":"Android","date_accessed":"1978-03-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7fb32faf-f600-5a1a-bf50-77067345a2f3","created":"2026-01-28T13:08:10.046562Z","modified":"2026-01-28T13:08:10.046565Z"},{"id":"9973ceb1-2fee-451b-a512-c544671ee9fd","name":"Launch Services Apple Developer","description":"Apple. (n.d.). Launch Services. Retrieved October 5, 2021.","url":"https://developer.apple.com/documentation/coreservices/launch_services","source":"MITRE","title":"Launch Services","authors":"Apple","date_accessed":"2021-10-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f846cf43-13c3-5cae-9809-b7daf0744bd6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432032Z"},{"id":"d75fd3e6-c1cd-4555-b131-80e34f51f09d","name":"Launch Service Keys Developer Apple","description":"Apple. (2018, June 4). Launch Services Keys. Retrieved October 5, 2021.","url":"https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/LaunchServicesKeys.html#//apple_ref/doc/uid/TP40009250-SW1","source":"MITRE","title":"Launch Services Keys","authors":"Apple","date_accessed":"2021-10-05T00:00:00Z","date_published":"2018-06-04T00:00:00Z","owner_name":null,"tidal_id":"16984ad6-c853-5573-b70e-dd495c3f4e5b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432026Z"},{"id":"6e81ff6a-a386-495e-bd4b-cf698b02bce8","name":"Launch-VsDevShell.ps1 - LOLBAS Project","description":"LOLBAS. (2022, June 13). Launch-VsDevShell.ps1. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Scripts/Launch-VsDevShell/","source":"Tidal Cyber","title":"Launch-VsDevShell.ps1","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-06-13T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ac1fdb2f-44a7-5957-b8a7-7fad86c74637","created":"2024-01-12T14:47:37.526777Z","modified":"2024-01-12T14:47:37.709881Z"},{"id":"c531a8dc-ea08-46db-a6d4-754bd1b9d545","name":"MalwareBytes Lazarus-Andariel Conceals Code April 2021","description":"Jazi, H. (2021, April 19). Lazarus APT conceals malicious code within BMP image to drop its RAT . Retrieved September 29, 2021.","url":"https://blog.malwarebytes.com/threat-intelligence/2021/04/lazarus-apt-conceals-malicious-code-within-bmp-file-to-drop-its-rat/","source":"MITRE","title":"Lazarus APT conceals malicious code within BMP image to drop its RAT","authors":"Jazi, H","date_accessed":"2021-09-29T00:00:00Z","date_published":"2021-04-19T00:00:00Z","owner_name":null,"tidal_id":"ffa5ea8d-b514-590f-af19-bcb4b5b7421e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442684Z"},{"id":"b17b965a-0d17-566b-b2ea-8bc09aaba8bb","name":"Validin Contagious Interview North Korea ClickFix January 2025","description":"Efstratios Lontzetidis. (2025, January 16). Lazarus APT: Techniques for Hunting Contagious Interview. Retrieved October 20, 2025.","url":"https://www.validin.com/blog/inoculating_contagious_interview_with_validin/","source":"MITRE","title":"Lazarus APT: Techniques for Hunting Contagious Interview","authors":"Efstratios Lontzetidis","date_accessed":"2025-10-20T00:00:00Z","date_published":"2025-01-16T00:00:00Z","owner_name":null,"tidal_id":"48e309ae-998d-5b24-ae78-c1a50c3cd1eb","created":"2025-10-29T21:08:48.167091Z","modified":"2025-12-17T15:08:36.439010Z"},{"id":"e3f9853f-29b0-4219-a488-a6ecfa16b09f","name":"Lazarus RATANKBA","description":"Lei, C., et al. (2018, January 24). Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More. Retrieved May 22, 2018.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-campaign-targeting-cryptocurrencies-reveals-remote-controller-tool-evolved-ratankba/","source":"MITRE","title":"Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More","authors":"Lei, C., et al","date_accessed":"2018-05-22T00:00:00Z","date_published":"2018-01-24T00:00:00Z","owner_name":null,"tidal_id":"3ab2d1ba-f720-58b8-aa3b-1d3d150d8ecf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420693Z"},{"id":"594c59ff-c4cb-4164-a62d-120e282b2538","name":"ATT Lazarus TTP Evolution","description":"Fernando Martinez. (2021, July 6). Lazarus campaign TTPs and evolution. Retrieved September 22, 2021.","url":"https://cybersecurity.att.com/blogs/labs-research/lazarus-campaign-ttps-and-evolution","source":"MITRE","title":"Lazarus campaign TTPs and evolution","authors":"Fernando Martinez","date_accessed":"2021-09-22T00:00:00Z","date_published":"2021-07-06T00:00:00Z","owner_name":null,"tidal_id":"dc576581-e791-5833-b258-e699528ff45f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425831Z"},{"id":"4c697316-c13a-4243-be18-c0e059e4168c","name":"TrendMicro Lazarus Nov 2018","description":"Trend Micro. (2018, November 20). Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America. Retrieved December 3, 2018.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/lazarus-continues-heists-mounts-attacks-on-financial-organizations-in-latin-america/","source":"MITRE","title":"Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America","authors":"Trend Micro","date_accessed":"2018-12-03T00:00:00Z","date_published":"2018-11-20T00:00:00Z","owner_name":null,"tidal_id":"dff84d2e-5200-5f42-a600-4838c163ded4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417350Z"},{"id":"487a2a0a-6126-525a-ae04-f7044c2fc970","name":"Socket Contagious Interview NPM April 2025","description":"Kirill Boychenko. (2025, April 4). Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads. Retrieved October 20, 2025.","url":"https://socket.dev/blog/lazarus-expands-malicious-npm-campaign-11-new-packages-add-malware-loaders-and-bitbucket","source":"MITRE","title":"Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads","authors":"Kirill Boychenko","date_accessed":"2025-10-20T00:00:00Z","date_published":"2025-04-04T00:00:00Z","owner_name":null,"tidal_id":"4c530a5e-ecbe-5be6-a321-ee6fc17d834f","created":"2025-10-29T21:08:48.165057Z","modified":"2025-12-17T15:08:36.417952Z"},{"id":"f7facaae-e768-42eb-8e0e-2bfd0a636076","name":"F-Secure Lazarus Cryptocurrency Aug 2020","description":"F-Secure Labs. (2020, August 18). Lazarus Group Campaign Targeting the Cryptocurrency Vertical. Retrieved September 1, 2020.","url":"https://web.archive.org/web/20200901113617/https://labs.f-secure.com/assets/BlogFiles/f-secureLABS-tlp-white-lazarus-threat-intel-report2.pdf","source":"MITRE","title":"Lazarus Group Campaign Targeting the Cryptocurrency Vertical","authors":"F-Secure Labs","date_accessed":"2020-09-01T00:00:00Z","date_published":"2020-08-18T00:00:00Z","owner_name":null,"tidal_id":"ce00eed9-84f4-5eaf-8fb1-2bc2ec3a967c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442427Z"},{"id":"e2ec7e5d-370c-4bd6-856d-ca0a00ce54ee","name":"The Hacker News ClickFake Interview April 3 2025","description":"Ravie Lakshmanan. (2025, April 3). Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware. Retrieved May 29, 2025.","url":"https://thehackernews.com/2025/04/lazarus-group-targets-job-seekers-with.html","source":"Tidal Cyber","title":"Lazarus Group Targets Job Seekers With ClickFix Tactic to Deploy GolangGhost Malware","authors":"Ravie Lakshmanan","date_accessed":"2025-05-29T00:00:00Z","date_published":"2025-04-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ae90beac-2e67-52d7-b5ac-d4543d1d49a4","created":"2025-06-03T14:14:07.256349Z","modified":"2025-06-03T14:14:07.421330Z"},{"id":"50808396-6cf5-588e-a7cf-5601396f92fa","name":"ASEC Lazarus 2022","description":"AhnLab ASEC. (2022, October 6). Lazarus Group Uses the DLL Side-Loading Technique (mi.dll). Retrieved January 7, 2025.","url":"https://asec.ahnlab.com/en/39828/","source":"MITRE","title":"Lazarus Group Uses the DLL Side-Loading Technique (mi.dll)","authors":"AhnLab ASEC","date_accessed":"2025-01-07T00:00:00Z","date_published":"2022-10-06T00:00:00Z","owner_name":null,"tidal_id":"14b249be-1f57-5163-b35e-9545f21a1b78","created":"2025-04-22T20:47:32.737597Z","modified":"2025-12-17T15:08:36.442795Z"},{"id":"6f931476-29e6-4bba-ba1b-37ab742f4b49","name":"Lazarus KillDisk","description":"Kálnai, P., Cherepanov A. (2018, April 03). Lazarus KillDisks Central American casino. Retrieved May 17, 2018.","url":"https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/","source":"MITRE","title":"Lazarus KillDisks Central American casino","authors":"Kálnai, P., Cherepanov A","date_accessed":"2018-05-17T00:00:00Z","date_published":"2018-04-03T00:00:00Z","owner_name":null,"tidal_id":"d0cd0a02-caa4-58ab-ba29-df1e1c6c82ee","created":"2022-12-14T20:06:32.013016Z","modified":"2024-10-31T16:28:38.907368Z"},{"id":"454704b7-9ede-4d30-acfd-2cf16a89bcb3","name":"ESET Lazarus KillDisk April 2018","description":"Kálnai, P., Cherepanov A. (2018, April 03). Lazarus KillDisks Central American casino. Retrieved May 17, 2018.","url":"https://www.welivesecurity.com/2018/04/03/lazarus-killdisk-central-american-casino/","source":"MITRE","title":"Lazarus KillDisks Central American casino","authors":"Kálnai, P., Cherepanov A","date_accessed":"2018-05-17T00:00:00Z","date_published":"2018-04-03T00:00:00Z","owner_name":null,"tidal_id":"fc472c15-970b-5fca-bd1f-9a1ad84fa5d1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442521Z"},{"id":"973a110c-f1cd-46cd-b92b-5c7d8e7492b1","name":"SentinelOne 9 26 2022","description":"Dinesh Devadoss, Phil Stokes. (2022, September 26). Lazarus \"Operation In(ter)ception\" Targets macOS Users Dreaming of Jobs in Crypto. Retrieved March 8, 2024.","url":"https://www.sentinelone.com/blog/lazarus-operation-interception-targets-macos-users-dreaming-of-jobs-in-crypto/","source":"Tidal Cyber","title":"Lazarus \"Operation In(ter)ception\" Targets macOS Users Dreaming of Jobs in Crypto","authors":"Dinesh Devadoss, Phil Stokes","date_accessed":"2024-03-08T00:00:00Z","date_published":"2022-09-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5b4610aa-afa5-534a-9ca9-b966d4e1f039","created":"2024-06-24T14:58:41.597888Z","modified":"2024-06-24T14:58:42.373607Z"},{"id":"4e4cb57d-764a-4233-8fc6-d049a1caabe9","name":"McAfee Lazarus Resurfaces Feb 2018","description":"Sherstobitoff, R. (2018, February 12). Lazarus Resurfaces, Targets Global Banks and Bitcoin Users. Retrieved February 19, 2018.","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/lazarus-resurfaces-targets-global-banks-bitcoin-users/","source":"MITRE","title":"Lazarus Resurfaces, Targets Global Banks and Bitcoin Users","authors":"Sherstobitoff, R","date_accessed":"2018-02-19T00:00:00Z","date_published":"2018-02-12T00:00:00Z","owner_name":null,"tidal_id":"f9f88b58-b914-5e41-bf93-ca7121d804ce","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439823Z"},{"id":"ba6a5fcc-9391-42c0-8b90-57b729525f41","name":"Kaspersky ThreatNeedle Feb 2021","description":"Vyacheslav Kopeytsev and Seongsu Park. (2021, February 25). Lazarus targets defense industry with ThreatNeedle. Retrieved October 27, 2021.","url":"https://securelist.com/lazarus-threatneedle/100803/","source":"MITRE","title":"Lazarus targets defense industry with ThreatNeedle","authors":"Vyacheslav Kopeytsev and Seongsu Park","date_accessed":"2021-10-27T00:00:00Z","date_published":"2021-02-25T00:00:00Z","owner_name":null,"tidal_id":"bac95173-f5b8-5245-99b9-af341fbb6e40","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417103Z"},{"id":"312b30b1-3bd6-46ea-8f77-504f442499bc","name":"Kaspersky Lazarus Under The Hood APR 2017","description":"GReAT. (2017, April 3). Lazarus Under the Hood. Retrieved October 3, 2018.","url":"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180244/Lazarus_Under_The_Hood_PDF_final.pdf","source":"MITRE","title":"Lazarus Under the Hood","authors":"GReAT","date_accessed":"2018-10-03T00:00:00Z","date_published":"2017-04-03T00:00:00Z","owner_name":null,"tidal_id":"69c47713-dfdb-5539-bb8b-9136c461b140","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442715Z"},{"id":"a1e1ab6a-8db0-4593-95ec-78784607dfa0","name":"Kaspersky Lazarus Under The Hood Blog 2017","description":"GReAT. (2017, April 3). Lazarus Under the Hood. Retrieved April 17, 2019.","url":"https://securelist.com/lazarus-under-the-hood/77908/","source":"MITRE, Tidal Cyber","title":"Lazarus Under the Hood","authors":"GReAT","date_accessed":"2019-04-17T00:00:00Z","date_published":"2017-04-03T00:00:00Z","owner_name":null,"tidal_id":"af07cf1e-750d-5904-ae7f-f339effd537e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.273758Z"},{"id":"1ef76c14-f796-409a-9542-762f1e72f9b7","name":"Secureworks Emotet Nov 2018","description":"Mclellan, M.. (2018, November 19). Lazy Passwords Become Rocket Fuel for Emotet SMB Spreader. Retrieved March 25, 2019.","url":"https://www.secureworks.com/blog/lazy-passwords-become-rocket-fuel-for-emotet-smb-spreader","source":"MITRE","title":"Lazy Passwords Become Rocket Fuel for Emotet SMB Spreader","authors":"Mclellan, M.","date_accessed":"2019-03-25T00:00:00Z","date_published":"2018-11-19T00:00:00Z","owner_name":null,"tidal_id":"da3def27-64e2-55eb-a71d-746a77b6daa9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417694Z"},{"id":"078837a7-82cd-4e26-9135-43b612e911fe","name":"MalwareBytes LazyScripter Feb 2021","description":"Jazi, H. (2021, February). LazyScripter: From Empire to double RAT. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20211003035156/https://www.malwarebytes.com/resources/files/2021/02/lazyscripter.pdf","source":"MITRE, Tidal Cyber","title":"LazyScripter: From Empire to double RAT","authors":"Jazi, H","date_accessed":"2024-11-17T00:00:00Z","date_published":"2021-02-01T00:00:00Z","owner_name":null,"tidal_id":"1295b6c1-42d0-5573-af12-bfa73915c52d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.262451Z"},{"id":"45d41df9-328c-4ea3-b0fb-fc9f43bdabe5","name":"Ldifde.exe - LOLBAS Project","description":"LOLBAS. (2022, August 31). Ldifde.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Ldifde/","source":"Tidal Cyber","title":"Ldifde.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-08-31T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8dadad3a-166a-5ac5-a66c-31e259095a64","created":"2024-01-12T14:46:47.757582Z","modified":"2024-01-12T14:46:47.944187Z"},{"id":"c47ed0e0-f3e3-41de-9ea7-64fe4e343d9d","name":"Ldifde Microsoft","description":"Microsoft. (2016, August 31). Ldifde Microsoft. Retrieved July 11, 2023.","url":"https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc731033(v=ws.11)","source":"Tidal Cyber","title":"Ldifde Microsoft","authors":"Microsoft","date_accessed":"2023-07-11T00:00:00Z","date_published":"2016-08-31T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4dfa4dac-bd46-5bfe-b5a7-e9fcd99a3934","created":"2023-07-14T12:56:34.025301Z","modified":"2023-07-14T12:56:34.140824Z"},{"id":"01130af7-a2d4-435e-8790-49933e041451","name":"Symantec Leafminer July 2018","description":"Symantec Security Response. (2018, July 25). Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions. Retrieved August 28, 2018.","url":"https://www.symantec.com/blogs/threat-intelligence/leafminer-espionage-middle-east","source":"MITRE, Tidal Cyber","title":"Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions","authors":"Symantec Security Response","date_accessed":"2018-08-28T00:00:00Z","date_published":"2018-07-25T00:00:00Z","owner_name":null,"tidal_id":"23218bb3-b1a9-582b-9b96-9d86a230c20c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.278619Z"},{"id":"44e48c77-59dd-4851-8455-893513b7cf45","name":"Proofpoint TA505 Mar 2018","description":"Proofpoint Staff. (2018, March 7). Leaked Ammyy Admin Source Code Turned into Malware. Retrieved May 28, 2019.","url":"https://www.proofpoint.com/us/threat-insight/post/leaked-ammyy-admin-source-code-turned-malware","source":"MITRE","title":"Leaked Ammyy Admin Source Code Turned into Malware","authors":"Proofpoint Staff","date_accessed":"2019-05-28T00:00:00Z","date_published":"2018-03-07T00:00:00Z","owner_name":null,"tidal_id":"5d8badc9-5386-53e2-ad39-581b92d1b172","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418045Z"},{"id":"ad8c7a1b-e31b-5b76-bf3e-bc45e87b2887","name":"Unit 42 Leaked Environment Variables 2024","description":"Margaret Kelley, Sean Johnstone, William Gamazo, and Nathaniel Quist. (2024, August 15). Leaked Environment Variables Allow Large-Scale Extortion Operation in Cloud Environments. Retrieved September 25, 2024.","url":"https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/","source":"MITRE","title":"Leaked Environment Variables Allow Large-Scale Extortion Operation in Cloud Environments","authors":"Margaret Kelley, Sean Johnstone, William Gamazo, and Nathaniel Quist","date_accessed":"2024-09-25T00:00:00Z","date_published":"2024-08-15T00:00:00Z","owner_name":null,"tidal_id":"9d7c36e2-b4b5-547c-98ad-f20d17177e36","created":"2024-10-31T16:28:22.556531Z","modified":"2025-12-17T15:08:36.431226Z"},{"id":"82bbeb2b-7f3f-4320-a65c-76f187860ee0","name":"Kaspersky April 15 2024","description":"Eduardo Ovalle. (2024, April 15). Leaked LockBit builder in a real-life incident response case. Retrieved May 8, 2024.","url":"https://securelist.com/lockbit-3-0-based-custom-targeted-ransomware/112375/","source":"Tidal Cyber","title":"Leaked LockBit builder in a real-life incident response case","authors":"Eduardo Ovalle","date_accessed":"2024-05-08T00:00:00Z","date_published":"2024-04-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ef5c251a-b3ae-50ce-85b0-a6cadf8c3d07","created":"2025-04-11T15:06:21.536739Z","modified":"2025-04-11T15:06:21.699285Z"},{"id":"0d8044c0-27ac-51bc-b08f-14ab352ed0b6","name":"Microsoft Purview Data Loss Prevention","description":"Microsoft. (2024, January 9). Learn about data loss prevention. Retrieved March 4, 2024.","url":"https://learn.microsoft.com/en-us/purview/dlp-learn-about-dlp","source":"MITRE","title":"Learn about data loss prevention","authors":"Microsoft","date_accessed":"2024-03-04T00:00:00Z","date_published":"2024-01-09T00:00:00Z","owner_name":null,"tidal_id":"e2285326-08f5-5867-9e6f-0eaf05984dd9","created":"2024-04-25T13:28:51.292433Z","modified":"2025-12-17T15:08:36.440741Z"},{"id":"f31de733-406c-4348-b3fe-bdc30d707277","name":"Medium DnsTunneling","description":"Galobardes, R. (2018, October 30). Learn how easy is to bypass firewalls using DNS tunneling (and also how to block it). Retrieved March 15, 2020.","url":"https://medium.com/@galolbardes/learn-how-easy-is-to-bypass-firewalls-using-dns-tunneling-and-also-how-to-block-it-3ed652f4a000","source":"MITRE","title":"Learn how easy is to bypass firewalls using DNS tunneling (and also how to block it)","authors":"Galobardes, R","date_accessed":"2020-03-15T00:00:00Z","date_published":"2018-10-30T00:00:00Z","owner_name":null,"tidal_id":"38ee3736-8533-559e-9491-51567a67e729","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425718Z"},{"id":"da995792-b78b-4db5-85d8-99fda96c6826","name":"Learn XPC Exploitation","description":"Wojciech Reguła. (2020, June 29). Learn XPC exploitation. Retrieved October 12, 2021.","url":"https://wojciechregula.blog/post/learn-xpc-exploitation-part-3-code-injections/","source":"MITRE","title":"Learn XPC exploitation","authors":"Wojciech Reguła","date_accessed":"2021-10-12T00:00:00Z","date_published":"2020-06-29T00:00:00Z","owner_name":null,"tidal_id":"de01f91e-7373-515a-9fea-83af3935cf66","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431936Z"},{"id":"53944d48-caa9-4912-b42d-94a3789ed15b","name":"ClearSky Lebanese Cedar Jan 2021","description":"ClearSky Cyber Security. (2021, January). “Lebanese Cedar” APT Global Lebanese Espionage Campaign Leveraging Web Servers. Retrieved February 10, 2021.","url":"https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf","source":"MITRE","title":"“Lebanese Cedar” APT Global Lebanese Espionage Campaign Leveraging Web Servers","authors":"ClearSky Cyber Security","date_accessed":"2021-02-10T00:00:00Z","date_published":"2021-01-01T00:00:00Z","owner_name":null,"tidal_id":"b99b6482-3f02-5e06-8b8f-43801698f6e0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419374Z"},{"id":"f2aec311-57d2-5eb6-9132-899101acb8fc","name":"Lee Mathews April 2016","description":"Lee Mathews 2016, April 27 German nuclear plant found riddled with Conficker, other viruses. Retrieved November","url":"https://web.archive.org/web/20160430041256/https://www.geek.com/apps/german-nuclear-plant-found-riddled-with-conficker-other-viruses-1653415/","source":"ICS","title":"Lee Mathews April 2016","authors":"","date_accessed":"1978-11-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"928d07d2-0ba4-5898-af91-632515df91ee","created":"2026-01-28T13:08:18.178041Z","modified":"2026-01-28T13:08:18.178044Z"},{"id":"680e76e9-d04f-58c2-9911-dc563cfd6a55","name":"Michael J. Assante and Robert M. Lee","description":"Michael J. Assante and Robert M. Lee SANS Industrial Control System (ICS) Security; The Industrial Control System Cyber Kill Chain. Retrieved 2024/11/25","url":"https://icscsi.org/library/Documents/White_Papers/SANS%20-%20ICS%20Cyber%20Kill%20Chain.pdf","source":"ICS","title":"Lee SANS Industrial Control System (ICS) Security; The Industrial Control System Cyber Kill Chain","authors":"Michael J","date_accessed":"2024-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7852a650-7b0f-5fd7-bbe5-5a9b262992f5","created":"2026-01-28T13:08:18.176414Z","modified":"2026-01-28T13:08:18.176417Z"},{"id":"ac1a1262-1254-4ab2-a940-2d08b6558e9e","name":"Mandiant UNC3313 Feb 2022","description":"Tomcik, R. et al. (2022, February 24). Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity. Retrieved August 18, 2022.","url":"https://www.mandiant.com/resources/telegram-malware-iranian-espionage","source":"MITRE","title":"Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity","authors":"Tomcik, R. et al","date_accessed":"2022-08-18T00:00:00Z","date_published":"2022-02-24T00:00:00Z","owner_name":null,"tidal_id":"c1200c8d-2bc5-55a7-8756-2d2e3364a921","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422073Z"},{"id":"1492dc30-136a-54f9-a811-a6b57f302f34","name":"Huntress Persistence Microsoft 365 Compromise 2024","description":"Sharon Martin. (2024, November 5). Legitimate Apps as Traitorware for Persistent Microsoft 365 Compromise. Retrieved March 20, 2025.","url":"https://www.huntress.com/blog/legitimate-apps-as-traitorware-for-persistent-microsoft-365-compromise","source":"MITRE","title":"Legitimate Apps as Traitorware for Persistent Microsoft 365 Compromise","authors":"Sharon Martin","date_accessed":"2025-03-20T00:00:00Z","date_published":"2024-11-05T00:00:00Z","owner_name":null,"tidal_id":"15b9cab9-34a2-511e-9c9d-b77122132d97","created":"2025-04-22T20:47:18.928100Z","modified":"2025-12-17T15:08:36.434354Z"},{"id":"3a7ea56a-3b19-4b69-a206-6eb7c4ae609d","name":"LemonDuck","description":"Manoj Ahuje. (2022, April 21). LemonDuck Targets Docker for Cryptomining Operations. Retrieved June 30, 2022.","url":"https://www.crowdstrike.com/blog/lemonduck-botnet-targets-docker-for-cryptomining-operations/","source":"MITRE","title":"LemonDuck Targets Docker for Cryptomining Operations","authors":"Manoj Ahuje","date_accessed":"2022-06-30T00:00:00Z","date_published":"2022-04-21T00:00:00Z","owner_name":null,"tidal_id":"88ac0116-d213-50a4-b1fc-fea2ac69838b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431276Z"},{"id":"efdbaba5-1713-4ae1-bb82-4b4706f03b87","name":"Twitter Leoloobeek Scheduled Task","description":"Loobeek, L. (2017, December 8). leoloobeek Status. Retrieved September 12, 2024.","url":"https://x.com/leoloobeek/status/939248813465853953","source":"MITRE","title":"leoloobeek Status","authors":"Loobeek, L","date_accessed":"2024-09-12T00:00:00Z","date_published":"2017-12-08T00:00:00Z","owner_name":null,"tidal_id":"225ba201-f836-5bea-927d-0772dcec95fd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423584Z"},{"id":"b8de9dd2-3c57-5417-a24f-0260dff6afc6","name":"TLDRSec AWS Attacks","description":"Clint Gibler and Scott Piper. (2021, January 4). Lesser Known Techniques for Attacking AWS Environments. Retrieved March 4, 2024.","url":"https://tldrsec.com/p/blog-lesser-known-aws-attacks","source":"MITRE","title":"Lesser Known Techniques for Attacking AWS Environments","authors":"Clint Gibler and Scott Piper","date_accessed":"2024-03-04T00:00:00Z","date_published":"2021-01-04T00:00:00Z","owner_name":null,"tidal_id":"eba83e79-a7a0-55e7-9139-a042bf964e51","created":"2024-04-25T13:28:40.167512Z","modified":"2025-12-17T15:08:36.435142Z"},{"id":"2244bfaa-2a1c-53db-854b-dc5f06d725ec","name":"SpectorOps Medium ClickOnce","description":"Nick Powers. (2023, June 7). Less SmartScreen More Caffeine: (Ab)Using ClickOnce for Trusted Code Execution. Retrieved September 9, 2024.","url":"https://posts.specterops.io/less-smartscreen-more-caffeine-ab-using-clickonce-for-trusted-code-execution-1446ea8051c5","source":"MITRE","title":"Less SmartScreen More Caffeine: (Ab)Using ClickOnce for Trusted Code Execution","authors":"Nick Powers","date_accessed":"2024-09-09T00:00:00Z","date_published":"2023-06-07T00:00:00Z","owner_name":null,"tidal_id":"779ac43b-2459-5c71-a08e-f49a93120f7b","created":"2024-10-31T16:28:25.713491Z","modified":"2025-12-17T15:08:36.434767Z"},{"id":"96e1ccb9-bd5c-4716-8848-4c30e6eac4ad","name":"Let's Encrypt FAQ","description":"Let's Encrypt. (2020, April 23). Let's Encrypt FAQ. Retrieved October 15, 2020.","url":"https://letsencrypt.org/docs/faq/","source":"MITRE","title":"Let's Encrypt FAQ","authors":"Let's Encrypt","date_accessed":"2020-10-15T00:00:00Z","date_published":"2020-04-23T00:00:00Z","owner_name":null,"tidal_id":"ea473b87-1b66-55e1-9a23-501c97daa0a6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425697Z"},{"id":"0df0e28a-3c0b-4418-9f5a-77fffe37ac8a","name":"OSX Malware Detection","description":"Patrick Wardle. (2016, February 29). Let's Play Doctor: Practical OS X Malware Detection & Analysis. Retrieved November 17, 2024.","url":"https://papers.put.as/papers/macosx/2016/RSA_OSX_Malware.pdf","source":"MITRE","title":"Let's Play Doctor: Practical OS X Malware Detection & Analysis","authors":"Patrick Wardle","date_accessed":"2024-11-17T00:00:00Z","date_published":"2016-02-29T00:00:00Z","owner_name":null,"tidal_id":"fc3f2b25-d315-5405-8cc4-e14534770532","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425047Z"},{"id":"b49649ec-28f0-4d30-ab6c-13b12fca36e8","name":"xorrior emond Jan 2018","description":"Ross, Chris. (2018, January 17). Leveraging Emond on macOS For Persistence. Retrieved September 10, 2019.","url":"https://www.xorrior.com/emond-persistence/","source":"MITRE","title":"Leveraging Emond on macOS For Persistence","authors":"Ross, Chris","date_accessed":"2019-09-10T00:00:00Z","date_published":"2018-01-17T00:00:00Z","owner_name":null,"tidal_id":"cffa21ed-671c-53d8-a0c1-879438a0fc75","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432937Z"},{"id":"6edb3d7d-6b74-4dc4-a866-b81b19810f97","name":"Cyberreason DCOM DDE Lateral Movement Nov 2017","description":"Tsukerman, P. (2017, November 8). Leveraging Excel DDE for lateral movement via DCOM. Retrieved November 21, 2017.","url":"https://www.cybereason.com/blog/leveraging-excel-dde-for-lateral-movement-via-dcom","source":"MITRE","title":"Leveraging Excel DDE for lateral movement via DCOM","authors":"Tsukerman, P","date_accessed":"2017-11-21T00:00:00Z","date_published":"2017-11-08T00:00:00Z","owner_name":null,"tidal_id":"672ba2fd-ac3d-58b7-be1c-a867eb010991","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430708Z"},{"id":"464bb564-c500-55ba-a060-190d95943805","name":"Ignacio Udev research 2024","description":"Eder P. Ignacio. (2024, February 21). Leveraging Linux udev for persistence. Retrieved September 26, 2024.","url":"https://ch4ik0.github.io/en/posts/leveraging-Linux-udev-for-persistence/","source":"MITRE","title":"Leveraging Linux udev for persistence","authors":"Eder P. Ignacio","date_accessed":"2024-09-26T00:00:00Z","date_published":"2024-02-21T00:00:00Z","owner_name":null,"tidal_id":"244bce09-8aa9-5457-86b9-9ba761035c32","created":"2024-10-31T16:28:27.373403Z","modified":"2025-12-17T15:08:36.436580Z"},{"id":"f8c2b67b-c097-4b48-8d95-266a45b7dd4d","name":"Proofpoint Leviathan Oct 2017","description":"Axel F, Pierre T. (2017, October 16). Leviathan: Espionage actor spearphishes maritime and defense targets. Retrieved February 15, 2018.","url":"https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets","source":"MITRE","title":"Leviathan: Espionage actor spearphishes maritime and defense targets","authors":"Axel F, Pierre T","date_accessed":"2018-02-15T00:00:00Z","date_published":"2017-10-16T00:00:00Z","owner_name":null,"tidal_id":"8c7b3b18-4247-5dad-953d-96a820cdc899","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416708Z"},{"id":"a3fe6ea5-c443-473a-bb13-b4fd8f4923fd","name":"LIBC","description":"Kerrisk, M. (2016, December 12). libc(7) — Linux manual page. Retrieved June 25, 2020.","url":"https://man7.org/linux/man-pages//man7/libc.7.html","source":"MITRE","title":"libc(7) — Linux manual page","authors":"Kerrisk, M","date_accessed":"2020-06-25T00:00:00Z","date_published":"2016-12-12T00:00:00Z","owner_name":null,"tidal_id":"4724f71f-17bd-560b-8872-95d7a54bcdf4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427841Z"},{"id":"e7008738-101c-4903-a9fc-b0bd28d66069","name":"libzip","description":"D. Baron, T. Klausner. (2020). libzip. Retrieved February 20, 2020.","url":"https://libzip.org/","source":"MITRE","title":"libzip","authors":"D. Baron, T. Klausner","date_accessed":"2020-02-20T00:00:00Z","date_published":"2020-01-01T00:00:00Z","owner_name":null,"tidal_id":"4fa8e4cd-78f6-5b49-a52b-4859352f1bb3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428518Z"},{"id":"bc7807fd-020a-42b4-a311-1a1673a8f90a","name":"Cybereason The Gentlemen November 18 2025","description":"Cybereason Security Services Team. (2025, November 18). License to Encrypt: “The Gentlemen” Make Their Move. Retrieved November 20, 2025.","url":"https://www.cybereason.com/blog/the-gentlemen-ransomware","source":"Tidal Cyber","title":"License to Encrypt: “The Gentlemen” Make Their Move","authors":"Cybereason Security Services Team","date_accessed":"2025-11-20T12:00:00Z","date_published":"2025-11-18T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3c80d8cc-0013-5f42-8cf9-d31197197053","created":"2025-12-10T14:13:39.797993Z","modified":"2025-12-10T14:13:39.971766Z"},{"id":"2d947faa-f89c-5f9f-bbe1-e2268f941549","name":"ESET RedLine Stealer November 2024","description":"Alexandre Cote Cyr. (2024, November 8). Life on a crooked RedLine: Analyzing the infamous infostealer’s backend. Retrieved September 17, 2025.","url":"https://www.welivesecurity.com/en/eset-research/life-crooked-redline-analyzing-infamous-infostealers-backend/","source":"MITRE","title":"Life on a crooked RedLine: Analyzing the infamous infostealer’s backend","authors":"Alexandre Cote Cyr","date_accessed":"2025-09-17T00:00:00Z","date_published":"2024-11-08T00:00:00Z","owner_name":null,"tidal_id":"f5c04968-5649-57fa-8373-6e5bd34f662d","created":"2025-10-29T21:08:48.165154Z","modified":"2025-12-17T15:08:36.420204Z"},{"id":"3362a507-03c3-4236-b484-8144248b5cac","name":"Symantec Darkmoon Sept 2014","description":"Payet, L. (2014, September 19). Life on Mars: How attackers took advantage of hope for alien existance in new Darkmoon campaign. Retrieved September 13, 2018.","url":"https://www.symantec.com/connect/blogs/life-mars-how-attackers-took-advantage-hope-alien-existance-new-darkmoon-campaign","source":"MITRE","title":"Life on Mars: How attackers took advantage of hope for alien existance in new Darkmoon campaign","authors":"Payet, L","date_accessed":"2018-09-13T00:00:00Z","date_published":"2014-09-19T00:00:00Z","owner_name":null,"tidal_id":"ba684ef1-7bb0-598c-9451-a022a5ae0bf4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421254Z"},{"id":"79584652-a502-5f9e-9771-8d5b1dc41fdb","name":"German BAS Lockout Dec 2021","description":"Kelly Jackson Higgins. (2021, December 20). Lights Out: Cyberattacks Shut Down Building Automation Systems. Retrieved March","url":"https://www.darkreading.com/attacks-breaches/lights-out-cyberattacks-shut-down-building-automation-systems","source":"ICS","title":"Lights Out: Cyberattacks Shut Down Building Automation Systems","authors":"Kelly Jackson Higgins","date_accessed":"1978-03-01T00:00:00Z","date_published":"2021-12-20T00:00:00Z","owner_name":null,"tidal_id":"0dbf5d70-7ab1-5a74-b7e7-d0faddab106f","created":"2026-01-28T13:08:18.178523Z","modified":"2026-01-28T13:08:18.178527Z"},{"id":"294d2022-bb18-5350-b8ef-30bed315b666","name":"Threatfabric LightSpy 2024","description":"ThreatFabric. (2024, October 29). LightSpy: Implant for iOS. Retrieved January","url":"https://www.threatfabric.com/blogs/lightspy-implant-for-ios","source":"Mobile","title":"LightSpy: Implant for iOS","authors":"ThreatFabric","date_accessed":"1978-01-01T00:00:00Z","date_published":"2024-10-29T00:00:00Z","owner_name":null,"tidal_id":"a42203eb-e2c7-5d6a-b1d3-2b348ddfd393","created":"2026-01-28T13:08:10.046943Z","modified":"2026-01-28T13:08:10.046946Z"},{"id":"c90a658f-6d0f-59ba-bfde-cee025cb4466","name":"Huntress LightSpy macOS 2024","description":"Stuart Ashenbrenner, Alden Schmidt. (2024, April 25). LightSpy Malware Variant Targeting macOS. Retrieved January 3, 2025.","url":"https://www.huntress.com/blog/lightspy-malware-variant-targeting-macos","source":"MITRE","title":"LightSpy Malware Variant Targeting macOS","authors":"Stuart Ashenbrenner, Alden Schmidt","date_accessed":"2025-01-03T00:00:00Z","date_published":"2024-04-25T00:00:00Z","owner_name":null,"tidal_id":"fd835bee-fd26-5705-99ed-b5dac2d2b037","created":"2025-04-22T20:47:30.722485Z","modified":"2025-12-17T15:08:36.441031Z"},{"id":"ac4e5730-fd17-5d48-a48d-671970b4b6c2","name":"Threatfabric LightSpy 2023","description":"ThreatFabric. (2023, October 2). LightSpy mAPT Mobile Payment System Attack. Retrieved January","url":"https://www.threatfabric.com/blogs/lightspy-mapt-mobile-payment-system-attack","source":"Mobile","title":"LightSpy mAPT Mobile Payment System Attack","authors":"ThreatFabric","date_accessed":"1978-01-01T00:00:00Z","date_published":"2023-10-02T00:00:00Z","owner_name":null,"tidal_id":"f5cb5dad-6ac8-54dc-90e1-d2488a5daf8d","created":"2026-01-28T13:08:10.046918Z","modified":"2026-01-28T13:08:10.046921Z"},{"id":"633f7a09-721f-5e16-ba3b-0b1802a41852","name":"MelikovBlackBerry LightSpy 2024","description":"Melikov, D. (2024, April 11). LightSpy Returns: Renewed Espionage Campaign Targets Southern Asia, Possibly India. Retrieved January 14, 2025.","url":"https://blogs.blackberry.com/en/2024/04/lightspy-returns-renewed-espionage-campaign-targets-southern-asia-possibly-india","source":"MITRE","title":"LightSpy Returns: Renewed Espionage Campaign Targets Southern Asia, Possibly India","authors":"Melikov, D","date_accessed":"2025-01-14T00:00:00Z","date_published":"2024-04-11T00:00:00Z","owner_name":null,"tidal_id":"5c73b90e-9c29-5614-bfac-521ad97bf9dc","created":"2025-04-22T20:47:27.191738Z","modified":"2025-12-17T15:08:36.418912Z"},{"id":"79df7b01-5e22-5d13-a1fd-47d6d815c300","name":"Shoshin_Kaspersky LightSpy 2020","description":"Shoshin, P. (2020, March 27). LightSpy spyware targets iPhone users in Hong Kong. Retrieved February","url":"https://usa.kaspersky.com/blog/lightspy-watering-hole-attack/21301/","source":"Mobile","title":"LightSpy spyware targets iPhone users in Hong Kong","authors":"Shoshin, P","date_accessed":"1978-02-01T00:00:00Z","date_published":"2020-03-27T00:00:00Z","owner_name":null,"tidal_id":"483cfc86-4fec-540e-bf75-5780ec06ad3f","created":"2026-01-28T13:08:10.047043Z","modified":"2026-01-28T13:08:10.047046Z"},{"id":"d8407a66-71fd-571d-99b1-6f123029e45a","name":"Signal_LinkedDevices_NoDate","description":"Signal. (n.d.). Linked Devices. Retrieved May","url":"https://support.signal.org/hc/en-us/articles/360007320551-Linked-Devices","source":"Mobile","title":"Linked Devices","authors":"Signal","date_accessed":"1978-05-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2f662b49-8d69-5ac3-877b-7555a78760a6","created":"2026-01-28T13:08:10.045337Z","modified":"2026-01-28T13:08:10.045340Z"},{"id":"ab25e709-d6b4-4096-9366-8b04c6b95258","name":"LinkedIn Austen Larsen Oracle CL0P 10 02 2025","description":"Austin Larsen. (2025, October 5). LinkedIn Austen Larsen Oracle CL0P. Retrieved October 6, 2025.","url":"https://www.linkedin.com/feed/update/urn:li:activity:7379316941762727936","source":"Tidal Cyber","title":"LinkedIn Austen Larsen Oracle CL0P","authors":"Austin Larsen","date_accessed":"2025-10-06T12:00:00Z","date_published":"2025-10-05T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c7132efa-a8f2-53cc-b284-51e774a7afae","created":"2025-10-07T14:06:58.362026Z","modified":"2025-10-07T14:06:58.488905Z"},{"id":"d45f111a-2300-49e6-96b8-72cb81b22543","name":"LinkedIn Austen Larsen Oracle CL0P Update 10 05 2025","description":"Austin Larsen. (2025, October 5). LinkedIn Austen Larsen Oracle CL0P Update. Retrieved October 6, 2025.","url":"https://www.linkedin.com/feed/update/urn:li:activity:7380690919039279105","source":"Tidal Cyber","title":"LinkedIn Austen Larsen Oracle CL0P Update","authors":"Austin Larsen","date_accessed":"2025-10-06T12:00:00Z","date_published":"2025-10-05T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c8b56e68-bd67-5e9d-b276-bb9fd459d3a1","created":"2025-10-07T14:06:58.112385Z","modified":"2025-10-07T14:06:58.244083Z"},{"id":"e06d8b82-f61d-49fc-8120-b6d9e5864cc8","name":"Wikipedia LLMNR","description":"Wikipedia. (2016, July 7). Link-Local Multicast Name Resolution. Retrieved November 17, 2017.","url":"https://en.wikipedia.org/wiki/Link-Local_Multicast_Name_Resolution","source":"MITRE","title":"Link-Local Multicast Name Resolution","authors":"Wikipedia","date_accessed":"2017-11-17T00:00:00Z","date_published":"2016-07-07T00:00:00Z","owner_name":null,"tidal_id":"a0da72e9-cd7c-5fec-ac84-ec0b518ecec3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424708Z"},{"id":"8a2f5c37-df28-587e-81b8-4bf7bb796854","name":"IzyKnows auditd threat detection 2022","description":"IzySec. (2022, January 26). Linux auditd for Threat Detection. Retrieved September 29, 2023.","url":"https://izyknows.medium.com/linux-auditd-for-threat-detection-d06c8b941505","source":"MITRE","title":"Linux auditd for Threat Detection","authors":"IzySec","date_accessed":"2023-09-29T00:00:00Z","date_published":"2022-01-26T00:00:00Z","owner_name":null,"tidal_id":"2a36b49e-e6ea-5edf-9332-955513b99a20","created":"2023-11-07T00:36:02.890031Z","modified":"2025-12-17T15:08:36.429789Z"},{"id":"f1eb4818-fda6-46f2-9d5a-5469a5ed44fc","name":"Fysbis Dr Web Analysis","description":"Doctor Web. (2014, November 21). Linux.BackDoor.Fysbis.1. Retrieved December 7, 2017.","url":"https://vms.drweb.com/virus/?i=4276269","source":"MITRE","title":"Linux.BackDoor.Fysbis.1","authors":"Doctor Web","date_accessed":"2017-12-07T00:00:00Z","date_published":"2014-11-21T00:00:00Z","owner_name":null,"tidal_id":"2f763bd7-5aab-51e3-ba6e-ebef32fdaee0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431511Z"},{"id":"3e7f5991-25b4-43e9-9f0b-a5c668fb0657","name":"GDS Linux Injection","description":"McNamara, R. (2017, September 5). Linux Based Inter-Process Code Injection Without Ptrace(2). Retrieved February 21, 2020.","url":"https://blog.gdssecurity.com/labs/2017/9/5/linux-based-inter-process-code-injection-without-ptrace2.html","source":"MITRE","title":"Linux Based Inter-Process Code Injection Without Ptrace(2)","authors":"McNamara, R","date_accessed":"2020-02-21T00:00:00Z","date_published":"2017-09-05T00:00:00Z","owner_name":null,"tidal_id":"5d786ec2-941c-5e97-927a-99bf4507448c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434929Z"},{"id":"834966eb-d07a-42ea-83db-d6e71b39214c","name":"GDSecurity Linux injection","description":"McNamara, R. (2017, September 5). Linux Based Inter-Process Code Injection Without Ptrace(2). Retrieved December 20, 2017.","url":"https://blog.gdssecurity.com/labs/2017/9/5/linux-based-inter-process-code-injection-without-ptrace2.html","source":"MITRE","title":"Linux Based Inter-Process Code Injection Without Ptrace(2)","authors":"McNamara, R","date_accessed":"2017-12-20T00:00:00Z","date_published":"2017-09-05T00:00:00Z","owner_name":null,"tidal_id":"3dc5a86a-df37-50af-a92e-3c9a4192c04d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-04-22T20:47:33.316619Z"},{"id":"f76fce2e-2884-4b50-a7d7-55f08b84099c","name":"Linux/Cdorked.A We Live Security Analysis","description":"Pierre-Marc Bureau. (2013, April 26). Linux/Cdorked.A: New Apache backdoor being used in the wild to serve Blackhole. Retrieved September 10, 2017.","url":"https://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/","source":"MITRE","title":"Linux/Cdorked.A: New Apache backdoor being used in the wild to serve Blackhole","authors":"Pierre-Marc Bureau","date_accessed":"2017-09-10T00:00:00Z","date_published":"2013-04-26T00:00:00Z","owner_name":null,"tidal_id":"c0189228-d2c4-55a9-bd08-02568c9de0f5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433678Z"},{"id":"148fe0e1-8487-4d49-8966-f14e144372f5","name":"Avast Linux Trojan Cron Persistence","description":"Threat Intelligence Team. (2015, January 6). Linux DDoS Trojan hiding itself with an embedded rootkit. Retrieved January 8, 2018.","url":"https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/","source":"MITRE","title":"Linux DDoS Trojan hiding itself with an embedded rootkit","authors":"Threat Intelligence Team","date_accessed":"2018-01-08T00:00:00Z","date_published":"2015-01-06T00:00:00Z","owner_name":null,"tidal_id":"15c282e3-519c-599d-a2ca-524065fa1a65","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434217Z"},{"id":"15e2bfef-9429-57af-aca6-231ecf44ce7b","name":"Elastic Security Labs Linux Persistence 2024","description":"Ruben Groenewoud. (2024, August 20). Linux Detection Engineering - A primer on persistence mechanisms. Retrieved March 18, 2025.","url":"https://www.elastic.co/security-labs/primer-on-persistence-mechanisms","source":"MITRE","title":"Linux Detection Engineering - A primer on persistence mechanisms","authors":"Ruben Groenewoud","date_accessed":"2025-03-18T00:00:00Z","date_published":"2024-08-20T00:00:00Z","owner_name":null,"tidal_id":"5e17b944-fd3d-532b-ae02-6783b7465409","created":"2025-04-22T20:47:20.123293Z","modified":"2025-12-17T15:08:36.435541Z"},{"id":"cbed8c8c-9aec-5692-89cc-6dbb53b86f00","name":"Elastic Linux Persistence 2024","description":"Ruben Groenewoud. (2024, August 29). Linux Detection Engineering - A Sequel on Persistence Mechanisms. Retrieved October 16, 2024.","url":"https://www.elastic.co/security-labs/sequel-on-persistence-mechanisms","source":"MITRE","title":"Linux Detection Engineering - A Sequel on Persistence Mechanisms","authors":"Ruben Groenewoud","date_accessed":"2024-10-16T00:00:00Z","date_published":"2024-08-29T00:00:00Z","owner_name":null,"tidal_id":"6cb291d7-599f-539b-867d-cd1118fd1294","created":"2024-10-31T16:28:27.380833Z","modified":"2025-12-17T15:08:36.436585Z"},{"id":"bdbb2a83-fc3b-439f-896a-75bffada4d51","name":"BH Linux Inject","description":"Colgan, T. (2015, August 15). Linux-Inject. Retrieved February 21, 2020.","url":"https://github.com/gaffe23/linux-inject/blob/master/slides_BHArsenal2015.pdf","source":"MITRE","title":"Linux-Inject","authors":"Colgan, T","date_accessed":"2020-02-21T00:00:00Z","date_published":"2015-08-15T00:00:00Z","owner_name":null,"tidal_id":"c3e53f5a-e518-54d5-95ee-7dc243308287","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436001Z"},{"id":"da1ffaf1-39f9-4516-8c04-4a4301e13585","name":"PAM Backdoor","description":"zephrax. (2018, August 3). linux-pam-backdoor. Retrieved June 25, 2020.","url":"https://github.com/zephrax/linux-pam-backdoor","source":"MITRE","title":"linux-pam-backdoor","authors":"zephrax","date_accessed":"2020-06-25T00:00:00Z","date_published":"2018-08-03T00:00:00Z","owner_name":null,"tidal_id":"2bc6bf14-5065-5053-a821-ab0e6d7d0cd2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424235Z"},{"id":"7c574609-4b0d-44e7-adc3-8a3d67e10e9f","name":"Linux Password and Shadow File Formats","description":"The Linux Documentation Project. (n.d.). Linux Password and Shadow File Formats. Retrieved February 19, 2020.","url":"https://www.tldp.org/LDP/lame/LAME/linux-admin-made-easy/shadow-file-formats.html","source":"MITRE","title":"Linux Password and Shadow File Formats","authors":"The Linux Documentation Project","date_accessed":"2020-02-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"55ec4ee6-95a8-5e1e-b5e5-249a741e3b37","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434902Z"},{"id":"5e093b21-8bbd-4ad4-9fe2-cbb04207f1d3","name":"nixCraft - John the Ripper","description":"Vivek Gite. (2014, September 17). Linux Password Cracking: Explain unshadow and john Commands (John the Ripper Tool). Retrieved February 19, 2020.","url":"https://www.cyberciti.biz/faq/unix-linux-password-cracking-john-the-ripper/","source":"MITRE","title":"Linux Password Cracking: Explain unshadow and john Commands (John the Ripper Tool)","authors":"Vivek Gite","date_accessed":"2020-02-19T00:00:00Z","date_published":"2014-09-17T00:00:00Z","owner_name":null,"tidal_id":"5c421e3d-f383-5ee7-af5f-9df008aa5101","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434908Z"},{"id":"a73a2819-61bd-5bd2-862d-5eeed344909f","name":"Polop Linux PrivEsc Gitbook","description":"Carlos Polop. (2023, March 5). Linux Privilege Escalation. Retrieved March 31, 2023.","url":"https://book.hacktricks.xyz/linux-hardening/privilege-escalation#proc-usdpid-maps-and-proc-usdpid-mem","source":"MITRE","title":"Linux Privilege Escalation","authors":"Carlos Polop","date_accessed":"2023-03-31T00:00:00Z","date_published":"2023-03-05T00:00:00Z","owner_name":null,"tidal_id":"83b7ad19-7054-50b1-9139-1afc559c031b","created":"2023-05-26T01:21:03.618034Z","modified":"2025-12-17T15:08:36.427172Z"},{"id":"a8a16cf6-0482-4e98-a39a-496491f985df","name":"Man LD.SO","description":"Kerrisk, M. (2020, June 13). Linux Programmer's Manual. Retrieved June 15, 2020.","url":"https://www.man7.org/linux/man-pages/man8/ld.so.8.html","source":"MITRE","title":"Linux Programmer's Manual","authors":"Kerrisk, M","date_accessed":"2020-06-15T00:00:00Z","date_published":"2020-06-13T00:00:00Z","owner_name":null,"tidal_id":"5be200f4-6163-5035-a266-a08240ad6f53","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430363Z"},{"id":"c07e9d6c-18f2-4246-a265-9bec7d833bba","name":"setuid man page","description":"Michael Kerrisk. (2017, September 15). Linux Programmer's Manual. Retrieved September 21, 2018.","url":"http://man7.org/linux/man-pages/man2/setuid.2.html","source":"MITRE","title":"Linux Programmer's Manual","authors":"Michael Kerrisk","date_accessed":"2018-09-21T00:00:00Z","date_published":"2017-09-15T00:00:00Z","owner_name":null,"tidal_id":"489716eb-e398-5614-8410-1ae26e5147c5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430689Z"},{"id":"8cb73f97-0256-472d-88b7-92b6d63578fd","name":"BleepingComputer 12 3 2023","description":"Lawrence Abrams. (2023, December 3). Linux version of Qilin ransomware focuses on VMware ESXi. Retrieved January 10, 2024.","url":"https://www.bleepingcomputer.com/news/security/linux-version-of-qilin-ransomware-focuses-on-vmware-esxi/","source":"Tidal Cyber","title":"Linux version of Qilin ransomware focuses on VMware ESXi","authors":"Lawrence Abrams","date_accessed":"2024-01-10T00:00:00Z","date_published":"2023-12-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"29b81f28-2105-5ba8-9d99-6ff743af2a30","created":"2024-06-13T20:10:53.941043Z","modified":"2024-06-13T20:10:54.203576Z"},{"id":"5ac2d917-756f-48d0-ab32-648b45a29083","name":"Uninformed Needle","description":"skape. (2003, January 19). Linux x86 run-time process manipulation. Retrieved December 20, 2017.","url":"http://hick.org/code/skape/papers/needle.txt","source":"MITRE","title":"Linux x86 run-time process manipulation","authors":"skape","date_accessed":"2017-12-20T00:00:00Z","date_published":"2003-01-19T00:00:00Z","owner_name":null,"tidal_id":"7c1d3108-1a8a-5065-bee5-b041c0d41713","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434920Z"},{"id":"17249884-c2c4-59b9-87ce-ac7550d0038f","name":"Lion Corporation June 2020","description":"Lion Corporation 2020, June 26 Lion Cyber incident update: 26 June. (2020).. Retrieved 2021/10/08","url":"https://lionco.com/2020/06/26/lion-update-re-cyber-issue/","source":"ICS","title":"Lion Corporation June 2020","authors":"","date_accessed":"2021-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3ecb0bc9-73d8-5dd4-947f-d17215b4f59b","created":"2026-01-28T13:08:18.177133Z","modified":"2026-01-28T13:08:18.177136Z"},{"id":"f9aa697a-83dd-4bae-bc11-006be51ce477","name":"List Blobs","description":"Microsoft - List Blobs. (n.d.). Retrieved October 4, 2021.","url":"https://docs.microsoft.com/en-us/rest/api/storageservices/list-blobs","source":"MITRE","title":"List Blobs","authors":"","date_accessed":"2021-10-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4cdd069f-467f-560e-bf72-e21f210d3cbf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432236Z"},{"id":"727c2077-f922-4314-908a-356c42564181","name":"ListObjectsV2","description":"Amazon - ListObjectsV2. Retrieved October 4, 2021.","url":"https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjectsV2.html","source":"MITRE","title":"ListObjectsV2","authors":"","date_accessed":"2021-10-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"46a85e80-5a35-5c52-b43d-cec6c00081c1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432230Z"},{"id":"00de69c8-78b1-4de3-a4dc-f5be3dbca212","name":"Wikipedia File Header Signatures","description":"Wikipedia. (2016, March 31). List of file signatures. Retrieved April 22, 2016.","url":"https://en.wikipedia.org/wiki/List_of_file_signatures","source":"MITRE","title":"List of file signatures","authors":"Wikipedia","date_accessed":"2016-04-22T00:00:00Z","date_published":"2016-03-31T00:00:00Z","owner_name":null,"tidal_id":"e5492fb3-6f4d-5c73-bd65-20a7abf94969","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423689Z"},{"id":"d1080030-12c7-4223-92ab-fb764acf111d","name":"Wikipedia OSI","description":"Wikipedia. (n.d.). List of network protocols (OSI model). Retrieved December 4, 2014.","url":"http://en.wikipedia.org/wiki/List_of_network_protocols_%28OSI_model%29","source":"MITRE","title":"List of network protocols (OSI model)","authors":"Wikipedia","date_accessed":"2014-12-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"96bf572b-28c7-53c0-b58b-563725e08998","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434255Z"},{"id":"fc035d68-8d20-5c1f-8b59-db2fa8d88b7b","name":"Hexacorn Listplanting","description":"Hexacorn. (2019, April 25). Listplanting – yet another code injection trick. Retrieved August 14, 2024.","url":"https://www.hexacorn.com/blog/2019/04/25/listplanting-yet-another-code-injection-trick/","source":"MITRE","title":"Listplanting – yet another code injection trick","authors":"Hexacorn","date_accessed":"2024-08-14T00:00:00Z","date_published":"2019-04-25T00:00:00Z","owner_name":null,"tidal_id":"90f943ad-cb11-515a-be5c-f9d732bf676c","created":"2024-10-31T16:28:26.903614Z","modified":"2025-12-17T15:08:36.436096Z"},{"id":"42ff02f9-45d0-466b-a5fa-e19c8187b529","name":"AWS List Roles","description":"Amazon. (n.d.). List Roles. Retrieved August 11, 2020.","url":"https://docs.aws.amazon.com/cli/latest/reference/iam/list-roles.html","source":"MITRE","title":"List Roles","authors":"Amazon","date_accessed":"2020-08-11T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"122de2be-4611-5f5f-84da-e0462cb45764","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432520Z"},{"id":"4a9e631d-3588-5585-b00a-316a934e6009","name":"Google Cloud Secrets","description":"Google Cloud. (n.d.). List secrets and view secret details. Retrieved September 25, 2023.","url":"https://cloud.google.com/secret-manager/docs/view-secret-details","source":"MITRE","title":"List secrets and view secret details","authors":"Google Cloud","date_accessed":"2023-09-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"435fff68-a81f-5017-a5d2-4a2dae3b5680","created":"2023-11-07T00:36:07.906171Z","modified":"2025-12-17T15:08:36.434871Z"},{"id":"427b3a1b-88ea-4027-bae6-7fb45490b81d","name":"Peripheral Discovery Linux","description":"Shahriar Shovon. (2018, March). List USB Devices Linux. Retrieved March 11, 2022.","url":"https://linuxhint.com/list-usb-devices-linux/","source":"MITRE","title":"List USB Devices Linux","authors":"Shahriar Shovon","date_accessed":"2022-03-11T00:00:00Z","date_published":"2018-03-01T00:00:00Z","owner_name":null,"tidal_id":"dbfae8f7-93d5-57dc-a476-0dd57ed51005","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427455Z"},{"id":"517e3d27-36da-4810-b256-3f47147b36e3","name":"AWS List Users","description":"Amazon. (n.d.). List Users. Retrieved August 11, 2020.","url":"https://docs.aws.amazon.com/cli/latest/reference/iam/list-users.html","source":"MITRE","title":"List Users","authors":"Amazon","date_accessed":"2020-08-11T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d865b16e-e10d-5adb-9f93-7de2e0c71732","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431239Z"},{"id":"441f289c-7fdc-4cf1-9379-960be75c7202","name":"Sophos PowerShell command audit","description":"jak. (2020, June 27). Live Discover - PowerShell command audit. Retrieved August 21, 2020.","url":"https://community.sophos.com/products/intercept/early-access-program/f/live-discover-response-queries/121529/live-discover---powershell-command-audit","source":"MITRE","title":"Live Discover - PowerShell command audit","authors":"jak","date_accessed":"2020-08-21T00:00:00Z","date_published":"2020-06-27T00:00:00Z","owner_name":null,"tidal_id":"ab57659b-357a-52a8-ac59-61693cdc1f07","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428038Z"},{"id":"79fc7568-b6ff-460b-9200-56d7909ed157","name":"Dell TG-1314","description":"Dell SecureWorks Counter Threat Unit Special Operations Team. (2015, May 28). Living off the Land. Retrieved January 26, 2016.","url":"http://www.secureworks.com/resources/blog/living-off-the-land/","source":"MITRE, Tidal Cyber","title":"Living off the Land","authors":"Dell SecureWorks Counter Threat Unit Special Operations Team","date_accessed":"2016-01-26T00:00:00Z","date_published":"2015-05-28T00:00:00Z","owner_name":null,"tidal_id":"b2102154-6f20-5715-8bbf-be9075c236d6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279441Z"},{"id":"4bad4659-f501-4eb6-b3ca-0359e3ba824e","name":"Symantec Living off the Land","description":"Wueest, C., Anand, H. (2017, July). Living off the land and fileless attack techniques. Retrieved April 10, 2018.","url":"https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-living-off-the-land-and-fileless-attack-techniques-en.pdf","source":"MITRE","title":"Living off the land and fileless attack techniques","authors":"Wueest, C., Anand, H","date_accessed":"2018-04-10T00:00:00Z","date_published":"2017-07-01T00:00:00Z","owner_name":null,"tidal_id":"edd88143-90b9-51c5-bbf8-d30794533d73","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428419Z"},{"id":"615f6fa5-3059-49fc-9fa4-5ca0aeff4331","name":"LOLBAS Main Site","description":"LOLBAS. (n.d.). Living Off The Land Binaries and Scripts (and also Libraries). Retrieved February 10, 2020.","url":"https://lolbas-project.github.io/","source":"MITRE","title":"Living Off The Land Binaries and Scripts (and also Libraries)","authors":"LOLBAS","date_accessed":"2020-02-10T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2a71c6f3-0b00-5b72-8bf7-585cc932c8b0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428548Z"},{"id":"14b1d3ab-8508-4946-9913-17e667956064","name":"LOLBAS Project","description":"Oddvar Moe et al. (2022, February). Living Off The Land Binaries, Scripts and Libraries. Retrieved March 7, 2022.","url":"https://github.com/LOLBAS-Project/LOLBAS#criteria","source":"MITRE","title":"Living Off The Land Binaries, Scripts and Libraries","authors":"Oddvar Moe et al","date_accessed":"2022-03-07T00:00:00Z","date_published":"2022-02-01T00:00:00Z","owner_name":null,"tidal_id":"43c8cff1-9d5f-5f47-97e3-bc112b54bfe8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428794Z"},{"id":"74324b55-8d6a-500d-ae5d-a650f06127ac","name":"LOLESXi","description":"Janantha Marasinghe. (n.d.). Living Off The Land ESXi. Retrieved April 14, 2025.","url":"https://lolesxi-project.github.io/LOLESXi/","source":"MITRE","title":"Living Off The Land ESXi","authors":"Janantha Marasinghe","date_accessed":"2025-04-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9038e151-37a2-595e-99ec-9f451805f74e","created":"2025-04-22T20:47:19.590178Z","modified":"2025-12-17T15:08:36.435035Z"},{"id":"bbc72952-988e-4c3c-ab5e-75b64e9e33f5","name":"FireEye 2019 Apple Remote Desktop","description":"Jake Nicastro, Willi Ballenthin. (2019, October 9). Living off the Orchard: Leveraging Apple Remote Desktop for Good and Evil. Retrieved August 16, 2021.","url":"https://www.fireeye.com/blog/threat-research/2019/10/leveraging-apple-remote-desktop-for-good-and-evil.html","source":"MITRE","title":"Living off the Orchard: Leveraging Apple Remote Desktop for Good and Evil","authors":"Jake Nicastro, Willi Ballenthin","date_accessed":"2021-08-16T00:00:00Z","date_published":"2019-10-09T00:00:00Z","owner_name":null,"tidal_id":"ebc0a7a4-e405-5f50-ba3b-187d384e0396","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429685Z"},{"id":"10ccae99-c6f5-4b83-89c9-06a9e35280fc","name":"LKM loading kernel restrictions","description":"Pingios, A.. (2018, February 7). LKM loading kernel restrictions. Retrieved June 4, 2020.","url":"https://xorl.wordpress.com/2018/02/17/lkm-loading-kernel-restrictions/","source":"MITRE","title":"LKM loading kernel restrictions","authors":"Pingios, A.","date_accessed":"2020-06-04T00:00:00Z","date_published":"2018-02-07T00:00:00Z","owner_name":null,"tidal_id":"44a25328-156c-55f4-9ee1-a913eb36f89a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442624Z"},{"id":"229b04b6-98ca-4e6f-9917-a26cfe0a7f0d","name":"Rapid7 LLMNR Spoofer","description":"Francois, R. (n.d.). LLMNR Spoofer. Retrieved November 17, 2017.","url":"https://www.rapid7.com/db/modules/auxiliary/spoof/llmnr/llmnr_response","source":"MITRE","title":"LLMNR Spoofer","authors":"Francois, R","date_accessed":"2017-11-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5c33e984-22b6-525e-b2f6-872ff2323411","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424727Z"},{"id":"e6d9f967-4f45-44d2-8a19-69741745f917","name":"Wikipedia Loadable Kernel Module","description":"Wikipedia. (2018, March 17). Loadable kernel module. Retrieved April 9, 2018.","url":"https://en.wikipedia.org/wiki/Loadable_kernel_module#Linux","source":"MITRE","title":"Loadable kernel module","authors":"Wikipedia","date_accessed":"2018-04-09T00:00:00Z","date_published":"2018-03-17T00:00:00Z","owner_name":null,"tidal_id":"f9d28d08-1827-5c27-8be9-0dfabc54c4b5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430968Z"},{"id":"dfaf5bfa-61a7-45f8-a50e-0d8bc6cb2189","name":"Microsoft LoadLibrary","description":"Microsoft. (2018, December 5). LoadLibraryA function (libloaderapi.h). Retrieved September 28, 2021.","url":"https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibrarya","source":"MITRE","title":"LoadLibraryA function (libloaderapi.h)","authors":"Microsoft","date_accessed":"2021-09-28T00:00:00Z","date_published":"2018-12-05T00:00:00Z","owner_name":null,"tidal_id":"6f2858b1-8d5c-5070-a78a-e6d89364233c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437276Z"},{"id":"6ae7487c-cb61-4f10-825f-4ef9ef050b7c","name":"Microsoft Local Accounts Feb 2019","description":"Microsoft. (2018, December 9). Local Accounts. Retrieved February 11, 2019.","url":"https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/local-accounts","source":"MITRE","title":"Local Accounts","authors":"Microsoft","date_accessed":"2019-02-11T00:00:00Z","date_published":"2018-12-09T00:00:00Z","owner_name":null,"tidal_id":"7e95a469-c75b-560a-bff4-e341225f4f5b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430242Z"},{"id":"422a6043-78c2-43ef-8e87-7d7a8878f94a","name":"Sternsecurity LLMNR-NBTNS","description":"Sternstein, J. (2013, November). Local Network Attacks: LLMNR and NBT-NS Poisoning. Retrieved November 17, 2017.","url":"https://www.sternsecurity.com/blog/local-network-attacks-llmnr-and-nbt-ns-poisoning","source":"MITRE","title":"Local Network Attacks: LLMNR and NBT-NS Poisoning","authors":"Sternstein, J","date_accessed":"2017-11-17T00:00:00Z","date_published":"2013-11-01T00:00:00Z","owner_name":null,"tidal_id":"57b08fc6-2066-5635-8e45-dab5c90c43cf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424734Z"},{"id":"8dfa5271-f5bc-59d5-bc23-b20e34a6673a","name":"Engel-SS7-2008","description":"Tobias Engel. (2008, December). Locating Mobile Phones using SS7. Retrieved December","url":"https://www.youtube.com/watch?v=q0n5ySqbfdI","source":"Mobile","title":"Locating Mobile Phones using SS7","authors":"Tobias Engel","date_accessed":"1978-12-01T00:00:00Z","date_published":"2008-12-01T00:00:00Z","owner_name":null,"tidal_id":"3c45ebc4-02c7-5834-9087-4fe196f6e105","created":"2026-01-28T13:08:10.043018Z","modified":"2026-01-28T13:08:10.043021Z"},{"id":"a3b7540d-20cc-4d94-8321-9fd730486f8c","name":"Sophos Geolocation 2016","description":"Wisniewski, C. (2016, May 3). Location-based threats: How cybercriminals target you based on where you live. Retrieved April 1, 2021.","url":"https://news.sophos.com/en-us/2016/05/03/location-based-ransomware-threat-research/","source":"MITRE","title":"Location-based threats: How cybercriminals target you based on where you live","authors":"Wisniewski, C","date_accessed":"2021-04-01T00:00:00Z","date_published":"2016-05-03T00:00:00Z","owner_name":null,"tidal_id":"de768382-f46b-5f2e-a23b-e93dcb68346c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434570Z"},{"id":"bc81e2f1-b1f3-5df0-ab51-116818d72d9d","name":"Palo Alto Lockbit 2.0 JUN 2022","description":"Elsad, A. et al. (2022, June 9). LockBit 2.0: How This RaaS Operates and How to Protect Against It. Retrieved January 24, 2025.","url":"https://unit42.paloaltonetworks.com/lockbit-2-ransomware/","source":"MITRE","title":"LockBit 2.0: How This RaaS Operates and How to Protect Against It","authors":"Elsad, A. et al","date_accessed":"2025-01-24T00:00:00Z","date_published":"2022-06-09T00:00:00Z","owner_name":null,"tidal_id":"700dac02-3796-5706-bebb-916c7148c14a","created":"2025-04-22T20:47:28.205266Z","modified":"2025-12-17T15:08:36.420872Z"},{"id":"d199a840-4815-5cd0-b02e-46d947a2b54e","name":"SentinelOne LockBit 2.0","description":"SentinelOne. (n.d.). LockBit 2.0: In-Depth Analysis, Detection, Mitigation, and Removal. Retrieved January 24, 2025.","url":"https://www.sentinelone.com/anthology/lockbit-2-0/","source":"MITRE","title":"LockBit 2.0: In-Depth Analysis, Detection, Mitigation, and Removal","authors":"SentinelOne","date_accessed":"2025-01-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"45e1ca02-6b57-59b8-a836-35ed470bb05f","created":"2025-04-22T20:47:31.266227Z","modified":"2025-12-17T15:08:36.441511Z"},{"id":"36144a43-ccac-4380-8595-76116dcb6706","name":"ASEC BLOG November 08 2022","description":"Sanseo. (2022, November 8). LockBit 3.0 Being Distributed via Amadey Bot - ASEC BLOG. Retrieved May 15, 2023.","url":"https://asec.ahnlab.com/en/41450/","source":"Tidal Cyber","title":"LockBit 3.0 Being Distributed via Amadey Bot - ASEC BLOG","authors":"Sanseo","date_accessed":"2023-05-15T00:00:00Z","date_published":"2022-11-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"330a4f4b-6169-50b1-a452-b213d3ac1a16","created":"2024-06-13T20:10:24.821999Z","modified":"2024-06-13T20:10:25.066170Z"},{"id":"b625f291-0152-468c-a130-ec8fb0c6ad21","name":"VMWare LockBit 3.0 October 2022","description":"Dana Behling. (2022, October 15). LockBit 3.0 Ransomware Unlocked. Retrieved May 19, 2023.","url":"https://blogs.vmware.com/security/2022/10/lockbit-3-0-also-known-as-lockbit-black.html","source":"Tidal Cyber","title":"LockBit 3.0 Ransomware Unlocked","authors":"Dana Behling","date_accessed":"2023-05-19T00:00:00Z","date_published":"2022-10-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0ba52343-51fc-5850-b620-3b16cbd2c232","created":"2023-08-18T18:56:13.699649Z","modified":"2023-08-18T18:56:13.830591Z"},{"id":"04c8f812-14a1-5ecd-b174-e4ae4e3e83cf","name":"Sentinel Labs LockBit 3.0 JUL 2022","description":"Walter, J. (2022, July 21). LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques. Retrieved February 5, 2025.","url":"https://www.sentinelone.com/labs/lockbit-3-0-update-unpicking-the-ransomwares-latest-anti-analysis-and-evasion-techniques","source":"MITRE","title":"LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques","authors":"Walter, J","date_accessed":"2025-02-05T00:00:00Z","date_published":"2022-07-21T00:00:00Z","owner_name":null,"tidal_id":"6be26d88-746c-5f78-843b-cebae3c42428","created":"2025-04-22T20:47:27.492469Z","modified":"2025-12-17T15:08:36.419472Z"},{"id":"9a73b140-b483-4274-a134-ed1bb15ac31c","name":"Sentinel Labs LockBit 3.0 July 2022","description":"Jim Walter, Aleksandar Milenkoski. (2022, July 21). LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques. Retrieved May 19, 2023.","url":"https://www.sentinelone.com/labs/lockbit-3-0-update-unpicking-the-ransomwares-latest-anti-analysis-and-evasion-techniques/","source":"Tidal Cyber","title":"LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques","authors":"Jim Walter, Aleksandar Milenkoski","date_accessed":"2023-05-19T00:00:00Z","date_published":"2022-07-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2db78233-394a-5457-8a63-d2c65684d113","created":"2023-08-18T18:56:13.042543Z","modified":"2023-08-18T18:56:13.563557Z"},{"id":"9b9bd080-e727-4c41-bb2a-abff48b0fedc","name":"Cyble LockBit 3.0 July 2022","description":"Cybleinc. (2022, July 5). Lockbit 3.0 –  Ransomware group launches new version. Retrieved May 19, 2023.","url":"https://blog.cyble.com/2022/07/05/lockbit-3-0-ransomware-group-launches-new-version/","source":"Tidal Cyber","title":"Lockbit 3.0 –  Ransomware group launches new version","authors":"Cybleinc","date_accessed":"2023-05-19T00:00:00Z","date_published":"2022-07-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"aaab2e07-8d22-506c-ba48-49c0525fa825","created":"2024-06-13T20:10:30.381570Z","modified":"2024-06-13T20:10:30.588229Z"},{"id":"2c57877e-d3fb-462d-a7e9-c7be62a8a7dd","name":"ThreatDown by Malwarebytes May 1 2024","description":"Jerome Segura. (2024, May 1). LockBit Black. Retrieved December 19, 2024.","url":"https://www.threatdown.com/blog/lockbitblack-05-01-2024/","source":"Tidal Cyber","title":"LockBit Black","authors":"Jerome Segura","date_accessed":"2024-12-19T00:00:00Z","date_published":"2024-05-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8e32d09a-6116-5fb8-ae1c-bb85fc7e6de7","created":"2025-04-11T15:06:23.152141Z","modified":"2025-04-11T15:06:23.301676Z"},{"id":"9a76c159-90c4-4b1d-aba8-ed2a9d83d278","name":"Kaspersky August 25 2023","description":"Eduardo Ovalle. (2023, August 25). Lockbit leak, research opportunities on tools leaked from TAs. Retrieved January 1, 2024.","url":"https://securelist.com/lockbit-ransomware-builder-analysis/110370/","source":"Tidal Cyber","title":"Lockbit leak, research opportunities on tools leaked from TAs","authors":"Eduardo Ovalle","date_accessed":"2024-01-01T00:00:00Z","date_published":"2023-08-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ca285811-0ddc-5baa-ac63-de8040f85af9","created":"2025-04-11T15:06:21.848518Z","modified":"2025-04-11T15:06:22.012969Z"},{"id":"12c37998-7c8e-452d-b4e0-a06e21418fd4","name":"Flashpoint.io July 20 2023","description":"Flashpoint. (2023, July 20). LockBit Ransomware Inside the World's Most Active Ransomware Group. Retrieved January 1, 2024.","url":"https://flashpoint.io/blog/lockbit/","source":"Tidal Cyber","title":"LockBit Ransomware Inside the World's Most Active Ransomware Group","authors":"Flashpoint","date_accessed":"2024-01-01T00:00:00Z","date_published":"2023-07-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b5c8f7e5-c445-56e1-b2e8-dec2ffa19a89","created":"2025-04-11T15:06:21.240640Z","modified":"2025-04-11T15:06:21.391906Z"},{"id":"a49936db-f04e-4eeb-8bb5-d535cf7c3776","name":"Chuong Dong March 15 2025","description":"Chuong Dong. (2025, March 15). LockBit Ransomware v4.0. Retrieved March 22, 2025.","url":"https://chuongdong.com/reverse%20engineering/2025/03/15/Lockbit4Ransomware/","source":"Tidal Cyber","title":"LockBit Ransomware v4.0","authors":"Chuong Dong","date_accessed":"2025-03-22T00:00:00Z","date_published":"2025-03-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2c4829a7-7675-50ee-9d5b-d2fe6141abe7","created":"2025-03-31T15:01:15.823980Z","modified":"2025-03-31T15:01:16.401849Z"},{"id":"526ef45f-fa6e-49bf-bec2-b3ad511ea64c","name":"The DFIR Report June 10 2020","description":"The DFIR Report. (2020, June 10). Lockbit Ransomware, Why You No Spread. Retrieved December 19, 2024.","url":"https://thedfirreport.com/2020/06/10/lockbit-ransomware-why-you-no-spread/","source":"Tidal Cyber","title":"Lockbit Ransomware, Why You No Spread","authors":"The DFIR Report","date_accessed":"2024-12-19T00:00:00Z","date_published":"2020-06-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"170c1eee-177c-5133-a04e-70766ae356dd","created":"2025-04-11T15:06:22.503013Z","modified":"2025-04-11T15:06:22.667924Z"},{"id":"d0cc2383-b30c-526a-8fa0-0991340b4e73","name":"INCIBE-CERT LockBit MAR 2024","description":"INCIBE-CERT. (2024, March 14). LockBit: response and recovery actions. Retrieved February 5, 2025.","url":"https://www.incibe.es/en/incibe-cert/blog/lockbit-response-and-recovery-actions","source":"MITRE","title":"LockBit: response and recovery actions","authors":"INCIBE-CERT","date_accessed":"2025-02-05T00:00:00Z","date_published":"2024-03-14T00:00:00Z","owner_name":null,"tidal_id":"8cc91ace-796f-5113-b4b5-e61433ddd56f","created":"2025-04-22T20:47:27.484943Z","modified":"2025-12-17T15:08:36.419464Z"},{"id":"aa1211c6-e490-444a-8aab-7626e0700dd0","name":"Cary Esentutl","description":"Cary, M. (2018, December 6). Locked File Access Using ESENTUTL.exe. Retrieved September 5, 2019.","url":"https://dfironthemountain.wordpress.com/2018/12/06/locked-file-access-using-esentutl-exe/","source":"MITRE","title":"Locked File Access Using ESENTUTL.exe","authors":"Cary, M","date_accessed":"2019-09-05T00:00:00Z","date_published":"2018-12-06T00:00:00Z","owner_name":null,"tidal_id":"0af3073d-5ce3-547d-a060-f85b4e16e5e9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440753Z"},{"id":"52d0e16f-9a20-442f-9a17-686e51d7e32b","name":"Group IB Ransomware September 2020","description":"Group IB. (2020, September). LOCK LIKE A PRO. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20220119114433/https://groupib.pathfactory.com/ransomware-reports/prolock_wp","source":"MITRE","title":"LOCK LIKE A PRO","authors":"Group IB","date_accessed":"2024-11-17T00:00:00Z","date_published":"2020-09-01T00:00:00Z","owner_name":null,"tidal_id":"8e2b5c66-2be0-56bc-93b1-14bec05e0faa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418143Z"},{"id":"17222170-5454-4a7d-804b-23753ec841eb","name":"AWS Cloud Trail Backup API","description":"Amazon. (2020). Logging AWS Backup API Calls with AWS CloudTrail. Retrieved April 27, 2020.","url":"https://docs.aws.amazon.com/aws-backup/latest/devguide/logging-using-cloudtrail.html","source":"MITRE","title":"Logging AWS Backup API Calls with AWS CloudTrail","authors":"Amazon","date_accessed":"2020-04-27T00:00:00Z","date_published":"2020-01-01T00:00:00Z","owner_name":null,"tidal_id":"c69d2b5a-c9d4-56ce-a01a-a98f73412a78","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436229Z"},{"id":"2aa0682b-f553-4c2b-ae9e-112310bcb8d0","name":"AWS Logging IAM Calls","description":"AWS. (n.d.). Logging IAM and AWS STS API calls with AWS CloudTrail. Retrieved April 1, 2022.","url":"https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html","source":"MITRE","title":"Logging IAM and AWS STS API calls with AWS CloudTrail","authors":"AWS","date_accessed":"2022-04-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ada12426-1936-5dba-8068-b5b1ecca0fd3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436276Z"},{"id":"d15943dd-d11c-4af2-a3ac-9ebe168a7526","name":"Login Items AE","description":"Apple. (n.d.). Login Items AE. Retrieved October 4, 2021.","url":"https://developer.apple.com/library/archive/samplecode/LoginItemsAE/Introduction/Intro.html#//apple_ref/doc/uid/DTS10003788","source":"MITRE","title":"Login Items AE","authors":"Apple","date_accessed":"2021-10-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3fea94ea-f37b-5ec4-9d5e-229a689bcee4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432038Z"},{"id":"340eb8df-cc22-4b59-8dca-32ec52fd6818","name":"LoginWindowScripts Apple Dev","description":"Apple. (n.d.). LoginWindowScripts. Retrieved April 1, 2022.","url":"https://developer.apple.com/documentation/devicemanagement/loginwindowscripts","source":"MITRE","title":"LoginWindowScripts","authors":"Apple","date_accessed":"2022-04-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"18f22a8f-f041-55ea-bc01-c30144f689a4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428599Z"},{"id":"e113b544-82ad-4099-ab4e-7fc8b78f54bd","name":"LogMeIn Homepage","description":"LogMeIn. (n.d.). LogMeIn Homepage. Retrieved November 16, 2023.","url":"https://www.logmein.com/","source":"Tidal Cyber","title":"LogMeIn Homepage","authors":"LogMeIn","date_accessed":"2023-11-16T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"2d4ccd40-94b2-5f88-a81e-d408d725a776","created":"2023-11-17T17:09:18.825666Z","modified":"2023-11-17T17:09:18.918879Z"},{"id":"bf8cce5c-be5e-59c7-9ff2-e478f30ce712","name":"LogonUserW function","description":"Microsoft. (2023, March 10). LogonUserW function (winbase.h). Retrieved January 8, 2024.","url":"https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-logonuserw","source":"MITRE","title":"LogonUserW function (winbase.h)","authors":"Microsoft","date_accessed":"2024-01-08T00:00:00Z","date_published":"2023-03-10T00:00:00Z","owner_name":null,"tidal_id":"b89f54d8-0ba4-5de0-8c3c-79a119cb166f","created":"2024-04-25T13:28:37.685722Z","modified":"2025-12-17T15:08:36.432490Z"},{"id":"cf29b0e4-3cf7-432e-be28-07aa4af442c4","name":"Logpoint Ransomware Detection Guide","description":"Logpoint. (2023, October 24). Logpoint - A Comprehensive Guide to Detect Ransomware. Retrieved April 8, 2025.","url":"https://www.logpoint.com/wp-content/uploads/2023/04/logpoint-a-comprehensive-guide-to-detect-ransomware.pdf","source":"Tidal Cyber","title":"Logpoint - A Comprehensive Guide to Detect Ransomware","authors":"Logpoint","date_accessed":"2025-04-08T00:00:00Z","date_published":"2023-10-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"459ee2a8-781f-5c46-b642-e768806de173","created":"2025-04-08T16:38:29.110111Z","modified":"2025-04-08T16:38:29.430706Z"},{"id":"bb938fea-2b2e-41d3-a55c-40ea34c00d21","name":"ESET LoJax Sept 2018","description":"ESET. (2018, September). LOJAX First UEFI rootkit found in the wild, courtesy of the Sednit group. Retrieved July 2, 2019.","url":"https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf","source":"MITRE","title":"LOJAX First UEFI rootkit found in the wild, courtesy of the Sednit group","authors":"ESET","date_accessed":"2019-07-02T00:00:00Z","date_published":"2018-09-01T00:00:00Z","owner_name":null,"tidal_id":"ddb3705d-bf67-5a0d-b0a9-e23919385ef0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421329Z"},{"id":"e938bab1-7dc1-4a78-b1e2-ab2aa0a83eb0","name":"Morphisec Lokibot April 2020","description":"Cheruku, H. (2020, April 15). LOKIBOT WITH AUTOIT OBFUSCATOR + FRENCHY SHELLCODE. Retrieved May 14, 2020.","url":"https://blog.morphisec.com/lokibot-with-autoit-obfuscator-frenchy-shellcode","source":"MITRE","title":"LOKIBOT WITH AUTOIT OBFUSCATOR + FRENCHY SHELLCODE","authors":"Cheruku, H","date_accessed":"2020-05-14T00:00:00Z","date_published":"2020-04-15T00:00:00Z","owner_name":null,"tidal_id":"3e79f185-8cc0-5d9b-b372-c36082067bbd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421594Z"},{"id":"80e649f5-6c74-4d66-a452-4f4cd51501da","name":"t1105_lolbas","description":"LOLBAS. (n.d.). LOLBAS Mapped to T1105. Retrieved March 11, 2022.","url":"https://lolbas-project.github.io/#t1105","source":"MITRE","title":"LOLBAS Mapped to T1105","authors":"LOLBAS","date_accessed":"2022-03-11T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ff3df1bd-24ea-582a-913f-aa5a1cb32a4a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435843Z"},{"id":"c7af164d-549d-44de-b491-542ef2eb4334","name":"Lolbin Ssh.exe Use As Proxy","description":"frack113, Nasreddine Bencherchali. (2023, January 26). Lolbin Ssh.exe Use As Proxy. Retrieved May 25, 2023.","url":"https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/proc_creation_win_lolbin_ssh.yml","source":"Tidal Cyber","title":"Lolbin Ssh.exe Use As Proxy","authors":"frack113, Nasreddine Bencherchali","date_accessed":"2023-05-25T00:00:00Z","date_published":"2023-01-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fc462ea8-5ebf-5f40-8679-e5b2a2cad1c1","created":"2024-06-13T20:10:31.514863Z","modified":"2024-06-13T20:10:31.693404Z"},{"id":"3ebccffe-d56d-594a-9548-740cf88a453b","name":"Huntress INC Ransomware May 2024","description":"Carvey, H. (2024, May 1). LOLBin to INC Ransomware. Retrieved June 5, 2024.","url":"https://www.huntress.com/blog/lolbin-to-inc-ransomware","source":"MITRE","title":"LOLBin to INC Ransomware","authors":"Carvey, H","date_accessed":"2024-06-05T00:00:00Z","date_published":"2024-05-01T00:00:00Z","owner_name":null,"tidal_id":"f26dd3c8-bb2b-5129-a06a-0dab662466c5","created":"2024-10-31T16:28:35.522984Z","modified":"2025-12-17T15:08:36.440036Z"},{"id":"784f1f5a-f7f2-45e8-84bd-b600f2b74b33","name":"Qualys LolZarus","description":"Pradhan, A. (2022, February 8). LolZarus: Lazarus Group Incorporating Lolbins into Campaigns. Retrieved March 22, 2022.","url":"https://blog.qualys.com/vulnerabilities-threat-research/2022/02/08/lolzarus-lazarus-group-incorporating-lolbins-into-campaigns","source":"MITRE","title":"LolZarus: Lazarus Group Incorporating Lolbins into Campaigns","authors":"Pradhan, A","date_accessed":"2022-03-22T00:00:00Z","date_published":"2022-02-08T00:00:00Z","owner_name":null,"tidal_id":"2f1fe2c7-3331-5d03-b39c-ef499036151b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439816Z"},{"id":"1a281862-efc8-4566-8d06-ba463e22225d","name":"Bitdefender Trickbot C2 infra Nov 2020","description":"Liviu Arsene, Radu Tudorica. (2020, November 23). TrickBot is Dead. Long Live TrickBot!. Retrieved September 28, 2021.","url":"https://www.bitdefender.com/blog/labs/trickbot-is-dead-long-live-trickbot/","source":"MITRE","title":"Long Live TrickBot!","authors":"Liviu Arsene, Radu Tudorica. (2020, November 23)","date_accessed":"2021-09-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c7feba94-23c3-5dfa-84fc-fc678ffbc3a3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442064Z"},{"id":"5a6246f8-c78e-404e-9f77-eaa8639114d3","name":"None December 18 2025","description":"None Identified. (2025, December 18). LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan. Retrieved December 19, 2025.","url":"https://www.welivesecurity.com/en/eset-research/longnosedgoblin-tries-sniff-out-governmental-affairs-southeast-asia-japan/","source":"Tidal Cyber","title":"LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan","authors":"None Identified","date_accessed":"2025-12-19T12:00:00Z","date_published":"2025-12-18T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"06be7e68-85c8-5208-a5a3-907275e09b42","created":"2025-12-24T14:56:05.894406Z","modified":"2025-12-24T14:56:06.077500Z"},{"id":"8feb5995-3be3-4bb0-9a4c-7e6a3507b5a9","name":"ESET LongNosedGoblin December 18 2025","description":"None Identified. (2025, December 18). LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan. Retrieved December 19, 2025.","url":"https://www.welivesecurity.com/en/eset-research/longnosedgoblin-tries-sniff-out-governmental-affairs-southeast-asia-japan/","source":"Tidal Cyber","title":"LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan","authors":"None Identified","date_accessed":"2025-12-19T12:00:00Z","date_published":"2025-12-18T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ecb1e77d-3895-5868-a879-a99f6e94a833","created":"2026-01-14T13:29:38.481884Z","modified":"2026-01-14T13:29:38.650134Z"},{"id":"77887f82-7815-4a91-8c8a-f77dc8a9ba53","name":"Proofpoint LookBack Malware Aug 2019","description":"Raggi, M. Schwarz, D.. (2019, August 1). LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards. Retrieved February 25, 2021.","url":"https://www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-sector-phishing-attacks","source":"MITRE","title":"LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards","authors":"Raggi, M. Schwarz, D.","date_accessed":"2021-02-25T00:00:00Z","date_published":"2019-08-01T00:00:00Z","owner_name":null,"tidal_id":"0124be9e-447f-51f7-8c14-bfe92038ff39","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421534Z"},{"id":"bfdddac2-7732-5e39-a79e-d0629f20fb60","name":"Sans Mutexes 2012","description":"Lenny Zeltser. (2012, July 24). Looking at Mutex Objects for Malware Discovery & Indicators of Compromise. Retrieved September 19, 2024.","url":"https://www.sans.org/blog/looking-at-mutex-objects-for-malware-discovery-indicators-of-compromise/","source":"MITRE","title":"Looking at Mutex Objects for Malware Discovery & Indicators of Compromise","authors":"Lenny Zeltser","date_accessed":"2024-09-19T00:00:00Z","date_published":"2012-07-24T00:00:00Z","owner_name":null,"tidal_id":"e3a0b0a9-611e-5324-baac-1d5ff497a205","created":"2024-10-31T16:28:20.473920Z","modified":"2025-12-17T15:08:36.429002Z"},{"id":"6043b34d-dec3-415b-8329-05f698f320e3","name":"Fidelis DarkComet","description":"Fidelis Cybersecurity. (2015, August 4). Looking at the Sky for a DarkComet. Retrieved April 5, 2016.","url":"https://www.fidelissecurity.com/sites/default/files/FTA_1018_looking_at_the_sky_for_a_dark_comet.pdf","source":"MITRE","title":"Looking at the Sky for a DarkComet","authors":"Fidelis Cybersecurity","date_accessed":"2016-04-05T00:00:00Z","date_published":"2015-08-04T00:00:00Z","owner_name":null,"tidal_id":"222c4d44-eb76-5774-96b6-4e81d0833101","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428111Z"},{"id":"2ac846c8-9b3b-5345-b436-4436b1e4e794","name":"Microsoft Sliver 2022","description":"Microsoft Security Experts. (2022, August 24). Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks. Retrieved March 24, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2022/08/24/looking-for-the-sliver-lining-hunting-for-emerging-command-and-control-frameworks/","source":"MITRE","title":"Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks","authors":"Microsoft Security Experts","date_accessed":"2025-03-24T00:00:00Z","date_published":"2022-08-24T00:00:00Z","owner_name":null,"tidal_id":"fa27d9ef-5b6f-5c48-a181-98c432f5ee20","created":"2025-04-22T20:47:29.579949Z","modified":"2025-12-17T15:08:36.439938Z"},{"id":"78a79546-1898-514f-9352-2df9fc6e080d","name":"lookout_bouldspy_0423","description":"Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July","url":"https://www.lookout.com/blog/iranian-spyware-bouldspy","source":"Mobile","title":"Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy","authors":"Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht","date_accessed":"1978-07-01T00:00:00Z","date_published":"2023-04-27T00:00:00Z","owner_name":null,"tidal_id":"deb14ede-48bd-583e-9ddf-62f54f9f8e5d","created":"2026-01-28T13:08:10.041319Z","modified":"2026-01-28T13:08:10.041325Z"},{"id":"f89b4a98-873c-5756-8164-cfc0735a51c2","name":"Lookout_DCHSpy_July2025","description":"Albrecht, J., Islamoglu, A. (2025, July 21). Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict . Retrieved September","url":"https://www.lookout.com/threat-intelligence/article/lookout-discovers-iranian-dchsy-surveillanceware","source":"Mobile","title":"Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict","authors":"Albrecht, J., Islamoglu, A","date_accessed":"1978-09-01T00:00:00Z","date_published":"2025-07-21T00:00:00Z","owner_name":null,"tidal_id":"b2f9a2f8-67a2-5809-b2ff-04c48b1534d6","created":"2026-01-28T13:08:10.040880Z","modified":"2026-01-28T13:08:10.040883Z"},{"id":"b21979ca-6f97-5ce3-a385-8328855c33b6","name":"Lookout-Adware","description":"Michael Bentley. (2015, November 4). Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire. Retrieved December","url":"https://blog.lookout.com/blog/2015/11/04/trojanized-adware/","source":"Mobile","title":"Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire","authors":"Michael Bentley","date_accessed":"1978-12-01T00:00:00Z","date_published":"2015-11-04T00:00:00Z","owner_name":null,"tidal_id":"d759d791-c1ae-536a-808d-e2ef6134a467","created":"2026-01-28T13:08:10.041721Z","modified":"2026-01-28T13:08:10.041724Z"},{"id":"3127308e-0c75-58b5-9ee0-9070b6b14623","name":"Lookout eSurv","description":"A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September","url":"https://blog.lookout.com/esurv-research","source":"Mobile","title":"Lookout discovers phishing sites distributing new iOS and Android surveillanceware","authors":"A. Bauer","date_accessed":"1978-09-01T00:00:00Z","date_published":"2019-04-08T00:00:00Z","owner_name":null,"tidal_id":"ec43af8e-6c63-53a0-ad1c-6aabf9405ad4","created":"2026-01-28T13:08:10.040778Z","modified":"2026-01-28T13:08:10.040781Z"},{"id":"daf4a032-3d74-5cb0-b0f7-67c0c51eec3d","name":"Lookout Desert Scorpion","description":"A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September","url":"https://blog.lookout.com/desert-scorpion-google-play","source":"Mobile","title":"Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East","authors":"A. Blaich, M. Flossman","date_accessed":"1978-09-01T00:00:00Z","date_published":"2018-04-16T00:00:00Z","owner_name":null,"tidal_id":"9898a5c1-f9bd-5f8a-bf63-e624dc932698","created":"2026-01-28T13:08:10.040085Z","modified":"2026-01-28T13:08:10.040088Z"},{"id":"86111971-cd37-4a87-bcaa-3e0f6326da5c","name":"Arctic Wolf Fog Ransomware June 4 2024","description":"Stefan Hostetler, Steven Campbell, Christopher Prest, Connor Belfiore, Markus Neis, Joe Wedderspoon, Rick McQuown, Arctic Wolf Labs Team. (2024, June 4). Lost in the Fog: A New Ransomware Threat. Retrieved July 29, 2024.","url":"https://arcticwolf.com/resources/blog/lost-in-the-fog-a-new-ransomware-threat/","source":"Tidal Cyber","title":"Lost in the Fog: A New Ransomware Threat","authors":"Stefan Hostetler, Steven Campbell, Christopher Prest, Connor Belfiore, Markus Neis, Joe Wedderspoon, Rick McQuown, Arctic Wolf Labs Team","date_accessed":"2024-07-29T00:00:00Z","date_published":"2024-06-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"be8f71c9-a775-5609-8786-b61de6bf10a1","created":"2024-08-02T14:58:09.382304Z","modified":"2024-08-02T14:58:09.867000Z"},{"id":"b0752c3a-1777-4209-938d-5382de6a49f5","name":"BlackHat Process Doppelgänging Dec 2017","description":"Liberman, T. & Kogan, E. (2017, December 7). Lost in Transaction: Process Doppelgänging. Retrieved December 20, 2017.","url":"https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf","source":"MITRE","title":"Lost in Transaction: Process Doppelgänging","authors":"Liberman, T. & Kogan, E","date_accessed":"2017-12-20T00:00:00Z","date_published":"2017-12-07T00:00:00Z","owner_name":null,"tidal_id":"99f9c31d-8c4c-5af8-9e4e-beacb0e03c65","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431143Z"},{"id":"9b7db916-e62f-5d7e-9574-a85198665a5a","name":"Cisco LotusBlossom 2025","description":"Joey Chen, Cisco Talos. (2025, February 27). Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools. Retrieved March 15, 2025.","url":"https://blog.talosintelligence.com/lotus-blossom-espionage-group/","source":"MITRE","title":"Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools","authors":"Joey Chen, Cisco Talos","date_accessed":"2025-03-15T00:00:00Z","date_published":"2025-02-27T00:00:00Z","owner_name":null,"tidal_id":"fd7c6a4d-42d2-5493-ab0a-ed47b9f46540","created":"2025-04-22T20:47:24.516018Z","modified":"2025-12-17T15:08:36.419840Z"},{"id":"f1e4ff9e-cb6c-46cc-898e-5f170bb5f634","name":"ESET LoudMiner June 2019","description":"Malik, M. (2019, June 20). LoudMiner: Cross-platform mining in cracked VST software. Retrieved May 18, 2020.","url":"https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/","source":"MITRE","title":"LoudMiner: Cross-platform mining in cracked VST software","authors":"Malik, M","date_accessed":"2020-05-18T00:00:00Z","date_published":"2019-06-20T00:00:00Z","owner_name":null,"tidal_id":"75160a80-8436-5b2f-a095-779a507bf640","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422511Z"},{"id":"be055994-bf66-5c1b-8b7e-d04df4062f3f","name":"GamaCopy organization","description":"Knownsec 404 Advanced Threat Intelligence team. (2025, January 21). Love and hate under war: The GamaCopy organization, which imitates the Russian Gamaredon, uses military — related bait to launch attacks on Russia. Retrieved June 14, 2025.","url":"https://medium.com/@knownsec404team/love-and-hate-under-war-the-gamacopy-organization-which-imitates-the-russian-gamaredon-uses-560ba5e633fa","source":"MITRE","title":"Love and hate under war: The GamaCopy organization, which imitates the Russian Gamaredon, uses military — related bait to launch attacks on Russia","authors":"Knownsec 404 Advanced Threat Intelligence team","date_accessed":"2025-06-14T00:00:00Z","date_published":"2025-01-21T00:00:00Z","owner_name":null,"tidal_id":"7c527bab-de11-5452-94d2-8d141cdc31ef","created":"2025-10-29T21:08:48.165703Z","modified":"2025-12-17T15:08:36.426138Z"},{"id":"099c3492-1813-4874-9901-e24b081f7e12","name":"GitHub Mimikatz Issue 92 June 2017","description":"Warren, J. (2017, June 22). lsadump::changentlm and lsadump::setntlm work, but generate Windows events #92. Retrieved December 4, 2017.","url":"https://github.com/gentilkiwi/mimikatz/issues/92","source":"MITRE","title":"lsadump::changentlm and lsadump::setntlm work, but generate Windows events #92","authors":"Warren, J","date_accessed":"2017-12-04T00:00:00Z","date_published":"2017-06-22T00:00:00Z","owner_name":null,"tidal_id":"3962fdef-c85b-5ec3-9145-bec996e16765","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433092Z"},{"id":"4a37ea4e-c512-5e41-8e4e-27911b3a4617","name":"Deep Instinct LSASS","description":"Gilboa, A. (2021, February 16). LSASS Memory Dumps are Stealthier than Ever Before - Part 2. Retrieved December 27, 2023.","url":"https://www.deepinstinct.com/blog/lsass-memory-dumps-are-stealthier-than-ever-before-part-2","source":"MITRE","title":"LSASS Memory Dumps are Stealthier than Ever Before - Part 2","authors":"Gilboa, A","date_accessed":"2023-12-27T00:00:00Z","date_published":"2021-02-16T00:00:00Z","owner_name":null,"tidal_id":"2c486267-e9b8-5313-ae72-0e451451de41","created":"2024-04-25T13:28:35.605570Z","modified":"2025-12-17T15:08:36.430492Z"},{"id":"c2f88274-9da4-5d24-b68d-302ee5990dd5","name":"lsmod man","description":"Kerrisk, M. (2022, December 18). lsmod(8) — Linux manual page. Retrieved March 28, 2023.","url":"https://man7.org/linux/man-pages/man8/lsmod.8.html","source":"MITRE","title":"lsmod(8) — Linux manual page","authors":"Kerrisk, M","date_accessed":"2023-03-28T00:00:00Z","date_published":"2022-12-18T00:00:00Z","owner_name":null,"tidal_id":"dbf7801a-f695-5e4c-8759-be7272396fe4","created":"2023-05-26T01:21:02.572714Z","modified":"2025-12-17T15:08:36.426186Z"},{"id":"603c033d-a3b3-5132-8574-7476a8f40815","name":"Lua state","description":"Lua. (n.d.). lua_State. Retrieved August 5, 2024.","url":"https://pgl.yoyo.org/luai/i/lua_State","source":"MITRE","title":"lua_State","authors":"Lua","date_accessed":"2024-08-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"fc5da62e-c135-57a3-858d-a19ba179035c","created":"2024-10-31T16:28:24.535141Z","modified":"2025-12-17T15:08:36.433485Z"},{"id":"3977a87a-2eab-4a67-82b2-10c9dc7e4554","name":"Unit 42 Lucifer June 2020","description":"Hsu, K. et al. (2020, June 24). Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices. Retrieved November 16, 2020.","url":"https://unit42.paloaltonetworks.com/lucifer-new-cryptojacking-and-ddos-hybrid-malware/","source":"MITRE","title":"Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices","authors":"Hsu, K. et al","date_accessed":"2020-11-16T00:00:00Z","date_published":"2020-06-24T00:00:00Z","owner_name":null,"tidal_id":"e9e94e15-672a-5b84-b15d-bbce90de1343","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418672Z"},{"id":"f974708b-598c-46a9-aac9-c5fbdd116c2a","name":"Securelist LuckyMouse June 2018","description":"Legezo, D. (2018, June 13). LuckyMouse hits national data center to organize country-level waterholing campaign. Retrieved August 18, 2018.","url":"https://securelist.com/luckymouse-hits-national-data-center/86083/","source":"MITRE","title":"LuckyMouse hits national data center to organize country-level waterholing campaign","authors":"Legezo, D","date_accessed":"2018-08-18T00:00:00Z","date_published":"2018-06-13T00:00:00Z","owner_name":null,"tidal_id":"0c4d3505-e529-5851-b9bd-a59b39a40395","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419037Z"},{"id":"033e7c95-cded-5e51-9a9f-1c6038b0509f","name":"lucr-3: Getting SaaS-y in the cloud","description":"Ian Ahl. (2023, September 20). LUCR-3: Scattered Spider Getting SaaS-y In The Cloud. Retrieved September 20, 2023.","url":"https://permiso.io/blog/lucr-3-scattered-spider-getting-saas-y-in-the-cloud","source":"MITRE","title":"LUCR-3: Scattered Spider Getting SaaS-y In The Cloud","authors":"Ian Ahl","date_accessed":"2023-09-20T00:00:00Z","date_published":"2023-09-20T00:00:00Z","owner_name":null,"tidal_id":"902e363e-7e1f-5610-9752-ffccb8218b32","created":"2023-11-07T00:36:01.703692Z","modified":"2025-12-17T15:08:36.428743Z"},{"id":"020b97ab-466d-52e6-b1f1-6f9f8ffdabf0","name":"Permiso Scattered Spider 2023","description":"Ian Ahl. (2023, September 20). LUCR-3: SCATTERED SPIDER GETTING SAAS-Y IN THE CLOUD. Retrieved September 25, 2023.","url":"https://permiso.io/blog/lucr-3-scattered-spider-getting-saas-y-in-the-cloud","source":"MITRE","title":"LUCR-3: SCATTERED SPIDER GETTING SAAS-Y IN THE CLOUD","authors":"Ian Ahl","date_accessed":"2023-09-25T00:00:00Z","date_published":"2023-09-20T00:00:00Z","owner_name":null,"tidal_id":"efabbd3d-8b1c-5d2a-898d-280a71bf384f","created":"2023-11-07T00:36:07.911289Z","modified":"2025-12-17T15:08:36.432405Z"},{"id":"e21c6931-fba8-52b0-b6f0-1c8222881fbd","name":"Kaspersky LuminousMoth July 2021","description":"Lechtik, M, and etl. (2021, July 14). LuminousMoth APT: Sweeping attacks for the chosen few. Retrieved October 20, 2022.","url":"https://securelist.com/apt-luminousmoth/103332/","source":"MITRE","title":"LuminousMoth APT: Sweeping attacks for the chosen few","authors":"Lechtik, M, and etl","date_accessed":"2022-10-20T00:00:00Z","date_published":"2021-07-14T00:00:00Z","owner_name":null,"tidal_id":"260c488e-d5d0-5fbf-854e-45868e58d5f5","created":"2023-05-26T01:21:14.191308Z","modified":"2025-12-17T15:08:36.437313Z"},{"id":"6b1ce8bb-4e77-59f3-87ff-78f4a1a10ad3","name":"Bitdefender LuminousMoth July 2021","description":"Botezatu, B and etl. (2021, July 21). LuminousMoth - PlugX, File Exfiltration and Persistence Revisited. Retrieved October 20, 2022.","url":"https://www.bitdefender.com/blog/labs/luminousmoth-plugx-file-exfiltration-and-persistence-revisited","source":"MITRE","title":"LuminousMoth - PlugX, File Exfiltration and Persistence Revisited","authors":"Botezatu, B and etl","date_accessed":"2022-10-20T00:00:00Z","date_published":"2021-07-21T00:00:00Z","owner_name":null,"tidal_id":"39fac6c6-39a4-50e7-b5ba-f8ae9dc0e7d9","created":"2023-05-26T01:21:14.181933Z","modified":"2025-12-17T15:08:36.437307Z"},{"id":"9abdee3c-405f-4aff-bf30-aad68b7e3a8d","name":"SpyCloud Inc December 19 2024","description":"James. (2024, December 19). LummaC2 Revisited What's Making this Stealer Stealthier and More Lethal. Retrieved December 20, 2024.","url":"https://spycloud.com/blog/lummac2-malware-stealthier-capabilities/","source":"Tidal Cyber","title":"LummaC2 Revisited What's Making this Stealer Stealthier and More Lethal","authors":"James","date_accessed":"2024-12-20T00:00:00Z","date_published":"2024-12-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b8a93ef9-c3f6-5919-aab8-63212bd0375c","created":"2025-02-11T18:20:05.327719Z","modified":"2025-02-11T18:20:05.522730Z"},{"id":"5dca9c19-772e-41e9-bbcc-5060586781b6","name":"Netskope January 23 2025","description":"Leandro Fróes. (2025, January 23). Lumma Stealer Fake CAPTCHAs & New Techniques to Evade Detection. Retrieved February 2, 2025.","url":"https://www.netskope.com/blog/lumma-stealer-fake-captchas-new-techniques-to-evade-detection","source":"Tidal Cyber","title":"Lumma Stealer Fake CAPTCHAs & New Techniques to Evade Detection","authors":"Leandro Fróes","date_accessed":"2025-02-02T00:00:00Z","date_published":"2025-01-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0d6ab170-ae27-5b24-ac43-6b9c4857fb97","created":"2025-02-11T18:20:04.374044Z","modified":"2025-02-11T18:20:04.586086Z"},{"id":"1bddd8eb-b306-5ce9-ad3b-1e34228b7696","name":"Netskope LummaStealer 2025","description":"Leandro Fróes, Netskope. (2025, January 23). Lumma Stealer: Fake CAPTCHAs & New Techniques to Evade Detection. Retrieved March 22, 2025.","url":"https://www.netskope.com/blog/lumma-stealer-fake-captchas-new-techniques-to-evade-detection","source":"MITRE","title":"Lumma Stealer: Fake CAPTCHAs & New Techniques to Evade Detection","authors":"Leandro Fróes, Netskope","date_accessed":"2025-03-22T00:00:00Z","date_published":"2025-01-23T00:00:00Z","owner_name":null,"tidal_id":"c2e9be30-67a7-50e3-b1c0-35efcafc9fad","created":"2025-04-22T20:47:27.387971Z","modified":"2025-12-17T15:08:36.419305Z"},{"id":"a23bb029-0652-57e8-b25a-17a7c58bc41f","name":"TrendMicro LummaStealer 2025","description":"Buddy Tancio, Fe Cureg, and Jovit Samaniego, Trend Micro. (2025, January 30). Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response. Retrieved March 22, 2025.","url":"https://www.trendmicro.com/en_us/research/25/a/lumma-stealers-github-based-delivery-via-mdr.html","source":"MITRE","title":"Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response","authors":"Buddy Tancio, Fe Cureg, and Jovit Samaniego, Trend Micro","date_accessed":"2025-03-22T00:00:00Z","date_published":"2025-01-30T00:00:00Z","owner_name":null,"tidal_id":"1c754aee-d895-517b-9c22-09b356bbab71","created":"2025-04-22T20:47:27.365409Z","modified":"2025-12-17T15:08:36.419286Z"},{"id":"ec52bcc9-6a56-5b94-8534-23c8e7ce740f","name":"Unit42 Luna Moth","description":"Kristopher Russo. (n.d.). Luna Moth Callback Phishing Campaign. Retrieved February 2, 2023.","url":"https://unit42.paloaltonetworks.com/luna-moth-callback-phishing/","source":"MITRE","title":"Luna Moth Callback Phishing Campaign","authors":"Kristopher Russo","date_accessed":"2023-02-02T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"06e9aa4e-05cd-5bf4-887e-4ab643f2f944","created":"2023-05-26T01:21:08.641967Z","modified":"2025-12-17T15:08:36.433249Z"},{"id":"3e1c2a64-8446-538d-a148-2de87991955a","name":"sygnia Luna Month","description":"Oren Biderman, Tomer Lahiyani, Noam Lifshitz, Ori Porag. (n.d.). LUNA MOTH: THE THREAT ACTORS BEHIND RECENT FALSE SUBSCRIPTION SCAMS. Retrieved February 2, 2023.","url":"https://blog.sygnia.co/luna-moth-false-subscription-scams","source":"MITRE","title":"LUNA MOTH: THE THREAT ACTORS BEHIND RECENT FALSE SUBSCRIPTION SCAMS","authors":"Oren Biderman, Tomer Lahiyani, Noam Lifshitz, Ori Porag","date_accessed":"2023-02-02T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"808f68d6-afba-57db-a9e6-4e8e7aaae3c2","created":"2023-05-26T01:21:08.647023Z","modified":"2025-12-17T15:08:36.433255Z"},{"id":"115590b2-ab57-432c-900e-000627464a11","name":"Sygnia Luna Moth July 1 2022","description":"Oren Biderman, Tomer Lahiyani, Noam Lifshitz, Ori Porag. (2022, July 1). Luna Moth Ransomware: The Threat Actors Behind Recent False Subscription Scams. Retrieved June 28, 2024.","url":"https://www.sygnia.co/blog/luna-moth-false-subscription-scams/","source":"Tidal Cyber","title":"Luna Moth Ransomware: The Threat Actors Behind Recent False Subscription Scams","authors":"Oren Biderman, Tomer Lahiyani, Noam Lifshitz, Ori Porag","date_accessed":"2024-06-28T00:00:00Z","date_published":"2022-07-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8c4938eb-54ef-5112-94be-008678b88bf3","created":"2024-06-28T17:22:18.471555Z","modified":"2024-06-28T17:22:18.838173Z"},{"id":"eb78de14-8044-4466-8954-9ca44a17e895","name":"Zscaler Lyceum DnsSystem June 2022","description":"Shivtarkar, N. and Kumar, A. (2022, June 9). Lyceum .NET DNS Backdoor. Retrieved June 23, 2022.","url":"https://www.zscaler.com/blogs/security-research/lyceum-net-dns-backdoor","source":"MITRE","title":"Lyceum .NET DNS Backdoor","authors":"Shivtarkar, N. and Kumar, A","date_accessed":"2022-06-23T00:00:00Z","date_published":"2022-06-09T00:00:00Z","owner_name":null,"tidal_id":"99ba520b-2142-56c2-8be1-d082a303ad29","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420115Z"},{"id":"b3d13a82-c24e-4b47-b47a-7221ad449859","name":"Kaspersky Lyceum October 2021","description":"Kayal, A. et al. (2021, October). LYCEUM REBORN: COUNTERINTELLIGENCE IN THE MIDDLE EAST. Retrieved June 14, 2022.","url":"https://vblocalhost.com/uploads/VB2021-Kayal-etal.pdf","source":"MITRE","title":"LYCEUM REBORN: COUNTERINTELLIGENCE IN THE MIDDLE EAST","authors":"Kayal, A. et al","date_accessed":"2022-06-14T00:00:00Z","date_published":"2021-10-01T00:00:00Z","owner_name":null,"tidal_id":"631d8e6a-d176-58d9-a7d1-3843f8102491","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421102Z"},{"id":"99c53143-6f93-44c9-a874-c1b9e4506fb4","name":"CoinTicker 2019","description":"Thomas Reed. (2018, October 29). Mac cryptocurrency ticker app installs backdoors. Retrieved April 23, 2019.","url":"https://blog.malwarebytes.com/threat-analysis/2018/10/mac-cryptocurrency-ticker-app-installs-backdoors/","source":"MITRE","title":"Mac cryptocurrency ticker app installs backdoors","authors":"Thomas Reed","date_accessed":"2019-04-23T00:00:00Z","date_published":"2018-10-29T00:00:00Z","owner_name":null,"tidal_id":"71dca3be-7bbd-573a-ae90-0ade25ba7123","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421699Z"},{"id":"408d5e33-fcb6-4d21-8be9-7aa5a8bd3385","name":"ESET Machete July 2019","description":"ESET. (2019, July). MACHETE JUST GOT SHARPER Venezuelan government institutions under attack. Retrieved September 13, 2019.","url":"https://www.welivesecurity.com/wp-content/uploads/2019/08/ESET_Machete.pdf","source":"MITRE, Tidal Cyber","title":"MACHETE JUST GOT SHARPER Venezuelan government institutions under attack","authors":"ESET","date_accessed":"2019-09-13T00:00:00Z","date_published":"2019-07-01T00:00:00Z","owner_name":null,"tidal_id":"b5552ee5-ae9e-5063-9933-60c458c879b5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.258059Z"},{"id":"e78b7c32-9b1d-4d5e-8f38-6d6778ee056b","name":"Trend Micro March 30 2023","description":"Qi Sun; Luis Magisa Read time. (2023, March 30). Mac Malware MacStealer Spreads as Fake P2E Apps. Retrieved January 1, 2024.","url":"https://www.trendmicro.com/en_us/research/23/c/mac-malware-macstealer-spreads-as-fake-p2-e-apps.html","source":"Tidal Cyber","title":"Mac Malware MacStealer Spreads as Fake P2E Apps","authors":"Qi Sun; Luis Magisa Read time","date_accessed":"2024-01-01T00:00:00Z","date_published":"2023-03-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5448e821-ba47-5479-8161-aad4be524dac","created":"2025-04-11T15:06:09.622530Z","modified":"2025-04-11T15:06:09.775458Z"},{"id":"9845ef95-bcc5-4430-8008-1e4a28e13c33","name":"synack 2016 review","description":"Patrick Wardle. (2017, January 1). Mac Malware of 2016. Retrieved September 21, 2018.","url":"https://objective-see.org/blog/blog_0x16.html","source":"MITRE","title":"Mac Malware of 2016","authors":"Patrick Wardle","date_accessed":"2018-09-21T00:00:00Z","date_published":"2017-01-01T00:00:00Z","owner_name":null,"tidal_id":"53af6779-3fb0-5ca8-bf1e-8168036364e6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418268Z"},{"id":"08227ae5-4086-4c31-83d9-459c3a097754","name":"objsee mac malware 2017","description":"Patrick Wardle. (n.d.). Mac Malware of 2017. Retrieved September 21, 2018.","url":"https://objective-see.com/blog/blog_0x25.html","source":"MITRE","title":"Mac Malware of 2017","authors":"Patrick Wardle","date_accessed":"2018-09-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"60f23e20-c2c2-5349-8254-f5d9aa1549e1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417579Z"},{"id":"4605c51d-b36e-4c29-abda-2a97829f6019","name":"Unit42 CookieMiner Jan 2019","description":"Chen, y., et al. (2019, January 31). Mac Malware Steals Cryptocurrency Exchanges’ Cookies. Retrieved July 22, 2020.","url":"https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/","source":"MITRE","title":"Mac Malware Steals Cryptocurrency Exchanges’ Cookies","authors":"Chen, y., et al","date_accessed":"2020-07-22T00:00:00Z","date_published":"2019-01-31T00:00:00Z","owner_name":null,"tidal_id":"19c85fc8-fe01-5708-971a-593a4ba85022","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422251Z"},{"id":"0a88e730-8ed2-4983-8f11-2cb2e4abfe3e","name":"Unit 42 Mac Crypto Cookies January 2019","description":"Chen, Y., Hu, W., Xu, Z., et. al. (2019, January 31). Mac Malware Steals Cryptocurrency Exchanges’ Cookies. Retrieved October 14, 2019.","url":"https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/","source":"MITRE","title":"Mac Malware Steals Cryptocurrency Exchanges’ Cookies","authors":"Chen, Y., Hu, W., Xu, Z., et. al","date_accessed":"2019-10-14T00:00:00Z","date_published":"2019-01-31T00:00:00Z","owner_name":null,"tidal_id":"2e8fe4f1-2c94-55c8-b56e-e7ddfde055b2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425108Z"},{"id":"4d631c9a-4fd5-43a4-8b78-4219bd371e87","name":"MacKeeper Bundlore Apr 2019","description":"Sushko, O. (2019, April 17). macOS Bundlore: Mac Virus Bypassing macOS Security Features. Retrieved June 30, 2020.","url":"https://mackeeper.com/blog/post/610-macos-bundlore-adware-analysis/","source":"MITRE","title":"macOS Bundlore: Mac Virus Bypassing macOS Security Features","authors":"Sushko, O","date_accessed":"2020-06-30T00:00:00Z","date_published":"2019-04-17T00:00:00Z","owner_name":null,"tidal_id":"ab5ed2bc-d7bc-5990-900b-a3983927b132","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419785Z"},{"id":"b5e0add8-bda6-5cae-85c7-58f7cab1579c","name":"SentinelOne Cuckoo Stealer May 2024","description":"Stokes, P. (2024, May 9). macOS Cuckoo Stealer | Ensuring Detection and Defense as New Samples Rapidly Emerge. Retrieved August 20, 2024.","url":"https://www.sentinelone.com/blog/macos-cuckoo-stealer-ensuring-detection-and-defense-as-new-samples-rapidly-emerge/","source":"MITRE","title":"macOS Cuckoo Stealer | Ensuring Detection and Defense as New Samples Rapidly Emerge","authors":"Stokes, P","date_accessed":"2024-08-20T00:00:00Z","date_published":"2024-05-09T00:00:00Z","owner_name":null,"tidal_id":"04344917-fcb8-5814-ad92-9c0b8f47cc0e","created":"2024-10-31T16:28:32.698585Z","modified":"2025-12-17T15:08:36.418101Z"},{"id":"61aae3a4-317e-4117-a02a-27885709fb07","name":"MalwareUnicorn macOS Dylib Injection MachO","description":"Amanda Rousseau. (2020, April 4). MacOS Dylib Injection Workshop. Retrieved March 29, 2021.","url":"https://malwareunicorn.org/workshops/macos_dylib_injection.html#5","source":"MITRE","title":"MacOS Dylib Injection Workshop","authors":"Amanda Rousseau","date_accessed":"2021-03-29T00:00:00Z","date_published":"2020-04-04T00:00:00Z","owner_name":null,"tidal_id":"63739ecf-9422-5659-a8b9-298ab7ea3058","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436760Z"},{"id":"4b8b110a-fc40-4094-a70d-15530bc05fec","name":"macOS Hierarchical File System Overview","description":"Tenon. (n.d.). Retrieved October 12, 2021.","url":"http://tenon.com/products/codebuilder/User_Guide/6_File_Systems.html#anchor520553","source":"MITRE","title":"macOS Hierarchical File System Overview","authors":"","date_accessed":"2021-10-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5890162c-cf9f-50da-9522-b1ced2035ff1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433617Z"},{"id":"13773d75-6fc1-4289-bf45-6ee147279052","name":"Add List Remove Login Items Apple Script","description":"kaloprominat. (2013, July 30). macos: manage add list remove login items apple script. Retrieved October 5, 2021.","url":"https://gist.github.com/kaloprominat/6111584","source":"MITRE","title":"macos: manage add list remove login items apple script","authors":"kaloprominat","date_accessed":"2021-10-05T00:00:00Z","date_published":"2013-07-30T00:00:00Z","owner_name":null,"tidal_id":"6c46d44d-3b39-5633-b4a4-07f1d41386e6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432064Z"},{"id":"0d015be9-34ba-4c59-9cea-80b76ee89dd0","name":"SentinelOne 9 11 2023","description":"Phil Stokes. (2023, September 11). macOS MetaStealer . Retrieved January 1, 2024.","url":"https://www.sentinelone.com/blog/macos-metastealer-new-family-of-obfuscated-go-infostealers-spread-in-targeted-attacks/","source":"Tidal Cyber","title":"macOS MetaStealer","authors":"Phil Stokes","date_accessed":"2024-01-01T00:00:00Z","date_published":"2023-09-11T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"daff9bae-dd23-5c46-8434-16f986c3bbb0","created":"2024-06-13T20:10:58.937480Z","modified":"2024-06-13T20:10:59.125504Z"},{"id":"759e81c1-a250-440e-8b52-178bcf5451b9","name":"macOS MS office sandbox escape","description":"Cedric Owens. (2021, May 22). macOS MS Office Sandbox Brain Dump. Retrieved August 20, 2021.","url":"https://cedowens.medium.com/macos-ms-office-sandbox-brain-dump-4509b5fed49a","source":"MITRE","title":"macOS MS Office Sandbox Brain Dump","authors":"Cedric Owens","date_accessed":"2021-08-20T00:00:00Z","date_published":"2021-05-22T00:00:00Z","owner_name":null,"tidal_id":"fa91e649-0e30-5c6b-8698-bbabc0c6ba8a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433903Z"},{"id":"979cac34-d447-4e42-b17e-8ab2630bcfec","name":"MDSec macOS JXA and VSCode","description":"Dominic Chell. (2021, January 1). macOS Post-Exploitation Shenanigans with VSCode Extensions. Retrieved April 20, 2021.","url":"https://www.mdsec.co.uk/2021/01/macos-post-exploitation-shenanigans-with-vscode-extensions/","source":"MITRE","title":"macOS Post-Exploitation Shenanigans with VSCode Extensions","authors":"Dominic Chell","date_accessed":"2021-04-20T00:00:00Z","date_published":"2021-01-01T00:00:00Z","owner_name":null,"tidal_id":"aea36de0-f039-590f-b534-fb51315803f9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424851Z"},{"id":"4b05bd7c-22a3-4168-850c-8168700b17ba","name":"SentinelOne macOS Red Team","description":"Phil Stokes. (2019, December 5). macOS Red Team: Calling Apple APIs Without Building Binaries. Retrieved July 17, 2020.","url":"https://www.sentinelone.com/blog/macos-red-team-calling-apple-apis-without-building-binaries/","source":"MITRE","title":"macOS Red Team: Calling Apple APIs Without Building Binaries","authors":"Phil Stokes","date_accessed":"2020-07-17T00:00:00Z","date_published":"2019-12-05T00:00:00Z","owner_name":null,"tidal_id":"a3188361-7a33-5bd8-bb85-bbe722f5478d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424884Z"},{"id":"159f8495-5354-4b93-84cb-a25e56fcff3e","name":"Lockboxx ARD 2019","description":"Dan Borges. (2019, July 21). MacOS Red Teaming 206: ARD (Apple Remote Desktop Protocol). Retrieved September 10, 2021.","url":"http://lockboxx.blogspot.com/2019/07/macos-red-teaming-206-ard-apple-remote.html","source":"MITRE","title":"MacOS Red Teaming 206: ARD (Apple Remote Desktop Protocol)","authors":"Dan Borges","date_accessed":"2021-09-10T00:00:00Z","date_published":"2019-07-21T00:00:00Z","owner_name":null,"tidal_id":"784c1315-ff6f-5795-a980-da6fea1f9b84","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429678Z"},{"id":"83daecf1-8708-56da-aaad-1e7e95c4ea43","name":"nixCraft macOS PATH variables","description":"Vivek Gite. (2023, August 22). MacOS – Set / Change $PATH Variable Command. Retrieved September 28, 2023.","url":"https://www.cyberciti.biz/faq/appleosx-bash-unix-change-set-path-environment-variable/","source":"MITRE","title":"MacOS – Set / Change $PATH Variable Command","authors":"Vivek Gite","date_accessed":"2023-09-28T00:00:00Z","date_published":"2023-08-22T00:00:00Z","owner_name":null,"tidal_id":"3418c061-9e9c-5403-83a3-d207e6b7fec0","created":"2023-11-07T00:35:57.334721Z","modified":"2025-12-17T15:08:36.424516Z"},{"id":"1036fbbb-f731-458a-b38c-42431612c0ad","name":"SensePost MacroLess DDE Oct 2017","description":"Stalmans, E., El-Sherei, S. (2017, October 9). Macro-less Code Exec in MSWord. Retrieved November 21, 2017.","url":"https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/","source":"MITRE","title":"Macro-less Code Exec in MSWord","authors":"Stalmans, E., El-Sherei, S","date_accessed":"2017-11-21T00:00:00Z","date_published":"2017-10-09T00:00:00Z","owner_name":null,"tidal_id":"5f590c70-865e-5bfa-b6b9-e6b2f48592cd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426314Z"},{"id":"d63f3f6a-4486-48a4-b2f8-c2a8d571731a","name":"Macro Malware Targets Macs","description":"Yerko Grbic. (2017, February 14). Macro Malware Targets Macs. Retrieved July 8, 2017.","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/macro-malware-targets-macs/","source":"MITRE","title":"Macro Malware Targets Macs","authors":"Yerko Grbic","date_accessed":"2017-07-08T00:00:00Z","date_published":"2017-02-14T00:00:00Z","owner_name":null,"tidal_id":"d46b8731-1acc-54ff-9ecc-ebe01ed3b720","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427762Z"},{"id":"80bb8646-1eb0-442a-aa51-ee3efaf75915","name":"alientvault macspy","description":"PETER EWANE. (2017, June 9). MacSpy: OS X RAT as a Service. Retrieved September 21, 2018.","url":"https://www.alienvault.com/blogs/labs-research/macspy-os-x-rat-as-a-service","source":"MITRE","title":"MacSpy: OS X RAT as a Service","authors":"PETER EWANE","date_accessed":"2018-09-21T00:00:00Z","date_published":"2017-06-09T00:00:00Z","owner_name":null,"tidal_id":"950474a3-44d9-57f1-ba1b-124407a16ef7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440092Z"},{"id":"3be3b5ef-acea-49ae-8fe5-3346a68c8630","name":"None December 22 2025","description":"None Identified. (2025, December 22). \n \n MacSync Stealer Evolves: From ClickFix to Code-Signed Swift Malware — Jamf Threat Labs\n \n . Retrieved December 24, 2025.","url":"https://www.jamf.com/blog/macsync-stealer-evolution-code-signed-swift-malware-analysis/","source":"Tidal Cyber","title":"MacSync Stealer Evolves: From ClickFix to Code-Signed Swift Malware — Jamf Threat Labs","authors":"None Identified","date_accessed":"2025-12-24T12:00:00Z","date_published":"2025-12-22T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"55b34ca9-ddfc-53c9-bf99-0137443e1010","created":"2025-12-29T17:39:49.662995Z","modified":"2025-12-29T17:39:49.796394Z"},{"id":"6d55b62e-63b8-5b4b-b47a-009c97ff3306","name":"Lau-Mactans","description":"Lau et al. (2013). Mactans: Injecting Malware Into iOS Devices Via Malicious Chargers. Retrieved December","url":"https://media.blackhat.com/us-13/US-13-Lau-Mactans-Injecting-Malware-into-iOS-Devices-via-Malicious-Chargers-WP.pdf","source":"Mobile","title":"Mactans: Injecting Malware Into iOS Devices Via Malicious Chargers","authors":"Lau et al","date_accessed":"1978-12-01T00:00:00Z","date_published":"2013-01-01T00:00:00Z","owner_name":null,"tidal_id":"b2e2ba8a-15e1-5688-8d15-69bc18e681af","created":"2026-01-28T13:08:10.044302Z","modified":"2026-01-28T13:08:10.044305Z"},{"id":"47b49df4-34f1-4a89-9983-e8bc19aadf8c","name":"reed thiefquest ransomware analysis","description":"Thomas Reed. (2020, July 7). Mac ThiefQuest malware may not be ransomware after all. Retrieved March 22, 2021.","url":"https://blog.malwarebytes.com/mac/2020/07/mac-thiefquest-malware-may-not-be-ransomware-after-all/","source":"MITRE","title":"Mac ThiefQuest malware may not be ransomware after all","authors":"Thomas Reed","date_accessed":"2021-03-22T00:00:00Z","date_published":"2020-07-07T00:00:00Z","owner_name":null,"tidal_id":"e7edc21e-dca4-5b2e-b155-4f93d6712173","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419507Z"},{"id":"b265ef93-c1fb-440d-a9e0-89cf25a3de05","name":"Reed thiefquest fake ransom","description":"Thomas Reed. (2020, July 7). Mac ThiefQuest malware may not be ransomware after all. Retrieved March 18, 2021.","url":"https://blog.malwarebytes.com/detections/osx-thiefquest/","source":"MITRE","title":"Mac ThiefQuest malware may not be ransomware after all","authors":"Thomas Reed","date_accessed":"2021-03-18T00:00:00Z","date_published":"2020-07-07T00:00:00Z","owner_name":null,"tidal_id":"623ec19c-b217-549a-8d29-9970e5474444","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419500Z"},{"id":"5f2f6a12-26c5-4c74-98ad-48b67379a716","name":"Malwarebytes 9 6 2023","description":"Jerome Segura. (2023, September 6). Mac users targeted in new malvertising campaign delivering Atomic Stealer. Retrieved April 19, 2024.","url":"https://www.malwarebytes.com/blog/threat-intelligence/2023/09/atomic-macos-stealer-delivered-via-malvertising","source":"Tidal Cyber","title":"Mac users targeted in new malvertising campaign delivering Atomic Stealer","authors":"Jerome Segura","date_accessed":"2024-04-19T00:00:00Z","date_published":"2023-09-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"900a2c4f-7ed6-519f-952e-23d37a1d3015","created":"2024-06-13T20:10:57.479460Z","modified":"2024-06-13T20:10:57.665297Z"},{"id":"fad94973-eafa-4fdb-b7aa-22c21d894f81","name":"Objective See Green Lambert for OSX Oct 2021","description":"Sandvik, Runa. (2021, October 1). Made In America: Green Lambert for OS X. Retrieved March 21, 2022.","url":"https://objective-see.com/blog/blog_0x68.html","source":"MITRE","title":"Made In America: Green Lambert for OS X","authors":"Sandvik, Runa","date_accessed":"2022-03-21T00:00:00Z","date_published":"2021-10-01T00:00:00Z","owner_name":null,"tidal_id":"085fa69c-7ba7-5694-88bb-60492a33a7f2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418869Z"},{"id":"edb9395d-c8a2-46a5-8bf4-91b1d8fe6e3b","name":"Trend Micro FIN6 October 2019","description":"Chen, J. (2019, October 10). Magecart Card Skimmers Injected Into Online Shops. Retrieved September 9, 2020.","url":"https://www.trendmicro.com/en_us/research/19/j/fin6-compromised-e-commerce-platform-via-magecart-to-inject-credit-card-skimmers-into-thousands-of-online-shops.html","source":"MITRE","title":"Magecart Card Skimmers Injected Into Online Shops","authors":"Chen, J","date_accessed":"2020-09-09T00:00:00Z","date_published":"2019-10-10T00:00:00Z","owner_name":null,"tidal_id":"12a4d280-54de-526e-a7ad-6027ebe482ef","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440260Z"},{"id":"f1ef9868-3ddb-4289-aa92-481c35517920","name":"Unit 42 Magic Hound Feb 2017","description":"Lee, B. and Falcone, R. (2017, February 15). Magic Hound Campaign Attacks Saudi Targets. Retrieved December 27, 2017.","url":"https://researchcenter.paloaltonetworks.com/2017/02/unit42-magic-hound-campaign-attacks-saudi-targets/","source":"MITRE","title":"Magic Hound Campaign Attacks Saudi Targets","authors":"Lee, B. and Falcone, R","date_accessed":"2017-12-27T00:00:00Z","date_published":"2017-02-15T00:00:00Z","owner_name":null,"tidal_id":"437f2593-151a-5af2-baa9-2063c73402d9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438069Z"},{"id":"06d36dea-e13d-48c4-b6d6-0c175c379f5b","name":"AMD Magic Packet","description":"AMD. (1995, November 1). Magic Packet Technical White Paper. Retrieved February 17, 2021.","url":"https://www.amd.com/system/files/TechDocs/20213.pdf","source":"MITRE","title":"Magic Packet Technical White Paper","authors":"AMD","date_accessed":"2021-02-17T00:00:00Z","date_published":"1995-11-01T00:00:00Z","owner_name":null,"tidal_id":"d13d84bf-ac76-57ce-be7d-25e52b5e2910","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428716Z"},{"id":"6dc427b1-7b0f-50b8-bbec-bab2f526fe0e","name":"Cisco MagicRAT 2022","description":"Asheer Malhotra, Vitor Ventura & Jungsoo An, Cisco Talos. (2022, September 7). MagicRAT: Lazarus’ latest gateway into victim networks. Retrieved December 30, 2024.","url":"https://blog.talosintelligence.com/lazarus-magicrat/","source":"MITRE","title":"MagicRAT: Lazarus’ latest gateway into victim networks","authors":"Asheer Malhotra, Vitor Ventura & Jungsoo An, Cisco Talos","date_accessed":"2024-12-30T00:00:00Z","date_published":"2022-09-07T00:00:00Z","owner_name":null,"tidal_id":"61c4d9a0-6f3c-501f-ab40-25d84f387754","created":"2025-04-22T20:47:27.728711Z","modified":"2025-12-17T15:08:36.419985Z"},{"id":"5b728693-37e8-4100-ac82-b70945113e07","name":"MagicWeb","description":"Microsoft Threat Intelligence Center, Microsoft Detection and Response Team, Microsoft 365 Defender Research Team . (2022, August 24). MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone. Retrieved September 28, 2022.","url":"https://www.microsoft.com/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-authenticate-as-anyone/","source":"MITRE","title":"MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone","authors":"Microsoft Threat Intelligence Center, Microsoft Detection and Response Team, Microsoft 365 Defender Research Team","date_accessed":"2022-09-28T00:00:00Z","date_published":"2022-08-24T00:00:00Z","owner_name":null,"tidal_id":"bb870376-f321-55dd-a061-f6c4580273ef","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429711Z"},{"id":"955b6449-4cd5-5512-a5f3-2bcb91def3ef","name":"MAGNET GOBLIN","description":"Check Point Research. (2024, March 8). MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIES. Retrieved March 27, 2024.","url":"https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/","source":"MITRE","title":"MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIES","authors":"Check Point Research","date_accessed":"2024-03-27T00:00:00Z","date_published":"2024-03-08T00:00:00Z","owner_name":null,"tidal_id":"4b8e2afe-7f5c-5796-896d-be725a9359e7","created":"2024-04-25T13:28:41.460002Z","modified":"2025-12-17T15:08:36.436474Z"},{"id":"df8886d1-fbd7-4c24-8ab1-6261923dee96","name":"FireEye FIN7 Oct 2019","description":"Carr, N, et all. (2019, October 10). Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques. Retrieved October 11, 2019.","url":"https://www.fireeye.com/blog/threat-research/2019/10/mahalo-fin7-responding-to-new-tools-and-techniques.html","source":"MITRE","title":"Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques","authors":"Carr, N, et all","date_accessed":"2019-10-11T00:00:00Z","date_published":"2019-10-10T00:00:00Z","owner_name":null,"tidal_id":"946d65a4-5e44-53ad-99d1-7c9cbc17867a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416685Z"},{"id":"421093d7-6ac8-5ebc-9a04-1c65bdce0980","name":"Microsoft Mail Flow Rules 2023","description":"Microsoft. (2023, February 22). Mail flow rules (transport rules) in Exchange Online. Retrieved March 13, 2023.","url":"https://learn.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules","source":"MITRE","title":"Mail flow rules (transport rules) in Exchange Online","authors":"Microsoft","date_accessed":"2023-03-13T00:00:00Z","date_published":"2023-02-22T00:00:00Z","owner_name":null,"tidal_id":"fade196a-d1cd-5b4c-a4e7-5ebfd296f1fd","created":"2023-05-26T01:21:01.039125Z","modified":"2025-12-17T15:08:36.424636Z"},{"id":"50595548-b0c6-49d1-adab-43c8969ae716","name":"GitHub MailSniper","description":"Bullock, B., . (2018, November 20). MailSniper. Retrieved October 4, 2019.","url":"https://github.com/dafthack/MailSniper","source":"MITRE","title":"MailSniper","authors":"Bullock, B.,","date_accessed":"2019-10-04T00:00:00Z","date_published":"2018-11-20T00:00:00Z","owner_name":null,"tidal_id":"fcebd809-c1db-5822-bf7c-c811e1c66e68","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423184Z"},{"id":"6813a1a2-fbe0-4809-aad7-734997e59bea","name":"mailx man page","description":"Michael Kerrisk. (2021, August 27). mailx(1p) — Linux manual page. Retrieved June 10, 2022.","url":"https://man7.org/linux/man-pages/man1/mailx.1p.html","source":"MITRE","title":"mailx(1p) — Linux manual page","authors":"Michael Kerrisk","date_accessed":"2022-06-10T00:00:00Z","date_published":"2021-08-27T00:00:00Z","owner_name":null,"tidal_id":"d4fefe32-eadf-5c67-b30d-7c274f3291eb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428574Z"},{"id":"b8339d48-699d-4043-8197-1f0435a8dca5","name":"enigma0x3 normal.dotm","description":"Nelson, M. (2014, January 23). Maintaining Access with normal.dotm. Retrieved July 3, 2017.","url":"https://enigma0x3.net/2014/01/23/maintaining-access-with-normal-dotm/comment-page-1/","source":"MITRE","title":"Maintaining Access with normal.dotm","authors":"Nelson, M","date_accessed":"2017-07-03T00:00:00Z","date_published":"2014-01-23T00:00:00Z","owner_name":null,"tidal_id":"238ec478-00ff-551e-b49d-f4b022eead49","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431449Z"},{"id":"afe89472-ac42-4a0d-b398-5ed6a5dee74f","name":"NetSPI Startup Stored Procedures","description":"Sutherland, S. (2016, March 7). Maintaining Persistence via SQL Server – Part 1: Startup Stored Procedures. Retrieved September 12, 2024.","url":"https://www.netspi.com/blog/technical-blog/network-penetration-testing/sql-server-persistence-part-1-startup-stored-procedures/","source":"MITRE","title":"Maintaining Persistence via SQL Server – Part 1: Startup Stored Procedures","authors":"Sutherland, S","date_accessed":"2024-09-12T00:00:00Z","date_published":"2016-03-07T00:00:00Z","owner_name":null,"tidal_id":"ccd67bbc-dea4-5203-bd83-5e725234aee8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436707Z"},{"id":"19d76d00-800e-540c-97a8-1ed20cec99af","name":"Push Security SaaS Persistence 2022","description":"Luke Jennings. (2022, November 29). Maintaining persistent access in a SaaS-first world. Retrieved March 20, 2025.","url":"https://pushsecurity.com/blog/maintaining-persistent-access-in-a-saas-first-world/","source":"MITRE","title":"Maintaining persistent access in a SaaS-first world","authors":"Luke Jennings","date_accessed":"2025-03-20T00:00:00Z","date_published":"2022-11-29T00:00:00Z","owner_name":null,"tidal_id":"b5570b3b-9493-55d5-a6b5-5006e9f3c574","created":"2025-04-22T20:47:18.897302Z","modified":"2025-12-17T15:08:36.434329Z"},{"id":"450da173-3573-5502-ab53-6d6b9955714d","name":"Cofense-redirect","description":"Raymond, Nathaniel. (2023, August 16). Major Energy Company Targeted in Large QR Code Phishing Campaign. Retrieved January 17, 2024.","url":"https://cofense.com/blog/major-energy-company-targeted-in-large-qr-code-campaign/","source":"MITRE","title":"Major Energy Company Targeted in Large QR Code Phishing Campaign","authors":"Raymond, Nathaniel","date_accessed":"2024-01-17T00:00:00Z","date_published":"2023-08-16T00:00:00Z","owner_name":null,"tidal_id":"2e592641-3c86-55be-8cfe-80170504078c","created":"2024-04-25T13:28:37.388583Z","modified":"2025-12-17T15:08:36.432127Z"},{"id":"eda8270f-c76f-5d01-b45f-74246945ec50","name":"QR-cofense","description":"Nathaniel Raymond. (2023, August 16). Major Energy Company Targeted in Large QR Code Phishing Campaign. Retrieved February 13, 2024.","url":"https://cofense.com/blog/major-energy-company-targeted-in-large-qr-code-campaign/","source":"MITRE","title":"Major Energy Company Targeted in Large QR Code Phishing Campaign","authors":"Nathaniel Raymond","date_accessed":"2024-02-13T00:00:00Z","date_published":"2023-08-16T00:00:00Z","owner_name":null,"tidal_id":"c5f87a45-d2e9-5a57-8e3e-beddc85a4316","created":"2024-04-25T13:28:41.107941Z","modified":"2025-12-17T15:08:36.436139Z"},{"id":"6473e36b-b5ad-4254-b46d-38c53ccbe446","name":"Makecab.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Makecab.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Makecab/","source":"Tidal Cyber","title":"Makecab.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1e3c5788-ea3e-5528-8f1b-4f74cbd30f09","created":"2024-01-12T14:46:48.142223Z","modified":"2024-01-12T14:46:48.339577Z"},{"id":"17ab0f84-a062-4c4f-acf9-e0b8f81c3cda","name":"Infoblox Lokibot January 2019","description":"Hoang, M. (2019, January 31). Malicious Activity Report: Elements of Lokibot Infostealer. Retrieved May 15, 2020.","url":"https://insights.infoblox.com/threat-intelligence-reports/threat-intelligence--22","source":"MITRE","title":"Malicious Activity Report: Elements of Lokibot Infostealer","authors":"Hoang, M","date_accessed":"2020-05-15T00:00:00Z","date_published":"2019-01-31T00:00:00Z","owner_name":null,"tidal_id":"930512a5-9e1a-5c2a-916c-481235b5c540","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421588Z"},{"id":"b5ef2b97-7cc7-470b-ae97-a45dc4af32a6","name":"U.S. CISA PaperCut May 2023","description":"Cybersecurity and Infrastructure Security Agency. (2023, May 11). Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG. Retrieved May 17, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131a","source":"Tidal Cyber","title":"Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-05-17T00:00:00Z","date_published":"2023-05-11T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f82e67e3-cf49-5e53-8e0f-e8c4d2d48ff3","created":"2023-07-14T12:56:29.985446Z","modified":"2023-07-14T12:56:30.482303Z"},{"id":"042589d3-8de8-55a1-adc4-1612d736b975","name":"Synes Cyber Corner Malicious Azure Application 2023","description":"syne0. (2023, July 10). Malicious Azure Application PERFECTDATA SOFTWARE and Microsoft 365 Business Email Compromise. Retrieved March 20, 2025.","url":"https://cybercorner.tech/malicious-azure-application-perfectdata-software-and-office365-business-email-compromise/","source":"MITRE","title":"Malicious Azure Application PERFECTDATA SOFTWARE and Microsoft 365 Business Email Compromise","authors":"syne0","date_accessed":"2025-03-20T00:00:00Z","date_published":"2023-07-10T00:00:00Z","owner_name":null,"tidal_id":"7e26cd30-cab0-5a59-8f39-5ef25b43e61f","created":"2025-04-22T20:47:18.935790Z","modified":"2025-12-17T15:08:36.434360Z"},{"id":"7d70675c-5520-4c81-8880-912ce918c4b5","name":"GoBotKR","description":"Zuzana Hromcová. (2019, July 8). Malicious campaign targets South Korean users with backdoor‑laced torrents. Retrieved March 31, 2022.","url":"https://www.welivesecurity.com/2019/07/08/south-korean-users-backdoor-torrents/","source":"MITRE","title":"Malicious campaign targets South Korean users with backdoor‑laced torrents","authors":"Zuzana Hromcová","date_accessed":"2022-03-31T00:00:00Z","date_published":"2019-07-08T00:00:00Z","owner_name":null,"tidal_id":"00f5880d-c00f-5714-8e41-1a11250c85f5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431233Z"},{"id":"459bfd4a-7a9b-4d65-b574-acb221428dad","name":"ICEBRG Chrome Extensions","description":"De Tore, M., Warner, J. (2018, January 15). MALICIOUS CHROME EXTENSIONS ENABLE CRIMINALS TO IMPACT OVER HALF A MILLION USERS AND GLOBAL BUSINESSES. Retrieved January 17, 2018.","url":"https://www.icebrg.io/blog/malicious-chrome-extensions-enable-criminals-to-impact-over-half-a-million-users-and-global-businesses","source":"MITRE","title":"MALICIOUS CHROME EXTENSIONS ENABLE CRIMINALS TO IMPACT OVER HALF A MILLION USERS AND GLOBAL BUSINESSES","authors":"De Tore, M., Warner, J","date_accessed":"2018-01-17T00:00:00Z","date_published":"2018-01-15T00:00:00Z","owner_name":null,"tidal_id":"beacf44f-eb3e-5416-9209-00a2324f14ed","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426473Z"},{"id":"2438ab5f-153e-5273-8783-1148c7f90f1f","name":"Maroochy - MITRE - 200808","description":"Marshall Abrams. (2008, July 23). Malicious Control System Cyber Security Attack Case Study– Maroochy Water Services, Australia. Retrieved March","url":"https://www.mitre.org/sites/default/files/pdf/08%201145.pdf","source":"ICS","title":"Malicious Control System Cyber Security Attack Case Study– Maroochy Water Services, Australia","authors":"Marshall Abrams","date_accessed":"1978-03-01T00:00:00Z","date_published":"2008-07-23T00:00:00Z","owner_name":null,"tidal_id":"0200a952-6735-5fce-bf9c-0d00ba80fbca","created":"2026-01-28T13:08:18.178228Z","modified":"2026-01-28T13:08:18.178231Z"},{"id":"70a544ff-5c33-4365-aead-607d4dc4e9c7","name":"CIS October 22 2025","description":"None Identified. (2025, October 22). Malicious Crystal PDF Converter Detected on SLTT Networks. Retrieved December 28, 2025.","url":"https://www.cisecurity.org/insights/blog/malicious-crystal-pdf-converter-detected-on-sltt-networks","source":"Tidal Cyber","title":"Malicious Crystal PDF Converter Detected on SLTT Networks","authors":"None Identified","date_accessed":"2025-12-28T12:00:00Z","date_published":"2025-10-22T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b1be40f4-5b8e-551e-9413-ab4953efc4fb","created":"2025-12-29T17:39:50.771236Z","modified":"2025-12-29T17:39:50.913417Z"},{"id":"e6b5c261-86c1-4b6b-8a5e-c6a454554588","name":"McAfee Malicious Doc Targets Pyeongchang Olympics","description":"Saavedra-Morales, J., Sherstobitoff, R. (2018, January 6). Malicious Document Targets Pyeongchang Olympics. Retrieved April 10, 2018.","url":"https://securingtomorrow.mcafee.com/mcafee-labs/malicious-document-targets-pyeongchang-olympics/","source":"MITRE","title":"Malicious Document Targets Pyeongchang Olympics","authors":"Saavedra-Morales, J., Sherstobitoff, R","date_accessed":"2018-04-10T00:00:00Z","date_published":"2018-01-06T00:00:00Z","owner_name":null,"tidal_id":"822f7abc-9049-58f4-bec2-30337b2d8e9c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434285Z"},{"id":"d06223d7-2d86-41c6-af23-50865a1810c0","name":"Fortinet Fareit","description":"Salvio, J., Joven, R. (2016, December 16). Malicious Macro Bypasses UAC to Elevate Privilege for Fareit Malware. Retrieved December 27, 2016.","url":"https://blog.fortinet.com/2016/12/16/malicious-macro-bypasses-uac-to-elevate-privilege-for-fareit-malware","source":"MITRE","title":"Malicious Macro Bypasses UAC to Elevate Privilege for Fareit Malware","authors":"Salvio, J., Joven, R","date_accessed":"2016-12-27T00:00:00Z","date_published":"2016-12-16T00:00:00Z","owner_name":null,"tidal_id":"11c5307e-f38e-56f5-9643-f0e3ca3239b8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425272Z"},{"id":"12d6e9d8-de01-58b2-9a34-967f986fef31","name":"MANDVI Malicious npm and PyPI Packages Disguised","description":"MANDVI. (2025, April 22). Malicious npm and PyPI Packages Disguised as Dev Tools to Steal Credentials. Retrieved September 24, 2025.","url":"https://cyberpress.org/malicious-npm-and-pypi-packages-disguised-as-dev-tools","source":"MITRE","title":"Malicious npm and PyPI Packages Disguised as Dev Tools to Steal Credentials","authors":"MANDVI","date_accessed":"2025-09-24T00:00:00Z","date_published":"2025-04-22T00:00:00Z","owner_name":null,"tidal_id":"a00b9b1e-2073-5578-a3ad-bd20e67885cf","created":"2025-10-29T21:08:48.165551Z","modified":"2025-12-17T15:08:36.425628Z"},{"id":"e376a782-9a39-47da-aa27-008a59bd1877","name":"Www.zscaler.com January 07 2026","description":"None Identified. (2026, January 7). Malicious NPM Packages Deliver NodeCordRAT | ThreatLabz. Retrieved January 12, 2026.","url":"https://www.zscaler.com/blogs/security-research/malicious-npm-packages-deliver-nodecordrat","source":"Tidal Cyber","title":"Malicious NPM Packages Deliver NodeCordRAT | ThreatLabz","authors":"None Identified","date_accessed":"2026-01-12T12:00:00Z","date_published":"2026-01-07T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9c625fff-e566-5051-9604-88b12ae92c54","created":"2026-01-14T13:29:45.508645Z","modified":"2026-01-14T13:29:45.661263Z"},{"id":"6ee70cc1-de89-4423-9d78-f054d2e9ad1f","name":"www.zscaler.com January 07 2026","description":"None Identified. (2026, January 7). Malicious NPM Packages Deliver NodeCordRAT | ThreatLabz. Retrieved January 12, 2026.","url":"https://www.zscaler.com/blogs/security-research/malicious-npm-packages-deliver-nodecordrat","source":"Tidal Cyber","title":"Malicious NPM Packages Deliver NodeCordRAT | ThreatLabz","authors":"None Identified","date_accessed":"2026-01-12T12:00:00Z","date_published":"2026-01-07T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"cff43319-59a0-561d-9967-6cd0be0477d5","created":"2026-01-23T20:29:35.180256Z","modified":"2026-01-23T20:29:35.306670Z"},{"id":"e58eb8c1-4723-57bf-8602-b64e0e1d1e76","name":"Microsoft Malicious OAuth Applications 2022","description":"Microsoft Threat Intelligence. (2022, September 22). Malicious OAuth applications abuse cloud email services to spread spam. Retrieved March 20, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2022/09/22/malicious-OAuth-applications-used-to-compromise-email-servers-and-spread-spam/","source":"MITRE","title":"Malicious OAuth applications abuse cloud email services to spread spam","authors":"Microsoft Threat Intelligence","date_accessed":"2025-03-20T00:00:00Z","date_published":"2022-09-22T00:00:00Z","owner_name":null,"tidal_id":"4453324c-79bb-5523-a346-69852c56e9f5","created":"2025-04-22T20:47:18.912762Z","modified":"2025-12-17T15:08:36.434342Z"},{"id":"086c06a0-3960-5fa8-b034-cef37a3aee90","name":"Microsoft OAuth Spam 2022","description":"Microsoft. (2023, September 22). Malicious OAuth applications abuse cloud email services to spread spam. Retrieved March 13, 2023.","url":"https://www.microsoft.com/en-us/security/blog/2022/09/22/malicious-oauth-applications-used-to-compromise-email-servers-and-spread-spam/","source":"MITRE","title":"Malicious OAuth applications abuse cloud email services to spread spam","authors":"Microsoft","date_accessed":"2023-03-13T00:00:00Z","date_published":"2023-09-22T00:00:00Z","owner_name":null,"tidal_id":"f00ff830-2952-547d-8c0a-7201d1e43667","created":"2023-05-26T01:21:05.050908Z","modified":"2025-12-17T15:08:36.428586Z"},{"id":"63077223-4711-4c1e-9fb2-3995c7e03cf2","name":"Zscaler Kasidet","description":"Yadav, A., et al. (2016, January 29). Malicious Office files dropping Kasidet and Dridex. Retrieved March 24, 2016.","url":"http://research.zscaler.com/2016/01/malicious-office-files-dropping-kasidet.html","source":"MITRE","title":"Malicious Office files dropping Kasidet and Dridex","authors":"Yadav, A., et al","date_accessed":"2016-03-24T00:00:00Z","date_published":"2016-01-29T00:00:00Z","owner_name":null,"tidal_id":"25abf692-e130-5767-964d-ea316133cadf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417403Z"},{"id":"a2ad0658-7c12-4f58-b7bf-6300eacb4a8f","name":"SilentBreak Outlook Rules","description":"Landers, N. (2015, December 4). Malicious Outlook Rules. Retrieved February 4, 2019.","url":"https://silentbreaksecurity.com/malicious-outlook-rules/","source":"MITRE","title":"Malicious Outlook Rules","authors":"Landers, N","date_accessed":"2019-02-04T00:00:00Z","date_published":"2015-12-04T00:00:00Z","owner_name":null,"tidal_id":"00625ee5-7a00-5ee9-842a-24c7a8a4168e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428176Z"},{"id":"1b14b96a-bbef-5066-bb83-4c3b49f7a0cf","name":"Fortinet Malicious NPM Packages 2023","description":"Jin Lee and Jenna Wang. (2023, October 2). Malicious Packages Hidden in NPM. Retrieved May 22, 2025.","url":"https://www.fortinet.com/blog/threat-research/malicious-packages-hiddin-in-npm","source":"MITRE","title":"Malicious Packages Hidden in NPM","authors":"Jin Lee and Jenna Wang","date_accessed":"2025-05-22T00:00:00Z","date_published":"2023-10-02T00:00:00Z","owner_name":null,"tidal_id":"acd38ea5-b63d-5830-8957-ae9f207c096f","created":"2025-10-29T21:08:48.165988Z","modified":"2025-12-17T15:08:36.431263Z"},{"id":"6d0da707-2328-4b43-a112-570c1fd5dec1","name":"Webroot PHP 2011","description":"Brandt, Andrew. (2011, February 22). Malicious PHP Scripts on the Rise. Retrieved October 3, 2018.","url":"https://www.webroot.com/blog/2011/02/22/malicious-php-scripts-on-the-rise/","source":"MITRE","title":"Malicious PHP Scripts on the Rise","authors":"Brandt, Andrew","date_accessed":"2018-10-03T00:00:00Z","date_published":"2011-02-22T00:00:00Z","owner_name":null,"tidal_id":"9edb1b32-4738-5b1d-9005-6c795a6e0fba","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431804Z"},{"id":"94742bf0-9dc2-5ccf-b558-84aae7c59266","name":"Skycure-Profiles","description":"Yair Amit. (2013, March 12). Malicious Profiles - The Sleeping Giant of iOS Security. Retrieved December","url":"https://www.skycure.com/blog/malicious-profiles-the-sleeping-giant-of-ios-security/","source":"Mobile","title":"Malicious Profiles - The Sleeping Giant of iOS Security","authors":"Yair Amit","date_accessed":"1978-12-01T00:00:00Z","date_published":"2013-03-12T00:00:00Z","owner_name":null,"tidal_id":"4c790c9c-1fee-5871-a923-c18dd72a35a5","created":"2026-01-28T13:08:10.043545Z","modified":"2026-01-28T13:08:10.043548Z"},{"id":"609193bd-28ec-5b3a-be79-22aab1f636f2","name":"Symantec-iOSProfile","description":"Yair Amit. (2013, March 12). Malicious Profiles – The Sleeping Giant of iOS Security. Retrieved September","url":"https://www.symantec.com/connect/blogs/malicious-profiles-sleeping-giant-ios-security","source":"Mobile","title":"Malicious Profiles – The Sleeping Giant of iOS Security","authors":"Yair Amit","date_accessed":"1978-09-01T00:00:00Z","date_published":"2013-03-12T00:00:00Z","owner_name":null,"tidal_id":"101840db-2440-5aee-aca9-e660e4215fb9","created":"2026-01-28T13:08:10.045796Z","modified":"2026-01-28T13:08:10.045799Z"},{"id":"5eb5c554-0c38-58d7-a852-b4bb593168be","name":"push notifications -infosecinstitute","description":"Dan Virgillito. (2022, January 27). Malicious push notifications: Is that a real or fake Windows Defender update?. Retrieved March 14, 2025.","url":"https://www.infosecinstitute.com/resources/security-awareness/malicious-push-notifications-is-that-a-real-or-fake-windows-defender-update/","source":"MITRE","title":"Malicious push notifications: Is that a real or fake Windows Defender update?","authors":"Dan Virgillito","date_accessed":"2025-03-14T00:00:00Z","date_published":"2022-01-27T00:00:00Z","owner_name":null,"tidal_id":"8134cf40-f36c-5ab2-9d25-6e2ccc3fd571","created":"2025-04-22T20:47:32.022551Z","modified":"2025-12-17T15:08:36.442173Z"},{"id":"a44a131a-4b78-5cbe-ba20-dc3e640aabd3","name":"Datadog Security Labs Malicious PyPi Packages 2024","description":"Sebastian Obregoso and Christophe Tafani-Dereeper. (2024, May 23). Malicious PyPI packages targeting highly specific MacOS machines. Retrieved May 22, 2025.","url":"https://securitylabs.datadoghq.com/articles/malicious-pypi-package-targeting-highly-specific-macos-machines/","source":"MITRE","title":"Malicious PyPI packages targeting highly specific MacOS machines","authors":"Sebastian Obregoso and Christophe Tafani-Dereeper","date_accessed":"2025-05-22T00:00:00Z","date_published":"2024-05-23T00:00:00Z","owner_name":null,"tidal_id":"d2251187-77ec-587d-996b-8f34a8304a52","created":"2025-10-29T21:08:48.165881Z","modified":"2025-12-17T15:08:36.428255Z"},{"id":"3bcad876-e3aa-482a-8ffe-aa453fb55ff6","name":"Trend Micro June 30 2023","description":"Lucas Silva; RonJay Caragay; Arianne Dela Cruz; Gabriel Cardoso Read time. (2023, June 30). Malvertising Used as Entry Vector for BlackCat Actors Also Leverage SpyBoy Terminator. Retrieved January 1, 2024.","url":"https://www.trendmicro.com/en_us/research/23/f/malvertising-used-as-entry-vector-for-blackcat-actors-also-lever.html","source":"Tidal Cyber","title":"Malvertising Used as Entry Vector for BlackCat Actors Also Leverage SpyBoy Terminator","authors":"Lucas Silva; RonJay Caragay; Arianne Dela Cruz; Gabriel Cardoso Read time","date_accessed":"2024-01-01T00:00:00Z","date_published":"2023-06-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"235bcbd6-6d2d-5b4a-969e-e3a9f1d0fc6d","created":"2025-04-11T15:06:14.967422Z","modified":"2025-04-11T15:06:15.186906Z"},{"id":"a1a4f554-8320-53ec-abe0-ae9675b2f1d4","name":"Malware Analysis Report 10135536-G","description":"US-CERT. (2018, February 6). Malware Analysis Report 10135536-G. Retrieved August 15, 2024.","url":"https://web.archive.org/web/20200324152106/https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-G.PDF","source":"MITRE","title":"Malware Analysis Report 10135536-G","authors":"US-CERT","date_accessed":"2024-08-15T00:00:00Z","date_published":"2018-02-06T00:00:00Z","owner_name":null,"tidal_id":"d8fd7613-f1d5-5206-a1e2-36b18e6f04cb","created":"2024-10-31T16:28:37.208157Z","modified":"2025-12-17T15:08:36.441711Z"},{"id":"6ba168aa-ca07-4856-911f-fa48da54e471","name":"CISA ComRAT Oct 2020","description":"CISA. (2020, October 29). Malware Analysis Report (AR20-303A). Retrieved December 9, 2020.","url":"https://us-cert.cisa.gov/ncas/analysis-reports/ar20-303a","source":"MITRE","title":"Malware Analysis Report (AR20-303A)","authors":"CISA","date_accessed":"2020-12-09T00:00:00Z","date_published":"2020-10-29T00:00:00Z","owner_name":null,"tidal_id":"43162178-79f7-54a2-8d09-b8e41f052909","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440697Z"},{"id":"9d81e2c8-09d5-4542-9c60-13a22a5a0073","name":"Malware Analysis Report ComRAT","description":"CISA. (2020, October 29). Malware Analysis Report (AR20-303A) MAR-10310246-2.v1 – PowerShell Script: ComRAT. Retrieved September 30, 2022.","url":"https://www.cisa.gov/uscert/ncas/analysis-reports/ar20-303a","source":"MITRE","title":"Malware Analysis Report (AR20-303A) MAR-10310246-2.v1 – PowerShell Script: ComRAT","authors":"CISA","date_accessed":"2022-09-30T00:00:00Z","date_published":"2020-10-29T00:00:00Z","owner_name":null,"tidal_id":"847b032f-3f6c-5a88-8db1-bfb1b23e17eb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424173Z"},{"id":"b7518c4d-6c10-43d2-8e57-d354fb8d4a99","name":"CISA Zebrocy Oct 2020","description":"CISA. (2020, October 29). Malware Analysis Report (AR20-303B). Retrieved December 9, 2020.","url":"https://us-cert.cisa.gov/ncas/analysis-reports/ar20-303b","source":"MITRE","title":"Malware Analysis Report (AR20-303B)","authors":"CISA","date_accessed":"2020-12-09T00:00:00Z","date_published":"2020-10-29T00:00:00Z","owner_name":null,"tidal_id":"d623348c-91a9-5927-8464-0b26ab5f780e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420893Z"},{"id":"ce300d75-8351-4d7c-b280-7d5fbe17f9bb","name":"CISA Supernova Jan 2021","description":"CISA. (2021, January 27). Malware Analysis Report (AR21-027A). Retrieved February 22, 2021.","url":"https://us-cert.cisa.gov/ncas/analysis-reports/ar21-027a","source":"MITRE","title":"Malware Analysis Report (AR21-027A)","authors":"CISA","date_accessed":"2021-02-22T00:00:00Z","date_published":"2021-01-27T00:00:00Z","owner_name":null,"tidal_id":"a83a9c49-5af2-5a82-8cc6-78165677ec7c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421171Z"},{"id":"92351a33-f2bc-4c49-9ba7-dc9468795168","name":"UK MOD DAMASCENED PEACOCK April 11 2025","description":"UK Ministry of Defence. (2025, April 11). Malware Analysis Report: DAMASCENED PEACOCK. Retrieved April 18, 2025.","url":"https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/damascened-peacock/ncsc-mar-damascened-peacock.pdf","source":"Tidal Cyber","title":"Malware Analysis Report: DAMASCENED PEACOCK","authors":"UK Ministry of Defence","date_accessed":"2025-04-18T00:00:00Z","date_published":"2025-04-11T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d1fe2134-0316-501f-9c12-c470631eadbb","created":"2025-04-23T15:51:10.335723Z","modified":"2025-04-23T15:51:10.559995Z"},{"id":"954e0cb9-9a93-4cac-af84-c6989b973fac","name":"UK NCSC Jaguar Tooth April 18 2023","description":"National Cyber Security Centre. (2023, April 18). Malware Analysis Report: Jaguar Tooth. Retrieved August 23, 2023.","url":"https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/jaguar-tooth/NCSC-MAR-Jaguar-Tooth.pdf","source":"Tidal Cyber","title":"Malware Analysis Report: Jaguar Tooth","authors":"National Cyber Security Centre","date_accessed":"2023-08-23T00:00:00Z","date_published":"2023-04-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"87f4856f-3914-57f1-9d6b-69f1f5de0d2b","created":"2023-09-08T15:49:53.776141Z","modified":"2023-09-08T15:49:53.905294Z"},{"id":"b6bb568f-de15-4ace-8075-c08e7835fea2","name":"US-CERT SHARPKNOT June 2018","description":"US-CERT. (2018, March 09). Malware Analysis Report (MAR) - 10135536.11.WHITE. Retrieved June 13, 2018.","url":"https://www.us-cert.gov/sites/default/files/publications/MAR-10135536.11.WHITE.pdf","source":"MITRE","title":"Malware Analysis Report (MAR) - 10135536.11.WHITE","authors":"US-CERT","date_accessed":"2018-06-13T00:00:00Z","date_published":"2018-03-09T00:00:00Z","owner_name":null,"tidal_id":"3ded2337-14f2-5c10-9bb1-d4b550ff5f79","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439829Z"},{"id":"af2a708d-f96f-49e7-9351-1ea703e614a0","name":"US-CERT Bankshot Dec 2017","description":"US-CERT. (2017, December 13). Malware Analysis Report (MAR) - 10135536-B. Retrieved July 17, 2018.","url":"https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-B_WHITE.PDF","source":"MITRE","title":"Malware Analysis Report (MAR) - 10135536-B","authors":"US-CERT","date_accessed":"2018-07-17T00:00:00Z","date_published":"2017-12-13T00:00:00Z","owner_name":null,"tidal_id":"6c5d46d7-378c-54da-961b-99157d11fb48","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441068Z"},{"id":"869fbc47-55f8-5bab-bc62-e507b6be5a16","name":"MAR10135536-B","description":"US-CERT. (2017, December 13). Malware Analysis Report (MAR) - 10135536-B. Retrieved August 15, 2024.","url":"https://web.archive.org/web/20220529212912/https://www.cisa.gov/uscert/sites/default/files/publications/MAR-10135536-B_WHITE.PDF","source":"MITRE","title":"Malware Analysis Report (MAR) - 10135536-B","authors":"US-CERT","date_accessed":"2024-08-15T00:00:00Z","date_published":"2017-12-13T00:00:00Z","owner_name":null,"tidal_id":"60cd9be8-3eda-5dcb-9933-3a17f1677ce1","created":"2024-10-31T16:28:37.880610Z","modified":"2025-12-17T15:08:36.442364Z"},{"id":"a3a5c26c-0d57-4ffc-ae28-3fe828e08fcb","name":"US-CERT Volgmer 2 Nov 2017","description":"US-CERT. (2017, November 01). Malware Analysis Report (MAR) - 10135536-D. Retrieved July 16, 2018.","url":"https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-D_WHITE_S508C.PDF","source":"MITRE","title":"Malware Analysis Report (MAR) - 10135536-D","authors":"US-CERT","date_accessed":"2018-07-16T00:00:00Z","date_published":"2017-11-01T00:00:00Z","owner_name":null,"tidal_id":"04c74895-ab4a-5ac6-a6d7-4590b127825a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418211Z"},{"id":"ffc17fa5-e7d3-4592-b47b-e12ced0e62a4","name":"US-CERT HARDRAIN March 2018","description":"US-CERT. (2018, February 05). Malware Analysis Report (MAR) - 10135536-F. Retrieved June 11, 2018.","url":"https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-F.pdf","source":"MITRE","title":"Malware Analysis Report (MAR) - 10135536-F","authors":"US-CERT","date_accessed":"2018-06-11T00:00:00Z","date_published":"2018-02-05T00:00:00Z","owner_name":null,"tidal_id":"f3432e02-747f-5ce7-9556-bf8958419adb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421423Z"},{"id":"f8089086-bbd5-5b39-95f7-6f09bc30eabf","name":"MAR10135536-F","description":"US-CERT. (2018, February 5). Malware Analysis Report (MAR) - 10135536-F. Retrieved August 15, 2024.","url":"https://web.archive.org/web/20210709132313/https://us-cert.cisa.gov/sites/default/files/publications/MAR-10135536-F.pdf","source":"MITRE","title":"Malware Analysis Report (MAR) - 10135536-F","authors":"US-CERT","date_accessed":"2024-08-15T00:00:00Z","date_published":"2018-02-05T00:00:00Z","owner_name":null,"tidal_id":"937920ba-4ef0-5aec-9c7e-d112b4dfd25d","created":"2024-10-31T16:28:37.974292Z","modified":"2025-12-17T15:08:36.442464Z"},{"id":"aeb4ff70-fa98-474c-8337-9e50d07ee378","name":"US-CERT BADCALL","description":"US-CERT. (2018, February 06). Malware Analysis Report (MAR) - 10135536-G. Retrieved June 7, 2018.","url":"https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-G.PDF","source":"MITRE","title":"Malware Analysis Report (MAR) - 10135536-G","authors":"US-CERT","date_accessed":"2018-06-07T00:00:00Z","date_published":"2018-02-06T00:00:00Z","owner_name":null,"tidal_id":"b88833b5-d931-5f56-86fd-971198b39027","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420734Z"},{"id":"57c3256c-0d24-4647-9037-fefe1c88ad61","name":"CISA MAR SLOTHFULMEDIA October 2020","description":"DHS/CISA, Cyber National Mission Force. (2020, October 1). Malware Analysis Report (MAR) MAR-10303705-1.v1 – Remote Access Trojan: SLOTHFULMEDIA. Retrieved October 2, 2020.","url":"https://us-cert.cisa.gov/ncas/analysis-reports/ar20-275a","source":"MITRE","title":"Malware Analysis Report (MAR) MAR-10303705-1.v1 – Remote Access Trojan: SLOTHFULMEDIA","authors":"DHS/CISA, Cyber National Mission Force","date_accessed":"2020-10-02T00:00:00Z","date_published":"2020-10-01T00:00:00Z","owner_name":null,"tidal_id":"a5ce5f55-445f-5b43-ab0f-f7fd7f2bd1f4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422576Z"},{"id":"cbbfffb9-c378-4e57-a2af-e76e6014ed57","name":"Kroll RawPOS Jan 2017","description":"Nesbit, B. and Ackerman, D. (2017, January). Malware Analysis Report - RawPOS Malware: Deconstructing an Intruder’s Toolkit. Retrieved October 4, 2017.","url":"https://www.kroll.com/en/insights/publications/malware-analysis-report-rawpos-malware","source":"MITRE","title":"Malware Analysis Report - RawPOS Malware: Deconstructing an Intruder’s Toolkit","authors":"Nesbit, B. and Ackerman, D","date_accessed":"2017-10-04T00:00:00Z","date_published":"2017-01-01T00:00:00Z","owner_name":null,"tidal_id":"f51e4180-843d-560c-9e96-ce77b9bbdddc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420559Z"},{"id":"47a5d32d-e6a5-46c2-898a-e45dc42371be","name":"VMRay OSAMiner dynamic analysis 2021","description":"VMRAY. (2021, January 14). Malware Analysis Spotlight: OSAMiner Uses Run-Only AppleScripts to Evade Detection. Retrieved October 4, 2022.","url":"https://www.vmray.com/cyber-security-blog/osaminer-uses-applescripts-evade-detection-malware-analysis-spotlight/","source":"MITRE","title":"Malware Analysis Spotlight: OSAMiner Uses Run-Only AppleScripts to Evade Detection","authors":"VMRAY","date_accessed":"2022-10-04T00:00:00Z","date_published":"2021-01-14T00:00:00Z","owner_name":null,"tidal_id":"5616645d-7607-56e6-94ea-8f7bf6f93504","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417508Z"},{"id":"10b5e150-26fa-5024-bd89-87f432b8d5f0","name":"Rapid7 Fake W2 July 2024","description":"Elkins, T. (2024, July 24). Malware Campaign Lures Users With Fake W2 Form. Retrieved September 13, 2024.","url":"https://www.rapid7.com/blog/post/2024/07/24/malware-campaign-lures-users-with-fake-w2-form/","source":"MITRE","title":"Malware Campaign Lures Users With Fake W2 Form","authors":"Elkins, T","date_accessed":"2024-09-13T00:00:00Z","date_published":"2024-07-24T00:00:00Z","owner_name":null,"tidal_id":"d16f6a84-ce6e-5cd9-a12f-3285fb092939","created":"2024-10-31T16:28:35.475062Z","modified":"2025-12-17T15:08:36.439994Z"},{"id":"90c4e23a-e6e7-511d-911c-1f8b64253aff","name":"Kandji Cuckoo April 2024","description":"Kohler, A. and Lopez, C. (2024, April 30). Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware. Retrieved August 20, 2024.","url":"https://www.kandji.io/blog/malware-cuckoo-infostealer-spyware","source":"MITRE","title":"Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware","authors":"Kohler, A. and Lopez, C","date_accessed":"2024-08-20T00:00:00Z","date_published":"2024-04-30T00:00:00Z","owner_name":null,"tidal_id":"d58d6364-1eab-5a7e-bc4a-f6d083358076","created":"2024-10-31T16:28:32.690382Z","modified":"2025-12-17T15:08:36.418093Z"},{"id":"0654dabf-e885-45bf-8a8e-2b512ff4bf46","name":"Arch Linux Package Systemd Compromise BleepingComputer 10JUL2018","description":"Catalin Cimpanu. (2018, July 10). Malware Found in Arch Linux AUR Package Repository. Retrieved April 23, 2019.","url":"https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/","source":"MITRE","title":"Malware Found in Arch Linux AUR Package Repository","authors":"Catalin Cimpanu","date_accessed":"2019-04-23T00:00:00Z","date_published":"2018-07-10T00:00:00Z","owner_name":null,"tidal_id":"1edd8315-d189-506d-90b5-663c6caa25e7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424952Z"},{"id":"b6635fd7-40ec-4481-bb0a-c1d3391854a7","name":"Alperovitch Malware","description":"Alperovitch, D. (2014, October 31). Malware-Free Intrusions. Retrieved November 4, 2014.","url":"http://blog.crowdstrike.com/adversary-tricks-crowdstrike-treats/","source":"MITRE","title":"Malware-Free Intrusions","authors":"Alperovitch, D","date_accessed":"2014-11-04T00:00:00Z","date_published":"2014-10-31T00:00:00Z","owner_name":null,"tidal_id":"1e3b07cc-572c-5f13-9051-2c4ba8343eb2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429475Z"},{"id":"b0fdf9c7-614b-4269-ba3e-7d8b02aa8502","name":"Chrome Extension C2 Malware","description":"Kjaer, M. (2016, July 18). Malware in the browser: how you might get hacked by a Chrome extension. Retrieved September 12, 2024.","url":"https://web.archive.org/web/20240608001937/https://kjaer.io/extension-malware/","source":"MITRE","title":"Malware in the browser: how you might get hacked by a Chrome extension","authors":"Kjaer, M","date_accessed":"2024-09-12T00:00:00Z","date_published":"2016-07-18T00:00:00Z","owner_name":null,"tidal_id":"27551dd8-2444-5d07-b845-57dafd4907ff","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426487Z"},{"id":"0c518eec-a94e-42a7-8eb7-527ae3e279b6","name":"FireEye Kevin Mandia Guardrails","description":"Shoorbajee, Z. (2018, June 1). Playing nice? FireEye CEO says U.S. malware is more restrained than adversaries'. Retrieved January 17, 2019.","url":"https://www.cyberscoop.com/kevin-mandia-fireeye-u-s-malware-nice/","source":"MITRE","title":"malware is more restrained than adversaries'","authors":"Shoorbajee, Z. (2018, June 1)","date_accessed":"2019-01-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c96a7bb2-9d44-5198-910d-f6b199e520aa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432224Z"},{"id":"1347e21e-e77d-464d-bbbe-dc4d3f2b07a1","name":"TechRepublic M-Trends 2023","description":"Karl Greenberg. (2023, April 20). Malware is proliferating, but detection measures bear fruit: Mandiant. Retrieved September 21, 2023.","url":"https://www.techrepublic.com/article/mandiant-malware-proliferating/","source":"Tidal Cyber","title":"Malware is proliferating, but detection measures bear fruit: Mandiant","authors":"Karl Greenberg","date_accessed":"2023-09-21T00:00:00Z","date_published":"2023-04-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"22dcab05-3432-539e-83cc-689118510bc2","created":"2023-09-22T15:01:25.940798Z","modified":"2023-09-22T15:01:26.064917Z"},{"id":"db98b15c-399d-4a4c-8fa6-5a4ff38c3853","name":"CTU BITS Malware June 2016","description":"Counter Threat Unit Research Team. (2016, June 6). Malware Lingers with BITS. Retrieved January 12, 2018.","url":"https://www.secureworks.com/blog/malware-lingers-with-bits","source":"MITRE","title":"Malware Lingers with BITS","authors":"Counter Threat Unit Research Team","date_accessed":"2018-01-12T00:00:00Z","date_published":"2016-06-06T00:00:00Z","owner_name":null,"tidal_id":"65e044f4-5414-50f2-84ef-2bdfbe82cdc8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434614Z"},{"id":"c13cf528-2a7d-4a32-aee2-db5db2f30298","name":"CyberBit System Calls","description":"Gavriel, H. (2018, November 27). Malware Mitigation when Direct System Calls are Used. Retrieved September 29, 2021.","url":"https://www.cyberbit.com/blog/endpoint-security/malware-mitigation-when-direct-system-calls-are-used/","source":"MITRE","title":"Malware Mitigation when Direct System Calls are Used","authors":"Gavriel, H","date_accessed":"2021-09-29T00:00:00Z","date_published":"2018-11-27T00:00:00Z","owner_name":null,"tidal_id":"634353a0-5a7b-5979-8db6-0ec5e4fcb022","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427828Z"},{"id":"9b52a72b-938a-5eb6-a3b7-5a925657f0a3","name":"Malware Monday VBE","description":"Bromiley, M. (2016, December 27). Malware Monday: VBScript and VBE Files. Retrieved March 17, 2023.","url":"https://bromiley.medium.com/malware-monday-vbscript-and-vbe-files-292252c1a16","source":"MITRE","title":"Malware Monday: VBScript and VBE Files","authors":"Bromiley, M","date_accessed":"2023-03-17T00:00:00Z","date_published":"2016-12-27T00:00:00Z","owner_name":null,"tidal_id":"b0b78274-6b68-51b3-bb4c-d66affb0beea","created":"2023-05-26T01:21:10.178673Z","modified":"2025-12-17T15:08:36.435245Z"},{"id":"d4e3b066-c439-4284-ba28-3b8bd8ec270e","name":"Malware Persistence on OS X","description":"Patrick Wardle. (2015). Malware Persistence on OS X Yosemite. Retrieved July 10, 2017.","url":"https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf","source":"MITRE","title":"Malware Persistence on OS X Yosemite","authors":"Patrick Wardle","date_accessed":"2017-07-10T00:00:00Z","date_published":"2015-01-01T00:00:00Z","owner_name":null,"tidal_id":"6edca8b3-adce-5a38-976a-1dec39938315","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424146Z"},{"id":"7e3f3dda-c407-4b06-a6b0-8b72c4dad6e6","name":"RSAC 2015 San Francisco Patrick Wardle","description":"Wardle, P. (2015, April). Malware Persistence on OS X Yosemite. Retrieved April 6, 2018.","url":"https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf","source":"MITRE","title":"Malware Persistence on OS X Yosemite","authors":"Wardle, P","date_accessed":"2018-04-06T00:00:00Z","date_published":"2015-04-01T00:00:00Z","owner_name":null,"tidal_id":"91f2ad74-1f52-5354-a746-9d6adc6759ae","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430949Z"},{"id":"e7668f6d-e93c-4e86-9dee-00f12c15dae4","name":"Google Cloud September 29 2022","description":"Mandiant. (2022, September 29). Malware Persistence Within ESXi Hypervisors . Retrieved December 12, 2024.","url":"https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence","source":"Tidal Cyber","title":"Malware Persistence Within ESXi Hypervisors","authors":"Mandiant","date_accessed":"2024-12-12T00:00:00Z","date_published":"2022-09-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"733bbd5c-9f07-594c-b5ab-7dac7fdc0018","created":"2025-04-11T15:06:02.078236Z","modified":"2025-04-11T15:06:02.275039Z"},{"id":"536f9987-f3b6-4d5f-8a6b-32a0c651500d","name":"FireEye Hijacking July 2010","description":"Harbour, N. (2010, July 15). Malware Persistence without the Windows Registry. Retrieved November 17, 2020.","url":"https://www.fireeye.com/blog/threat-research/2010/07/malware-persistence-windows-registry.html","source":"MITRE","title":"Malware Persistence without the Windows Registry","authors":"Harbour, N","date_accessed":"2020-11-17T00:00:00Z","date_published":"2010-07-15T00:00:00Z","owner_name":null,"tidal_id":"1cf2882a-4b50-5494-adf6-d7a3d271b900","created":"2022-12-14T20:06:32.013016Z","modified":"2024-10-31T16:28:18.548408Z"},{"id":"7dd03a92-11b8-4b8a-9d34-082ecf09a6e4","name":"Mondok Windows PiggyBack BITS May 2007","description":"Mondok, M. (2007, May 11). Malware piggybacks on Windows’ Background Intelligent Transfer Service. Retrieved January 12, 2018.","url":"https://arstechnica.com/information-technology/2007/05/malware-piggybacks-on-windows-background-intelligent-transfer-service/","source":"MITRE","title":"Malware piggybacks on Windows’ Background Intelligent Transfer Service","authors":"Mondok, M","date_accessed":"2018-01-12T00:00:00Z","date_published":"2007-05-11T00:00:00Z","owner_name":null,"tidal_id":"cdfc2775-9260-597d-aa45-1ef630ea0965","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416290Z"},{"id":"65141d58-25a0-5fd6-a702-02fdb62ceef8","name":"Malware Shuts Down German Nuclear Power Plant on Chernobyl's 30th Anniversary","description":"Catalin Cimpanu. (2016, April 26). Malware Shuts Down German Nuclear Power Plant on Chernobyl's 30th Anniversary. Retrieved October","url":"https://news.softpedia.com/news/on-chernobyl-s-30th-anniversary-malware-shuts-down-german-nuclear-power-plant-503429.shtml","source":"ICS","title":"Malware Shuts Down German Nuclear Power Plant on Chernobyl's 30th Anniversary","authors":"Catalin Cimpanu","date_accessed":"1978-10-01T00:00:00Z","date_published":"2016-04-26T00:00:00Z","owner_name":null,"tidal_id":"6afa9369-537d-5ca5-9ef6-72bdde102db7","created":"2026-01-28T13:08:18.175619Z","modified":"2026-01-28T13:08:18.175622Z"},{"id":"83b8c3c4-d67a-48bd-8614-1c703a8d969b","name":"Conficker Nuclear Power Plant","description":"Cimpanu, C. (2016, April 26). Malware Shuts Down German Nuclear Power Plant on Chernobyl's 30th Anniversary. Retrieved February 18, 2021.","url":"https://news.softpedia.com/news/on-chernobyl-s-30th-anniversary-malware-shuts-down-german-nuclear-power-plant-503429.shtml","source":"MITRE","title":"Malware Shuts Down German Nuclear Power Plant on Chernobyl's 30th Anniversary","authors":"Cimpanu, C","date_accessed":"2021-02-18T00:00:00Z","date_published":"2016-04-26T00:00:00Z","owner_name":null,"tidal_id":"7ad7516f-3cf8-5226-9284-0adf72b69e66","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418792Z"},{"id":"416408e4-6144-5d5a-9aec-5874668f7df0","name":"ESET 2FA Bypass","description":"Lukáš Štefanko. (2019, June 17). Malware sidesteps Google permissions policy with new 2FA bypass technique. Retrieved September","url":"https://www.welivesecurity.com/2019/06/17/malware-google-permissions-2fa-bypass/","source":"Mobile","title":"Malware sidesteps Google permissions policy with new 2FA bypass technique","authors":"Lukáš Štefanko","date_accessed":"1978-09-01T00:00:00Z","date_published":"2019-06-17T00:00:00Z","owner_name":null,"tidal_id":"ce09d2ba-0cd2-5fa8-983b-18fd78640b45","created":"2026-01-28T13:08:10.043520Z","modified":"2026-01-28T13:08:10.043523Z"},{"id":"ef412bcd-54be-4972-888c-f5a2cdfb8d02","name":"MMPC ISAPI Filter 2012","description":"MMPC. (2012, October 3). Malware signed with the Adobe code signing certificate. Retrieved June 3, 2021.","url":"https://web.archive.org/web/20140804175025/http:/blogs.technet.com/b/mmpc/archive/2012/10/03/malware-signed-with-the-adobe-code-signing-certificate.aspx","source":"MITRE","title":"Malware signed with the Adobe code signing certificate","authors":"MMPC","date_accessed":"2021-06-03T00:00:00Z","date_published":"2012-10-03T00:00:00Z","owner_name":null,"tidal_id":"70eafe05-0d50-5c51-9715-a7b2f278e98e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433753Z"},{"id":"09d8bb54-6fa5-4842-98aa-6e9656a19092","name":"Leonardo Turla Penquin May 2020","description":"Leonardo. (2020, May 29). MALWARE TECHNICAL INSIGHT TURLA “Penquin_x64”. Retrieved March 11, 2021.","url":"https://www.leonardo.com/documents/20142/10868623/Malware+Technical+Insight+_Turla+%E2%80%9CPenquin_x64%E2%80%9D.pdf","source":"MITRE","title":"MALWARE TECHNICAL INSIGHT TURLA “Penquin_x64”","authors":"Leonardo","date_accessed":"2021-03-11T00:00:00Z","date_published":"2020-05-29T00:00:00Z","owner_name":null,"tidal_id":"f28cc9ab-4abf-51f0-bca3-d901b6d0de32","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421713Z"},{"id":"3d4c5366-038a-453e-b803-a172b95da5f7","name":"Malware System Language Check","description":"Pierre-Marc Bureau. (2009, January 15). Malware Trying to Avoid Some Countries. Retrieved August 18, 2021.","url":"https://www.welivesecurity.com/2009/01/15/malware-trying-to-avoid-some-countries/","source":"MITRE","title":"Malware Trying to Avoid Some Countries","authors":"Pierre-Marc Bureau","date_accessed":"2021-08-18T00:00:00Z","date_published":"2009-01-15T00:00:00Z","owner_name":null,"tidal_id":"48af7e51-2fbf-5acd-b990-ef892316cf6e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434243Z"},{"id":"ff1717f7-0d2e-4947-87d7-44576affe9f8","name":"JPCert TSCookie March 2018","description":"Tomonaga, S. (2018, March 6). Malware “TSCookie”. Retrieved May 6, 2020.","url":"https://blogs.jpcert.or.jp/en/2018/03/malware-tscooki-7aa0.html","source":"MITRE","title":"Malware “TSCookie”","authors":"Tomonaga, S","date_accessed":"2020-05-06T00:00:00Z","date_published":"2018-03-06T00:00:00Z","owner_name":null,"tidal_id":"e5f2d128-2d04-5cc8-b731-20470307acc0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419704Z"},{"id":"e5962c87-0d42-46c2-8757-91f264fc570f","name":"Symantec BITS May 2007","description":"Florio, E. (2007, May 9). Malware Update with Windows Update. Retrieved January 12, 2018.","url":"https://www.symantec.com/connect/blogs/malware-update-windows-update","source":"MITRE","title":"Malware Update with Windows Update","authors":"Florio, E","date_accessed":"2018-01-12T00:00:00Z","date_published":"2007-05-09T00:00:00Z","owner_name":null,"tidal_id":"24ab4ee5-5ae5-5c98-bbbf-0bd6d2305e73","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416297Z"},{"id":"26f44bde-f723-4854-8acc-3d95e5fa764a","name":"JPCert BlackTech Malware September 2019","description":"Tomonaga, S.. (2019, September 18). Malware Used by BlackTech after Network Intrusion. Retrieved May 6, 2020.","url":"https://blogs.jpcert.or.jp/en/2019/09/tscookie-loader.html","source":"MITRE","title":"Malware Used by BlackTech after Network Intrusion","authors":"Tomonaga, S.","date_accessed":"2020-05-06T00:00:00Z","date_published":"2019-09-18T00:00:00Z","owner_name":null,"tidal_id":"6a4002f9-18ea-562f-a417-74ec0b0bae3d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419710Z"},{"id":"facf686b-a5a9-4c85-bb46-f56a434d3d78","name":"Unit 42 Rocke January 2019","description":"Xingyu, J.. (2019, January 17). Malware Used by Rocke Group Evolves to Evade Detection by Cloud Security Products. Retrieved May 26, 2020.","url":"https://unit42.paloaltonetworks.com/malware-used-by-rocke-group-evolves-to-evade-detection-by-cloud-security-products/","source":"MITRE","title":"Malware Used by Rocke Group Evolves to Evade Detection by Cloud Security Products","authors":"Xingyu, J.","date_accessed":"2020-05-26T00:00:00Z","date_published":"2019-01-17T00:00:00Z","owner_name":null,"tidal_id":"46f7a496-8b91-5e2e-944c-baf201dfd1ff","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439982Z"},{"id":"32cacb55-d001-538f-b6ba-a3b445b68fcf","name":"Arstechnica-Celljam","description":"David Kravets. (2016, March 10). Man accused of jamming passengers’ cell phones on Chicago subway. Retrieved November","url":"https://arstechnica.com/tech-policy/2016/03/man-accused-of-jamming-passengers-cell-phones-on-chicago-subway/","source":"Mobile","title":"Man accused of jamming passengers’ cell phones on Chicago subway","authors":"David Kravets","date_accessed":"1978-11-01T00:00:00Z","date_published":"2016-03-10T00:00:00Z","owner_name":null,"tidal_id":"24365036-56a5-5e56-b010-74579dfd7b76","created":"2026-01-28T13:08:10.045870Z","modified":"2026-01-28T13:08:10.045873Z"},{"id":"e20ff2ea-df45-545a-bc99-32e35027472e","name":"Azure Subscription Policies","description":"Microsoft Azure. (2024, March 21). Manage Azure subscription policies. Retrieved September 25, 2024.","url":"https://learn.microsoft.com/en-us/azure/cost-management-billing/manage/manage-azure-subscription-policy","source":"MITRE","title":"Manage Azure subscription policies","authors":"Microsoft Azure","date_accessed":"2024-09-25T00:00:00Z","date_published":"2024-03-21T00:00:00Z","owner_name":null,"tidal_id":"af76a3ab-b814-53b2-af6a-0c5587678481","created":"2024-10-31T16:28:36.898229Z","modified":"2025-12-17T15:08:36.441412Z"},{"id":"74d5483e-2268-464c-a048-bb1f25bbfc4f","name":"Manage-bde.wsf - LOLBAS Project","description":"LOLBAS. (2018, May 25). Manage-bde.wsf. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Scripts/Manage-bde/","source":"Tidal Cyber","title":"Manage-bde.wsf","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e9ffac07-014a-5639-8dd4-d6cc618fcea6","created":"2024-01-12T14:47:37.896723Z","modified":"2024-01-12T14:47:38.071727Z"},{"id":"91aa3a4a-a852-40db-b6ec-68504670cfa6","name":"Microsoft Manage Device Identities","description":"Microsoft. (2022, February 18). Manage device identities by using the Azure portal. Retrieved April 13, 2022.","url":"https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal","source":"MITRE","title":"Manage device identities by using the Azure portal","authors":"Microsoft","date_accessed":"2022-04-13T00:00:00Z","date_published":"2022-02-18T00:00:00Z","owner_name":null,"tidal_id":"3dad90a5-bfbd-55ef-ad2f-d005b538a860","created":"2022-12-14T20:06:32.013016Z","modified":"2025-04-22T20:47:32.358720Z"},{"id":"2548d7b4-17cb-5e36-b172-a470dac8c869","name":"Microsoft Dev Tunnels Group Policies","description":"Carolina Uribe. (2024, May 28). Manage Dev Tunnels with Group Policies. Retrieved April 8, 2025.","url":"https://techcommunity.microsoft.com/blog/azuredevcommunityblog/manage-dev-tunnels-with-group-policies/4149472","source":"MITRE","title":"Manage Dev Tunnels with Group Policies","authors":"Carolina Uribe","date_accessed":"2025-04-08T00:00:00Z","date_published":"2024-05-28T00:00:00Z","owner_name":null,"tidal_id":"809a2bc0-f7ff-5947-9288-7eb0b4ef184e","created":"2025-04-22T20:47:29.433543Z","modified":"2025-12-17T15:08:36.439803Z"},{"id":"b1dfe16a-c216-5fc7-ba76-b0c71bfebd29","name":"SpecterOps Managed Identity 2022","description":"Andy Robbins. (2022, June 6). Managed Identity Attack Paths, Part 1: Automation Accounts. Retrieved March 18, 2025.","url":"https://posts.specterops.io/managed-identity-attack-paths-part-1-automation-accounts-82667d17187a?gi=6a9daedade1c","source":"MITRE","title":"Managed Identity Attack Paths, Part 1: Automation Accounts","authors":"Andy Robbins","date_accessed":"2025-03-18T00:00:00Z","date_published":"2022-06-06T00:00:00Z","owner_name":null,"tidal_id":"cd252d95-6470-5ea9-87eb-6d5b24d077c4","created":"2025-04-22T20:47:16.917855Z","modified":"2025-12-17T15:08:36.432296Z"},{"id":"1d1da9ad-c995-4040-8103-b51af9d8bac3","name":"Microsoft MOF May 2018","description":"Satran, M. (2018, May 30). Managed Object Format (MOF). Retrieved January 24, 2020.","url":"https://docs.microsoft.com/en-us/windows/win32/wmisdk/managed-object-format--mof-","source":"MITRE","title":"Managed Object Format (MOF)","authors":"Satran, M","date_accessed":"2020-01-24T00:00:00Z","date_published":"2018-05-30T00:00:00Z","owner_name":null,"tidal_id":"4486236a-d6e0-5655-8b92-5ff7be6994ac","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432605Z"},{"id":"91ce21f7-4cd5-4a75-a533-45d052a11c5d","name":"Microsoft Inbox Rules","description":"Microsoft. (n.d.). Manage email messages by using rules. Retrieved June 11, 2021.","url":"https://support.microsoft.com/en-us/office/manage-email-messages-by-using-rules-c24f5dea-9465-4df4-ad17-a50704d66c59","source":"MITRE","title":"Manage email messages by using rules","authors":"Microsoft","date_accessed":"2021-06-11T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"085a18cf-3f0e-52f0-9893-0987eb104ae4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424643Z"},{"id":"0cc85d20-f47c-52da-8391-83d630e744b9","name":"Google Workspace External Sharing","description":"Google. (n.d.). Manage external sharing for your organization. Retrieved March 4, 2024.","url":"https://support.google.com/a/answer/60781","source":"MITRE","title":"Manage external sharing for your organization","authors":"Google","date_accessed":"2024-03-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"048aaeae-8c68-566f-a07e-57f5a1ff0496","created":"2024-04-25T13:28:52.844501Z","modified":"2025-12-17T15:08:36.442233Z"},{"id":"797c6051-9dff-531b-8438-d306bdf46720","name":"Google Cloud Just in Time Access 2023","description":"Google Cloud. (n.d.). Manage just-in-time privileged access to projects. Retrieved September 21, 2023.","url":"https://cloud.google.com/architecture/manage-just-in-time-privileged-access-to-project","source":"MITRE","title":"Manage just-in-time privileged access to projects","authors":"Google Cloud","date_accessed":"2023-09-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8eecbf4a-be41-5719-bc6e-96d29bbfe93d","created":"2023-11-07T00:36:04.350191Z","modified":"2025-12-17T15:08:36.431047Z"},{"id":"1d5d7353-7d9d-522a-a0aa-6f4aa0886ca1","name":"Microsoft Manage Mail Flow Rules 2023","description":"Microsoft. (2023, February 22). Manage mail flow rules in Exchange Online. Retrieved March 13, 2023.","url":"https://learn.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/manage-mail-flow-rules","source":"MITRE","title":"Manage mail flow rules in Exchange Online","authors":"Microsoft","date_accessed":"2023-03-13T00:00:00Z","date_published":"2023-02-22T00:00:00Z","owner_name":null,"tidal_id":"94504c46-3381-533a-b552-056c41645503","created":"2023-05-26T01:21:19.578404Z","modified":"2025-12-17T15:08:36.441369Z"},{"id":"3d794f31-c3b4-4e0b-8558-b944d6616676","name":"Office 365 Partner Relationships","description":"Microsoft. (2022, March 4). Manage partner relationships. Retrieved May 27, 2022.","url":"https://docs.microsoft.com/en-us/microsoft-365/commerce/manage-partners?view=o365-worldwide","source":"MITRE","title":"Manage partner relationships","authors":"Microsoft","date_accessed":"2022-05-27T00:00:00Z","date_published":"2022-03-04T00:00:00Z","owner_name":null,"tidal_id":"e9d0c0d0-2939-5fc8-8a8b-ef06dac30c16","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442515Z"},{"id":"69154fdc-3540-5c31-8285-f7795db45d7f","name":"Microsoft 365 External Sharing","description":"Microsoft. (2023, October 11). Manage sharing settings for SharePoint and OneDrive in Microsoft 365. Retrieved March 4, 2024.","url":"https://learn.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off","source":"MITRE","title":"Manage sharing settings for SharePoint and OneDrive in Microsoft 365","authors":"Microsoft","date_accessed":"2024-03-04T00:00:00Z","date_published":"2023-10-11T00:00:00Z","owner_name":null,"tidal_id":"897b5431-c68a-5f6a-819a-8612308350f6","created":"2024-04-25T13:28:52.849863Z","modified":"2025-12-17T15:08:36.442238Z"},{"id":"e355ae20-4ada-49f3-a097-744838d6ff7d","name":"TechNet Trusted Publishers","description":"Microsoft. (n.d.). Manage Trusted Publishers. Retrieved March 31, 2016.","url":"https://technet.microsoft.com/en-us/library/cc733026.aspx","source":"MITRE","title":"Manage Trusted Publishers","authors":"Microsoft","date_accessed":"2016-03-31T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2b6b0e31-e49e-5680-8512-3fce1069fb2b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415951Z"},{"id":"dc95771b-db84-43ae-b9ee-6f0ef3f1c93d","name":"Microsoft Enable Cred Guard April 2017","description":"Lich, B., Tobin, J., Hall, J. (2017, April 5). Manage Windows Defender Credential Guard. Retrieved November 27, 2017.","url":"https://docs.microsoft.com/windows/access-protection/credential-guard/credential-guard-manage","source":"MITRE","title":"Manage Windows Defender Credential Guard","authors":"Lich, B., Tobin, J., Hall, J","date_accessed":"2017-11-27T00:00:00Z","date_published":"2017-04-05T00:00:00Z","owner_name":null,"tidal_id":"7e46a8fb-c030-53c4-aa23-6bef3549ac29","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415859Z"},{"id":"6fbbb53f-cd4b-4ce1-942d-5cadb907cf86","name":"Outlook File Sizes","description":"N. O'Bryan. (2018, May 30). Managing Outlook Cached Mode and OST File Sizes. Retrieved February 19, 2020.","url":"https://practical365.com/clients/office-365-proplus/outlook-cached-mode-ost-file-sizes/","source":"MITRE","title":"Managing Outlook Cached Mode and OST File Sizes","authors":"N. O'Bryan","date_accessed":"2020-02-19T00:00:00Z","date_published":"2018-05-30T00:00:00Z","owner_name":null,"tidal_id":"9553da13-bb5e-55b4-b819-ed65a7eeaa3e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425942Z"},{"id":"2eec4264-6139-5b81-8190-2ea438594412","name":"AWS Storage Lifecycles","description":"AWS. (n.d.). Managing the lifecycle of objects. Retrieved September 25, 2024.","url":"https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html","source":"MITRE","title":"Managing the lifecycle of objects","authors":"AWS","date_accessed":"2024-09-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"446bca6d-38ae-5941-b418-6a87ffa33d2b","created":"2024-10-31T16:28:16.730007Z","modified":"2025-12-17T15:08:36.424972Z"},{"id":"eeb7cd82-b116-4989-b3fa-968a23f839f3","name":"Microsoft Managing WebDAV Security","description":"Microsoft. (n.d.). Managing WebDAV Security (IIS 6.0). Retrieved November 17, 2024.","url":"https://web.archive.org/web/20100210125749/https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/4beddb35-0cba-424c-8b9b-a5832ad8e208.mspx","source":"MITRE","title":"Managing WebDAV Security (IIS 6.0)","authors":"Microsoft","date_accessed":"2024-11-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c05bac32-bd7f-53e5-b056-4c8600298286","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433957Z"},{"id":"563be052-29ac-4625-927d-84e475ef848e","name":"Mandiant M Trends 2011","description":"Mandiant. (2011, January 27). Mandiant M-Trends 2011. Retrieved January 10, 2016.","url":"https://dl.mandiant.com/EE/assets/PDF_MTrends_2011.pdf","source":"MITRE","title":"Mandiant M-Trends 2011","authors":"Mandiant","date_accessed":"2016-01-10T00:00:00Z","date_published":"2011-01-27T00:00:00Z","owner_name":null,"tidal_id":"a0a56032-9513-5294-9f8a-7445412f0a3d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435456Z"},{"id":"f769a3ac-4330-46b7-bed8-61697e22cd24","name":"Mandiant M Trends 2016","description":"Mandiant. (2016, February 25). Mandiant M-Trends 2016. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20211024160454/https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/rpt-mtrends-2016.pdf","source":"MITRE","title":"Mandiant M-Trends 2016","authors":"Mandiant","date_accessed":"2024-11-17T00:00:00Z","date_published":"2016-02-25T00:00:00Z","owner_name":null,"tidal_id":"7ef0f939-d0ed-51c3-9a68-78419295b68b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421873Z"},{"id":"71d3db50-4a20-4d8e-a640-4670d642205c","name":"FireEye APT35 2018","description":"Mandiant. (2018). Mandiant M-Trends 2018. Retrieved November 17, 2024.","url":"https://static.carahsoft.com/concrete/files/1015/2779/3571/M-Trends-2018-Report.pdf","source":"MITRE, Tidal Cyber","title":"Mandiant M-Trends 2018","authors":"Mandiant","date_accessed":"2024-11-17T00:00:00Z","date_published":"2018-01-01T00:00:00Z","owner_name":null,"tidal_id":"52399494-7634-5025-9d01-710cbb73c6ff","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.276383Z"},{"id":"fabb9f5c-3ce6-4eef-8711-13130ff41884","name":"Mandiant M-Trends 2023","description":"Mandiant. (n.d.). Mandiant M-Trends 2023. Retrieved January 17, 2025.","url":"https://services.google.com/fh/files/misc/m_trends_2023_report.pdf","source":"Tidal Cyber","title":"Mandiant M-Trends 2023","authors":"Mandiant","date_accessed":"2025-01-17T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"42977a32-899b-5b1a-8bb6-412ad7be0ea0","created":"2025-01-28T15:53:30.148656Z","modified":"2025-01-28T15:53:30.368793Z"},{"id":"8d237948-7b10-5055-b9e6-52e6cab16f32","name":"Mandiant WMI","description":"Mandiant. (n.d.). Retrieved February 13, 2024.","url":"https://www.mandiant.com/resources/reports","source":"MITRE","title":"Mandiant WMI","authors":"","date_accessed":"2024-02-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"dc92f22e-8a78-5b1f-bc8f-7db22a750372","created":"2024-04-25T13:28:28.903914Z","modified":"2025-12-17T15:08:36.423776Z"},{"id":"e1a88703-f465-5a6e-a368-bca1edcccd25","name":"Android Permissions","description":"Google. (2021, August 11). Manifest.permission. Retrieved September","url":"https://developer.android.com/reference/android/Manifest.permission","source":"Mobile","title":"Manifest.permission","authors":"Google","date_accessed":"1978-09-01T00:00:00Z","date_published":"2021-08-11T00:00:00Z","owner_name":null,"tidal_id":"0177457a-b5a2-5303-8a05-b22f4d8886ab","created":"2026-01-28T13:08:10.043443Z","modified":"2026-01-28T13:08:10.043446Z"},{"id":"e336dc02-c7bb-4046-93d9-17b9512fb731","name":"Microsoft Manifests","description":"Microsoft. (n.d.). Manifests. Retrieved December 5, 2014.","url":"https://msdn.microsoft.com/en-US/library/aa375365","source":"MITRE","title":"Manifests","authors":"Microsoft","date_accessed":"2014-12-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"319dd31a-ec16-513b-83cb-60c92bbf8d33","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428833Z"},{"id":"a29301fe-0e3c-4c6e-85c5-a30a6bcb9114","name":"MSDN Manifests","description":"Microsoft. (n.d.). Manifests. Retrieved June 3, 2016.","url":"https://msdn.microsoft.com/en-us/library/aa375365","source":"MITRE","title":"Manifests","authors":"Microsoft","date_accessed":"2016-06-03T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"673feb5b-651d-5662-92d8-858afe5a55b9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433562Z"},{"id":"0be494a5-7bd9-544c-971d-47644b68402b","name":"Microsoft - manifests/assembly","description":"Microsoft. (2021, January 7). Manifests. Retrieved January 30, 2025.","url":"https://learn.microsoft.com/en-us/windows/win32/sbscs/manifests?redirectedfrom=MSDN","source":"MITRE","title":"Manifests","authors":"Microsoft","date_accessed":"2025-01-30T00:00:00Z","date_published":"2021-01-07T00:00:00Z","owner_name":null,"tidal_id":"6f31adf9-4e50-5fb9-b034-180cad83f9c7","created":"2025-04-22T20:47:11.749762Z","modified":"2025-12-17T15:08:36.427068Z"},{"id":"f8975da7-4c50-4b3b-8ecb-c99c9b3bc20c","name":"Wikipedia Man in the Browser","description":"Wikipedia. (2017, October 28). Man-in-the-browser. Retrieved January 10, 2018.","url":"https://en.wikipedia.org/wiki/Man-in-the-browser","source":"MITRE","title":"Man-in-the-browser","authors":"Wikipedia","date_accessed":"2018-01-10T00:00:00Z","date_published":"2017-10-28T00:00:00Z","owner_name":null,"tidal_id":"c6362b8c-a0f5-5bda-a360-0d914d1f138c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429647Z"},{"id":"7459b60a-b8b2-5634-97c9-413a3fc0ae60","name":"mitd_checkpoint_research","description":"Makkaveev, S. (2018, August 12). Man-in-the-Disk: Android Apps Exposed via External Storage. Retrieved October","url":"https://research.checkpoint.com/androids-man-in-the-disk/","source":"Mobile","title":"Man-in-the-Disk: Android Apps Exposed via External Storage","authors":"Makkaveev, S","date_accessed":"1978-10-01T00:00:00Z","date_published":"2018-08-12T00:00:00Z","owner_name":null,"tidal_id":"378457f8-c7cc-5312-a37f-adc616f40248","created":"2026-01-28T13:08:10.042818Z","modified":"2026-01-28T13:08:10.042821Z"},{"id":"95682ff9-0ae3-5141-8d86-54bcbe2f2408","name":"mitd_kaspersky","description":"Drozhzhin, A. (2018, August 27). Man-in-the-Disk: A new and dangerous way to hack Android. Retrieved October","url":"https://usa.kaspersky.com/blog/man-in-the-disk/16089/","source":"Mobile","title":"Man-in-the-Disk: A new and dangerous way to hack Android","authors":"Drozhzhin, A","date_accessed":"1978-10-01T00:00:00Z","date_published":"2018-08-27T00:00:00Z","owner_name":null,"tidal_id":"7a414ba0-5161-567a-90e3-abbc6cf99859","created":"2026-01-28T13:08:10.042768Z","modified":"2026-01-28T13:08:10.042771Z"},{"id":"1b8b2158-c67a-568e-9f4a-36d7b3dd355d","name":"mitd_checkpoint","description":"Check Point Research Team. (2018, August 12). Man-in-the-Disk: A New Attack Surface for Android Apps. Retrieved October","url":"https://blog.checkpoint.com/security/man-in-the-disk-a-new-attack-surface-for-android-apps/","source":"Mobile","title":"Man-in-the-Disk: A New Attack Surface for Android Apps","authors":"Check Point Research Team","date_accessed":"1978-10-01T00:00:00Z","date_published":"2018-08-12T00:00:00Z","owner_name":null,"tidal_id":"1108ea03-65f6-5237-98a6-3c8e41a36503","created":"2026-01-28T13:08:10.042743Z","modified":"2026-01-28T13:08:10.042746Z"},{"id":"353a6eb9-54c5-5211-ad87-abf5d941e503","name":"Kaspersky Encyclopedia MiTM","description":"Kaspersky IT Encyclopedia. (n.d.). Man-in-the-middle attack. Retrieved September 1, 2023.","url":"https://encyclopedia.kaspersky.com/glossary/man-in-the-middle-attack/","source":"MITRE","title":"Man-in-the-middle attack","authors":"Kaspersky IT Encyclopedia","date_accessed":"2023-09-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"706966ec-4f99-5131-bc42-6d96551b6ac7","created":"2023-11-07T00:36:01.515979Z","modified":"2025-12-17T15:08:36.428630Z"},{"id":"33b25966-0ab9-4cc6-9702-62263a23af9c","name":"Rapid7 MiTM Basics","description":"Rapid7. (n.d.). Man-in-the-Middle (MITM) Attacks. Retrieved March 2, 2020.","url":"https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/","source":"MITRE","title":"Man-in-the-Middle (MITM) Attacks","authors":"Rapid7","date_accessed":"2020-03-02T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e56cedbe-7974-5538-9ddd-8af22cbabd35","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423942Z"},{"id":"4375602d-4b5f-476d-82f8-3cef84d3378e","name":"Praetorian TLS Downgrade Attack 2014","description":"Praetorian. (2014, August 19). Man-in-the-Middle TLS Protocol Downgrade Attack. Retrieved October 8, 2021.","url":"https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/","source":"MITRE","title":"Man-in-the-Middle TLS Protocol Downgrade Attack","authors":"Praetorian","date_accessed":"2021-10-08T00:00:00Z","date_published":"2014-08-19T00:00:00Z","owner_name":null,"tidal_id":"172b281e-fa64-535f-9d2c-6dc75ab5414a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431910Z"},{"id":"af907fe1-1e37-4f44-8ad4-fcc3826ee6fb","name":"mitm_tls_downgrade_att","description":"praetorian Editorial Team. (2014, August 19). Man-in-the-Middle TLS Protocol Downgrade Attack. Retrieved December 8, 2021.","url":"https://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack/","source":"MITRE","title":"Man-in-the-Middle TLS Protocol Downgrade Attack","authors":"praetorian Editorial Team","date_accessed":"2021-12-08T00:00:00Z","date_published":"2014-08-19T00:00:00Z","owner_name":null,"tidal_id":"533d22fe-9e53-5485-9b1e-4d908cbad4ec","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423935Z"},{"id":"dc321c92-c7e9-577f-ba0d-6737e2e3243d","name":"Engel-SS7","description":"Tobias Engel. (2014, December). SS7: Locate. Track. Manipulate.. Retrieved December","url":"https://berlin.ccc.de/~tobias/31c3-ss7-locate-track-manipulate.pdf","source":"Mobile","title":"Manipulate.","authors":"Tobias Engel. (2014, December). SS7: Locate","date_accessed":"1978-12-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5cbb72e6-10d1-58d9-bf8a-f6451c32e9a6","created":"2026-01-28T13:08:10.043043Z","modified":"2026-01-28T13:08:10.043046Z"},{"id":"3bf24c68-fc98-4143-9dff-f54030c902fe","name":"InsiderThreat ChangeNTLM July 2017","description":"Warren, J. (2017, July 11). Manipulating User Passwords with Mimikatz. Retrieved December 4, 2017.","url":"https://blog.stealthbits.com/manipulating-user-passwords-with-mimikatz-SetNTLM-ChangeNTLM","source":"MITRE","title":"Manipulating User Passwords with Mimikatz","authors":"Warren, J","date_accessed":"2017-12-04T00:00:00Z","date_published":"2017-07-11T00:00:00Z","owner_name":null,"tidal_id":"5149e078-c432-54a7-9607-db3b69af8c15","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433086Z"},{"id":"5dd749c8-deff-5813-a7d4-80760bb5e999","name":"Talos Manjusaka 2022","description":"Asheer Malhotra & Vitor Ventura. (2022, August 2). Manjusaka: A Chinese sibling of Sliver and Cobalt Strike. Retrieved September 4, 2024.","url":"https://blog.talosintelligence.com/manjusaka-offensive-framework/","source":"MITRE","title":"Manjusaka: A Chinese sibling of Sliver and Cobalt Strike","authors":"Asheer Malhotra & Vitor Ventura","date_accessed":"2024-09-04T00:00:00Z","date_published":"2022-08-02T00:00:00Z","owner_name":null,"tidal_id":"4e6662c0-d4ff-5f37-80e2-99a421e5b108","created":"2024-10-31T16:28:34.632185Z","modified":"2025-12-17T15:08:36.421920Z"},{"id":"8ea545ac-cca6-5da5-8a93-6b07518fc9d4","name":"Kaspersky ManOnTheSide","description":"Starikova, A. (2023, February 14). Man-on-the-side – peculiar attack. Retrieved September 1, 2023.","url":"https://usa.kaspersky.com/blog/man-on-the-side/27854/","source":"MITRE","title":"Man-on-the-side – peculiar attack","authors":"Starikova, A","date_accessed":"2023-09-01T00:00:00Z","date_published":"2023-02-14T00:00:00Z","owner_name":null,"tidal_id":"a2a98902-257c-510f-9c04-7d127fae8b25","created":"2023-11-07T00:36:01.521986Z","modified":"2025-12-17T15:08:36.428636Z"},{"id":"76a792b5-f3cd-566e-a87b-9fae844ce07d","name":"symantec_mantis","description":"Symantec Threat Hunter Team. (2023, April 4). Mantis: New Tooling Used in Attacks Against Palestinian Targets. Retrieved March 4, 2024.","url":"https://web.archive.org/web/20231227054130/https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mantis-palestinian-attacks","source":"MITRE","title":"Mantis: New Tooling Used in Attacks Against Palestinian Targets","authors":"Symantec Threat Hunter Team","date_accessed":"2024-03-04T00:00:00Z","date_published":"2023-04-04T00:00:00Z","owner_name":null,"tidal_id":"89a1d231-6360-5553-8831-c9e31f10b10c","created":"2024-04-25T13:28:44.973755Z","modified":"2025-12-17T15:08:36.439633Z"},{"id":"5ed6a702-dcc5-4021-95cc-5b720dbd8774","name":"CrowdStrike Manufacturing Threat July 2020","description":"Falcon OverWatch Team. (2020, July 14). Manufacturing Industry in the Adversaries’ Crosshairs. Retrieved October 17, 2021.","url":"https://www.crowdstrike.com/blog/adversaries-targeting-the-manufacturing-industry/","source":"MITRE","title":"Manufacturing Industry in the Adversaries’ Crosshairs","authors":"Falcon OverWatch Team","date_accessed":"2021-10-17T00:00:00Z","date_published":"2020-07-14T00:00:00Z","owner_name":null,"tidal_id":"e8513c0f-dce5-5a89-9e77-ec9da0146f5c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439100Z"},{"id":"b89f20ad-39c4-480f-b02e-20f4e71f6b95","name":"US-CERT TYPEFRAME June 2018","description":"US-CERT. (2018, June 14). MAR-10135536-12 – North Korean Trojan: TYPEFRAME. Retrieved July 13, 2018.","url":"https://www.us-cert.gov/ncas/analysis-reports/AR18-165A","source":"MITRE","title":"MAR-10135536-12 – North Korean Trojan: TYPEFRAME","authors":"US-CERT","date_accessed":"2018-07-13T00:00:00Z","date_published":"2018-06-14T00:00:00Z","owner_name":null,"tidal_id":"fea582e2-cbc7-55b5-a4ac-5612e989e68e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419778Z"},{"id":"b30dd720-a85d-4bf5-84e1-394a27917ee7","name":"US-CERT KEYMARBLE Aug 2018","description":"US-CERT. (2018, August 09). MAR-10135536-17 – North Korean Trojan: KEYMARBLE. Retrieved August 16, 2018.","url":"https://www.us-cert.gov/ncas/analysis-reports/AR18-221A","source":"MITRE","title":"MAR-10135536-17 – North Korean Trojan: KEYMARBLE","authors":"US-CERT","date_accessed":"2018-08-16T00:00:00Z","date_published":"2018-08-09T00:00:00Z","owner_name":null,"tidal_id":"7cb21e9c-4f5b-5a4d-9ee6-3ef896bda7a4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417044Z"},{"id":"e722b71b-9042-4143-a156-489783d86e0a","name":"US-CERT HOPLIGHT Apr 2019","description":"US-CERT. (2019, April 10). MAR-10135536-8 – North Korean Trojan: HOPLIGHT. Retrieved April 19, 2019.","url":"https://www.us-cert.gov/ncas/analysis-reports/AR19-100A","source":"MITRE","title":"MAR-10135536-8 – North Korean Trojan: HOPLIGHT","authors":"US-CERT","date_accessed":"2019-04-19T00:00:00Z","date_published":"2019-04-10T00:00:00Z","owner_name":null,"tidal_id":"69578b46-fe7a-5c46-9176-0a837553b5cb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418086Z"},{"id":"db5c816a-2a23-4966-8f0b-4ec86cae45c9","name":"US-CERT HOTCROISSANT February 2020","description":"US-CERT. (2020, February 20). MAR-10271944-1.v1 – North Korean Trojan: HOTCROISSANT. Retrieved May 1, 2020.","url":"https://www.us-cert.gov/ncas/analysis-reports/ar20-045d","source":"MITRE","title":"MAR-10271944-1.v1 – North Korean Trojan: HOTCROISSANT","authors":"US-CERT","date_accessed":"2020-05-01T00:00:00Z","date_published":"2020-02-20T00:00:00Z","owner_name":null,"tidal_id":"3298b1ff-1b27-5c18-8491-32b215fb2b96","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421001Z"},{"id":"b9946fcc-592a-4c54-b504-4fe5050704df","name":"CISA MAR-10288834-2.v1 TAINTEDSCRIBE MAY 2020","description":"USG. (2020, May 12). MAR-10288834-2.v1 – North Korean Trojan: TAINTEDSCRIBE. Retrieved March 5, 2021.","url":"https://us-cert.cisa.gov/ncas/analysis-reports/ar20-133b","source":"MITRE","title":"MAR-10288834-2.v1 – North Korean Trojan: TAINTEDSCRIBE","authors":"USG","date_accessed":"2021-03-05T00:00:00Z","date_published":"2020-05-12T00:00:00Z","owner_name":null,"tidal_id":"f11d86db-4777-54f4-874d-fd158c27f2ed","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419847Z"},{"id":"0ae18fda-cc88-49f4-8e85-7b63044579ea","name":"CISA MAR-10292089-1.v2 TAIDOOR August 2021","description":"CISA, FBI, DOD. (2021, August). MAR-10292089-1.v2 – Chinese Remote Access Trojan: TAIDOOR. Retrieved August 24, 2021.","url":"https://us-cert.cisa.gov/ncas/analysis-reports/ar20-216a","source":"MITRE","title":"MAR-10292089-1.v2 – Chinese Remote Access Trojan: TAIDOOR","authors":"CISA, FBI, DOD","date_accessed":"2021-08-24T00:00:00Z","date_published":"2021-08-01T00:00:00Z","owner_name":null,"tidal_id":"0bbfbba9-0015-571a-b7bc-32fb66e1a79e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421151Z"},{"id":"0421788c-b807-4e19-897c-bfb4323feb16","name":"US-CERT BLINDINGCAN Aug 2020","description":"US-CERT. (2020, August 19). MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN. Retrieved August 19, 2020.","url":"https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a","source":"MITRE","title":"MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN","authors":"US-CERT","date_accessed":"2020-08-19T00:00:00Z","date_published":"2020-08-19T00:00:00Z","owner_name":null,"tidal_id":"0316be5c-d47f-5dd1-a77c-23ab6365d0d1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416502Z"},{"id":"a87db09c-cadc-48fd-9634-8dd44bbd9009","name":"CISA SoreFang July 2016","description":"CISA. (2020, July 16). MAR-10296782-1.v1 – SOREFANG. Retrieved September 29, 2020.","url":"https://us-cert.cisa.gov/ncas/analysis-reports/ar20-198a","source":"MITRE","title":"MAR-10296782-1.v1 – SOREFANG","authors":"CISA","date_accessed":"2020-09-29T00:00:00Z","date_published":"2020-07-16T00:00:00Z","owner_name":null,"tidal_id":"61477d52-45e6-51b0-8721-bda027a10f64","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422066Z"},{"id":"40e9eda2-51a2-4fd8-b0b1-7d2c6deca820","name":"CISA WellMess July 2020","description":"CISA. (2020, July 16). MAR-10296782-2.v1 – WELLMESS. Retrieved September 24, 2020.","url":"https://us-cert.cisa.gov/ncas/analysis-reports/ar20-198b","source":"MITRE","title":"MAR-10296782-2.v1 – WELLMESS","authors":"CISA","date_accessed":"2020-09-24T00:00:00Z","date_published":"2020-07-16T00:00:00Z","owner_name":null,"tidal_id":"291b7499-2b29-557c-89f6-e29de622310a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417885Z"},{"id":"2f33b88a-a8dd-445b-a34f-e356b94bed35","name":"CISA WellMail July 2020","description":"CISA. (2020, July 16). MAR-10296782-3.v1 – WELLMAIL. Retrieved September 29, 2020.","url":"https://us-cert.cisa.gov/ncas/analysis-reports/ar20-198c","source":"MITRE","title":"MAR-10296782-3.v1 – WELLMAIL","authors":"CISA","date_accessed":"2020-09-29T00:00:00Z","date_published":"2020-07-16T00:00:00Z","owner_name":null,"tidal_id":"d395f96b-b9d0-5c75-80e3-ff006484c817","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420545Z"},{"id":"a1b143f9-ca85-4c11-8909-49423c9ffeab","name":"CISA EB Aug 2020","description":"Cybersecurity and Infrastructure Security Agency. (2020, August 26). MAR-10301706-1.v1 - North Korean Remote Access Tool: ECCENTRICBANDWAGON. Retrieved March 18, 2021.","url":"https://us-cert.cisa.gov/ncas/analysis-reports/ar20-239a","source":"MITRE","title":"MAR-10301706-1.v1 - North Korean Remote Access Tool: ECCENTRICBANDWAGON","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2021-03-18T00:00:00Z","date_published":"2020-08-26T00:00:00Z","owner_name":null,"tidal_id":"c634b04b-362b-5c7b-a709-f8b781d56bee","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422163Z"},{"id":"0690fa53-fee4-43fa-afd5-61137fd7529e","name":"CISA HatMan","description":"CISA. (2019, February 27). MAR-17-352-01 HatMan-Safety System Targeted Malware. Retrieved January 6, 2021.","url":"https://us-cert.cisa.gov/sites/default/files/documents/MAR-17-352-01%20HatMan%20-%20Safety%20System%20Targeted%20Malware%20%28Update%20B%29.pdf","source":"MITRE","title":"MAR-17-352-01 HatMan-Safety System Targeted Malware","authors":"CISA","date_accessed":"2021-01-06T00:00:00Z","date_published":"2019-02-27T00:00:00Z","owner_name":null,"tidal_id":"b71e8dba-a8bc-512e-ae0f-ad9fedbc63ff","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420443Z"},{"id":"8fb1a0ff-2977-4f50-aba9-e5f5c2b63647","name":"Microsoft Security Blog May 12 2025","description":"Microsoft Threat Intelligence. (2025, May 12). Marbled Dust leverages zero-day in Output Messenger for regional espionage . Retrieved June 2, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2025/05/12/marbled-dust-leverages-zero-day-in-output-messenger-for-regional-espionage/","source":"Tidal Cyber","title":"Marbled Dust leverages zero-day in Output Messenger for regional espionage","authors":"Microsoft Threat Intelligence","date_accessed":"2025-06-02T00:00:00Z","date_published":"2025-05-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ebfe31d4-bb62-5041-b93f-4e35e9ef4cce","created":"2025-06-03T14:14:12.775052Z","modified":"2025-06-03T14:14:12.988246Z"},{"id":"a9d34969-ad72-5a5d-8a27-fe3a6133818f","name":"Mark Loveless April 2017","description":"Mark Loveless 2017, April 11 THE DALLAS COUNTY SIREN HACK. Retrieved 2020/11/06","url":"https://duo.com/decipher/the-dallas-county-siren-hack","source":"ICS","title":"Mark Loveless April 2017","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e9bc8625-f500-52f4-bf5e-5b0579000517","created":"2026-01-28T13:08:18.178253Z","modified":"2026-01-28T13:08:18.178257Z"},{"id":"54d9c59f-800a-426f-90c8-0d1cb2bea1ea","name":"Outflank MotW 2020","description":"Hegt, S. (2020, March 30). Mark-of-the-Web from a red team’s perspective. Retrieved February 22, 2021.","url":"https://outflank.nl/blog/2020/03/30/mark-of-the-web-from-a-red-teams-perspective/","source":"MITRE","title":"Mark-of-the-Web from a red team’s perspective","authors":"Hegt, S","date_accessed":"2021-02-22T00:00:00Z","date_published":"2020-03-30T00:00:00Z","owner_name":null,"tidal_id":"289b2f79-c325-5e56-b187-d4c2e8785486","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431744Z"},{"id":"38f66238-7ec9-55e9-96cd-39757d03ed58","name":"Mark Thompson March 2016","description":"Mark Thompson 2016, March 24 Iranian Cyber Attack on New York Dam Shows Future of War. Retrieved 2019/11/07","url":"https://time.com/4270728/iran-cyber-attack-dam-fbi/","source":"ICS","title":"Mark Thompson March 2016","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4d78885c-9380-527d-87f4-3e01475b1b4d","created":"2026-01-28T13:08:18.177477Z","modified":"2026-01-28T13:08:18.177480Z"},{"id":"def3e3dd-8136-4714-a58f-ffbd00066dc0","name":"Google Cloud May 28 2025","description":"Google Threat Intelligence Group. (2025, May 28). Mark Your Calendar APT41 Innovative Tactics . Retrieved June 2, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics","source":"Tidal Cyber","title":"Mark Your Calendar APT41 Innovative Tactics","authors":"Google Threat Intelligence Group","date_accessed":"2025-06-02T00:00:00Z","date_published":"2025-05-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5f816a34-0295-52ef-94f5-7faced0fa242","created":"2025-06-03T14:14:12.435661Z","modified":"2025-06-03T14:14:12.603575Z"},{"id":"7ed1c974-802d-5b1c-b93d-f0af2a46b033","name":"Marshall Abrams July 2008","description":"Marshall Abrams 2008, July 23 Malicious Control System Cyber Security Attack Case Study Maroochy Water Services, Australia. Retrieved 2018/03/27","url":"https://www.mitre.org/sites/default/files/pdf/08_1145.pdf","source":"ICS","title":"Marshall Abrams July 2008","authors":"","date_accessed":"2018-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a23ccc81-3d8e-5c67-886b-138700291304","created":"2026-01-28T13:08:18.178677Z","modified":"2026-01-28T13:08:18.178680Z"},{"id":"e11492f4-f9a3-5489-b2bb-a28b19ef88b5","name":"Masquerads-Guardio","description":"Tal, Nati. (2022, December 28). “MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets. Retrieved February 21, 2023.","url":"https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e","source":"MITRE","title":"“MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets","authors":"Tal, Nati","date_accessed":"2023-02-21T00:00:00Z","date_published":"2022-12-28T00:00:00Z","owner_name":null,"tidal_id":"3fcc525f-2339-5244-bb9b-f26d89eb7204","created":"2023-05-26T01:21:01.860030Z","modified":"2025-12-17T15:08:36.425369Z"},{"id":"46df3a49-e7c4-4169-b35c-0aecc78c31ea","name":"CNET Leaks","description":"Ng, A. (2019, January 17). Massive breach leaks 773 million email addresses, 21 million passwords. Retrieved October 20, 2020.","url":"https://www.cnet.com/news/massive-breach-leaks-773-million-emails-21-million-passwords/","source":"MITRE","title":"Massive breach leaks 773 million email addresses, 21 million passwords","authors":"Ng, A","date_accessed":"2020-10-20T00:00:00Z","date_published":"2019-01-17T00:00:00Z","owner_name":null,"tidal_id":"56b386d6-ac34-5db2-8839-8f8a03a16d6f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429547Z"},{"id":"1a08d58f-bf91-4345-aa4e-2906d3ef365a","name":"ArsTechnica Great Firewall of China","description":"Goodin, D.. (2015, March 31). Massive denial-of-service attack on GitHub tied to Chinese government. Retrieved April 19, 2019.","url":"https://arstechnica.com/information-technology/2015/03/massive-denial-of-service-attack-on-github-tied-to-chinese-government/","source":"MITRE","title":"Massive denial-of-service attack on GitHub tied to Chinese government","authors":"Goodin, D.","date_accessed":"2019-04-19T00:00:00Z","date_published":"2015-03-31T00:00:00Z","owner_name":null,"tidal_id":"413aff0a-bc64-5907-9e53-1a4c658d7f64","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434508Z"},{"id":"246257d1-b277-5609-a1b2-9494e68d4f9c","name":"krebs-email-bombing","description":"Brian Krebs. (2016, August 18). Massive Email Bombs Target .Gov Addresses. Retrieved January 31, 2025.","url":"https://krebsonsecurity.com/2016/08/massive-email-bombs-target-gov-addresses/","source":"MITRE","title":"Massive Email Bombs Target .Gov Addresses","authors":"Brian Krebs","date_accessed":"2025-01-31T00:00:00Z","date_published":"2016-08-18T00:00:00Z","owner_name":null,"tidal_id":"b971a1ea-5605-5af0-a57d-082040405c71","created":"2025-04-22T20:47:18.712316Z","modified":"2025-12-17T15:08:36.434127Z"},{"id":"a368f786-7e74-47e3-91e8-170dbb360234","name":"ImageMagick January 1 1999","description":"ImageMagick. (1999, January 1). Mastering Digital Image Alchemy. Retrieved December 19, 2024.","url":"https://imagemagick.org/","source":"Tidal Cyber","title":"Mastering Digital Image Alchemy","authors":"ImageMagick","date_accessed":"2024-12-19T00:00:00Z","date_published":"1999-01-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fd0affaf-e070-5b66-a0f1-e635c5b4e9fa","created":"2025-04-11T15:06:04.905990Z","modified":"2025-04-11T15:06:05.119317Z"},{"id":"f9d1f2ab-9e75-48ce-bcdf-b7119687feef","name":"Europol Cobalt Mar 2018","description":"Europol. (2018, March 26). Mastermind Behind EUR 1 Billion Cyber Bank Robbery Arrested in Spain. Retrieved October 10, 2018.","url":"https://www.europol.europa.eu/newsroom/news/mastermind-behind-eur-1-billion-cyber-bank-robbery-arrested-in-spain","source":"MITRE","title":"Mastermind Behind EUR 1 Billion Cyber Bank Robbery Arrested in Spain","authors":"Europol","date_accessed":"2018-10-10T00:00:00Z","date_published":"2018-03-26T00:00:00Z","owner_name":null,"tidal_id":"5915a00a-bd65-54bb-8d1d-e28022bed4a6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438166Z"},{"id":"4ba7fa89-006b-4fbf-aa6c-6775842c97a4","name":"LOLBAS Mavinject","description":"LOLBAS. (n.d.). Mavinject.exe. Retrieved September 22, 2021.","url":"https://lolbas-project.github.io/lolbas/Binaries/Mavinject/","source":"MITRE","title":"Mavinject.exe","authors":"LOLBAS","date_accessed":"2021-09-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a1e21a15-5643-5ff2-82e4-6ea2aa64cdf8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425837Z"},{"id":"17b055ba-5e59-4508-ba77-2519c03c6d65","name":"Mavinject Functionality Deconstructed","description":"Matt Graeber. (2018, May 29). mavinject.exe Functionality Deconstructed. Retrieved September 22, 2021.","url":"https://posts.specterops.io/mavinject-exe-functionality-deconstructed-c29ab2cf5c0e","source":"MITRE","title":"mavinject.exe Functionality Deconstructed","authors":"Matt Graeber","date_accessed":"2021-09-22T00:00:00Z","date_published":"2018-05-29T00:00:00Z","owner_name":null,"tidal_id":"88113277-d80d-5747-b84b-9f8f70f9360a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425843Z"},{"id":"b1eae65c-3d5c-5ada-b772-21da6720de04","name":"Max Heinemeyer February 2020","description":"Max Heinemeyer 2020, February 21 Post-mortem of a targeted Sodinokibi ransomware attack. Retrieved 2021/04/12","url":"https://www.darktrace.com/en/blog/post-mortem-of-a-targeted-sodinokibi-ransomware-attack/","source":"ICS","title":"Max Heinemeyer February 2020","authors":"","date_accessed":"2021-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a713019b-c953-55d1-ad1a-fad06be0a8f8","created":"2026-01-28T13:08:18.180494Z","modified":"2026-01-28T13:08:18.180498Z"},{"id":"de36cb84-6eaf-4a67-b09b-b876af38ccb5","name":"AhnLab Dark Web Trends June 10 2025","description":"ASEC. (2025, June 10). May 2025 Deep Web and Dark Web Trends Report. Retrieved June 13, 2025.","url":"https://asec.ahnlab.com/en/88428/","source":"Tidal Cyber","title":"May 2025 Deep Web and Dark Web Trends Report","authors":"ASEC","date_accessed":"2025-06-13T12:00:00Z","date_published":"2025-06-10T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"87eea9e7-5390-5a9f-b389-692ffce5d2b5","created":"2025-06-17T14:40:46.659246Z","modified":"2025-06-17T14:40:46.837346Z"},{"id":"9c4bbcbb-2c18-453c-8b02-0a0cd512c3f3","name":"Sophos Maze VM September 2020","description":"Brandt, A., Mackenzie, P.. (2020, September 17). Maze Attackers Adopt Ragnar Locker Virtual Machine Technique. Retrieved October 9, 2020.","url":"https://news.sophos.com/en-us/2020/09/17/maze-attackers-adopt-ragnar-locker-virtual-machine-technique/","source":"MITRE","title":"Maze Attackers Adopt Ragnar Locker Virtual Machine Technique","authors":"Brandt, A., Mackenzie, P.","date_accessed":"2020-10-09T00:00:00Z","date_published":"2020-09-17T00:00:00Z","owner_name":null,"tidal_id":"70f5c08e-9b6d-5ef6-8d18-64d64fa34ceb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421859Z"},{"id":"324ba1b8-cc97-4d20-b25d-053b2462f3b2","name":"mbed-crypto","description":"ARMmbed. (2018, June 21). Mbed Crypto. Retrieved February 15, 2021.","url":"https://github.com/ARMmbed/mbed-crypto","source":"MITRE","title":"Mbed Crypto","authors":"ARMmbed","date_accessed":"2021-02-15T00:00:00Z","date_published":"2018-06-21T00:00:00Z","owner_name":null,"tidal_id":"0553b9fa-36b4-551a-a5d1-dad685099c89","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442282Z"},{"id":"288e94b3-a023-4b59-8b2a-25c469fb56a1","name":"McAfee REvil October 2019","description":"Saavedra-Morales, J, et al. (2019, October 20). McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo. Retrieved August 5, 2020.","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-crescendo/","source":"MITRE","title":"McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo","authors":"Saavedra-Morales, J, et al","date_accessed":"2020-08-05T00:00:00Z","date_published":"2019-10-20T00:00:00Z","owner_name":null,"tidal_id":"543fc203-c454-5994-a01b-e8f5485b2184","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421067Z"},{"id":"1bf961f2-dfa9-4ca3-9bf5-90c21755d783","name":"McAfee Sodinokibi October 2019","description":"McAfee. (2019, October 2). McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us. Retrieved August 4, 2020.","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/","source":"MITRE","title":"McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us","authors":"McAfee","date_accessed":"2020-08-04T00:00:00Z","date_published":"2019-10-02T00:00:00Z","owner_name":null,"tidal_id":"71cee5c9-5897-5bb3-8a7b-03c2b14220bb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421053Z"},{"id":"c90ecd26-ce29-4c1d-b739-357b6d42f399","name":"McAfee Sandworm November 2013","description":"Li, H. (2013, November 5). McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office. Retrieved June 18, 2020.","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2","source":"MITRE","title":"McAfee Labs Detects Zero-Day Exploit Targeting Microsoft Office","authors":"Li, H","date_accessed":"2020-06-18T00:00:00Z","date_published":"2013-11-05T00:00:00Z","owner_name":null,"tidal_id":"cc04f980-1ae7-5365-a49a-7e2f283b346d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441000Z"},{"id":"0246ec58-531e-5b1b-bbd1-d397e1b62faf","name":"McAfee Labs October 2019","description":"McAfee Labs 2019, October 02 McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service What The Code Tells Us. Retrieved 2021/04/12","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us","source":"ICS","title":"McAfee Labs October 2019","authors":"","date_accessed":"2021-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"637e10c1-f338-585a-8a15-8f99326dfa50","created":"2026-01-28T13:08:18.179521Z","modified":"2026-01-28T13:08:18.179524Z"},{"id":"e6f0f7b5-01fe-437f-a9c9-2ea054e7d69d","name":"McAfee Honeybee","description":"Sherstobitoff, R. (2018, March 02). McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018.","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-uncovers-operation-honeybee-malicious-document-campaign-targeting-humanitarian-aid-groups/","source":"MITRE","title":"McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups","authors":"Sherstobitoff, R","date_accessed":"2018-05-16T00:00:00Z","date_published":"2018-03-02T00:00:00Z","owner_name":null,"tidal_id":"fdf4cb97-f757-5285-a223-d2a030c5b6cf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438008Z"},{"id":"24f9ebb7-7124-54a7-8e6b-34edaac4ef76","name":"McCarthy, J et al. July 2018","description":"McCarthy, J et al. 2018, July NIST SP 1800-2 Identity and Access Management for Electric Utilities. Retrieved 2020/09/17","url":"https://doi.org/10.6028/NIST.SP.1800-2","source":"ICS","title":"McCarthy, J et al. July 2018","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"fec61606-edd8-58e9-a83f-c1b3bf80abbb","created":"2026-01-28T13:08:18.175037Z","modified":"2026-01-28T13:08:18.175041Z"},{"id":"f7364cfc-5a3b-4538-80d0-cae65f3c6592","name":"Secureworks MCMD July 2019","description":"Secureworks. (2019, July 24). MCMD Malware Analysis. Retrieved August 13, 2020.","url":"https://www.secureworks.com/research/mcmd-malware-analysis","source":"MITRE","title":"MCMD Malware Analysis","authors":"Secureworks","date_accessed":"2020-08-13T00:00:00Z","date_published":"2019-07-24T00:00:00Z","owner_name":null,"tidal_id":"fad3c419-094c-531a-8b21-5deab04b0d8a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423159Z"},{"id":"57aeedda-2c32-404f-bead-fe6d213d7241","name":"Purves Kextpocalypse 2","description":"Richard Purves. (2017, November 9). MDM and the Kextpocalypse . Retrieved September 23, 2021.","url":"https://richard-purves.com/2017/11/09/mdm-and-the-kextpocalypse-2/","source":"MITRE","title":"MDM and the Kextpocalypse","authors":"Richard Purves","date_accessed":"2021-09-23T00:00:00Z","date_published":"2017-11-09T00:00:00Z","owner_name":null,"tidal_id":"c7a6ca28-a20d-5f0a-969a-db33838ca89a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433124Z"},{"id":"dfd12595-0056-5b4a-b753-624fac1bb3a6","name":"MDSec Brute Ratel August 2022","description":"Chell, D. PART 3: How I Met Your Beacon – Brute Ratel. Retrieved February 6, 2023.","url":"https://www.mdsec.co.uk/2022/08/part-3-how-i-met-your-beacon-brute-ratel/","source":"MITRE","title":"MDSec Brute Ratel August 2022","authors":"","date_accessed":"2023-02-06T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"eb63acfc-0234-5613-a3e6-1de19c360f1f","created":"2023-05-26T01:21:19.964371Z","modified":"2025-12-17T15:08:36.423035Z"},{"id":"aa7393ad-0760-4f27-a068-17beba17bbe3","name":"Secureworks NICKEL ACADEMY Dec 2017","description":"Secureworks. (2017, December 15). Media Alert - Secureworks Discovers North Korean Cyber Threat Group, Lazarus, Spearphishing Financial Executives of Cryptocurrency Companies. Retrieved December 27, 2017.","url":"https://www.secureworks.com/about/press/media-alert-secureworks-discovers-north-korean-cyber-threat-group-lazarus-spearphishing","source":"MITRE","title":"Media Alert - Secureworks Discovers North Korean Cyber Threat Group, Lazarus, Spearphishing Financial Executives of Cryptocurrency Companies","authors":"Secureworks","date_accessed":"2017-12-27T00:00:00Z","date_published":"2017-12-15T00:00:00Z","owner_name":null,"tidal_id":"2a726ba0-9f0e-54c0-962c-c4be98d162e5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437600Z"},{"id":"f7b41120-8455-409f-ad9c-815c2c43edfd","name":"Cybereason Nocturnus MedusaLocker 2020","description":"Cybereason Nocturnus. (2020, November 19). Cybereason vs. MedusaLocker Ransomware. Retrieved June 23, 2021.","url":"https://www.cybereason.com/blog/medusalocker-ransomware","source":"MITRE","title":"MedusaLocker Ransomware","authors":"Cybereason Nocturnus. (2020, November 19)","date_accessed":"2021-06-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d7491cf8-7dc3-5863-8461-b8985ee5e86b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426568Z"},{"id":"49e314d6-5324-41e0-8bee-2b3e08d5e12f","name":"HC3 Analyst Note MedusaLocker Ransomware February 2023","description":"Health Sector Cybersecurity Coordination Center (HC3). (2023, February 24). MedusaLocker Ransomware. Retrieved August 11, 2023.","url":"https://www.hhs.gov/sites/default/files/medusalocker-ransomware-analyst-note.pdf","source":"Tidal Cyber","title":"MedusaLocker Ransomware","authors":"Health Sector Cybersecurity Coordination Center (HC3)","date_accessed":"2023-08-11T00:00:00Z","date_published":"2023-02-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d4f8b10e-872a-5c13-9bf3-7663e389e8b9","created":"2023-08-11T21:14:12.503297Z","modified":"2023-08-11T21:14:12.613806Z"},{"id":"01d2a059-f002-5e1e-97c1-ae714648fc10","name":"Broadcom Medusa Ransomware Medusa Group March 2025","description":"Threat Hunter Team Symantec and Carbon Black. (2025, March 6). Medusa Ransomware Activity Continues to Increase. Retrieved October 15, 2025.","url":"https://www.security.com/threat-intelligence/medusa-ransomware-attacks","source":"MITRE","title":"Medusa Ransomware Activity Continues to Increase","authors":"Threat Hunter Team Symantec and Carbon Black","date_accessed":"2025-10-15T00:00:00Z","date_published":"2025-03-06T00:00:00Z","owner_name":null,"tidal_id":"44287988-1b52-57ea-8b12-cb5db1dbedc6","created":"2025-10-29T21:08:48.164924Z","modified":"2025-12-17T15:08:36.417471Z"},{"id":"21fe1d9e-17f1-49e2-b05f-78e9160f5414","name":"Bleeping Computer Medusa Ransomware March 12 2023","description":"Lawrence Abrams. (2023, March 12). Medusa ransomware gang picks up steam as it targets companies worldwide. Retrieved September 14, 2023.","url":"https://www.bleepingcomputer.com/news/security/medusa-ransomware-gang-picks-up-steam-as-it-targets-companies-worldwide/","source":"Tidal Cyber","title":"Medusa ransomware gang picks up steam as it targets companies worldwide","authors":"Lawrence Abrams","date_accessed":"2023-09-14T00:00:00Z","date_published":"2023-03-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"057a0d4f-af47-576e-9436-56d046dc7b45","created":"2023-09-14T20:17:59.632404Z","modified":"2023-09-14T20:17:59.723605Z"},{"id":"baad1552-9b29-5509-8763-5e16f2b370e1","name":"Palo Alto Unit 42 Medusa Group Medusa Ransomware January 2024","description":"Anthony Galiette, Doel Santos. (2024, January 11). Medusa Ransomware Turning Your Files into Stone. Retrieved October 15, 2025.","url":"https://unit42.paloaltonetworks.com/medusa-ransomware-escalation-new-leak-site/","source":"MITRE","title":"Medusa Ransomware Turning Your Files into Stone","authors":"Anthony Galiette, Doel Santos","date_accessed":"2025-10-15T00:00:00Z","date_published":"2024-01-11T00:00:00Z","owner_name":null,"tidal_id":"99f2aaa7-c23c-57fa-bc46-8a61897dd2f2","created":"2025-10-29T21:08:48.164894Z","modified":"2025-12-17T15:08:36.417456Z"},{"id":"f7d3cc96-4c0f-4a87-8a79-abd3f0f84533","name":"Meduza Stealer RussianPanda June 28 2023","description":"RussianPanda. (2023, June 28). Meduza Stealer or The Return of The Infamous Aurora Stealer. Retrieved October 14, 2024.","url":"https://russianpanda.com/Meduza-Stealer-or-The-Return-of-The-Infamous-Aurora-Stealer","source":"Tidal Cyber","title":"Meduza Stealer or The Return of The Infamous Aurora Stealer","authors":"RussianPanda","date_accessed":"2024-10-14T00:00:00Z","date_published":"2023-06-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6b937cc2-e8bd-5fc9-9822-df75a7d5c66d","created":"2024-10-14T19:18:56.332614Z","modified":"2024-10-14T19:18:56.490450Z"},{"id":"0a0aeacd-0976-4c84-b40d-5704afca9f0e","name":"CyberScoop Babuk February 2021","description":"Lyngaas, S. (2021, February 4). Meet Babuk, a ransomware attacker blamed for the Serco breach. Retrieved August 11, 2021.","url":"https://www.cyberscoop.com/babuk-ransomware-serco-attack/","source":"MITRE","title":"Meet Babuk, a ransomware attacker blamed for the Serco breach","authors":"Lyngaas, S","date_accessed":"2021-08-11T00:00:00Z","date_published":"2021-02-04T00:00:00Z","owner_name":null,"tidal_id":"5ddda5ae-8552-5b07-8aba-a6445545503d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419136Z"},{"id":"a0119ad4-ceea-4dba-bc08-a682085a9b27","name":"CrowdStrike Stardust Chollima Profile April 2018","description":"Meyers, Adam. (2018, April 6). Meet CrowdStrike’s Adversary of the Month for April: STARDUST CHOLLIMA. Retrieved September 29, 2021.","url":"https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-april-stardust-chollima/","source":"MITRE","title":"Meet CrowdStrike’s Adversary of the Month for April: STARDUST CHOLLIMA","authors":"Meyers, Adam","date_accessed":"2021-09-29T00:00:00Z","date_published":"2018-04-06T00:00:00Z","owner_name":null,"tidal_id":"0690b37f-2970-51e8-a151-7c4672857966","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438299Z"},{"id":"ce07d409-292d-4e8e-b1af-bd5ba46c1b95","name":"CrowdStrike VOODOO BEAR","description":"Meyers, A. (2018, January 19). Meet CrowdStrike’s Adversary of the Month for January: VOODOO BEAR. Retrieved May 22, 2018.","url":"https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-january-voodoo-bear/","source":"MITRE","title":"Meet CrowdStrike’s Adversary of the Month for January: VOODOO BEAR","authors":"Meyers, A","date_accessed":"2018-05-22T00:00:00Z","date_published":"2018-01-19T00:00:00Z","owner_name":null,"tidal_id":"c9114d0d-a184-5ee0-98a3-1b9a41b0710d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437793Z"},{"id":"35e72170-b1ec-49c9-aefe-a24fc4302fa6","name":"Crowdstrike MUSTANG PANDA June 2018","description":"Meyers, A. (2018, June 15). Meet CrowdStrike’s Adversary of the Month for June: MUSTANG PANDA. Retrieved April 12, 2021.","url":"https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-june-mustang-panda/","source":"MITRE, Tidal Cyber","title":"Meet CrowdStrike’s Adversary of the Month for June: MUSTANG PANDA","authors":"Meyers, A","date_accessed":"2021-04-12T00:00:00Z","date_published":"2018-06-15T00:00:00Z","owner_name":null,"tidal_id":"563dc90d-911f-51a9-835e-881b4fd67a98","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279201Z"},{"id":"ee400057-2b26-4464-96b4-484c9eb9d5c2","name":"CrowdStrike VENOMOUS BEAR","description":"Meyers, A. (2018, March 12). Meet CrowdStrike’s Adversary of the Month for March: VENOMOUS BEAR. Retrieved May 16, 2018.","url":"https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-march-venomous-bear/","source":"MITRE","title":"Meet CrowdStrike’s Adversary of the Month for March: VENOMOUS BEAR","authors":"Meyers, A","date_accessed":"2018-05-16T00:00:00Z","date_published":"2018-03-12T00:00:00Z","owner_name":null,"tidal_id":"4e644f76-e651-56c2-8fad-71c5143fef0f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437838Z"},{"id":"3fc0d7ad-6283-4cfd-b72f-5ce47594531e","name":"Crowdstrike Helix Kitten Nov 2018","description":"Meyers, A. (2018, November 27). Meet CrowdStrike’s Adversary of the Month for November: HELIX KITTEN. Retrieved December 18, 2018.","url":"https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-november-helix-kitten/","source":"MITRE","title":"Meet CrowdStrike’s Adversary of the Month for November: HELIX KITTEN","authors":"Meyers, A","date_accessed":"2018-12-18T00:00:00Z","date_published":"2018-11-27T00:00:00Z","owner_name":null,"tidal_id":"6c426db6-4b04-5d2f-85ae-dd64256bc1c3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437499Z"},{"id":"3bf80a48-a218-5c52-b925-f84e65c9a3bf","name":"ArsTechnica-PoisonTap","description":"Dan Goodin. (2016, November 16). Meet PoisonTap, the $5 tool that ransacks password-protected computers. Retrieved December","url":"http://arstechnica.com/security/2016/11/meet-poisontap-the-5-tool-that-ransacks-password-protected-computers/","source":"Mobile","title":"Meet PoisonTap, the $5 tool that ransacks password-protected computers","authors":"Dan Goodin","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-11-16T00:00:00Z","owner_name":null,"tidal_id":"04b52ef7-ddf4-5da8-b9d2-71ac0debc708","created":"2026-01-28T13:08:10.045288Z","modified":"2026-01-28T13:08:10.045291Z"},{"id":"cad54315-4f1b-4334-b77a-080901d15143","name":"BlackBerry PyXie December 2 2019","description":"Ryan Tracey. (2019, December 2). Meet PyXie: A Nefarious New Python RAT. Retrieved December 19, 2024.","url":"https://blogs.blackberry.com/en/2019/12/meet-pyxie-a-nefarious-new-python-rat","source":"Tidal Cyber","title":"Meet PyXie: A Nefarious New Python RAT","authors":"Ryan Tracey","date_accessed":"2024-12-19T00:00:00Z","date_published":"2019-12-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"aa79e740-4433-5ab5-acde-3532efad4a54","created":"2025-04-11T15:06:25.408620Z","modified":"2025-04-11T15:06:25.558596Z"},{"id":"ec75f7aa-a908-46b5-896f-bc4ed40d58c0","name":"BleepingComputer November 19 2025","description":"None Identified. (2025, November 19). Meet ShinySp1d3r: New Ransomware-as-a-Service created by ShinyHunters. Retrieved November 24, 2025.","url":"https://www.bleepingcomputer.com/news/security/meet-shinysp1d3r-new-ransomware-as-a-service-created-by-shinyhunters/","source":"Tidal Cyber","title":"Meet ShinySp1d3r: New Ransomware-as-a-Service created by ShinyHunters","authors":"None Identified","date_accessed":"2025-11-24T12:00:00Z","date_published":"2025-11-19T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c900a2fa-470f-518b-9675-03b2e0dade20","created":"2025-11-26T19:37:29.857239Z","modified":"2025-11-26T19:37:29.991561Z"},{"id":"a2a0c1eb-20ad-4c40-a8cd-1732fdde7e19","name":"Cloudflare Memcrashed Feb 2018","description":"Marek Majkowski of Cloudflare. (2018, February 27). Memcrashed - Major amplification attacks from UDP port 11211. Retrieved April 18, 2019.","url":"https://blog.cloudflare.com/memcrashed-major-amplification-attacks-from-port-11211/","source":"MITRE","title":"Memcrashed - Major amplification attacks from UDP port 11211","authors":"Marek Majkowski of Cloudflare","date_accessed":"2019-04-18T00:00:00Z","date_published":"2018-02-27T00:00:00Z","owner_name":null,"tidal_id":"fed452ca-2452-52dc-b98f-074622fa35f8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427697Z"},{"id":"f830ed8b-33fa-4d1e-a66c-41f8c6aba69c","name":"Github Mempdump","description":"DiabloHorn. (2015, March 22). mempdump. Retrieved October 6, 2017.","url":"https://github.com/DiabloHorn/mempdump","source":"MITRE","title":"mempdump","authors":"DiabloHorn","date_accessed":"2017-10-06T00:00:00Z","date_published":"2015-03-22T00:00:00Z","owner_name":null,"tidal_id":"8259320c-c48f-550f-b787-9706d89b70a8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420587Z"},{"id":"ba4f7d65-73ec-4726-b1f6-f2443ffda5e7","name":"Palo Alto menuPass Feb 2017","description":"Miller-Osborn, J. and Grunzweig, J.. (2017, February 16). menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations. Retrieved March 1, 2017.","url":"http://researchcenter.paloaltonetworks.com/2017/02/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/","source":"MITRE, Tidal Cyber","title":"menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations","authors":"Miller-Osborn, J. and Grunzweig, J.","date_accessed":"2017-03-01T00:00:00Z","date_published":"2017-02-16T00:00:00Z","owner_name":null,"tidal_id":"53131d40-2c52-51d4-8518-00b1cba8c0f2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.262406Z"},{"id":"909add44-efd5-4aa6-869b-f32a2a15eb5f","name":"Merlin C2 Agent Menu","description":"Merlin. (n.d.). Merlin C2 Agent Menu. Retrieved March 24, 2025.","url":"https://merlin-c2.readthedocs.io/en/latest/cli/menu/agents.html","source":"Tidal Cyber","title":"Merlin C2 Agent Menu","authors":"Merlin","date_accessed":"2025-03-24T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"4b2d6a02-b99b-5e1c-b3b4-f54e38440826","created":"2025-03-25T13:16:00.463113Z","modified":"2025-03-25T13:16:00.607152Z"},{"id":"f56380e8-3cfa-407c-a493-7f9e50ba3867","name":"FireEye MESSAGETAP October 2019","description":"Leong, R., Perez, D., Dean, T. (2019, October 31). MESSAGETAP: Who’s Reading Your Text Messages?. Retrieved May 11, 2020.","url":"https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html","source":"MITRE","title":"MESSAGETAP: Who’s Reading Your Text Messages?","authors":"Leong, R., Perez, D., Dean, T","date_accessed":"2020-05-11T00:00:00Z","date_published":"2019-10-31T00:00:00Z","owner_name":null,"tidal_id":"0a9ba460-f6ec-5878-bb6f-0546895b565c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420679Z"},{"id":"aa021076-e9c5-5428-a938-c10cfb6b7c97","name":"SentinelLabs Metador Technical Appendix Sept 2022","description":"SentinelLabs. (2022, September 22). Metador Technical Appendix. Retrieved April 4, 2023.","url":"https://docs.google.com/document/d/1e9ZTW9b71YwFWS_18ZwDAxa-cYbV8q1wUefmKZLYVsA/edit#heading=h.lmnbtht1ikzm","source":"MITRE","title":"Metador Technical Appendix","authors":"SentinelLabs","date_accessed":"2023-04-04T00:00:00Z","date_published":"2022-09-22T00:00:00Z","owner_name":null,"tidal_id":"c4ed72c9-5d6f-5db1-933d-a521ad45e26b","created":"2023-05-26T01:21:17.571454Z","modified":"2025-12-17T15:08:36.421934Z"},{"id":"fd220165-43c8-4aaf-9295-0a2b7a52929c","name":"FireEye Metamorfo Apr 2018","description":"Sierra, E., Iglesias, G.. (2018, April 24). Metamorfo Campaigns Targeting Brazilian Users. Retrieved July 30, 2020.","url":"https://www.fireeye.com/blog/threat-research/2018/04/metamorfo-campaign-targeting-brazilian-users.html","source":"MITRE","title":"Metamorfo Campaigns Targeting Brazilian Users","authors":"Sierra, E., Iglesias, G.","date_accessed":"2020-07-30T00:00:00Z","date_published":"2018-04-24T00:00:00Z","owner_name":null,"tidal_id":"823f44d6-d363-5ab7-926d-6dc45a774785","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440055Z"},{"id":"ab6ea6b3-3c71-4e69-9713-dae3e4446083","name":"Metasploit_Ref","description":"Metasploit. (n.d.). Retrieved December 4, 2014.","url":"http://www.metasploit.com","source":"MITRE","title":"Metasploit_Ref","authors":"","date_accessed":"2014-12-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"31e0a097-4608-54a6-8ee9-9fb8dfab848c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431774Z"},{"id":"e4ae69e5-67ba-4a3e-8101-5e7f073bd312","name":"Metasploit SSH Module","description":"undefined. (n.d.). Retrieved April 12, 2019.","url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/ssh","source":"MITRE","title":"Metasploit SSH Module","authors":"","date_accessed":"2019-04-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"fa32eb98-2ba9-56df-b14b-c6d579ebdd1c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430248Z"},{"id":"113dafad-8ede-424b-b727-66f71ea7806a","name":"Github Rapid7 Meterpreter Elevate","description":"Rapid7. (2013, November 26). meterpreter/source/extensions/priv/server/elevate/. Retrieved July 8, 2018.","url":"https://github.com/rapid7/meterpreter/tree/master/source/extensions/priv/server/elevate","source":"MITRE","title":"meterpreter/source/extensions/priv/server/elevate/","authors":"Rapid7","date_accessed":"2018-07-08T00:00:00Z","date_published":"2013-11-26T00:00:00Z","owner_name":null,"tidal_id":"ec8be287-d328-5605-b133-5c325026da26","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440812Z"},{"id":"44154472-2894-4161-b23f-46d1b1fd6772","name":"Methods of Mac Malware Persistence","description":"Patrick Wardle. (2014, September). Methods of Malware Persistence on Mac OS X. Retrieved July 5, 2017.","url":"https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-Wardle.pdf","source":"MITRE","title":"Methods of Malware Persistence on Mac OS X","authors":"Patrick Wardle","date_accessed":"2017-07-05T00:00:00Z","date_published":"2014-09-01T00:00:00Z","owner_name":null,"tidal_id":"0c95bc0f-a561-5bef-9baa-fb36210433ad","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425602Z"},{"id":"1b7b0f00-71ba-4762-ae81-bce24591cff4","name":"MFA Fatigue Attacks - PortSwigger","description":"Jessica Haworth. (2022, February 16). MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications. Retrieved March 31, 2022.","url":"https://portswigger.net/daily-swig/mfa-fatigue-attacks-users-tricked-into-allowing-device-access-due-to-overload-of-push-notifications","source":"MITRE","title":"MFA fatigue attacks: Users tricked into allowing device access due to overload of push notifications","authors":"Jessica Haworth","date_accessed":"2022-03-31T00:00:00Z","date_published":"2022-02-16T00:00:00Z","owner_name":null,"tidal_id":"45d7addb-771d-534f-897b-12c38c5c9ba1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432776Z"},{"id":"b6d42cc9-1bf0-4389-8654-90b8d4e7ff49","name":"Mftrace.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Mftrace.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Mftrace/","source":"Tidal Cyber","title":"Mftrace.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ebda3977-12d5-587c-ad08-fb3b0fa1dfee","created":"2024-01-12T14:47:24.591213Z","modified":"2024-01-12T14:47:24.792404Z"},{"id":"8771ed60-eecb-4e0c-b22c-0c26d30d4dec","name":"Radware Micropsia July 2018","description":"Tsarfaty, Y. (2018, July 25). Micropsia Malware. Retrieved November 13, 2018.","url":"https://www.radware.com/blog/security/2018/07/micropsia-malware/","source":"MITRE","title":"Micropsia Malware","authors":"Tsarfaty, Y","date_accessed":"2018-11-13T00:00:00Z","date_published":"2018-07-25T00:00:00Z","owner_name":null,"tidal_id":"bf0fe7e1-60ad-5eb2-98f7-634a8ce4bb99","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420176Z"},{"id":"848da3e2-3228-5ee6-8fff-ff3328e6a387","name":"Optiv Device Code Phishing 2021","description":"Optiv. (2021, August 17). Microsoft 365 OAuth Device Code Flow and Phishing. Retrieved March 19, 2024.","url":"https://www.optiv.com/insights/source-zero/blog/microsoft-365-oauth-device-code-flow-and-phishing","source":"MITRE","title":"Microsoft 365 OAuth Device Code Flow and Phishing","authors":"Optiv","date_accessed":"2024-03-19T00:00:00Z","date_published":"2021-08-17T00:00:00Z","owner_name":null,"tidal_id":"d7b22f55-31b3-5a57-bbfa-5c8ca7e2bee0","created":"2024-04-25T13:28:31.876018Z","modified":"2025-12-17T15:08:36.426771Z"},{"id":"91b48ddd-9e3f-4d36-a262-3b52145b3db2","name":"Microsoft Midnight Blizzard January 19 2024","description":"MSRC. (2024, January 19). Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard. Retrieved January 24, 2024.","url":"https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/","source":"Tidal Cyber","title":"Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard","authors":"MSRC","date_accessed":"2024-01-24T00:00:00Z","date_published":"2024-01-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c6faeb4d-7979-5b42-9132-e6241a5b71bf","created":"2024-01-26T18:00:30.865706Z","modified":"2024-01-26T18:00:31.592003Z"},{"id":"99831838-fc8f-43fa-9c87-6ccdf5677c34","name":"Microsoft ZINC disruption Dec 2017","description":"Smith, B. (2017, December 19). Microsoft and Facebook disrupt ZINC malware attack to protect customers and the internet from ongoing cyberthreats. Retrieved December 20, 2017.","url":"https://blogs.microsoft.com/on-the-issues/2017/12/19/microsoft-facebook-disrupt-zinc-malware-attack-protect-customers-internet-ongoing-cyberthreats/","source":"MITRE","title":"Microsoft and Facebook disrupt ZINC malware attack to protect customers and the internet from ongoing cyberthreats","authors":"Smith, B","date_accessed":"2017-12-20T00:00:00Z","date_published":"2017-12-19T00:00:00Z","owner_name":null,"tidal_id":"463cb5ba-32ba-5350-b9c8-a28fe4360b60","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437607Z"},{"id":"5884c593-d154-5601-9007-66fd31b6d5ae","name":"Microsoft August 2018","description":"Microsoft 2018, August Implementing Least-Privilege Administrative Models. Retrieved 2020/09/25","url":"https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/implementing-least-privilege-administrative-models","source":"ICS","title":"Microsoft August 2018","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4b9f50a4-1a77-5c37-8a56-e819ef1828fd","created":"2026-01-28T13:08:18.179105Z","modified":"2026-01-28T13:08:18.179108Z"},{"id":"2ee27b55-b7a7-40a8-8c0b-5e28943cd273","name":"The Hacker News Microsoft DDoS June 19 2023","description":"Ravie Lakshmanan. (2023, June 19). Microsoft Blames Massive DDoS Attack for Azure, Outlook, and OneDrive Disruptions. Retrieved October 10, 2023.","url":"https://thehackernews.com/2023/06/microsoft-blames-massive-ddos-attack.html","source":"Tidal Cyber","title":"Microsoft Blames Massive DDoS Attack for Azure, Outlook, and OneDrive Disruptions","authors":"Ravie Lakshmanan","date_accessed":"2023-10-10T00:00:00Z","date_published":"2023-06-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"05398696-abe3-5db1-b2cd-213f3d8f5b1d","created":"2023-10-10T20:48:42.479352Z","modified":"2023-10-10T20:48:42.606935Z"},{"id":"b4c9a3a7-c7d0-4a1d-98cd-6018c072d537","name":"Posts By SpecterOps Team Members 2 5 2024","description":"Andy Robbins. (2024, February 2). Microsoft Breach - What Happened What Should Azure Admins Do. Retrieved February 5, 2024.","url":"https://posts.specterops.io/microsoft-breach-what-happened-what-should-azure-admins-do-da2b7e674ebc","source":"Tidal Cyber","title":"Microsoft Breach - What Happened What Should Azure Admins Do","authors":"Andy Robbins","date_accessed":"2024-02-05T00:00:00Z","date_published":"2024-02-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7e364889-6abf-577b-8f07-89cb955f1c28","created":"2024-06-13T20:10:47.849365Z","modified":"2024-06-13T20:10:48.045078Z"},{"id":"393e44fe-cf52-4c39-a79f-f7cdd9d8e16a","name":"Microsoft OAuth 2.0 Consent Phishing 2021","description":"Microsoft 365 Defender Threat Intelligence Team. (2021, June 14). Microsoft delivers comprehensive solution to battle rise in consent phishing emails. Retrieved December 13, 2021.","url":"https://www.microsoft.com/security/blog/2021/07/14/microsoft-delivers-comprehensive-solution-to-battle-rise-in-consent-phishing-emails/","source":"MITRE","title":"Microsoft delivers comprehensive solution to battle rise in consent phishing emails","authors":"Microsoft 365 Defender Threat Intelligence Team","date_accessed":"2021-12-13T00:00:00Z","date_published":"2021-06-14T00:00:00Z","owner_name":null,"tidal_id":"bea7c405-ddc6-5707-a6a3-b221043cffa6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426751Z"},{"id":"6a88fdef-e482-55ff-a9cb-adc970cd92f3","name":"Microsoft Digital Defense 2021","description":"Microsoft. (2021, October). Microsoft Digital Defense Report. Retrieved November 20, 2024.","url":"https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi?id=101738","source":"MITRE","title":"Microsoft Digital Defense Report","authors":"Microsoft","date_accessed":"2024-11-20T00:00:00Z","date_published":"2021-10-01T00:00:00Z","owner_name":null,"tidal_id":"f5047caf-4f9f-5245-9fd8-92798a7ea8b4","created":"2025-04-22T20:47:24.074875Z","modified":"2025-12-17T15:08:36.439162Z"},{"id":"cdf74af5-ed71-4dfd-bc49-0ccfa40b65ea","name":"Microsoft Digital Defense FY20 Sept 2020","description":"Microsoft . (2020, September 29). Microsoft Digital Defense Report FY20. Retrieved April 21, 2021.","url":"https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWxPuf","source":"MITRE, Tidal Cyber","title":"Microsoft Digital Defense Report FY20","authors":"Microsoft","date_accessed":"2021-04-21T00:00:00Z","date_published":"2020-09-29T00:00:00Z","owner_name":null,"tidal_id":"e2f3479a-ec39-505d-a884-f17bf476ac68","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.278550Z"},{"id":"d6f93310-77b6-491e-ba9d-ec1faf8de7e4","name":"BleepingComputer DDE Disabled in Word Dec 2017","description":"Cimpanu, C. (2017, December 15). Microsoft Disables DDE Feature in Word to Prevent Further Malware Attacks. Retrieved December 19, 2017.","url":"https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-dde-feature-in-word-to-prevent-further-malware-attacks/","source":"MITRE","title":"Microsoft Disables DDE Feature in Word to Prevent Further Malware Attacks","authors":"Cimpanu, C","date_accessed":"2017-12-19T00:00:00Z","date_published":"2017-12-15T00:00:00Z","owner_name":null,"tidal_id":"97edd715-2d97-5189-8bdf-a6e74ec1dc43","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415906Z"},{"id":"8a389e76-d43a-477c-aab4-301c7c55b439","name":"Microsoft DuplicateTokenEx","description":"Microsoft TechNet. (n.d.). Retrieved April 25, 2017.","url":"https://msdn.microsoft.com/en-us/library/windows/desktop/aa446617(v=vs.85).aspx","source":"MITRE","title":"Microsoft DuplicateTokenEx","authors":"","date_accessed":"2017-04-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"92441508-9f08-58a4-86fe-e9d3e57729ac","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435433Z"},{"id":"438acf7a-34c5-4981-9f88-4f36c4f4fe5c","name":"Microsoft Emerald Sleet LinkedIn February 12 2025","description":"Microsoft Threat Intelligence. (2025, February 12). Microsoft Emerald Sleet LinkedIn February 12 2025. Retrieved February 14, 2025.","url":"https://www.linkedin.com/posts/microsoft-threat-intelligence_microsoft-threat-intelligence-has-observed-activity-7295173507116675075-zdla/","source":"Tidal Cyber","title":"Microsoft Emerald Sleet LinkedIn February 12 2025","authors":"Microsoft Threat Intelligence","date_accessed":"2025-02-14T00:00:00Z","date_published":"2025-02-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e2b4f88b-1504-56a9-afe5-4645bd462325","created":"2025-02-18T15:18:04.383862Z","modified":"2025-02-18T15:18:04.554291Z"},{"id":"1e661c51-a53b-5e40-834d-7f3910c3192b","name":"Microsoft February 2019","description":"Microsoft 2019, February Active Directory administrative tier model. Retrieved 2020/09/25","url":"https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#a-nameesaebmaesae-administrative-forest-design-approach","source":"ICS","title":"Microsoft February 2019","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ac46337c-7c57-594c-b68d-34697e2b810d","created":"2026-01-28T13:08:18.179130Z","modified":"2026-01-28T13:08:18.179133Z"},{"id":"39b1cb2f-a07b-49f2-bf2c-15f0c9b95772","name":"Red Canary HTA Abuse Part Deux","description":"McCammon, K. (2015, August 14). Microsoft HTML Application (HTA) Abuse, Part Deux. Retrieved October 27, 2017.","url":"https://www.redcanary.com/blog/microsoft-html-application-hta-abuse-part-deux/","source":"MITRE","title":"Microsoft HTML Application (HTA) Abuse, Part Deux","authors":"McCammon, K","date_accessed":"2017-10-27T00:00:00Z","date_published":"2015-08-14T00:00:00Z","owner_name":null,"tidal_id":"2d9cc892-f860-502e-99c5-c7a37d67dc56","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431987Z"},{"id":"f9daf15d-61ea-4cfa-a4e8-9d33d1acd28f","name":"Microsoft HTML Help May 2018","description":"Microsoft. (2018, May 30). Microsoft HTML Help 1.4. Retrieved October 3, 2018.","url":"https://docs.microsoft.com/previous-versions/windows/desktop/htmlhelp/microsoft-html-help-1-4-sdk","source":"MITRE","title":"Microsoft HTML Help 1.4","authors":"Microsoft","date_accessed":"2018-10-03T00:00:00Z","date_published":"2018-05-30T00:00:00Z","owner_name":null,"tidal_id":"48c31a59-eabc-50c0-9ad4-67dd791d03e1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433286Z"},{"id":"a39d976e-9b52-48f3-b5db-0ffd84ecd338","name":"Microsoft Identity Platform Access 2019","description":"Cai, S., Flores, J., de Guzman, C., et. al.. (2019, August 27). Microsoft identity platform access tokens. Retrieved October 4, 2019.","url":"https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens","source":"MITRE","title":"Microsoft identity platform access tokens","authors":"Cai, S., Flores, J., de Guzman, C., et. al.","date_accessed":"2019-10-04T00:00:00Z","date_published":"2019-08-27T00:00:00Z","owner_name":null,"tidal_id":"be3b1f1d-cb22-5576-bbba-226df7b85a13","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426539Z"},{"id":"44767d53-8cd7-44dd-a69d-8a7bebc1d87d","name":"Microsoft - Azure AD Identity Tokens - Aug 2019","description":"Microsoft. (2019, August 29). Microsoft identity platform access tokens. Retrieved September 12, 2019.","url":"https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens","source":"MITRE","title":"Microsoft identity platform access tokens","authors":"Microsoft","date_accessed":"2019-09-12T00:00:00Z","date_published":"2019-08-29T00:00:00Z","owner_name":null,"tidal_id":"445aed8e-9626-55f1-a283-cbe6a6815c4a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432329Z"},{"id":"a41c2123-8b8d-4f98-a535-e58e3e746b69","name":"Microsoft - OAuth Code Authorization flow - June 2019","description":"Microsoft. (n.d.). Microsoft identity platform and OAuth 2.0 authorization code flow. Retrieved September 12, 2019.","url":"https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow","source":"MITRE","title":"Microsoft identity platform and OAuth 2.0 authorization code flow","authors":"Microsoft","date_accessed":"2019-09-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"07a87ddd-2800-59e1-ad8d-292af49d6055","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432342Z"},{"id":"a99d2292-be39-4e55-a952-30c9d6a3d0a3","name":"Microsoft Identity Platform Protocols May 2019","description":"Microsoft. (n.d.). Retrieved September 12, 2019.","url":"https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols","source":"MITRE","title":"Microsoft Identity Platform Protocols May 2019","authors":"","date_accessed":"2019-09-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d7f11de1-36d2-5411-9d26-8377184ea8f6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432348Z"},{"id":"01f5176a-cce6-46e2-acce-a77b6bea7172","name":"Microsoft ImpersonateLoggedOnUser","description":"Microsoft TechNet. (n.d.). Retrieved April 25, 2017.","url":"https://msdn.microsoft.com/en-us/library/windows/desktop/aa378612(v=vs.85).aspx","source":"MITRE","title":"Microsoft ImpersonateLoggedOnUser","authors":"","date_accessed":"2017-04-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"339a4e2e-e5cf-5735-b89d-3888833f683e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435438Z"},{"id":"66cade99-0040-464c-98a6-bba57719f0a4","name":"Microsoft Internal Solorigate Investigation Blog","description":"MSRC Team. (2021, February 18). Microsoft Internal Solorigate Investigation – Final Update. Retrieved May 14, 2021.","url":"https://msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/","source":"MITRE","title":"Microsoft Internal Solorigate Investigation – Final Update","authors":"MSRC Team","date_accessed":"2021-05-14T00:00:00Z","date_published":"2021-02-18T00:00:00Z","owner_name":null,"tidal_id":"2ae0dd6f-c99a-5ab6-8d15-01433238cc1d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437555Z"},{"id":"d00399e9-a6c6-5691-92cd-0185b03b689e","name":"Microsoft Albanian Government Attacks September 2022","description":"MSTIC. (2022, September 8). Microsoft investigates Iranian attacks against the Albanian government. Retrieved August 6, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2022/09/08/microsoft-investigates-iranian-attacks-against-the-albanian-government/","source":"MITRE","title":"Microsoft investigates Iranian attacks against the Albanian government","authors":"MSTIC","date_accessed":"2024-08-06T00:00:00Z","date_published":"2022-09-08T00:00:00Z","owner_name":null,"tidal_id":"409effca-e79a-5698-acfc-20f5ebe180a5","created":"2024-10-31T16:28:27.906873Z","modified":"2025-12-17T15:08:36.420324Z"},{"id":"08088ec0-5b48-4c32-b213-5e029e5f83ee","name":"Microsoft LogonUser","description":"Microsoft TechNet. (n.d.). Retrieved April 25, 2017.","url":"https://msdn.microsoft.com/en-us/library/windows/desktop/aa378184(v=vs.85).aspx","source":"MITRE","title":"Microsoft LogonUser","authors":"","date_accessed":"2017-04-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a06900a6-f393-5782-8382-538dbfb32548","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435427Z"},{"id":"7bcf1c90-6299-448b-92c3-a6702882936a","name":"mmc_vulns","description":"Boxiner, A., Vaknin, E. (2019, June 11). Microsoft Management Console (MMC) Vulnerabilities. Retrieved September 24, 2021.","url":"https://research.checkpoint.com/2019/microsoft-management-console-mmc-vulnerabilities/","source":"MITRE","title":"Microsoft Management Console (MMC) Vulnerabilities","authors":"Boxiner, A., Vaknin, E","date_accessed":"2021-09-24T00:00:00Z","date_published":"2019-06-11T00:00:00Z","owner_name":null,"tidal_id":"fc8d809c-9a00-59f4-b40f-302d9f6564de","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436899Z"},{"id":"3dcae0c5-40c9-5084-8072-5acbbab7c947","name":"Microsoft May 2017","description":"Microsoft 2017, May Attractive Accounts for Credential Theft. Retrieved 2020/09/25","url":"https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/attractive-accounts-for-credential-theft","source":"ICS","title":"Microsoft May 2017","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d941a492-eea2-5088-9019-acc1f5199f42","created":"2026-01-28T13:08:18.179081Z","modified":"2026-01-28T13:08:18.179085Z"},{"id":"25c46948-a648-4c3c-b442-e700df68fa20","name":"Microsoft.NodejsTools.PressAnyKey.exe - LOLBAS Project","description":"LOLBAS. (2022, January 20). Microsoft.NodejsTools.PressAnyKey.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Microsoft.NodejsTools.PressAnyKey/","source":"Tidal Cyber","title":"Microsoft.NodejsTools.PressAnyKey.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-01-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"cf1670e6-b8ac-50e9-b519-9b4f29d21235","created":"2024-01-12T14:47:25.047909Z","modified":"2024-01-12T14:47:25.254753Z"},{"id":"501057e2-9a31-46fe-aaa0-427218682153","name":"FireEye FELIXROOT July 2018","description":"Patil, S. (2018, June 26). Microsoft Office Vulnerabilities Used to Distribute FELIXROOT Backdoor in Recent Campaign. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20200607025424/https://www.fireeye.com/blog/threat-research/2018/07/microsoft-office-vulnerabilities-used-to-distribute-felixroot-backdoor.html","source":"MITRE","title":"Microsoft Office Vulnerabilities Used to Distribute FELIXROOT Backdoor in Recent Campaign","authors":"Patil, S","date_accessed":"2024-11-17T00:00:00Z","date_published":"2018-06-26T00:00:00Z","owner_name":null,"tidal_id":"0b1972f7-3695-57f6-90b7-3c021900b596","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421679Z"},{"id":"ce11568a-36a8-4da2-972f-9cd67cc337d8","name":"Irongeek Sims BSides 2017","description":"Stephen Sims. (2017, April 30). Microsoft Patch Analysis for Exploitation. Retrieved October 16, 2020.","url":"https://www.irongeek.com/i.php?page=videos/bsidescharm2017/bsidescharm-2017-t111-microsoft-patch-analysis-for-exploitation-stephen-sims","source":"MITRE","title":"Microsoft Patch Analysis for Exploitation","authors":"Stephen Sims","date_accessed":"2020-10-16T00:00:00Z","date_published":"2017-04-30T00:00:00Z","owner_name":null,"tidal_id":"45f46657-728c-580a-ad91-a9b6c6501277","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434030Z"},{"id":"8fbc12b4-dec6-4913-9103-b28b5c3395ee","name":"Microsoft_rec_block_rules","description":"Microsoft. (2021, August 23). Retrieved August 16, 2021.","url":"https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules","source":"MITRE","title":"Microsoft_rec_block_rules","authors":"","date_accessed":"2021-08-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"68de1f57-73e8-5e6c-8b76-586e37f5b3fb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441705Z"},{"id":"86955cd2-5980-44ba-aa7b-4b9f8e347730","name":"Microsoft WDAC","description":"Coulter, D. et al.. (2019, April 9). Microsoft recommended block rules. Retrieved August 12, 2021.","url":"https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules","source":"MITRE","title":"Microsoft recommended block rules","authors":"Coulter, D. et al.","date_accessed":"2021-08-12T00:00:00Z","date_published":"2019-04-09T00:00:00Z","owner_name":null,"tidal_id":"1f13af37-c403-58e2-a28a-73e78b3a57bd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440728Z"},{"id":"2ad8414a-4490-4896-8266-556b8bdbb77f","name":"Microsoft Driver Block Rules","description":"Microsoft. (2020, October 15). Microsoft recommended driver block rules. Retrieved March 16, 2021.","url":"https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules","source":"MITRE","title":"Microsoft recommended driver block rules","authors":"Microsoft","date_accessed":"2021-03-16T00:00:00Z","date_published":"2020-10-15T00:00:00Z","owner_name":null,"tidal_id":"a61232e2-763f-52b8-8987-9abe8744fc9b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433589Z"},{"id":"9bb5c330-56bd-47e7-8414-729d8e6cb3b3","name":"Microsoft driver block rules","description":"Jordan Geurten et al. . (2022, March 29). Microsoft recommended driver block rules. Retrieved April 7, 2022.","url":"https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules","source":"MITRE","title":"Microsoft recommended driver block rules","authors":"Jordan Geurten et al.","date_accessed":"2022-04-07T00:00:00Z","date_published":"2022-03-29T00:00:00Z","owner_name":null,"tidal_id":"bd3224ab-fd31-5983-ad32-641e8e5b0f22","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440184Z"},{"id":"6d75029f-f63c-4ca6-b5f9-cb41b698b32a","name":"Microsoft Register-WmiEvent","description":"Microsoft. (n.d.). Retrieved January 24, 2020.","url":"https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/register-wmievent?view=powershell-5.1","source":"MITRE","title":"Microsoft Register-WmiEvent","authors":"","date_accessed":"2020-01-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c8a52bad-480a-5b33-a92f-d25a10ab0d83","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432598Z"},{"id":"32a94452-510e-4e22-bcf4-8cbe93031d3a","name":"U.S. CISA CVE-2025-53770 Advisory","description":"U.S. Cybersecurity and Infrastructure Security Agency. (2025, July 20). Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770). Retrieved July 21, 2025.","url":"https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770","source":"Tidal Cyber","title":"Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770)","authors":"U.S. Cybersecurity and Infrastructure Security Agency","date_accessed":"2025-07-21T12:00:00Z","date_published":"2025-07-20T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"136afc0f-88b2-5aad-89bb-3357e467284a","created":"2025-07-21T18:42:50.248487Z","modified":"2025-07-21T18:42:50.421606Z"},{"id":"d64e941e-785b-4b23-a7d0-04f12024b033","name":"Microsoft DDoS Attacks Response June 2023","description":"MSRC Team. (2023, June 16). Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks. Retrieved October 10, 2023.","url":"https://msrc.microsoft.com/blog/2023/06/microsoft-response-to-layer-7-distributed-denial-of-service-ddos-attacks/","source":"Tidal Cyber","title":"Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) Attacks","authors":"MSRC Team","date_accessed":"2023-10-10T00:00:00Z","date_published":"2023-06-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f2388781-fc45-579c-8b91-df3cbbe24060","created":"2023-10-10T20:48:40.910524Z","modified":"2023-10-10T20:48:41.091742Z"},{"id":"6667a2d4-d768-4baa-a582-27b713bf65e5","name":"The Record SharePoint Attacks July 24 2025","description":"Jonathan Greig. (2025, July 24). Microsoft says Warlock ransomware deployed in SharePoint attacks as governments scramble. Retrieved July 25, 2025.","url":"https://therecord.media/microsoft-says-warlock-ransomware-deployed-in-sharepoint-attacks","source":"Tidal Cyber","title":"Microsoft says Warlock ransomware deployed in SharePoint attacks as governments scramble","authors":"Jonathan Greig","date_accessed":"2025-07-25T12:00:00Z","date_published":"2025-07-24T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d131bc1b-6aa4-537e-b250-f1d56ab0e09c","created":"2025-08-04T14:20:51.555731Z","modified":"2025-08-04T14:20:52.039951Z"},{"id":"fa3d303e-bb1a-426d-9387-e92fc1ea75bc","name":"Microsoft Security Advisory 2269637","description":"Microsoft. (, May 23). Microsoft Security Advisory 2269637. Retrieved March 13, 2020.","url":"https://docs.microsoft.com/en-us/security-updates/securityadvisories/2010/2269637","source":"MITRE","title":"Microsoft Security Advisory 2269637","authors":"Microsoft","date_accessed":"2020-03-13T00:00:00Z","date_published":"1978-05-23T00:00:00Z","owner_name":null,"tidal_id":"e44490f1-6f0e-5084-83ef-ef620b93ccb5","created":"2022-12-14T20:06:32.013016Z","modified":"2024-10-31T16:28:18.569439Z"},{"id":"1de7d5bf-02fd-53a8-9f3e-6804d76f8e89","name":"microsoft remote preloading","description":"Microsoft. (2014, May 13). Microsoft Security Advisory 2269637: Insecure Library Loading Could Allow Remote Code Execution. Retrieved January 30, 2025.","url":"https://learn.microsoft.com/en-us/security-updates/securityadvisories/2010/2269637","source":"MITRE","title":"Microsoft Security Advisory 2269637: Insecure Library Loading Could Allow Remote Code Execution","authors":"Microsoft","date_accessed":"2025-01-30T00:00:00Z","date_published":"2014-05-13T00:00:00Z","owner_name":null,"tidal_id":"ca08f7c3-fa4b-50c3-af49-76b7d513dab4","created":"2025-04-22T20:47:11.741871Z","modified":"2025-12-17T15:08:36.427061Z"},{"id":"ebb94db8-b1a3-4d61-97e6-9b787a742669","name":"Microsoft 2269637","description":"Microsoft. (2010, August 22). Microsoft Security Advisory 2269637 Released. Retrieved December 5, 2014.","url":"https://msrc-blog.microsoft.com/2010/08/21/microsoft-security-advisory-2269637-released/","source":"MITRE","title":"Microsoft Security Advisory 2269637 Released","authors":"Microsoft","date_accessed":"2014-12-05T00:00:00Z","date_published":"2010-08-22T00:00:00Z","owner_name":null,"tidal_id":"eb4c5f26-cc86-5ed3-8e23-c9495402525c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428820Z"},{"id":"955b0074-a1d6-40b5-9437-bd2548daf54c","name":"Microsoft DDE Advisory Nov 2017","description":"Microsoft. (2017, November 8). Microsoft Security Advisory 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields. Retrieved November 21, 2017.","url":"https://technet.microsoft.com/library/security/4053440","source":"MITRE","title":"Microsoft Security Advisory 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields","authors":"Microsoft","date_accessed":"2017-11-21T00:00:00Z","date_published":"2017-11-08T00:00:00Z","owner_name":null,"tidal_id":"8250776e-1861-54da-a6f2-83fa307dc36b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415899Z"},{"id":"2a9149d7-ba39-47f2-8f23-7f3b175931f0","name":"Microsoft WDigest Mit","description":"Microsoft. (2014, May 13). Microsoft Security Advisory: Update to improve credentials protection and management. Retrieved June 8, 2020.","url":"https://support.microsoft.com/en-us/help/2871997/microsoft-security-advisory-update-to-improve-credentials-protection-a","source":"MITRE","title":"Microsoft Security Advisory: Update to improve credentials protection and management","authors":"Microsoft","date_accessed":"2020-06-08T00:00:00Z","date_published":"2014-05-13T00:00:00Z","owner_name":null,"tidal_id":"302f2a16-70a5-504f-82d2-84e88607a66a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441679Z"},{"id":"8088a624-d8c8-4d8e-99c2-a9da4a2f0117","name":"MS17-010 March 2017","description":"Microsoft. (2017, March 14). Microsoft Security Bulletin MS17-010 - Critical. Retrieved August 17, 2017.","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010","source":"MITRE","title":"Microsoft Security Bulletin MS17-010 - Critical","authors":"Microsoft","date_accessed":"2017-08-17T00:00:00Z","date_published":"2017-03-14T00:00:00Z","owner_name":null,"tidal_id":"7b2db988-88a1-5402-b907-7ad92ea9a81c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442502Z"},{"id":"ee352214-421f-4778-ac28-949142a8ef2a","name":"MSTIC GADOLINIUM September 2020","description":"Ben Koehl, Joe Hannon. (2020, September 24). Microsoft Security - Detecting Empires in the Cloud. Retrieved August 24, 2021.","url":"https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/","source":"MITRE","title":"Microsoft Security - Detecting Empires in the Cloud","authors":"Ben Koehl, Joe Hannon","date_accessed":"2021-08-24T00:00:00Z","date_published":"2020-09-24T00:00:00Z","owner_name":null,"tidal_id":"b69dd872-2426-530c-a202-e3be95d1e499","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438439Z"},{"id":"050e0a70-19e6-4637-a3f7-b7cd788cca43","name":"Microsoft SIR Vol 19","description":"Anthe, C. et al. (2015, October 19). Microsoft Security Intelligence Report Volume 19. Retrieved December 23, 2015.","url":"http://download.microsoft.com/download/4/4/C/44CDEF0E-7924-4787-A56A-16261691ACE3/Microsoft_Security_Intelligence_Report_Volume_19_English.pdf","source":"MITRE","title":"Microsoft Security Intelligence Report Volume 19","authors":"Anthe, C. et al","date_accessed":"2015-12-23T00:00:00Z","date_published":"2015-10-19T00:00:00Z","owner_name":null,"tidal_id":"74539d74-3ecc-5e05-9fad-c60d6417009e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440648Z"},{"id":"619b9cf8-7201-45de-9c36-834ccee356a9","name":"Microsoft SIR Vol 21","description":"Anthe, C. et al. (2016, December 14). Microsoft Security Intelligence Report Volume 21. Retrieved November 27, 2017.","url":"http://download.microsoft.com/download/E/B/0/EB0F50CC-989C-4B66-B7F6-68CD3DC90DE3/Microsoft_Security_Intelligence_Report_Volume_21_English.pdf","source":"MITRE","title":"Microsoft Security Intelligence Report Volume 21","authors":"Anthe, C. et al","date_accessed":"2017-11-27T00:00:00Z","date_published":"2016-12-14T00:00:00Z","owner_name":null,"tidal_id":"7240b4d0-dafb-5b37-8b9d-d24640ceec96","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419346Z"},{"id":"a677ea55-2966-5fad-8d3b-ca08b75f1179","name":"Microsoft Security Response Center August 2017","description":"Microsoft Security Response Center 2017, August Moving Beyond EMET II Windows Defender Exploit Guard. Retrieved 2020/09/25","url":"https://msrc-blog.microsoft.com/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard/","source":"ICS","title":"Microsoft Security Response Center August 2017","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b757a76f-a1ff-5d35-b53c-5016230fd5bc","created":"2026-01-28T13:08:18.179425Z","modified":"2026-01-28T13:08:18.179428Z"},{"id":"0e7ea8d0-bdb8-48a6-9718-703f64d16460","name":"Microsoft Threat Intelligence LinkedIn July 15 2024","description":"Microsoft Threat Intelligence. (2024, July 15). Microsoft Threat Intelligence LinkedIn Q2 2024. Retrieved July 26, 2024.","url":"https://www.linkedin.com/posts/microsoft-threat-intelligence_in-the-second-quarter-of-2024-financially-activity-7218696257739923456-KKy_/","source":"Tidal Cyber","title":"Microsoft Threat Intelligence LinkedIn Q2 2024","authors":"Microsoft Threat Intelligence","date_accessed":"2024-07-26T00:00:00Z","date_published":"2024-07-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4b18839b-8229-5c8f-84bd-ac909876dfdf","created":"2024-08-02T14:58:08.805342Z","modified":"2024-08-02T14:58:09.211383Z"},{"id":"24c11dff-21df-4ce9-b3df-2e0a886339ff","name":"MSTIC Vanilla Tempest September 18 2024","description":"Microsoft Threat Intelligence. (2024, September 18). Microsoft Threat Intelligence LinkedIn Vanilla Tempest. Retrieved September 19, 2024.","url":"https://www.linkedin.com/feed/update/urn:li:activity:7242222140853264385/","source":"Tidal Cyber","title":"Microsoft Threat Intelligence LinkedIn Vanilla Tempest","authors":"Microsoft Threat Intelligence","date_accessed":"2024-09-19T00:00:00Z","date_published":"2024-09-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"be659b9c-79e6-5c40-9ee8-309da8b93130","created":"2024-09-20T15:08:28.176478Z","modified":"2024-09-20T15:08:28.388797Z"},{"id":"e370e95c-e679-41f1-a055-fbc80439f3a8","name":"Microsoft Threat Intelligence Moonstone Sleet Qilin March 6 2025","description":"Microsoft Threat Intelligence. (2025, March 6). Microsoft Threat Intelligence Moonstone Sleet Qilin. Retrieved September 14, 2025.","url":"https://x.com/MsftSecIntel/status/1897738961348374621","source":"Tidal Cyber","title":"Microsoft Threat Intelligence Moonstone Sleet Qilin","authors":"Microsoft Threat Intelligence","date_accessed":"2025-09-14T12:00:00Z","date_published":"2025-03-06T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c3813404-23c7-5600-9233-ed4e69215daf","created":"2025-09-15T19:13:24.880755Z","modified":"2025-09-15T19:13:25.048595Z"},{"id":"d521bdbb-82cf-592c-a638-d49821717e06","name":"MIcrosoft Moonstone Sleet Qilin MAR 2025","description":"Microsoft Threat Intelligence (@MsftSecIntel). (2025, March 6). Microsoft Threat Intelligence on X. Retrieved September 26, 2025.","url":"https://x.com/MsftSecIntel/status/1897738961348374621","source":"MITRE","title":"Microsoft Threat Intelligence on X","authors":"Microsoft Threat Intelligence (@MsftSecIntel)","date_accessed":"2025-09-26T00:00:00Z","date_published":"2025-03-06T00:00:00Z","owner_name":null,"tidal_id":"83d00ccc-268f-5d87-a374-8dbf4f32ebcd","created":"2025-10-29T21:08:48.167580Z","modified":"2025-12-17T15:08:36.440866Z"},{"id":"3b5a2349-e10c-422b-91e3-20e9033fdb60","name":"Microsoft Threat Intelligence Tweet April 26 2023","description":"MsftSecIntel. (2023, May 26). Microsoft Threat Intelligence Tweet April 26 2023. Retrieved June 16, 2023.","url":"https://twitter.com/MsftSecIntel/status/1651346653901725696","source":"Tidal Cyber","title":"Microsoft Threat Intelligence Tweet April 26 2023","authors":"MsftSecIntel","date_accessed":"2023-06-16T00:00:00Z","date_published":"2023-05-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"09e7ae6f-eba9-585c-a7bb-d5d8585c99d6","created":"2023-07-14T12:56:31.898673Z","modified":"2023-07-14T12:56:32.009091Z"},{"id":"8b0ebcb5-d531-4f49-aa2d-bceb5e491b3f","name":"Microsoft Threat Intelligence Tweet August 17 2023","description":"MsftSecIntel. (2023, August 17). Microsoft Threat Intelligence Tweet August 17 2023. Retrieved September 14, 2023.","url":"https://twitter.com/MsftSecIntel/status/1692212191536066800","source":"Tidal Cyber","title":"Microsoft Threat Intelligence Tweet August 17 2023","authors":"MsftSecIntel","date_accessed":"2023-09-14T00:00:00Z","date_published":"2023-08-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4b88705e-6b4e-5ae8-9cea-596baaa1e94f","created":"2023-09-14T20:17:58.843686Z","modified":"2023-09-14T20:17:58.953118Z"},{"id":"98fc7485-9424-412f-8162-a69d6c10c243","name":"Microsoft Threat Intelligence Tweet June 17 2020","description":"MsftSecIntel. (2020, June 17). Microsoft Threat Intelligence Tweet June 17 2020. Retrieved June 22, 2023.","url":"https://twitter.com/MsftSecIntel/status/1273359829390655488","source":"Tidal Cyber","title":"Microsoft Threat Intelligence Tweet June 17 2020","authors":"MsftSecIntel","date_accessed":"2023-06-22T00:00:00Z","date_published":"2020-06-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1c7b7103-24e0-57a8-a46b-f3895f572b11","created":"2024-06-13T20:10:34.155569Z","modified":"2024-06-13T20:10:34.343912Z"},{"id":"b41e9f89-cd88-4483-bb86-9d88c555a648","name":"Microsoft Threat Intelligence Tweet May 18 2023","description":"MsftSecIntel. (2023, May 18). Microsoft Threat Intelligence Tweet May 18 2023. Retrieved May 25, 2023.","url":"https://twitter.com/MsftSecIntel/status/1659347799442432002","source":"Tidal Cyber","title":"Microsoft Threat Intelligence Tweet May 18 2023","authors":"MsftSecIntel","date_accessed":"2023-05-25T00:00:00Z","date_published":"2023-05-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"44e1df2f-3ce6-5d4a-ac0b-c63458d0bdbd","created":"2024-03-07T21:00:44.377887Z","modified":"2024-03-07T21:00:44.560434Z"},{"id":"9b6e2f38-6e5a-4e4f-ad84-97155be2c641","name":"Wikipedia Windows Library Files","description":"Wikipedia. (2017, January 31). Microsoft Windows library files. Retrieved February 13, 2017.","url":"https://en.wikipedia.org/wiki/Microsoft_Windows_library_files","source":"MITRE","title":"Microsoft Windows library files","authors":"Wikipedia","date_accessed":"2017-02-13T00:00:00Z","date_published":"2017-01-31T00:00:00Z","owner_name":null,"tidal_id":"76b6a7fa-aa29-5eeb-95d7-1f37e8138772","created":"2022-12-14T20:06:32.013016Z","modified":"2023-05-26T01:21:00.905977Z"},{"id":"c4922659-88b2-4311-9c9b-dc9b383d746a","name":"Proofpoint Cobalt June 2017","description":"Mesa, M, et al. (2017, June 1). Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions. Retrieved October 10, 2018.","url":"https://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-integrates-cve-2017-0199-utilized-cobalt-group-target","source":"MITRE","title":"Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions","authors":"Mesa, M, et al","date_accessed":"2018-10-10T00:00:00Z","date_published":"2017-06-01T00:00:00Z","owner_name":null,"tidal_id":"16160813-37ba-54bc-9bc6-cc4efe45796f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438199Z"},{"id":"1e659b32-a06f-45dc-a1eb-03f1a42c55ef","name":"Microsoft.Workflow.Compiler.exe - LOLBAS Project","description":"LOLBAS. (2018, October 22). Microsoft.Workflow.Compiler.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Microsoft.Workflow.Compiler/","source":"Tidal Cyber","title":"Microsoft.Workflow.Compiler.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-10-22T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e471c79f-0968-51ed-bab1-768283611ad4","created":"2024-01-12T14:46:48.532369Z","modified":"2024-01-12T14:46:48.710049Z"},{"id":"05b3840d-162d-455f-a87b-229e83e5a031","name":"InfoSecurity Sandworm Oct 2014","description":"Muncaster, P.. (2014, October 14). Microsoft Zero Day Traced to Russian ‘Sandworm’ Hackers. Retrieved October 6, 2017.","url":"https://www.infosecurity-magazine.com/news/microsoft-zero-day-traced-russian/","source":"MITRE","title":"Microsoft Zero Day Traced to Russian ‘Sandworm’ Hackers","authors":"Muncaster, P.","date_accessed":"2017-10-06T00:00:00Z","date_published":"2014-10-14T00:00:00Z","owner_name":null,"tidal_id":"51767103-c124-54fb-bc33-52d77d54e386","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437800Z"},{"id":"7a32c962-8050-45de-8b90-8644be5109d9","name":"objective-see windtail1 dec 2018","description":"Wardle, Patrick. (2018, December 20). Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 1). Retrieved October 3, 2019.","url":"https://objective-see.com/blog/blog_0x3B.html","source":"MITRE, Tidal Cyber","title":"Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 1)","authors":"Wardle, Patrick","date_accessed":"2019-10-03T00:00:00Z","date_published":"2018-12-20T00:00:00Z","owner_name":null,"tidal_id":"a0efad04-cdf7-5d7f-8125-841478953cf0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.257282Z"},{"id":"e6bdc679-ee0c-4f34-b5bc-0d6a26485b36","name":"objective-see windtail2 jan 2019","description":"Wardle, Patrick. (2019, January 15). Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 2). Retrieved October 3, 2019.","url":"https://objective-see.com/blog/blog_0x3D.html","source":"MITRE","title":"Middle East Cyber-Espionage analyzing WindShift's implant: OSX.WindTail (part 2)","authors":"Wardle, Patrick","date_accessed":"2019-10-03T00:00:00Z","date_published":"2019-01-15T00:00:00Z","owner_name":null,"tidal_id":"17c1af09-096d-58b2-9eac-0e2ac79ac59c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416987Z"},{"id":"a8224ad5-4688-4382-a3e7-1dd3ed74ebce","name":"CyberScoop BlackOasis Oct 2017","description":"Bing, C. (2017, October 16). Middle Eastern hacking group is using FinFisher malware to conduct international espionage. Retrieved February 15, 2018.","url":"https://www.cyberscoop.com/middle-eastern-hacking-group-using-finfisher-malware-conduct-international-espionage/","source":"MITRE","title":"Middle Eastern hacking group is using FinFisher malware to conduct international espionage","authors":"Bing, C","date_accessed":"2018-02-15T00:00:00Z","date_published":"2017-10-16T00:00:00Z","owner_name":null,"tidal_id":"5e847e11-bb57-5ce6-858f-bafad2366834","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439569Z"},{"id":"c62378f0-ee99-5eac-b2be-91f630e95dfb","name":"Wiz Midnight Blizzard 2024","description":"Lior Sonntag. (2024, February 8). Midnight Blizzard attack on Microsoft corporate environment: a detailed analysis, detections and recommendations. Retrieved March 20, 2025.","url":"https://www.wiz.io/blog/midnight-blizzard-microsoft-breach-analysis-and-best-practices","source":"MITRE","title":"Midnight Blizzard attack on Microsoft corporate environment: a detailed analysis, detections and recommendations","authors":"Lior Sonntag","date_accessed":"2025-03-20T00:00:00Z","date_published":"2024-02-08T00:00:00Z","owner_name":null,"tidal_id":"f4f06cfa-7b6d-5004-8c80-54aab724a126","created":"2025-04-22T20:47:18.889558Z","modified":"2025-12-17T15:08:36.434323Z"},{"id":"036fae9b-7a4b-4cb5-849b-987c5a45ceb2","name":"Wiz.io February 8 2024","description":"Lior Sonntag. (2024, February 8). Midnight Blizzard breach analysis and best practices . Retrieved September 8, 2025.","url":"https://www.wiz.io/blog/midnight-blizzard-microsoft-breach-analysis-and-best-practices","source":"Tidal Cyber","title":"Midnight Blizzard breach analysis and best practices","authors":"Lior Sonntag","date_accessed":"2025-09-08T12:00:00Z","date_published":"2024-02-08T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5a2910f3-1c2e-5d5a-b2db-5ec323fa5b4d","created":"2025-09-10T16:38:49.415227Z","modified":"2025-09-10T16:38:49.601165Z"},{"id":"b4455d64-1171-487d-b0b4-be192be7b08c","name":"Microsoft Midnight Blizzard October 29 2024","description":"Microsoft Threat Intelligence. (2024, October 29). Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files. Retrieved November 14, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/","source":"Tidal Cyber","title":"Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files","authors":"Microsoft Threat Intelligence","date_accessed":"2024-11-14T00:00:00Z","date_published":"2024-10-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4c3d5b30-4e1e-5635-b72a-0f2f95b5fa32","created":"2024-11-15T17:28:55.285394Z","modified":"2024-11-15T17:28:55.541440Z"},{"id":"8d0db0f2-9b29-5216-8c9c-de8bf0c541de","name":"Int SP - chat apps","description":"Microsoft Threat Intelligence. (2023, August 2). Midnight Blizzard conducts targeted social engineering over Microsoft Teams. Retrieved February 16, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/","source":"MITRE","title":"Midnight Blizzard conducts targeted social engineering over Microsoft Teams","authors":"Microsoft Threat Intelligence","date_accessed":"2024-02-16T00:00:00Z","date_published":"2023-08-02T00:00:00Z","owner_name":null,"tidal_id":"294aceb3-b105-57b8-87ea-62d52537aeb9","created":"2024-04-25T13:28:38.150180Z","modified":"2025-12-17T15:08:36.432969Z"},{"id":"10dedea9-35e9-476f-84e8-e49e3f057039","name":"Microsoft Security Blog 1 26 2024","description":"Microsoft Threat Intelligence. (2024, January 25). Midnight Blizzard Guidance for responders on nation-state attack . Retrieved January 26, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/","source":"Tidal Cyber","title":"Midnight Blizzard Guidance for responders on nation-state attack","authors":"Microsoft Threat Intelligence","date_accessed":"2024-01-26T00:00:00Z","date_published":"2024-01-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"063b3c46-167c-553c-a80a-6ebc7f0c4444","created":"2024-06-13T20:10:47.473436Z","modified":"2024-06-13T20:10:47.663429Z"},{"id":"c92d890c-2839-433a-b458-f663e66e1c63","name":"Deply Mimikatz","description":"Deply, B. (n.d.). Mimikatz. Retrieved September 29, 2015.","url":"https://github.com/gentilkiwi/mimikatz","source":"MITRE","title":"Mimikatz","authors":"Deply, B","date_accessed":"2015-09-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"00b9ce95-4115-5485-b846-baf8af09c7f5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423224Z"},{"id":"46836549-f7e9-45e1-8d89-4d25ba26dbd7","name":"CG 2014","description":"CG. (2014, May 20). Mimikatz Against Virtual Machine Memory Part 1. Retrieved November 12, 2014.","url":"http://carnal0wnage.attackresearch.com/2014/05/mimikatz-against-virtual-machine-memory.html","source":"MITRE","title":"Mimikatz Against Virtual Machine Memory Part 1","authors":"CG","date_accessed":"2014-11-12T00:00:00Z","date_published":"2014-05-20T00:00:00Z","owner_name":null,"tidal_id":"e3e007d5-b3c7-50a2-a2ee-08980adc5a29","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431955Z"},{"id":"07ff57eb-1e23-433b-8da7-80f1caf7543e","name":"ADSecurity AD Kerberos Attacks","description":"Metcalf, S. (2014, November 22). Mimikatz and Active Directory Kerberos Attacks. Retrieved June 2, 2016.","url":"https://adsecurity.org/?p=556","source":"MITRE","title":"Mimikatz and Active Directory Kerberos Attacks","authors":"Metcalf, S","date_accessed":"2016-06-02T00:00:00Z","date_published":"2014-11-22T00:00:00Z","owner_name":null,"tidal_id":"547afaa7-bbe5-5f64-921b-dfd5335f7895","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415610Z"},{"id":"2a01a70c-28a8-444e-95a7-00a568d51ce6","name":"Harmj0y DCSync Sept 2015","description":"Schroeder, W. (2015, September 22). Mimikatz and DCSync and ExtraSids, Oh My. Retrieved December 4, 2017.","url":"http://www.harmj0y.net/blog/redteaming/mimikatz-and-dcsync-and-extrasids-oh-my/","source":"MITRE","title":"Mimikatz and DCSync and ExtraSids, Oh My","authors":"Schroeder, W","date_accessed":"2017-12-04T00:00:00Z","date_published":"2015-09-22T00:00:00Z","owner_name":null,"tidal_id":"721b3a4e-50e3-53c2-bea9-362fd4e09944","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424406Z"},{"id":"2afa76c1-caa1-4f16-9289-7abc7eb3a102","name":"Harmj0y Mimikatz and DCSync","description":"Schroeder, W. (2015, September 22). Mimikatz and DCSync and ExtraSids, Oh My. Retrieved September 23, 2024.","url":"https://blog.harmj0y.net/redteaming/mimikatz-and-dcsync-and-extrasids-oh-my/","source":"MITRE","title":"Mimikatz and DCSync and ExtraSids, Oh My","authors":"Schroeder, W","date_accessed":"2024-09-23T00:00:00Z","date_published":"2015-09-22T00:00:00Z","owner_name":null,"tidal_id":"10747233-d454-5f18-ac8b-00360368ba61","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436450Z"},{"id":"856ed70b-29b0-4f56-b5ae-a98981a22eaf","name":"AdSecurity DCSync Sept 2015","description":"Metcalf, S. (2015, September 25). Mimikatz DCSync Usage, Exploitation, and Detection. Retrieved December 4, 2017.","url":"https://adsecurity.org/?p=1729","source":"MITRE","title":"Mimikatz DCSync Usage, Exploitation, and Detection","authors":"Metcalf, S","date_accessed":"2017-12-04T00:00:00Z","date_published":"2015-09-25T00:00:00Z","owner_name":null,"tidal_id":"93089dcb-c20c-5df2-b42f-8527f5859105","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416155Z"},{"id":"61b0bb42-2ed6-413d-b331-0a84df12a87d","name":"ADSecurity Mimikatz DCSync","description":"Metcalf, S. (2015, September 25). Mimikatz DCSync Usage, Exploitation, and Detection. Retrieved August 7, 2017.","url":"https://adsecurity.org/?p=1729","source":"MITRE","title":"Mimikatz DCSync Usage, Exploitation, and Detection","authors":"Metcalf, S","date_accessed":"2017-08-07T00:00:00Z","date_published":"2015-09-25T00:00:00Z","owner_name":null,"tidal_id":"387723e4-1472-5464-9a75-f23e8a7e01d0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436444Z"},{"id":"2e0a95b2-3f9a-4638-9bc5-ff1f3ac2af4b","name":"GitHub Mimikittenz July 2016","description":"Jamieson O'Reilly (putterpanda). (2016, July 4). mimikittenz. Retrieved June 20, 2019.","url":"https://github.com/putterpanda/mimikittenz","source":"MITRE","title":"mimikittenz","authors":"Jamieson O'Reilly (putterpanda)","date_accessed":"2019-06-20T00:00:00Z","date_published":"2016-07-04T00:00:00Z","owner_name":null,"tidal_id":"556634d0-5af2-5f1c-82eb-283822e3ed67","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428780Z"},{"id":"b10cd6cc-35ed-4eac-b213-110de28f33ef","name":"MimiPenguin GitHub May 2017","description":"Gregal, H. (2017, May 12). MimiPenguin. Retrieved December 5, 2017.","url":"https://github.com/huntergregal/mimipenguin","source":"MITRE","title":"MimiPenguin","authors":"Gregal, H","date_accessed":"2017-12-05T00:00:00Z","date_published":"2017-05-12T00:00:00Z","owner_name":null,"tidal_id":"01c0f65f-d823-599e-8792-86ebe0a78b02","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423001Z"},{"id":"b66d4c5a-f4de-5888-ad8a-a20bda888bc6","name":"mimipenguin proc file","description":"Gregal, Hunter. (2019, September 17). MimiPenguin 2.0. Retrieved March 28, 2024.","url":"https://github.com/huntergregal/mimipenguin/blob/master/mimipenguin.sh","source":"MITRE","title":"MimiPenguin 2.0","authors":"Gregal, Hunter","date_accessed":"2024-03-28T00:00:00Z","date_published":"2019-09-17T00:00:00Z","owner_name":null,"tidal_id":"f8532be5-06c5-50bf-91f9-76072d265ceb","created":"2024-04-25T13:28:52.519679Z","modified":"2025-04-22T20:47:31.766107Z"},{"id":"af40a05e-02fb-4943-b3ff-9a292679e93d","name":"Securelist Minidionis July 2015","description":"Lozhkin, S.. (2015, July 16). Minidionis – one more APT with a usage of cloud drives. Retrieved April 5, 2017.","url":"https://securelist.com/minidionis-one-more-apt-with-a-usage-of-cloud-drives/71443/","source":"MITRE","title":"Minidionis – one more APT with a usage of cloud drives","authors":"Lozhkin, S.","date_accessed":"2017-04-05T00:00:00Z","date_published":"2015-07-16T00:00:00Z","owner_name":null,"tidal_id":"a4fb46e1-c87e-505f-b5cb-1bf4bcc9e38e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421623Z"},{"id":"ca2074d8-330b-544e-806f-ddee7b702631","name":"mining_ruby_reversinglabs","description":"Maljic, T. (2020, April 16). Mining for malicious Ruby gems. Retrieved October 15, 2022.","url":"https://blog.reversinglabs.com/blog/mining-for-malicious-ruby-gems","source":"MITRE","title":"Mining for malicious Ruby gems","authors":"Maljic, T","date_accessed":"2022-10-15T00:00:00Z","date_published":"2020-04-16T00:00:00Z","owner_name":null,"tidal_id":"9a66855c-de20-5626-a3c4-9e25cc2c7d24","created":"2023-05-26T01:21:03.590464Z","modified":"2025-12-17T15:08:36.427122Z"},{"id":"0115ff65-d7f8-593f-84fd-b0ab0a9b3084","name":"ExtensionTotal VSCode Extensions 2025","description":"Yuval Ronen. (2025, April 4). Mining in Plain Sight: The VS Code Extension Cryptojacking Campaign. Retrieved April 8, 2025.","url":"https://blog.extensiontotal.com/mining-in-plain-sight-the-vs-code-extension-cryptojacking-campaign-19ca12904b59","source":"MITRE","title":"Mining in Plain Sight: The VS Code Extension Cryptojacking Campaign","authors":"Yuval Ronen","date_accessed":"2025-04-08T00:00:00Z","date_published":"2025-04-04T00:00:00Z","owner_name":null,"tidal_id":"386c59ef-e2c9-5d55-88a4-24a00195f63d","created":"2025-04-22T20:47:15.203065Z","modified":"2025-12-17T15:08:36.430543Z"},{"id":"83de363d-b575-4851-9c2d-a78f504cf754","name":"lazgroup_idn_phishing","description":"RISKIQ. (2017, December 20). Mining Insights: Infrastructure Analysis of Lazarus Group Cyber Attacks on the Cryptocurrency Industry. Retrieved July 29, 2022.","url":"https://web.archive.org/web/20171223000420/https://www.riskiq.com/blog/labs/lazarus-group-cryptocurrency/","source":"MITRE","title":"Mining Insights: Infrastructure Analysis of Lazarus Group Cyber Attacks on the Cryptocurrency Industry","authors":"RISKIQ","date_accessed":"2022-07-29T00:00:00Z","date_published":"2017-12-20T00:00:00Z","owner_name":null,"tidal_id":"a2593826-e3b4-5aaa-88f0-c6408de67e10","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428506Z"},{"id":"e8e60112-a08d-5316-b80f-f601e7e5c973","name":"NCSC-NL COATHANGER Feb 2024","description":"Dutch Military Intelligence and Security Service (MIVD) & Dutch General Intelligence and Security Service (AIVD). (2024, February 6). Ministry of Defense of the Netherlands uncovers COATHANGER, a stealthy Chinese FortiGate RAT. Retrieved February 7, 2024.","url":"https://www.ncsc.nl/binaries/ncsc/documenten/publicaties/2024/februari/6/mivd-aivd-advisory-coathanger-tlp-clear/TLP-CLEAR+MIVD+AIVD+Advisory+COATHANGER.pdf","source":"MITRE","title":"Ministry of Defense of the Netherlands uncovers COATHANGER, a stealthy Chinese FortiGate RAT","authors":"Dutch Military Intelligence and Security Service (MIVD) & Dutch General Intelligence and Security Service (AIVD)","date_accessed":"2024-02-07T00:00:00Z","date_published":"2024-02-06T00:00:00Z","owner_name":null,"tidal_id":"e60e107c-c14c-5a5c-b123-d21151be0457","created":"2024-04-25T13:28:46.954988Z","modified":"2025-12-17T15:08:36.416936Z"},{"id":"a5432624-c394-56e6-b463-5b1a1aea542b","name":"Bleeping Computer Mint Mobile Hack 2021","description":"Lawrence Abrams. (2021, July 10). Mint Mobile hit by a data breach after numbers ported, data accessed. Retrieved July 1, 2024.","url":"https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/","source":"MITRE","title":"Mint Mobile hit by a data breach after numbers ported, data accessed","authors":"Lawrence Abrams","date_accessed":"2024-07-01T00:00:00Z","date_published":"2021-07-10T00:00:00Z","owner_name":null,"tidal_id":"a25e3dea-9970-5ab2-b575-d8d643fd1700","created":"2024-10-31T16:28:25.143000Z","modified":"2025-12-17T15:08:36.434043Z"},{"id":"0110500c-bf67-43a5-97cb-16eb6c01040b","name":"APT15 Intezer June 2018","description":"Rosenberg, J. (2018, June 14). MirageFox: APT15 Resurfaces With New Tools Based On Old Ones. Retrieved September 21, 2018.","url":"https://web.archive.org/web/20180615122133/https://www.intezer.com/miragefox-apt15-resurfaces-with-new-tools-based-on-old-ones/","source":"MITRE, Tidal Cyber","title":"MirageFox: APT15 Resurfaces With New Tools Based On Old Ones","authors":"Rosenberg, J","date_accessed":"2018-09-21T00:00:00Z","date_published":"2018-06-14T00:00:00Z","owner_name":null,"tidal_id":"e350ca1f-41d0-5995-a846-c5faeaa2dc7b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.262593Z"},{"id":"d8f4d661-ad8a-451d-9799-afe36e200bb3","name":"ESET MirrorFace March 18 2025","description":"Dominik Breitenbacher. (2025, March 18). MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor. Retrieved April 9, 2025.","url":"https://www.welivesecurity.com/en/eset-research/operation-akairyu-mirrorface-invites-europe-expo-2025-revives-anel-backdoor/","source":"Tidal Cyber","title":"MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor","authors":"Dominik Breitenbacher","date_accessed":"2025-04-09T00:00:00Z","date_published":"2025-03-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7655fced-f600-5665-be43-89055c670d87","created":"2025-04-11T15:33:23.361448Z","modified":"2025-04-11T15:33:23.520999Z"},{"id":"38bfe50e-6526-48ee-9797-e403d3a431dd","name":"The Hacker News MirrorFace January 9 2025","description":"Ravie Lakshmanan. (2025, January 9). MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan. Retrieved April 9, 2025.","url":"https://thehackernews.com/2025/01/mirrorface-leverages-anel-and-noopdoor.html","source":"Tidal Cyber","title":"MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan","authors":"Ravie Lakshmanan","date_accessed":"2025-04-09T00:00:00Z","date_published":"2025-01-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c750c0de-0a6b-55a8-895a-8542262b4d9f","created":"2025-04-11T15:33:23.693528Z","modified":"2025-04-11T15:33:23.880581Z"},{"id":"e1b945f4-20e0-5b69-8fd7-f05afce8c0ba","name":"ESET Security Mispadu Facebook Ads 2019","description":"ESET Security. (2019, November 19). Mispadu: Advertisement for a discounted Unhappy Meal. Retrieved March 13, 2024.","url":"https://www.welivesecurity.com/2019/11/19/mispadu-advertisement-discounted-unhappy-meal/","source":"MITRE","title":"Mispadu: Advertisement for a discounted Unhappy Meal","authors":"ESET Security","date_accessed":"2024-03-13T00:00:00Z","date_published":"2019-11-19T00:00:00Z","owner_name":null,"tidal_id":"4cea443d-fa41-54c8-b927-2d31073a65d1","created":"2024-04-25T13:28:47.603892Z","modified":"2025-12-17T15:08:36.418440Z"},{"id":"a27753c1-2f7a-40c4-9e28-a37265bce28c","name":"ESET Mispadu November 2019","description":"ESET Research. (2019, November 19). Mispadu: Advertisement for a discounted Unhappy Meal. Retrieved April 4, 2024.","url":"https://www.welivesecurity.com/2019/11/19/mispadu-advertisement-discounted-unhappy-meal/","source":"Tidal Cyber","title":"Mispadu: Advertisement for a discounted Unhappy Meal","authors":"ESET Research","date_accessed":"2024-04-04T00:00:00Z","date_published":"2019-11-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c5682cf6-cec6-5bad-b38e-a846071c9150","created":"2024-04-25T14:10:41.942918Z","modified":"2024-04-25T14:10:42.301918Z"},{"id":"4f63720a-50b6-4eef-826c-71ce8d6e4bb8","name":"Slideshare Abusing SSH","description":"Duarte, H., Morrison, B. (2012). (Mis)trusting and (ab)using ssh. Retrieved January 8, 2018.","url":"https://www.slideshare.net/morisson/mistrusting-and-abusing-ssh-13526219","source":"MITRE","title":"(Mis)trusting and (ab)using ssh","authors":"Duarte, H., Morrison, B","date_accessed":"2018-01-08T00:00:00Z","date_published":"2012-01-01T00:00:00Z","owner_name":null,"tidal_id":"24464246-7d4d-5971-a9a3-90208b27d595","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429229Z"},{"id":"88fecbcd-a89b-536a-a1f6-6ddfb2b452da","name":"Mitiga Security Advisory: SSM Agent as Remote Access Trojan","description":"Ariel Szarf, Or Aspir. (n.d.). Mitiga Security Advisory: Abusing the SSM Agent as a Remote Access Trojan. Retrieved January 31, 2024.","url":"https://www.mitiga.io/blog/mitiga-security-advisory-abusing-the-ssm-agent-as-a-remote-access-trojan","source":"MITRE","title":"Mitiga Security Advisory: Abusing the SSM Agent as a Remote Access Trojan","authors":"Ariel Szarf, Or Aspir","date_accessed":"2024-01-31T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ba7c3dd6-7614-5de9-a8f6-ff8edb2b2261","created":"2024-04-25T13:28:37.856670Z","modified":"2025-12-17T15:08:36.432681Z"},{"id":"92fb1c48-a68a-56a2-bf34-0e410acf52c4","name":"W3C","description":"W3C. (2025, September 12). Mitigating Browser Fingerprinting in Web Specifications. Retrieved September 22, 2025.","url":"https://www.w3.org/TR/fingerprinting-guidance/","source":"MITRE","title":"Mitigating Browser Fingerprinting in Web Specifications","authors":"W3C","date_accessed":"2025-09-22T00:00:00Z","date_published":"2025-09-12T00:00:00Z","owner_name":null,"tidal_id":"0a38ac57-e21d-5875-a6d2-956c32e24d9e","created":"2025-10-29T21:08:48.167800Z","modified":"2025-12-17T15:08:36.442376Z"},{"id":"4e82a053-c881-4569-8efe-3ef40f6e25a0","name":"ACSC Email Spoofing","description":"Australian Cyber Security Centre. (2012, December). Mitigating Spoofed Emails Using Sender Policy Framework. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20210708014107/https://www.cyber.gov.au/sites/default/files/2019-03/spoof_email_sender_policy_framework.pdf","source":"MITRE","title":"Mitigating Spoofed Emails Using Sender Policy Framework","authors":"Australian Cyber Security Centre","date_accessed":"2024-11-17T00:00:00Z","date_published":"2012-12-01T00:00:00Z","owner_name":null,"tidal_id":"6976036e-cb2a-5d25-9d11-4840bb562a59","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426731Z"},{"id":"5f46e378-07b5-5351-b91f-4501e0e40577","name":"Pentera vCenter Information Disclosure","description":"Yuval Lazar. (2022, March 29). Mitigating VMware vCenter Information Disclosure. Retrieved March 26, 2025.","url":"https://pentera.io/blog/information-disclosure-in-vmware-vcenter/","source":"MITRE","title":"Mitigating VMware vCenter Information Disclosure","authors":"Yuval Lazar","date_accessed":"2025-03-26T00:00:00Z","date_published":"2022-03-29T00:00:00Z","owner_name":null,"tidal_id":"7d9d91be-a67b-5180-8451-d7e3fd4d1edd","created":"2025-04-22T20:47:14.846458Z","modified":"2025-12-17T15:08:36.430255Z"},{"id":"cc40e8e8-5450-4340-a091-ae7e609778dc","name":"NSA Cyber Mitigating Web Shells","description":"NSA Cybersecurity Directorate. (n.d.). Mitigating Web Shells. Retrieved July 22, 2021.","url":"https://github.com/nsacyber/Mitigating-Web-Shells","source":"MITRE","title":"Mitigating Web Shells","authors":"NSA Cybersecurity Directorate","date_accessed":"2021-07-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"74d0b2b5-59b0-59dc-abd9-03269cc4d6e1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430134Z"},{"id":"6a1b4373-2304-420c-8733-e1eae71ff7b2","name":"MIT ccache","description":"Massachusetts Institute of Technology. (n.d.). MIT Kerberos Documentation: Credential Cache. Retrieved October 4, 2021.","url":"https://web.mit.edu/kerberos/krb5-1.12/doc/basic/ccache_def.html","source":"MITRE","title":"MIT Kerberos Documentation: Credential Cache","authors":"Massachusetts Institute of Technology","date_accessed":"2021-10-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"52f332b4-32c0-5824-88ac-17be9fcf8b97","created":"2022-12-14T20:06:32.013016Z","modified":"2024-04-25T13:28:33.307098Z"},{"id":"b240db4f-8826-49f9-951b-72f37e3be3a7","name":"MITRE Caldera™ Website","description":"MITRE. (n.d.). MITRE Caldera™ Website. Retrieved March 24, 2025.","url":"https://caldera.mitre.org/","source":"Tidal Cyber","title":"MITRE Caldera™ Website","authors":"MITRE","date_accessed":"2025-03-24T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"11025c4a-a364-5f04-bc60-fd3775fc0b41","created":"2025-03-25T13:16:00.733278Z","modified":"2025-03-25T13:16:00.867878Z"},{"id":"09a5a048-cddd-5e93-8ef0-05245df694b9","name":"MITRE June 2020","description":"MITRE 2020, June CWE CATEGORY: 7PK - API Abuse. Retrieved 2020/09/25","url":"https://cwe.mitre.org/data/definitions/227.html","source":"ICS","title":"MITRE June 2020","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"efe8e806-2c45-54a3-965a-34ada43de5e9","created":"2026-01-28T13:08:18.180207Z","modified":"2026-01-28T13:08:18.180210Z"},{"id":"2224a1f4-9c47-5746-86db-cb1be5a8911e","name":"MITRE March 2018","description":"MITRE 2018, March 22 CVE-2015-5374. Retrieved 2019/03/14","url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5374","source":"ICS","title":"MITRE March 2018","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d57b4151-bc06-58fe-b53b-c7efe5b8ef20","created":"2026-01-28T13:08:18.176607Z","modified":"2026-01-28T13:08:18.176610Z"},{"id":"576f95bc-5cb9-473e-b026-19b864d1c26c","name":"MITRE SE Guide 2014","description":"The MITRE Corporation. (2014). MITRE Systems Engineering Guide. Retrieved April 6, 2018.","url":"https://www.mitre.org/sites/default/files/publications/se-guide-book-interactive.pdf","source":"MITRE","title":"MITRE Systems Engineering Guide","authors":"The MITRE Corporation","date_accessed":"2018-04-06T00:00:00Z","date_published":"2014-01-01T00:00:00Z","owner_name":null,"tidal_id":"1909501d-7c2d-568d-841e-81819177ed33","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416043Z"},{"id":"6f3add66-a668-4dd4-8f1a-310598ba227b","name":"mkdir - Linux man page","description":"die.net. (n.d.). mkdir - Linux man page. Retrieved December 19, 2024.","url":"https://linux.die.net/man/1/mkdir","source":"Tidal Cyber","title":"mkdir - Linux man page","authors":"die.net","date_accessed":"2024-12-19T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"7ee5409a-6873-596a-b170-e747ddf0cd8d","created":"2025-04-11T15:06:26.341583Z","modified":"2025-04-11T15:06:26.497949Z"},{"id":"508373ef-2634-404f-99de-7a73cce68699","name":"win_mmc","description":"Microsoft. (2017, October 16). mmc. Retrieved September 20, 2021.","url":"https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/mmc","source":"MITRE","title":"mmc","authors":"Microsoft","date_accessed":"2021-09-20T00:00:00Z","date_published":"2017-10-16T00:00:00Z","owner_name":null,"tidal_id":"df5739e1-0b64-526c-b85d-82f4d704a23f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436911Z"},{"id":"490b6769-e386-4a3d-972e-5a919cb2f6f5","name":"Mmc.exe - LOLBAS Project","description":"LOLBAS. (2018, December 4). Mmc.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Mmc/","source":"Tidal Cyber","title":"Mmc.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-12-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"804388cd-94cc-5ef2-82f3-8f54bf5bc227","created":"2024-01-12T14:46:48.888181Z","modified":"2024-01-12T14:46:49.072220Z"},{"id":"1a68851f-6251-5ae8-8140-ed5792ea321f","name":"Lookout Uyghur Campaign","description":"A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November","url":"https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf","source":"Mobile","title":"Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor","authors":"A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen","date_accessed":"1978-11-01T00:00:00Z","date_published":"2020-06-01T00:00:00Z","owner_name":null,"tidal_id":"702f0a90-a52b-5e49-be9c-bae6745c9cd5","created":"2026-01-28T13:08:10.038725Z","modified":"2026-01-28T13:08:10.038728Z"},{"id":"9cacdf15-f35d-5cd4-966f-79b22fd06cae","name":"Krebs-Location","description":"Brian Krebs. (2018, May 17). Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site. Retrieved November","url":"https://krebsonsecurity.com/2018/05/tracking-firm-locationsmart-leaked-location-data-for-customers-of-all-major-u-s-mobile-carriers-in-real-time-via-its-web-site/","source":"Mobile","title":"Mobile Carriers Without Consent in Real Time Via Its Web Site","authors":"Brian Krebs. (2018, May 17)","date_accessed":"1978-11-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ec35c6f8-99a7-54d5-9fba-61db7cf5c321","created":"2026-01-28T13:08:10.044516Z","modified":"2026-01-28T13:08:10.044519Z"},{"id":"b830fe30-0b53-4fc6-a172-7da930618725","name":"Trend Micro Bouncing Golf 2019","description":"E. Xu, G. Guo. (2019, June 28). Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/","source":"Mobile","title":"Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East","authors":"E. Xu, G. Guo","date_accessed":"1978-01-01T00:00:00Z","date_published":"2019-06-28T00:00:00Z","owner_name":null,"tidal_id":"c86ef8e5-6c15-5198-980f-3a5fb4a68016","created":"2022-12-14T20:06:32.013016Z","modified":"2026-01-28T13:08:12.137456Z"},{"id":"36657417-8b9e-526e-aa62-4ad3544ff83f","name":"blackberry_mobile_malware_apt_esp","description":"BlackBerry Research and Insights Team. (n.d.). Mobile Malware and APT Espionage. Retrieved March","url":"https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/mobile-malware-report.pdf","source":"Mobile","title":"Mobile Malware and APT Espionage","authors":"BlackBerry Research and Insights Team","date_accessed":"1978-03-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a2b3cbeb-976a-533f-92fe-a8d778e470be","created":"2026-01-28T13:08:10.047485Z","modified":"2026-01-28T13:08:10.047488Z"},{"id":"b6b93a57-be12-5255-972a-2ff01c10e6d7","name":"Cyble_Anubis_May2021","description":"Cyble. (2021, May 2). Mobile Malware App Anubis Strikes Again, Continues to Lure Users Disguised as a Fake Antivirus. Retrieved April","url":"https://cyble.com/blog/mobile-malware-app-anubis-strikes-again-continues-to-lure-users-disguised-as-a-fake-antivirus/","source":"Mobile","title":"Mobile Malware App Anubis Strikes Again, Continues to Lure Users Disguised as a Fake Antivirus","authors":"Cyble","date_accessed":"1978-04-01T00:00:00Z","date_published":"2021-05-02T00:00:00Z","owner_name":null,"tidal_id":"6dc9164e-62bc-51d0-9629-bcb477a1c511","created":"2026-01-28T13:08:10.047068Z","modified":"2026-01-28T13:08:10.047071Z"},{"id":"c8d007a1-1740-594b-9eaa-4e5960388fd8","name":"Kaspersky-MobileMalware","description":"Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December","url":"https://securelist.com/mobile-malware-evolution-2013/58335/","source":"Mobile","title":"Mobile Malware Evolution: 2013","authors":"Roman Unuchek and Victor Chebyshev","date_accessed":"1978-12-01T00:00:00Z","date_published":"2014-02-24T00:00:00Z","owner_name":null,"tidal_id":"52a1752f-af9b-51b7-b1c7-1115b11bd954","created":"2026-01-28T13:08:10.039896Z","modified":"2026-01-28T13:08:10.039899Z"},{"id":"3ca314d4-3fcf-4545-8ae9-4d8781d51295","name":"ELF Injection May 2009","description":"O'Neill, R. (2009, May). Modern Day ELF Runtime infection via GOT poisoning. Retrieved March 15, 2020.","url":"https://web.archive.org/web/20150711051625/http://vxer.org/lib/vrn00.html","source":"MITRE","title":"Modern Day ELF Runtime infection via GOT poisoning","authors":"O'Neill, R","date_accessed":"2020-03-15T00:00:00Z","date_published":"2009-05-01T00:00:00Z","owner_name":null,"tidal_id":"dd54e40b-f37b-52cb-aca2-e3f3d4a078dd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432863Z"},{"id":"7e16241a-d906-5eb0-961d-00724f44d903","name":"specter ops evil twin","description":"Ryan, Gabriel. (2019, October 28). Modern Wireless Tradecraft Pt I — Basic Rogue AP Theory — Evil Twin and Karma Attacks. Retrieved September 17, 2024.","url":"https://posts.specterops.io/modern-wireless-attacks-pt-i-basic-rogue-ap-theory-evil-twin-and-karma-attacks-35a8571550ee","source":"MITRE","title":"Modern Wireless Tradecraft Pt I — Basic Rogue AP Theory — Evil Twin and Karma Attacks","authors":"Ryan, Gabriel","date_accessed":"2024-09-17T00:00:00Z","date_published":"2019-10-28T00:00:00Z","owner_name":null,"tidal_id":"230279ed-d2aa-59fb-be06-9dbe07b675ee","created":"2024-10-31T16:28:20.370511Z","modified":"2025-12-17T15:08:36.428894Z"},{"id":"04b0582e-357f-5f2a-8582-b3bf8f52c2a2","name":"Elastic Rules macOS launchctl 2022","description":"Elastic Security 7.17. (2022, February 1). Modification of Environment Variable via Launchctl. Retrieved September 28, 2023.","url":"https://www.elastic.co/guide/en/security/7.17/prebuilt-rule-7-16-4-modification-of-environment-variable-via-launchctl.html","source":"MITRE","title":"Modification of Environment Variable via Launchctl","authors":"Elastic Security 7.17","date_accessed":"2023-09-28T00:00:00Z","date_published":"2022-02-01T00:00:00Z","owner_name":null,"tidal_id":"8a6e3787-df12-5692-80e5-baf4cb5fd7ea","created":"2023-11-07T00:35:57.319223Z","modified":"2025-12-17T15:08:36.424495Z"},{"id":"d4f2db5c-ef6d-556d-a5e2-f6738277fecd","name":"modinfo man","description":"Russell, R. (n.d.). modinfo(8) - Linux man page. Retrieved March 28, 2023.","url":"https://linux.die.net/man/8/modinfo","source":"MITRE","title":"modinfo(8) - Linux man page","authors":"Russell, R","date_accessed":"2023-03-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b02ac2e4-c7bb-5a35-80ad-5f6b1dce89b7","created":"2023-05-26T01:21:02.597082Z","modified":"2025-12-17T15:08:36.426213Z"},{"id":"53b0c71d-c577-40e8-8a04-9de083e276a2","name":"hasherezade debug","description":"hasherezade. (2021, June 30). Module 3 - Understanding and countering malware's evasion and self-defence. Retrieved April 1, 2022.","url":"https://github.com/hasherezade/malware_training_vol1/blob/main/slides/module3/Module3_2_fingerprinting.pdf","source":"MITRE","title":"Module 3 - Understanding and countering malware's evasion and self-defence","authors":"hasherezade","date_accessed":"2022-04-01T00:00:00Z","date_published":"2021-06-30T00:00:00Z","owner_name":null,"tidal_id":"185b567f-7228-5479-87b8-79de39284b3b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435757Z"},{"id":"b051a38a-09c7-4280-a5b6-08067d81a2d8","name":"Microsoft Module Class","description":"Microsoft. (n.d.). Module Class. Retrieved September 28, 2021.","url":"https://docs.microsoft.com/en-us/dotnet/api/system.reflection.module","source":"MITRE","title":"Module Class","authors":"Microsoft","date_accessed":"2021-09-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a2085fcf-a6f0-56fb-bb34-c804b35bc4dd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437282Z"},{"id":"b5eca224-bea1-48e8-acdc-e910d52560f1","name":"GitHub Mimikatz kerberos Module","description":"Deply, B., Le Toux, V.. (2016, June 5). module ~ kerberos. Retrieved March 17, 2020.","url":"https://github.com/gentilkiwi/mimikatz/wiki/module-~-kerberos","source":"MITRE","title":"module ~ kerberos","authors":"Deply, B., Le Toux, V.","date_accessed":"2020-03-17T00:00:00Z","date_published":"2016-06-05T00:00:00Z","owner_name":null,"tidal_id":"42249439-cd14-512b-84f3-85de03af84ee","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442152Z"},{"id":"e188ff4d-a983-4f5a-b9e1-3b0f9fd8df25","name":"GitHub Mimikatz lsadump Module","description":"Deply, B., Le Toux, V. (2016, June 5). module ~ lsadump. Retrieved August 7, 2017.","url":"https://github.com/gentilkiwi/mimikatz/wiki/module-~-lsadump","source":"MITRE","title":"module ~ lsadump","authors":"Deply, B., Le Toux, V","date_accessed":"2017-08-07T00:00:00Z","date_published":"2016-06-05T00:00:00Z","owner_name":null,"tidal_id":"734a6acb-d541-57d5-b980-75529f1c1d27","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436438Z"},{"id":"0f9b58e2-2a81-4b79-aad6-b36a844cf1c6","name":"Module Stomping for Shellcode Injection","description":"Red Teaming Experiments. (n.d.). Module Stomping for Shellcode Injection. Retrieved July 14, 2022.","url":"https://www.ired.team/offensive-security/code-injection-process-injection/modulestomping-dll-hollowing-shellcode-injection","source":"MITRE","title":"Module Stomping for Shellcode Injection","authors":"Red Teaming Experiments","date_accessed":"2022-07-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a567bc5e-9aff-519b-9ef5-ad9e28a8361a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436548Z"},{"id":"ceefe610-0b26-4307-806b-17313d570511","name":"Linux Kernel Module Programming Guide","description":"Pomerantz, O., Salzman, P. (2003, April 4). Modules vs Programs. Retrieved April 6, 2018.","url":"http://www.tldp.org/LDP/lkmpg/2.4/html/x437.html","source":"MITRE","title":"Modules vs Programs","authors":"Pomerantz, O., Salzman, P","date_accessed":"2018-04-06T00:00:00Z","date_published":"2003-04-04T00:00:00Z","owner_name":null,"tidal_id":"b54a2455-aea4-5b58-b735-cb0e6cda9cc6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430917Z"},{"id":"f1a08b1c-f7d5-4a91-b3b7-0f042b297842","name":"FOX-IT May 2016 Mofang","description":"Yonathan Klijnsma. (2016, May 17). Mofang: A politically motivated information stealing adversary. Retrieved May 12, 2020.","url":"https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf","source":"MITRE, Tidal Cyber","title":"Mofang: A politically motivated information stealing adversary","authors":"Yonathan Klijnsma","date_accessed":"2020-05-12T00:00:00Z","date_published":"2016-05-17T00:00:00Z","owner_name":null,"tidal_id":"ccf8117c-1f3c-5a96-9b0e-28425039e3a7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.259036Z"},{"id":"328f1c87-c9dc-42d8-bb33-a17ad4d7f57e","name":"Unit42 Molerat Mar 2020","description":"Falcone, R., et al. (2020, March 3). Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations. Retrieved December 14, 2020.","url":"https://unit42.paloaltonetworks.com/molerats-delivers-spark-backdoor/","source":"MITRE","title":"Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations","authors":"Falcone, R., et al","date_accessed":"2020-12-14T00:00:00Z","date_published":"2020-03-03T00:00:00Z","owner_name":null,"tidal_id":"450ef582-c406-5e0d-8a5d-f72bb586b430","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416565Z"},{"id":"81a10a4b-c66f-4526-882c-184436807e1d","name":"Cybereason Molerats Dec 2020","description":"Cybereason Nocturnus Team. (2020, December 9). MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign. Retrieved December 22, 2020.","url":"https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf","source":"MITRE","title":"MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign","authors":"Cybereason Nocturnus Team","date_accessed":"2020-12-22T00:00:00Z","date_published":"2020-12-09T00:00:00Z","owner_name":null,"tidal_id":"20266673-3130-5a8d-ba53-f4f3f5dfb1ae","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416912Z"},{"id":"e16974cc-623e-4fa6-ac36-5f199d54bf55","name":"Azure - Monitor Logs","description":"Microsoft. (2019, June 4). Monitor at scale by using Azure Monitor. Retrieved May 1, 2020.","url":"https://docs.microsoft.com/en-us/azure/backup/backup-azure-monitoring-use-azuremonitor","source":"MITRE","title":"Monitor at scale by using Azure Monitor","authors":"Microsoft","date_accessed":"2020-05-01T00:00:00Z","date_published":"2019-06-04T00:00:00Z","owner_name":null,"tidal_id":"ecc3bd7b-9f31-599d-bb7f-0d48cafba4f5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436241Z"},{"id":"91a4278e-ea52-4cd5-8c79-c73c690372a3","name":"EventTracker File Permissions Feb 2014","description":"Netsurion. (2014, February 19). Monitoring File Permission Changes with the Windows Security Log. Retrieved August 19, 2018.","url":"https://www.eventtracker.com/tech-articles/monitoring-file-permission-changes-windows-security-log/","source":"MITRE","title":"Monitoring File Permission Changes with the Windows Security Log","authors":"Netsurion","date_accessed":"2018-08-19T00:00:00Z","date_published":"2014-02-19T00:00:00Z","owner_name":null,"tidal_id":"3498f50c-15a8-552c-a1bb-26ca712b267e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427494Z"},{"id":"86896031-f654-4185-ba45-8c931903153b","name":"Microsoft Silent Process Exit NOV 2017","description":"Marshall, D. & Griffin, S. (2017, November 28). Monitoring Silent Process Exit. Retrieved June 27, 2018.","url":"https://docs.microsoft.com/windows-hardware/drivers/debugger/registry-entries-for-silent-process-exit","source":"MITRE","title":"Monitoring Silent Process Exit","authors":"Marshall, D. & Griffin, S","date_accessed":"2018-06-27T00:00:00Z","date_published":"2017-11-28T00:00:00Z","owner_name":null,"tidal_id":"b3fd95a3-ff22-5ba1-b7df-5eda315f46c1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430287Z"},{"id":"72798df8-0e12-46f5-acb0-2fe99bd8dbff","name":"Windows Event Forwarding Payne","description":"Payne, J. (2015, November 23). Monitoring what matters - Windows Event Forwarding for everyone (even if you already have a SIEM.). Retrieved February 1, 2016.","url":"https://docs.microsoft.com/en-us/archive/blogs/jepayne/monitoring-what-matters-windows-event-forwarding-for-everyone-even-if-you-already-have-a-siem","source":"MITRE","title":"Monitoring what matters - Windows Event Forwarding for everyone (even if you already have a SIEM.)","authors":"Payne, J","date_accessed":"2016-02-01T00:00:00Z","date_published":"2015-11-23T00:00:00Z","owner_name":null,"tidal_id":"91cc29b4-6f2d-5cd1-bb72-9eafb05b307f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429341Z"},{"id":"9009a8cc-3282-5eac-90f1-525a85d99c0e","name":"Google Workspace Apps Script Restrict OAuth Scopes","description":"Google Workspace. (2024, March 5). Monitor & restrict data access. Retrieved July 1, 2024.","url":"https://developers.google.com/apps-script/guides/admin/monitor-restrict-oauth-scopes","source":"MITRE","title":"Monitor & restrict data access","authors":"Google Workspace","date_accessed":"2024-07-01T00:00:00Z","date_published":"2024-03-05T00:00:00Z","owner_name":null,"tidal_id":"a9751c8a-01ee-51fc-bf2f-b9018a956f9e","created":"2024-10-31T16:28:36.186284Z","modified":"2025-12-17T15:08:36.440703Z"},{"id":"d33115c5-ae47-4089-a6cb-4ef97effa722","name":"GCP Monitoring Service Account Usage","description":"Google Cloud. (2022, March 31). Monitor usage patterns for service accounts and keys . Retrieved April 1, 2022.","url":"https://cloud.google.com/iam/docs/service-account-monitoring","source":"MITRE","title":"Monitor usage patterns for service accounts and keys","authors":"Google Cloud","date_accessed":"2022-04-01T00:00:00Z","date_published":"2022-03-31T00:00:00Z","owner_name":null,"tidal_id":"4e4105d6-849c-5282-a0fc-c451f0c5bea4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436288Z"},{"id":"46e04ad2-905c-53f2-ad83-73601deb6eb2","name":"Lookout-Monokle","description":"Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September","url":"https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf","source":"Mobile","title":"Monokle: The Mobile Surveillance Tooling of the Special Technology Center","authors":"Bauer A., Kumar A., Hebeisen C., et al","date_accessed":"1978-09-01T00:00:00Z","date_published":"2019-07-01T00:00:00Z","owner_name":null,"tidal_id":"e242062f-9cd4-5eef-b220-5db0641138e7","created":"2026-01-28T13:08:10.040829Z","modified":"2026-01-28T13:08:10.040832Z"},{"id":"ea64a3a5-a248-44bb-98cd-f7e3d4c23d4e","name":"Forcepoint Monsoon","description":"Settle, A., et al. (2016, August 8). MONSOON - Analysis Of An APT Campaign. Retrieved September 22, 2016.","url":"https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf","source":"MITRE","title":"MONSOON - Analysis Of An APT Campaign","authors":"Settle, A., et al","date_accessed":"2016-09-22T00:00:00Z","date_published":"2016-08-08T00:00:00Z","owner_name":null,"tidal_id":"d47be9d9-66bc-5478-80ad-eb78c48d835f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419993Z"},{"id":"12d2fbc5-f9cb-41b5-96a6-1cd100b5a173","name":"Trend Micro August 14 2023","description":"Nathaniel Morales; Joshua Paul Ignacio Read time. (2023, August 14). Monti Ransomware Unleashes a New Encryptor for Linux. Retrieved January 1, 2024.","url":"https://www.trendmicro.com/en_us/research/23/h/monti-ransomware-unleashes-a-new-encryptor-for-linux.html","source":"Tidal Cyber","title":"Monti Ransomware Unleashes a New Encryptor for Linux","authors":"Nathaniel Morales; Joshua Paul Ignacio Read time","date_accessed":"2024-01-01T00:00:00Z","date_published":"2023-08-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fb8f8e19-2dfa-590e-8549-4a159a92ad77","created":"2024-09-13T19:19:47.740191Z","modified":"2024-09-13T19:19:48.153084Z"},{"id":"b9ee14c9-75fe-552e-81b5-a1fd5aa916d7","name":"Microsoft Moonstone Sleet 2024","description":"Microsoft Threat Intelligence. (2024, May 28). Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks. Retrieved August 26, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2024/05/28/moonstone-sleet-emerges-as-new-north-korean-threat-actor-with-new-bag-of-tricks/","source":"MITRE","title":"Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks","authors":"Microsoft Threat Intelligence","date_accessed":"2024-08-26T00:00:00Z","date_published":"2024-05-28T00:00:00Z","owner_name":null,"tidal_id":"aa75156e-c34d-5a24-9702-f619627d2e7d","created":"2024-10-31T16:28:31.658438Z","modified":"2025-12-17T15:08:36.439187Z"},{"id":"faf315ed-71f7-4e29-8334-701da35a69ad","name":"Microsoft Security Blog 5 28 2024","description":"Microsoft Threat Intelligence. (2024, May 28). Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks . Retrieved May 29, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2024/05/28/moonstone-sleet-emerges-as-new-north-korean-threat-actor-with-new-bag-of-tricks/","source":"Tidal Cyber","title":"Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks","authors":"Microsoft Threat Intelligence","date_accessed":"2024-05-29T00:00:00Z","date_published":"2024-05-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3025f27f-4974-5b2a-87bb-58abbf4633f4","created":"2024-06-13T20:11:04.210904Z","modified":"2024-06-13T20:11:04.399749Z"},{"id":"34bb70ee-80e1-5524-a1c3-ab9b9fe0eb12","name":"McAfee MoqHao 2019","description":"Pak, C. (2019, August 7). MoqHao Related Android Spyware Targeting Japan and Korea Found on Google Play. Retrieved November","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/moqhao-related-android-spyware-targeting-japan-and-korea-found-on-google-play/","source":"Mobile","title":"MoqHao Related Android Spyware Targeting Japan and Korea Found on Google Play","authors":"Pak, C","date_accessed":"1978-11-01T00:00:00Z","date_published":"2019-08-07T00:00:00Z","owner_name":null,"tidal_id":"b6b4f530-67ce-5462-afe7-f62a8c308f9e","created":"2026-01-28T13:08:10.042127Z","modified":"2026-01-28T13:08:10.042130Z"},{"id":"f0a0286f-adb9-4a6e-85b5-5b0f45e6fbf3","name":"Security Intelligence More Eggs Aug 2019","description":"Villadsen, O.. (2019, August 29). More_eggs, Anyone? Threat Actor ITG08 Strikes Again. Retrieved September 16, 2019.","url":"https://securityintelligence.com/posts/more_eggs-anyone-threat-actor-itg08-strikes-again/","source":"MITRE, Tidal Cyber","title":"More_eggs, Anyone? Threat Actor ITG08 Strikes Again","authors":"Villadsen, O.","date_accessed":"2019-09-16T00:00:00Z","date_published":"2019-08-29T00:00:00Z","owner_name":null,"tidal_id":"e43b0abe-ee7f-5b13-b90e-3925cce31fd6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.261958Z"},{"id":"6851b3f9-0239-40fc-ba44-34a775e9bd4e","name":"ESET EvilNum July 2020","description":"Porolli, M. (2020, July 9). More evil: A deep look at Evilnum and its toolset. Retrieved January 22, 2021.","url":"https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/","source":"MITRE, Tidal Cyber","title":"More evil: A deep look at Evilnum and its toolset","authors":"Porolli, M","date_accessed":"2021-01-22T00:00:00Z","date_published":"2020-07-09T00:00:00Z","owner_name":null,"tidal_id":"fc1e65e4-0cf6-52a1-8f47-97cb7b9bbcdf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.260200Z"},{"id":"80289c7b-53c1-4aec-9436-04a43a82f769","name":"Microsoft More information about DLL","description":"Microsoft. (2010, August 12). More information about the DLL Preloading remote attack vector. Retrieved December 5, 2014.","url":"https://msrc-blog.microsoft.com/2010/08/23/more-information-about-the-dll-preloading-remote-attack-vector/","source":"MITRE","title":"More information about the DLL Preloading remote attack vector","authors":"Microsoft","date_accessed":"2014-12-05T00:00:00Z","date_published":"2010-08-12T00:00:00Z","owner_name":null,"tidal_id":"e011b144-ae97-59ef-ac61-eff2badac714","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441538Z"},{"id":"46aa7075-9f0a-461e-8519-5c4860208678","name":"Microsoft DLL Preloading","description":"Microsoft. (2010, August 12). More information about the DLL Preloading remote attack vector. Retrieved December 5, 2014.","url":"http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx","source":"MITRE","title":"More information about the DLL Preloading remote attack vector","authors":"Microsoft","date_accessed":"2014-12-05T00:00:00Z","date_published":"2010-08-12T00:00:00Z","owner_name":null,"tidal_id":"89c52c41-de6a-5535-a965-c30ceecd1a8f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416029Z"},{"id":"c33ca45d-eeff-4a23-906c-99369047c7f5","name":"aptsim","description":"valsmith. (2012, September 21). More on APTSim. Retrieved September 28, 2017.","url":"http://carnal0wnage.attackresearch.com/2012/09/more-on-aptsim.html","source":"MITRE","title":"More on APTSim","authors":"valsmith","date_accessed":"2017-09-28T00:00:00Z","date_published":"2012-09-21T00:00:00Z","owner_name":null,"tidal_id":"7fcc20f6-41e6-5fba-8f96-567f152aa43c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441904Z"},{"id":"bbf9b08a-072c-4fb9-8c3c-cb6f91e8940c","name":"Washington Post WannaCry 2017","description":"Dwoskin, E. and Adam, K. (2017, May 14). More than 150 countries affected by massive cyberattack, Europol says. Retrieved March 25, 2019.","url":"https://www.washingtonpost.com/business/economy/more-than-150-countries-affected-by-massive-cyberattack-europol-says/2017/05/14/5091465e-3899-11e7-9e48-c4f199710b69_story.html?utm_term=.7fa16b41cad4","source":"MITRE","title":"More than 150 countries affected by massive cyberattack, Europol says","authors":"Dwoskin, E. and Adam, K","date_accessed":"2019-03-25T00:00:00Z","date_published":"2017-05-14T00:00:00Z","owner_name":null,"tidal_id":"f24592b4-060a-5707-8567-bab133cb02dd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419657Z"},{"id":"c60e5443-41f1-509f-89fd-89ef65a858ea","name":"Gooligan Citation","description":"Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December","url":"http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/","source":"Mobile","title":"More Than 1 Million Google Accounts Breached by Gooligan","authors":"Check Point Research Team","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-11-30T00:00:00Z","owner_name":null,"tidal_id":"dee9c691-a6fc-5d1c-80de-0c22ea84d720","created":"2026-01-28T13:08:10.039068Z","modified":"2026-01-28T13:08:10.039071Z"},{"id":"99151b50-3dd8-47b5-a48f-2e3b450944e9","name":"ArsTechnica Intel","description":"Goodin, D. & Salter, J. (2020, August 6). More than 20GB of Intel source code and proprietary data dumped online. Retrieved October 20, 2020.","url":"https://arstechnica.com/information-technology/2020/08/intel-is-investigating-the-leak-of-20gb-of-its-source-code-and-private-data/","source":"MITRE","title":"More than 20GB of Intel source code and proprietary data dumped online","authors":"Goodin, D. & Salter, J","date_accessed":"2020-10-20T00:00:00Z","date_published":"2020-08-06T00:00:00Z","owner_name":null,"tidal_id":"7cdf2435-ee1e-56cd-b273-af266a268184","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433994Z"},{"id":"2d4834b9-61c4-478e-919a-317d97cd2c36","name":"Kaspersky Winnti April 2013","description":"Kaspersky Lab's Global Research and Analysis Team. (2013, April 11). Winnti. More than just a game. Retrieved February 8, 2017.","url":"https://securelist.com/winnti-more-than-just-a-game/37029/","source":"MITRE, Tidal Cyber","title":"More than just a game","authors":"Kaspersky Lab's Global Research and Analysis Team. (2013, April 11)","date_accessed":"2017-02-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"bb032e1a-a6d3-5f6c-932d-cded50cbedb6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.262250Z"},{"id":"dcd65d74-4e7b-5ddd-8c72-700456981347","name":"polygot_icedID","description":"Lim, M. (2022, September 27). More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID. Retrieved September 29, 2022.","url":"https://unit42.paloaltonetworks.com/polyglot-file-icedid-payload","source":"MITRE","title":"More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID","authors":"Lim, M","date_accessed":"2022-09-29T00:00:00Z","date_published":"2022-09-27T00:00:00Z","owner_name":null,"tidal_id":"cf061e54-9ebd-562f-bade-4b1c8b1cf1f0","created":"2023-05-26T01:21:02.496392Z","modified":"2025-12-17T15:08:36.426098Z"},{"id":"e9c47d8e-f732-45c9-bceb-26c5d564e781","name":"CrowdStrike Deep Panda Web Shells","description":"RYANJ. (2014, February 20). Mo’ Shells Mo’ Problems – Deep Panda Web Shells. Retrieved September 16, 2015.","url":"http://www.crowdstrike.com/blog/mo-shells-mo-problems-deep-panda-web-shells/","source":"MITRE, Tidal Cyber","title":"Mo’ Shells Mo’ Problems – Deep Panda Web Shells","authors":"RYANJ","date_accessed":"2015-09-16T00:00:00Z","date_published":"2014-02-20T00:00:00Z","owner_name":null,"tidal_id":"a8f66369-6b2e-520f-bd0a-e75a4a79eef4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.282170Z"},{"id":"640c20b4-a449-48d4-8db7-1cb6837287ff","name":"Wikimedia Foundation Inc. September 5 2005","description":"Wikimedia Foundation Inc.. (2005, September 5). mount (Unix) - Wikipedia. Retrieved December 19, 2024.","url":"https://en.wikipedia.org/wiki/Mount_(Unix)","source":"Tidal Cyber","title":"mount (Unix) - Wikipedia","authors":"Wikimedia Foundation Inc.","date_accessed":"2024-12-19T00:00:00Z","date_published":"2005-09-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5a30ea62-05dc-50a0-9d81-5087b096e62f","created":"2025-04-11T15:06:08.019091Z","modified":"2025-04-11T15:06:08.174177Z"},{"id":"6c85e925-d42b-590c-a424-14ebb49812bb","name":"ESET MoustachedBouncer","description":"Faou, M. (2023, August 10). MoustachedBouncer: Espionage against foreign diplomats in Belarus. Retrieved September 1, 2023.","url":"https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/","source":"MITRE","title":"MoustachedBouncer: Espionage against foreign diplomats in Belarus","authors":"Faou, M","date_accessed":"2023-09-01T00:00:00Z","date_published":"2023-08-10T00:00:00Z","owner_name":null,"tidal_id":"244ea96b-5f79-5958-b69d-0df8121cf161","created":"2023-11-07T00:36:01.510289Z","modified":"2025-12-17T15:08:36.428623Z"},{"id":"9070f14b-5d5e-5f6d-bcac-628478e01242","name":"MoustachedBouncer ESET August 2023","description":"Faou, M. (2023, August 10). MoustachedBouncer: Espionage against foreign diplomats in Belarus. Retrieved September 25, 2023.","url":"https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/","source":"MITRE","title":"MoustachedBouncer: Espionage against foreign diplomats in Belarus","authors":"Faou, M","date_accessed":"2023-09-25T00:00:00Z","date_published":"2023-08-10T00:00:00Z","owner_name":null,"tidal_id":"1d0128f3-88ac-527c-be1b-37129368a5e7","created":"2023-11-07T00:36:12.765501Z","modified":"2025-12-17T15:08:36.417298Z"},{"id":"6d426568-f760-5624-bdde-934ce3d83c45","name":"Huntress MOVEit 2023","description":"John Hammond. (2023, June 1). MOVEit Transfer Critical Vulnerability CVE-2023-34362 Rapid Response. Retrieved August 5, 2024.","url":"https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response","source":"MITRE","title":"MOVEit Transfer Critical Vulnerability CVE-2023-34362 Rapid Response","authors":"John Hammond","date_accessed":"2024-08-05T00:00:00Z","date_published":"2023-06-01T00:00:00Z","owner_name":null,"tidal_id":"bb086032-a446-55f9-8fcb-ad29b5a2690d","created":"2024-10-31T16:28:26.015349Z","modified":"2025-12-17T15:08:36.435092Z"},{"id":"9f364e22-b73c-4f3a-902c-a3f0eb01a2b9","name":"Progress Software MOVEit Transfer Critical Vulnerability","description":"Progress Software. (2023, June 16). MOVEit Transfer Critical Vulnerability (May 2023) (CVE-2023-34362). Retrieved July 28, 2023.","url":"https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023","source":"Tidal Cyber","title":"MOVEit Transfer Critical Vulnerability (May 2023) (CVE-2023-34362)","authors":"Progress Software","date_accessed":"2023-07-28T00:00:00Z","date_published":"2023-06-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"61301e5e-f65d-5272-bfa8-c6e66771292d","created":"2023-07-28T16:33:34.937459Z","modified":"2023-07-28T16:33:35.062340Z"},{"id":"da4fbddf-9398-43a9-888c-2c58e9fc9aaf","name":"TechNet Moving Beyond EMET","description":"Nunez, N. (2017, August 9). Moving Beyond EMET II – Windows Defender Exploit Guard. Retrieved March 12, 2018.","url":"https://blogs.technet.microsoft.com/srd/2017/08/09/moving-beyond-emet-ii-windows-defender-exploit-guard/","source":"MITRE","title":"Moving Beyond EMET II – Windows Defender Exploit Guard","authors":"Nunez, N","date_accessed":"2018-03-12T00:00:00Z","date_published":"2017-08-09T00:00:00Z","owner_name":null,"tidal_id":"0c967226-8d4a-527a-8e9b-209bea2005c6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415421Z"},{"id":"08b390aa-863b-420e-9b00-e168e3c756d8","name":"ScriptingOSX zsh","description":"Armin Briegel. (2019, June 5). Moving to zsh, part 2: Configuration Files. Retrieved February 25, 2021.","url":"https://scriptingosx.com/2019/06/moving-to-zsh-part-2-configuration-files/","source":"MITRE","title":"Moving to zsh, part 2: Configuration Files","authors":"Armin Briegel","date_accessed":"2021-02-25T00:00:00Z","date_published":"2019-06-05T00:00:00Z","owner_name":null,"tidal_id":"7680f123-d03f-54c9-8b83-78382e6bf828","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433891Z"},{"id":"e208c277-e477-4123-8c3c-313d55cdc1ea","name":"Volatility Detecting Hooks Sept 2012","description":"Volatility Labs. (2012, September 24). MoVP 3.1 Detecting Malware Hooks in the Windows GUI Subsystem. Retrieved December 12, 2017.","url":"https://volatility-labs.blogspot.com/2012/09/movp-31-detecting-malware-hooks-in.html","source":"MITRE","title":"MoVP 3.1 Detecting Malware Hooks in the Windows GUI Subsystem","authors":"Volatility Labs","date_accessed":"2017-12-12T00:00:00Z","date_published":"2012-09-24T00:00:00Z","owner_name":null,"tidal_id":"52cae30e-3944-548e-9d99-e3d5b94fd38a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430581Z"},{"id":"363d1140-2d89-4354-ad03-85f031b9cc94","name":"MOXFIVE Qilin April 1 2025","description":"MOXFIVE. (2025, April 1). MOXFIVE Threat Actor Spotlight - Qilin. Retrieved September 12, 2025.","url":"https://www.moxfive.com/resources/moxfive-threat-actor-spotlight-qilin","source":"Tidal Cyber","title":"MOXFIVE Threat Actor Spotlight - Qilin","authors":"MOXFIVE","date_accessed":"2025-09-12T12:00:00Z","date_published":"2025-04-01T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4dbcfc09-2f1e-57eb-bb2a-dbc5efaa4c6b","created":"2025-09-15T19:13:22.003654Z","modified":"2025-09-15T19:13:22.172010Z"},{"id":"cd720550-a0b5-4d1d-85dd-98da97f45b62","name":"mozilla_sec_adv_2012","description":"Robert Kugler. (2012, November 20). Mozilla Foundation Security Advisory 2012-98. Retrieved March 10, 2017.","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-98/","source":"MITRE","title":"Mozilla Foundation Security Advisory 2012-98","authors":"Robert Kugler","date_accessed":"2017-03-10T00:00:00Z","date_published":"2012-11-20T00:00:00Z","owner_name":null,"tidal_id":"077d9039-8862-5699-b549-9a3e6da41e48","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431196Z"},{"id":"920d1607-154e-4c74-b1eb-0d8299be536f","name":"Mozilla Firefox Installer DLL Hijack","description":"Kugler, R. (2012, November 20). Mozilla Foundation Security Advisory 2012-98. Retrieved March 10, 2017.","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-98/","source":"MITRE","title":"Mozilla Foundation Security Advisory 2012-98","authors":"Kugler, R","date_accessed":"2017-03-10T00:00:00Z","date_published":"2012-11-20T00:00:00Z","owner_name":null,"tidal_id":"d6b86ae1-af75-5342-8216-e53931b02add","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424549Z"},{"id":"2082d5ca-474f-4130-b275-c1ac5e30064c","name":"MpCmdRun.exe - LOLBAS Project","description":"LOLBAS. (2020, March 20). MpCmdRun.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/MpCmdRun/","source":"Tidal Cyber","title":"MpCmdRun.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-03-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"664d6fe4-cb85-5422-955a-12604ff04876","created":"2024-01-12T14:46:49.256676Z","modified":"2024-01-12T14:46:49.446029Z"},{"id":"4fdead67-7684-40d3-9395-c9a89e9ea2c7","name":"Mpiexec.exe - LOLBAS Project","description":"LOLBAS. (2025, September 25). Mpiexec.exe. Retrieved December 30, 2025.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Mpiexec/","source":"Tidal Cyber","title":"Mpiexec.exe","authors":"LOLBAS","date_accessed":"2025-12-30T12:00:00Z","date_published":"2025-09-25T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a3914e33-d19b-559a-b895-96165d0a816f","created":"2026-01-06T18:03:32.412029Z","modified":"2026-01-06T18:03:32.566518Z"},{"id":"2474e2ee-bbcd-4b7c-8c52-22112d22135f","name":"TechNet MS14-019","description":"Nagaraju, S. (2014, April 8). MS14-019 – Fixing a binary hijacking via .cmd or .bat file. Retrieved July 25, 2016.","url":"https://blogs.technet.microsoft.com/srd/2014/04/08/ms14-019-fixing-a-binary-hijacking-via-cmd-or-bat-file/","source":"MITRE","title":"MS14-019 – Fixing a binary hijacking via .cmd or .bat file","authors":"Nagaraju, S","date_accessed":"2016-07-25T00:00:00Z","date_published":"2014-04-08T00:00:00Z","owner_name":null,"tidal_id":"47b25526-8a34-5f31-90ef-36bb16a6f5b9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434392Z"},{"id":"a15fff18-5d3f-4898-9e47-ec6ae7dda749","name":"SRD GPP","description":"Security Research and Defense. (2014, May 13). MS14-025: An Update for Group Policy Preferences. Retrieved January 28, 2015.","url":"http://blogs.technet.com/b/srd/archive/2014/05/13/ms14-025-an-update-for-group-policy-preferences.aspx","source":"MITRE","title":"MS14-025: An Update for Group Policy Preferences","authors":"Security Research and Defense","date_accessed":"2015-01-28T00:00:00Z","date_published":"2014-05-13T00:00:00Z","owner_name":null,"tidal_id":"d06463f6-95d2-566c-9119-54f45d4af7cd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431974Z"},{"id":"dbe32cbd-8c6e-483f-887c-ea2a5102cf65","name":"Microsoft MS14-025","description":"Microsoft. (2014, May 13). MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege. Retrieved January 28, 2015.","url":"http://support.microsoft.com/kb/2962486","source":"MITRE","title":"MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege","authors":"Microsoft","date_accessed":"2015-01-28T00:00:00Z","date_published":"2014-05-13T00:00:00Z","owner_name":null,"tidal_id":"b5184ab2-51c8-5c2d-9f0a-e647c6246c8a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415403Z"},{"id":"7537c0bb-6f14-4a4a-94cc-98c6ed9e878f","name":"MS14-025","description":"Microsoft. (2014, May 13). MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege. Retrieved February 17, 2020.","url":"https://support.microsoft.com/en-us/help/2962486/ms14-025-vulnerability-in-group-policy-preferences-could-allow-elevati","source":"MITRE","title":"MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege","authors":"Microsoft","date_accessed":"2020-02-17T00:00:00Z","date_published":"2014-05-13T00:00:00Z","owner_name":null,"tidal_id":"02faf8e6-7cd9-5569-8b24-e418969eb2e0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440772Z"},{"id":"2796b750-4801-4a36-b67a-00cde283fb7c","name":"MSAccess.exe - LOLBAS Project","description":"LOLBAS. (2023, April 30). MSAccess.exe. Retrieved May 19, 2025.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Msaccess/","source":"Tidal Cyber","title":"MSAccess.exe","authors":"LOLBAS","date_accessed":"2025-05-19T00:00:00Z","date_published":"2023-04-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"50544acb-dd11-5a6a-8215-e81306dca9c0","created":"2025-05-20T16:19:06.145825Z","modified":"2025-05-20T16:19:06.302516Z"},{"id":"9ad54187-84b0-47f9-af6e-c3753452e470","name":"MSDN MSBuild","description":"Microsoft. (n.d.). MSBuild1. Retrieved November 30, 2016.","url":"https://msdn.microsoft.com/library/dd393574.aspx","source":"MITRE","title":"MSBuild1","authors":"Microsoft","date_accessed":"2016-11-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ffb9b633-bff9-549b-89a8-7c72b0940859","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434638Z"},{"id":"de8e0741-255b-4c41-ba50-248ac5acc325","name":"LOLBAS Msbuild","description":"LOLBAS. (n.d.). Msbuild.exe. Retrieved July 31, 2019.","url":"https://lolbas-project.github.io/lolbas/Binaries/Msbuild/","source":"MITRE","title":"Msbuild.exe","authors":"LOLBAS","date_accessed":"2019-07-31T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"08043d7c-9d40-507b-95aa-048f72cf03ee","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434625Z"},{"id":"2c638ca5-c7e2-4c4e-bb9c-e36d14899ca8","name":"Microsoft MSBuild Inline Tasks 2017","description":"Microsoft. (2017, September 21). MSBuild inline tasks. Retrieved March 5, 2021.","url":"https://docs.microsoft.com/en-us/visualstudio/msbuild/msbuild-inline-tasks?view=vs-2019#code-element","source":"MITRE","title":"MSBuild inline tasks","authors":"Microsoft","date_accessed":"2021-03-05T00:00:00Z","date_published":"2017-09-21T00:00:00Z","owner_name":null,"tidal_id":"5b717c01-4d39-58d4-8505-eb800f4cc702","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434631Z"},{"id":"a073d2fc-d20d-4a52-944e-85ff89f04978","name":"Msconfig.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Msconfig.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Msconfig/","source":"Tidal Cyber","title":"Msconfig.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7283356f-2a80-5629-bca8-770e4ded2199","created":"2024-01-12T14:46:49.644790Z","modified":"2024-01-12T14:46:49.831828Z"},{"id":"e563af9a-5e49-4612-a52b-31f22f76193c","name":"Msdeploy.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Msdeploy.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Msdeploy/","source":"Tidal Cyber","title":"Msdeploy.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d25282af-4752-5eac-8016-dd8c9005fb3b","created":"2024-01-12T14:47:25.430760Z","modified":"2024-01-12T14:47:25.604238Z"},{"id":"f62c8cc9-9c75-4b9a-a0b4-8fc55a94e207","name":"MSDN File Associations","description":"Microsoft. (n.d.). Retrieved July 26, 2016.","url":"https://msdn.microsoft.com/en-us/library/cc144156.aspx","source":"MITRE","title":"MSDN File Associations","authors":"","date_accessed":"2016-07-26T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8377d165-e677-5c4d-8890-985b084c0c72","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416341Z"},{"id":"43b75a27-7875-4c24-b04d-54e1b60f3028","name":"Microsoft DRSR Dec 2017","description":"Microsoft. (2017, December 1). MS-DRSR Directory Replication Service (DRS) Remote Protocol. Retrieved December 4, 2017.","url":"https://msdn.microsoft.com/library/cc228086.aspx","source":"MITRE","title":"MS-DRSR Directory Replication Service (DRS) Remote Protocol","authors":"Microsoft","date_accessed":"2017-12-04T00:00:00Z","date_published":"2017-12-01T00:00:00Z","owner_name":null,"tidal_id":"c9c685b4-7a7c-5cc8-a33b-3c4cb3c240af","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424373Z"},{"id":"3eb1750c-a2f2-4d68-b060-ceb32f44f5fe","name":"Msdt.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Msdt.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Msdt/","source":"Tidal Cyber","title":"Msdt.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8d33e3e9-a9e5-58bc-8a0b-21a9d2836bf2","created":"2024-01-12T14:46:50.067426Z","modified":"2024-01-12T14:46:50.434807Z"},{"id":"6169c12e-9753-4e48-8213-aff95b0f6a95","name":"Msedge.exe - LOLBAS Project","description":"LOLBAS. (2022, January 20). Msedge.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Msedge/","source":"Tidal Cyber","title":"Msedge.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-01-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"60553fd1-9c6d-5854-96e2-8f9d40b077a9","created":"2024-01-12T14:46:50.621469Z","modified":"2024-01-12T14:46:50.804771Z"},{"id":"a6fd4727-e22f-4157-9a5f-1217cb876b32","name":"msedge_proxy.exe - LOLBAS Project","description":"LOLBAS. (2023, August 18). msedge_proxy.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/msedge_proxy/","source":"Tidal Cyber","title":"msedge_proxy.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2023-08-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a83cf8b0-63a9-5da7-b96e-cbffb0b56107","created":"2024-01-12T14:47:08.769438Z","modified":"2024-01-12T14:47:08.974344Z"},{"id":"8125ece7-10d1-4e79-8ea1-724fe46a3c97","name":"msedgewebview2.exe - LOLBAS Project","description":"LOLBAS. (2023, June 15). msedgewebview2.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/msedgewebview2/","source":"Tidal Cyber","title":"msedgewebview2.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2023-06-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7c9ca389-1409-5739-91c0-525650988e3b","created":"2024-01-12T14:47:09.191375Z","modified":"2024-01-12T14:47:09.368376Z"},{"id":"915a4aef-800e-4c68-ad39-df67c3dbaf75","name":"LOLBAS Mshta","description":"LOLBAS. (n.d.). Mshta.exe. Retrieved July 31, 2019.","url":"https://lolbas-project.github.io/lolbas/Binaries/Mshta/","source":"MITRE","title":"Mshta.exe","authors":"LOLBAS","date_accessed":"2019-07-31T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"32ead02b-c1fd-5fd0-bc4b-b54acddf3427","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432019Z"},{"id":"1a135e0b-5a79-4a4c-bc70-fd8f3f84e1f0","name":"Mshtml.dll - LOLBAS Project","description":"LOLBAS. (2018, May 25). Mshtml.dll. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Libraries/Mshtml/","source":"Tidal Cyber","title":"Mshtml.dll","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f61b96ce-b392-5381-af95-6d9a05e16730","created":"2024-01-12T14:47:12.475342Z","modified":"2024-01-12T14:47:12.647355Z"},{"id":"028a8dc6-08f6-4660-8b82-9d5483d15f72","name":"Microsoft msiexec","description":"Microsoft. (2017, October 15). msiexec. Retrieved January 24, 2020.","url":"https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/msiexec","source":"MITRE","title":"msiexec","authors":"Microsoft","date_accessed":"2020-01-24T00:00:00Z","date_published":"2017-10-15T00:00:00Z","owner_name":null,"tidal_id":"c564d3c9-d034-5004-82b0-d9f072092b46","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427653Z"},{"id":"996cc7ea-0729-4c51-b9c3-b201ec32e984","name":"LOLBAS Msiexec","description":"LOLBAS. (n.d.). Msiexec.exe. Retrieved April 18, 2019.","url":"https://lolbas-project.github.io/lolbas/Binaries/Msiexec/","source":"MITRE","title":"Msiexec.exe","authors":"LOLBAS","date_accessed":"2019-04-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7b373f0f-1116-54dd-a460-ac2d41db75bb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427647Z"},{"id":"e88ba993-d5c0-440f-af52-1f70f1579215","name":"CIS Emotet Dec 2018","description":"CIS. (2018, December 12). MS-ISAC Security Primer- Emotet. Retrieved March 25, 2019.","url":"https://www.cisecurity.org/white-papers/ms-isac-security-primer-emotet/","source":"MITRE","title":"MS-ISAC Security Primer- Emotet","authors":"CIS","date_accessed":"2019-03-25T00:00:00Z","date_published":"2018-12-12T00:00:00Z","owner_name":null,"tidal_id":"396e16a6-2d8c-5f16-9eff-3bc34b8fd62c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417672Z"},{"id":"05cf36a3-ff04-4437-9209-376e9f27c009","name":"Microsoft NRPC Dec 2017","description":"Microsoft. (2017, December 1). MS-NRPC - Netlogon Remote Protocol. Retrieved December 6, 2017.","url":"https://msdn.microsoft.com/library/cc237008.aspx","source":"MITRE","title":"MS-NRPC - Netlogon Remote Protocol","authors":"Microsoft","date_accessed":"2017-12-06T00:00:00Z","date_published":"2017-12-01T00:00:00Z","owner_name":null,"tidal_id":"2f47841d-4226-5538-b83b-a73dea1c62ca","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424379Z"},{"id":"c39fdefa-4c54-48a9-8357-ffe4dca2a2f4","name":"MsoHtmEd.exe - LOLBAS Project","description":"LOLBAS. (2022, July 24). MsoHtmEd.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/MsoHtmEd/","source":"Tidal Cyber","title":"MsoHtmEd.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-07-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"04a3b4c3-cd85-54cc-8a06-e09f6536ed23","created":"2024-01-12T14:47:25.784242Z","modified":"2024-01-12T14:47:25.982228Z"},{"id":"41eff63a-fef0-4b4b-86f7-0908150fcfcf","name":"Mspub.exe - LOLBAS Project","description":"LOLBAS. (2022, August 2). Mspub.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Mspub/","source":"Tidal Cyber","title":"Mspub.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-08-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8a298902-101c-5fcd-82a0-488ec67eb464","created":"2024-01-12T14:47:26.156775Z","modified":"2024-01-12T14:47:26.328616Z"},{"id":"add907d8-06c1-481d-a27a-d077ecb32d0e","name":"Microsoft SAMR","description":"Microsoft. (n.d.). MS-SAMR Security Account Manager (SAM) Remote Protocol (Client-to-Server) - Transport. Retrieved December 4, 2017.","url":"https://msdn.microsoft.com/library/cc245496.aspx","source":"MITRE","title":"MS-SAMR Security Account Manager (SAM) Remote Protocol (Client-to-Server) - Transport","authors":"Microsoft","date_accessed":"2017-12-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"dcd6ae9d-e443-5e78-ac80-83e57c1e0df5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424392Z"},{"id":"15ad7216-df50-467f-a00b-687336898537","name":"GitHub IAD Secure Host Baseline UAC Filtering","description":"NSA IAD. (2017, January 24). MS Security Guide. Retrieved December 18, 2017.","url":"https://github.com/iadgov/Secure-Host-Baseline/blob/master/Windows/Group%20Policy%20Templates/en-US/SecGuide.adml","source":"MITRE","title":"MS Security Guide","authors":"NSA IAD","date_accessed":"2017-12-18T00:00:00Z","date_published":"2017-01-24T00:00:00Z","owner_name":null,"tidal_id":"7bbf8890-f94d-5f43-9712-bb9fdfb40683","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416233Z"},{"id":"4e1ed0a8-60d0-45e2-9592-573b904811f8","name":"msxsl.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). msxsl.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Msxsl/","source":"Tidal Cyber","title":"msxsl.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bc807c7a-4ea1-5e09-983c-47a1f03d644b","created":"2024-01-12T14:47:26.504506Z","modified":"2024-01-12T14:47:26.689306Z"},{"id":"e4e2cf48-47e0-45d8-afc2-a35635f7e880","name":"XSL Bypass Mar 2019","description":"Singh, A. (2019, March 14). MSXSL.EXE and WMIC.EXE — A Way to Proxy Code Execution. Retrieved August 2, 2019.","url":"https://medium.com/@threathuntingteam/msxsl-exe-and-wmic-exe-a-way-to-proxy-code-execution-8d524f642b75","source":"MITRE","title":"MSXSL.EXE and WMIC.EXE — A Way to Proxy Code Execution","authors":"Singh, A","date_accessed":"2019-08-02T00:00:00Z","date_published":"2019-03-14T00:00:00Z","owner_name":null,"tidal_id":"bfb5a1ea-a231-5b50-bbbe-ab3013386288","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436216Z"},{"id":"067497eb-17d9-465f-a070-495575f420d7","name":"Mandiant M-Trends 2015","description":"Mandiant. (2015, February 24). M-Trends 2015: A View from the Front Lines. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20160629094859/https://www2.fireeye.com/rs/fireye/images/rpt-m-trends-2015.pdf","source":"MITRE","title":"M-Trends 2015: A View from the Front Lines","authors":"Mandiant","date_accessed":"2024-11-17T00:00:00Z","date_published":"2015-02-24T00:00:00Z","owner_name":null,"tidal_id":"804e339b-9b16-5d4b-b196-143678a28676","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432592Z"},{"id":"a4747b74-7266-439b-bb8a-bae7102b0d07","name":"MTrends 2016","description":"Mandiant. (2016, February). M-Trends 2016. Retrieved January 4, 2017.","url":"https://www.fireeye.com/content/dam/fireeye-www/regional/fr_FR/offers/pdfs/ig-mtrends-2016.pdf","source":"MITRE","title":"M-Trends 2016","authors":"Mandiant","date_accessed":"2017-01-04T00:00:00Z","date_published":"2016-02-01T00:00:00Z","owner_name":null,"tidal_id":"c5dd6e5f-369e-5caf-b8b9-72b36c5d1bbe","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423879Z"},{"id":"83bc9b28-f8b3-4522-b9f1-f43bce3ae917","name":"Mandiant M-Trends 2020","description":"Mandiant. (2020, February). M-Trends 2020. Retrieved November 17, 2024.","url":"https://www.mandiant.com/sites/default/files/2021-09/mtrends-2020.pdf","source":"MITRE","title":"M-Trends 2020","authors":"Mandiant","date_accessed":"2024-11-17T00:00:00Z","date_published":"2020-02-01T00:00:00Z","owner_name":null,"tidal_id":"deda3a28-87d7-508b-9c67-8a1178a17a43","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425318Z"},{"id":"811d433d-27a4-4411-8ec9-b3a173ba0033","name":"Accenture MUDCARP March 2019","description":"Accenture iDefense Unit. (2019, March 5). Mudcarp's Focus on Submarine Technologies. Retrieved August 24, 2021.","url":"https://www.accenture.com/us-en/blogs/cyber-defense/mudcarps-focus-on-submarine-technologies","source":"MITRE","title":"Mudcarp's Focus on Submarine Technologies","authors":"Accenture iDefense Unit","date_accessed":"2021-08-24T00:00:00Z","date_published":"2019-03-05T00:00:00Z","owner_name":null,"tidal_id":"9c3e4bac-550d-5dc3-8790-a1a50703d5f6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418750Z"},{"id":"85379fc0-18e5-4862-9629-d21fa686afa2","name":"Unit 42 4 9 2024","description":"Margaret Zimmermann. (2024, April 9). Muddled Libra's Evolution to the Cloud. Retrieved April 9, 2024.","url":"https://unit42.paloaltonetworks.com/muddled-libra-evolution-to-cloud/","source":"Tidal Cyber","title":"Muddled Libra's Evolution to the Cloud","authors":"Margaret Zimmermann","date_accessed":"2024-04-09T00:00:00Z","date_published":"2024-04-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"13557a60-4732-519c-9b6f-82d5a0f4a225","created":"2024-06-13T20:10:56.733499Z","modified":"2024-06-13T20:10:56.927077Z"},{"id":"dcdee265-2e46-4f40-95c7-6a2683edb23a","name":"Unit 42 MuddyWater Nov 2017","description":"Lancaster, T.. (2017, November 14). Muddying the Water: Targeted Attacks in the Middle East. Retrieved March 15, 2018.","url":"https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-targeted-attacks-in-the-middle-east/","source":"MITRE, Tidal Cyber","title":"Muddying the Water: Targeted Attacks in the Middle East","authors":"Lancaster, T.","date_accessed":"2018-03-15T00:00:00Z","date_published":"2017-11-14T00:00:00Z","owner_name":null,"tidal_id":"18601a43-db63-5a1c-8a92-d363b8b06e4c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.262682Z"},{"id":"d968546b-5b00-4a7b-9bff-57dfedd0125f","name":"Securelist MuddyWater Oct 2018","description":"Kaspersky Lab's Global Research & Analysis Team. (2018, October 10). MuddyWater expands operations. Retrieved November 2, 2018.","url":"https://securelist.com/muddywater/88059/","source":"MITRE","title":"MuddyWater expands operations","authors":"Kaspersky Lab's Global Research & Analysis Team","date_accessed":"2018-11-02T00:00:00Z","date_published":"2018-10-10T00:00:00Z","owner_name":null,"tidal_id":"12f054d4-8f22-58f6-bc27-bed713633149","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440760Z"},{"id":"a5f60f45-5df5-407d-9f68-bc5f7c42ee85","name":"ClearSky MuddyWater Nov 2018","description":"ClearSky Cyber Security. (2018, November). MuddyWater Operations in Lebanon and Oman: Using an Israeli compromised domain for a two-stage campaign. Retrieved November 29, 2018.","url":"https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-Oman.pdf","source":"MITRE, Tidal Cyber","title":"MuddyWater Operations in Lebanon and Oman: Using an Israeli compromised domain for a two-stage campaign","authors":"ClearSky Cyber Security","date_accessed":"2018-11-29T00:00:00Z","date_published":"2018-11-01T00:00:00Z","owner_name":null,"tidal_id":"4284279b-4231-54f0-b5ab-230a594d187e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.262675Z"},{"id":"bf9847e2-f2bb-4a96-af8f-56e1ffc45cf7","name":"TrendMicro POWERSTATS V3 June 2019","description":"Lunghi, D. and Horejsi, J.. (2019, June 10). MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools. Retrieved May 14, 2020.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/muddywater-resurfaces-uses-multi-stage-backdoor-powerstats-v3-and-new-post-exploitation-tools/","source":"MITRE","title":"MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools","authors":"Lunghi, D. and Horejsi, J.","date_accessed":"2020-05-14T00:00:00Z","date_published":"2019-06-10T00:00:00Z","owner_name":null,"tidal_id":"527a8888-ad68-5a26-bf7e-206606d78068","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419606Z"},{"id":"fc19e816-1740-468e-966e-a7cb1165e16e","name":"None December 02 2025","description":"ESET Research. (2025, December 2). MuddyWater: Snakes by the riverbank. Retrieved December 5, 2025.","url":"https://www.welivesecurity.com/en/eset-research/muddywater-snakes-riverbank/","source":"Tidal Cyber","title":"MuddyWater: Snakes by the riverbank","authors":"ESET Research","date_accessed":"2025-12-05T12:00:00Z","date_published":"2025-12-02T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1f1235c8-5885-58eb-bc7f-91c72956be70","created":"2025-12-10T14:13:45.668428Z","modified":"2025-12-10T14:13:45.824556Z"},{"id":"9dfeeb04-871d-48ee-958e-699e8fac1328","name":"ESET MuddyWater December 02 2025","description":"ESET Research. (2025, December 2). MuddyWater: Snakes by the riverbank. Retrieved December 5, 2025.","url":"https://www.welivesecurity.com/en/eset-research/muddywater-snakes-riverbank/","source":"Tidal Cyber","title":"MuddyWater: Snakes by the riverbank","authors":"ESET Research","date_accessed":"2025-12-05T12:00:00Z","date_published":"2025-12-02T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"95bf068f-ba1b-5d0c-ab91-f98aab2b03cc","created":"2026-01-14T13:29:35.864373Z","modified":"2026-01-14T13:29:36.096316Z"},{"id":"3cd203fd-f178-5c0f-bccc-ea5d52240304","name":"Aquasec Muhstik Malware 2024","description":"Nitzan Yaakov. (2024, June 4). Muhstik Malware Targets Message Queuing Services Applications. Retrieved September 24, 2024.","url":"https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/","source":"MITRE","title":"Muhstik Malware Targets Message Queuing Services Applications","authors":"Nitzan Yaakov","date_accessed":"2024-09-24T00:00:00Z","date_published":"2024-06-04T00:00:00Z","owner_name":null,"tidal_id":"db18a2c8-6af0-5bd8-ba14-28a348e81369","created":"2024-10-31T16:28:15.630633Z","modified":"2025-12-17T15:08:36.423824Z"},{"id":"2f069bb2-3f59-409e-a337-7c69411c8b01","name":"NIST MFA","description":"NIST. (n.d.). Multi-Factor Authentication (MFA). Retrieved September 25, 2024.","url":"https://csrc.nist.gov/glossary/term/multi_factor_authentication","source":"MITRE","title":"Multi-Factor Authentication (MFA)","authors":"NIST","date_accessed":"2024-09-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"94af9352-194f-5723-badf-54647ef90418","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429462Z"},{"id":"6155ef43-4e3f-5bbb-bc4f-982447aca9c9","name":"sophos-multiple-attackers","description":"Matt Wixey. (2022, August 9). Multiple attackers increase pressure on victims, complicate incident response. Retrieved January 31, 2025.","url":"https://news.sophos.com/en-us/2022/08/09/multiple-attackers-increase-pressure-on-victims-complicate-incident-response/#:~:text=While%20some%20threat%20actors%20are%20interdependent%20%28e.g.%2C%20IABs,vulnerabilities%20or%20disabling%20vulnerable%20services%20after%20gaining%20access","source":"MITRE","title":"Multiple attackers increase pressure on victims, complicate incident response","authors":"Matt Wixey","date_accessed":"2025-01-31T00:00:00Z","date_published":"2022-08-09T00:00:00Z","owner_name":null,"tidal_id":"63d41436-8376-5514-bf6d-a31cf01aebe7","created":"2025-04-22T20:47:20.160576Z","modified":"2025-12-17T15:08:36.435573Z"},{"id":"7cdfd0d1-f7e6-4625-91ff-f87f46f95864","name":"Talos Cobalt Group July 2018","description":"Svajcer, V. (2018, July 31). Multiple Cobalt Personality Disorder. Retrieved September 5, 2018.","url":"https://blog.talosintelligence.com/2018/07/multiple-cobalt-personality-disorder.html","source":"MITRE, Tidal Cyber","title":"Multiple Cobalt Personality Disorder","authors":"Svajcer, V","date_accessed":"2018-09-05T00:00:00Z","date_published":"2018-07-31T00:00:00Z","owner_name":null,"tidal_id":"4b5680a9-a78a-540c-8712-f5b3ddb7e426","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.261952Z"},{"id":"6bb581e8-ed0e-41fe-bf95-49b5d11b4e6b","name":"U.S. CISA Zoho Exploits September 7 2023","description":"Cybersecurity and Infrastructure Security Agency. (2023, September 7). Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475. Retrieved September 7, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a","source":"Tidal Cyber","title":"Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-09-07T00:00:00Z","date_published":"2023-09-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1126e08a-57f6-51ba-80f9-9705357f53c0","created":"2023-09-08T15:49:54.035433Z","modified":"2023-09-08T15:49:54.203849Z"},{"id":"d6dc556c-dbf2-4272-a550-14f5292c4fd4","name":"Microsoft TeamCity Exploit Campaign October 18 2023","description":"Microsoft Threat Intelligence. (2023, October 18). Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability. Retrieved July 1, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/","source":"Tidal Cyber","title":"Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability","authors":"Microsoft Threat Intelligence","date_accessed":"2025-07-01T12:00:00Z","date_published":"2023-10-18T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"759fbb03-8fd9-5123-86ae-cfe66b99e423","created":"2025-07-01T19:41:33.113753Z","modified":"2025-07-01T19:41:33.410513Z"},{"id":"10558220-d2be-4189-8608-b7bfeccf37e7","name":"Google Cloud Blog December 12 2025","description":"None Identified. (2025, December 12). Multiple Threat Actors Exploit React2Shell (CVE-2025-55182) | Google Cloud Blog. Retrieved December 15, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/threat-actors-exploit-react2shell-cve-2025-55182","source":"Tidal Cyber","title":"Multiple Threat Actors Exploit React2Shell (CVE-2025-55182) | Google Cloud Blog","authors":"None Identified","date_accessed":"2025-12-15T12:00:00Z","date_published":"2025-12-12T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e613daa1-a31e-5dbc-9ca2-4534bb6d28b0","created":"2025-12-17T14:17:41.518494Z","modified":"2025-12-17T14:17:41.671318Z"},{"id":"76d9da2c-1503-4105-b017-cb2b69298296","name":"CIS Multiple SMB Vulnerabilities","description":"CIS. (2017, May 15). Multiple Vulnerabilities in Microsoft Windows SMB Server Could Allow for Remote Code Execution. Retrieved April 3, 2018.","url":"https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-microsoft-windows-smb-server-could-allow-for-remote-code-execution/","source":"MITRE","title":"Multiple Vulnerabilities in Microsoft Windows SMB Server Could Allow for Remote Code Execution","authors":"CIS","date_accessed":"2018-04-03T00:00:00Z","date_published":"2017-05-15T00:00:00Z","owner_name":null,"tidal_id":"7d73bd0d-4418-5eb9-8c33-380e5476e7ee","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428323Z"},{"id":"b245b023-941c-40d7-96e6-9649f3ee1c89","name":"TrendMicro RA World March 4 2024","description":"Nathaniel Morales, Katherine Casona, Ieriz Nicolle Gonzalez, Ivan Nicole Chavez, Maristel Policarpio, Jacob Santos. (2024, March 4). Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO. Retrieved June 11, 2025.","url":"https://www.trendmicro.com/en_us/research/24/c/multistage-ra-world-ransomware.html","source":"Tidal Cyber","title":"Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO","authors":"Nathaniel Morales, Katherine Casona, Ieriz Nicolle Gonzalez, Ivan Nicole Chavez, Maristel Policarpio, Jacob Santos","date_accessed":"2025-06-11T12:00:00Z","date_published":"2024-03-04T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ea8abd5b-68b4-5aab-bb02-97aa4525094a","created":"2025-06-17T14:40:43.022952Z","modified":"2025-06-17T14:40:43.428434Z"},{"id":"578ecf62-b546-4f52-9d50-92557edf2dd4","name":"GitHub Mauraena","description":"Orrù, M., Trotta, G.. (2019, September 11). Muraena. Retrieved October 14, 2019.","url":"https://github.com/muraenateam/muraena","source":"MITRE","title":"Muraena","authors":"Orrù, M., Trotta, G.","date_accessed":"2019-10-14T00:00:00Z","date_published":"2019-09-11T00:00:00Z","owner_name":null,"tidal_id":"94fd31e9-1ba9-584a-97ef-a40b783d1830","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425122Z"},{"id":"bddf44bb-7a0a-498b-9831-7b73cf9a582e","name":"Arbor Musical Chairs Feb 2018","description":"Sabo, S. (2018, February 15). Musical Chairs Playing Tetris. Retrieved February 19, 2018.","url":"https://www.arbornetworks.com/blog/asert/musical-chairs-playing-tetris/","source":"MITRE","title":"Musical Chairs Playing Tetris","authors":"Sabo, S","date_accessed":"2018-02-19T00:00:00Z","date_published":"2018-02-15T00:00:00Z","owner_name":null,"tidal_id":"902980d8-8bfa-5f38-b086-e51032fa2761","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420066Z"},{"id":"0e0161c7-7ca3-5045-b757-3bcd127af4e5","name":"BlackBerry MUSTANG PANDA October 2022","description":"The BlackBerry Research and Intelligence Team. (2022, October 6). Mustang Panda Abuses Legitimate Apps to Target Myanmar Based Victims. Retrieved October 14, 2025.","url":"https://blogs.blackberry.com/en/2022/10/mustang-panda-abuses-legitimate-apps-to-target-myanmar-based-victims","source":"MITRE","title":"Mustang Panda Abuses Legitimate Apps to Target Myanmar Based Victims","authors":"The BlackBerry Research and Intelligence Team","date_accessed":"2025-10-14T00:00:00Z","date_published":"2022-10-06T00:00:00Z","owner_name":null,"tidal_id":"391ac067-6f1b-514d-9bdc-10777c4c892a","created":"2025-10-29T21:08:48.166956Z","modified":"2025-12-17T15:08:36.438622Z"},{"id":"6ac53a1f-42ea-525e-a795-4d7535bbb62f","name":"EclecticIQ Mustang Panda PlugX","description":"EclecticIQ Threat Research Team. (2023, February 2). Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware. Retrieved September 9, 2025.","url":"https://blog.eclecticiq.com/mustang-panda-apt-group-uses-european-commission-themed-lure-to-deliver-plugx-malware","source":"MITRE","title":"Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware","authors":"EclecticIQ Threat Research Team","date_accessed":"2025-09-09T00:00:00Z","date_published":"2023-02-02T00:00:00Z","owner_name":null,"tidal_id":"c0a4d3a0-116d-54aa-b801-352301d418f3","created":"2025-10-29T21:08:48.166853Z","modified":"2025-12-17T15:08:36.438555Z"},{"id":"5fdd102b-7677-5fdc-9c05-2432e2a35eb6","name":"Cisco Talos MUSTANG PANDA PLUGX PUBLOAD MAY 2022","description":"Asheer Malhotra, Jungsoo An, Kendall Mc. (2022, May 5). Mustang Panda deploys a new wave of malware targeting Europe. Retrieved August 4, 2025.","url":"https://blog.talosintelligence.com/mustang-panda-targets-europe/","source":"MITRE","title":"Mustang Panda deploys a new wave of malware targeting Europe","authors":"Asheer Malhotra, Jungsoo An, Kendall Mc","date_accessed":"2025-08-04T00:00:00Z","date_published":"2022-05-05T00:00:00Z","owner_name":null,"tidal_id":"2490a531-b5b0-5bdd-aca4-78b54866f998","created":"2025-10-29T21:08:48.166794Z","modified":"2025-12-17T15:08:36.438530Z"},{"id":"6d329def-43ef-40e0-bf70-7bc6fa9bcc2a","name":"Cisco Talos Mustang Panda May 5 2022","description":"Asheer Malhotra, Jungsoo An, Kendall McKay. (2022, May 5). Mustang Panda deploys a new wave of malware targeting Europe. Retrieved June 9, 2025.","url":"https://blog.talosintelligence.com/mustang-panda-targets-europe/","source":"Tidal Cyber","title":"Mustang Panda deploys a new wave of malware targeting Europe","authors":"Asheer Malhotra, Jungsoo An, Kendall McKay","date_accessed":"2025-06-09T00:00:00Z","date_published":"2022-05-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9839b45b-34a6-5e14-bf2f-a588c87fe658","created":"2025-06-10T15:50:20.352132Z","modified":"2025-06-10T15:50:20.520618Z"},{"id":"9fca64ae-e272-5849-b9e4-82c5578cafba","name":"Eset PlugX Korplug Mustang Panda March 2022","description":"Alexandre Cote Cyr. (2022, March 23). Mustang Panda’s Hodur: Old tricks, new Korplug variant. Retrieved September 9, 2025.","url":"https://www.welivesecurity.com/2022/03/23/mustang-panda-hodur-old-tricks-new-korplug-variant/","source":"MITRE","title":"Mustang Panda’s Hodur: Old tricks, new Korplug variant","authors":"Alexandre Cote Cyr","date_accessed":"2025-09-09T00:00:00Z","date_published":"2022-03-23T00:00:00Z","owner_name":null,"tidal_id":"4768d6e2-8d4e-5651-88d0-b4489e657ef6","created":"2025-10-29T21:08:48.166780Z","modified":"2025-12-17T15:08:36.438523Z"},{"id":"e1384ecc-7fb9-588c-aca9-a67dc1ca1b60","name":"Microsoft Mutexes","description":"Microsoft. (2022, March 11). Mutexes. Retrieved September 19, 2024.","url":"https://learn.microsoft.com/en-us/dotnet/standard/threading/mutexes","source":"MITRE","title":"Mutexes","authors":"Microsoft","date_accessed":"2024-09-19T00:00:00Z","date_published":"2022-03-11T00:00:00Z","owner_name":null,"tidal_id":"d93f823a-3a51-5bdc-a11b-04c741e3b958","created":"2024-10-31T16:28:20.488070Z","modified":"2025-12-17T15:08:36.429015Z"},{"id":"d46c10b8-5041-5990-bc03-591b180a1930","name":"CodeX Microsoft Defender 2021","description":"Christopher Brumm. (2021, August 4). My learnings on Microsoft Defender for Endpoint and Exclusions. Retrieved March 18, 2025.","url":"https://medium.com/codex/my-learnings-on-microsoft-defender-for-endpoint-and-exclusions-ddacf2fdd047","source":"MITRE","title":"My learnings on Microsoft Defender for Endpoint and Exclusions","authors":"Christopher Brumm","date_accessed":"2025-03-18T00:00:00Z","date_published":"2021-08-04T00:00:00Z","owner_name":null,"tidal_id":"ac95505c-5ac9-5546-bcf5-481ef63e5d0a","created":"2025-04-22T20:47:32.854094Z","modified":"2025-12-17T15:08:36.442907Z"},{"id":"f0f1a57f-399c-48b8-a43b-fd911baf4471","name":"Securelist October 15 2025","description":"None Identified. (2025, October 15). Mysterious Elephant APT: TTPs and tools | Securelist. Retrieved January 20, 2026.","url":"https://securelist.com/mysterious-elephant-apt-ttps-and-tools/117596/","source":"Tidal Cyber","title":"Mysterious Elephant APT: TTPs and tools | Securelist","authors":"None Identified","date_accessed":"2026-01-20T12:00:00Z","date_published":"2025-10-15T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e6603738-8764-5c61-9591-a6bdb02fd8d7","created":"2026-01-23T20:29:38.428730Z","modified":"2026-01-23T20:29:38.860124Z"},{"id":"de3091b4-663e-4d9e-9dde-51250749863d","name":"Mythc Documentation","description":"Thomas, C. (n.d.). Mythc Documentation. Retrieved March 25, 2022.","url":"https://docs.mythic-c2.net/","source":"MITRE","title":"Mythc Documentation","authors":"Thomas, C","date_accessed":"2022-03-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"00ebb2e9-27d3-5024-bcca-be0ef9578e23","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423429Z"},{"id":"20d0adf0-b832-4b03-995e-dfb56474ddcc","name":"Mythic Github","description":"Thomas, C. (2018, July 4). Mythic. Retrieved March 25, 2022.","url":"https://github.com/its-a-feature/Mythic","source":"MITRE","title":"Mythic","authors":"Thomas, C","date_accessed":"2022-03-25T00:00:00Z","date_published":"2018-07-04T00:00:00Z","owner_name":null,"tidal_id":"55d16abf-d8d9-5b4f-9374-17466dbfb86d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423414Z"},{"id":"efa5dc67-3364-4049-bb13-8b9e1b55f172","name":"Crowdstrike Mythic Leopard Profile","description":"Crowdstrike. (n.d.). Mythic Leopard. Retrieved October 6, 2021.","url":"https://adversary.crowdstrike.com/en-US/adversary/mythic-leopard/","source":"MITRE","title":"Mythic Leopard","authors":"Crowdstrike","date_accessed":"2021-10-06T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"876b9aa6-8ef1-55ed-93ea-6e3207228d96","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438311Z"},{"id":"f080acab-a6a0-42e1-98ff-45e415393648","name":"CheckPoint Naikon May 2020","description":"CheckPoint. (2020, May 7). Naikon APT: Cyber Espionage Reloaded. Retrieved May 26, 2020.","url":"https://research.checkpoint.com/2020/naikon-apt-cyber-espionage-reloaded/","source":"MITRE","title":"Naikon APT: Cyber Espionage Reloaded","authors":"CheckPoint","date_accessed":"2020-05-26T00:00:00Z","date_published":"2020-05-07T00:00:00Z","owner_name":null,"tidal_id":"1502c216-8148-5731-94df-d2d66e5eaa62","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417651Z"},{"id":"55660913-4c03-4360-bb8b-1cad94bd8d0e","name":"Bitdefender Naikon April 2021","description":"Vrabie, V. (2021, April 23). NAIKON – Traces from a Military Cyber-Espionage Operation. Retrieved June 29, 2021.","url":"https://www.bitdefender.com/files/News/CaseStudies/study/396/Bitdefender-PR-Whitepaper-NAIKON-creat5397-en-EN.pdf","source":"MITRE","title":"NAIKON – Traces from a Military Cyber-Espionage Operation","authors":"Vrabie, V","date_accessed":"2021-06-29T00:00:00Z","date_published":"2021-04-23T00:00:00Z","owner_name":null,"tidal_id":"426fd563-29c7-580f-ae43-c44cb26104b4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417335Z"},{"id":"09a3f7dd-5597-4a55-8408-a2f09f4efcd4","name":"Microsoft Named Pipes","description":"Microsoft. (2018, May 31). Named Pipes. Retrieved September 28, 2021.","url":"https://docs.microsoft.com/en-us/windows/win32/ipc/named-pipes","source":"MITRE","title":"Named Pipes","authors":"Microsoft","date_accessed":"2021-09-28T00:00:00Z","date_published":"2018-05-31T00:00:00Z","owner_name":null,"tidal_id":"9a78708d-9c1c-5353-afcb-9a3636df13cf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437073Z"},{"id":"41984650-a0ac-4445-80b6-7ceaf93bd135","name":"fsecure NanHaiShu July 2016","description":"F-Secure Labs. (2016, July). NANHAISHU RATing the South China Sea. Retrieved July 6, 2018.","url":"https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf","source":"MITRE","title":"NANHAISHU RATing the South China Sea","authors":"F-Secure Labs","date_accessed":"2018-07-06T00:00:00Z","date_published":"2016-07-01T00:00:00Z","owner_name":null,"tidal_id":"a4448190-da08-51cc-8fe2-d4ea55295955","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419443Z"},{"id":"6abac972-bbd0-4cd2-b3a7-25e7825ac134","name":"DigiTrust NanoCore Jan 2017","description":"The DigiTrust Group. (2017, January 01). NanoCore Is Not Your Average RAT. Retrieved November 9, 2018.","url":"https://www.digitrustgroup.com/nanocore-not-your-average-rat/","source":"MITRE","title":"NanoCore Is Not Your Average RAT","authors":"The DigiTrust Group","date_accessed":"2018-11-09T00:00:00Z","date_published":"2017-01-01T00:00:00Z","owner_name":null,"tidal_id":"f38c8b1c-d7a0-5e0c-bc1e-792ecd8bcfa6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421280Z"},{"id":"caa0a421-04b0-4ebc-b365-97082d69d33d","name":"PaloAlto NanoCore Feb 2016","description":"Kasza, A., Halfpop, T. (2016, February 09). NanoCoreRAT Behind an Increase in Tax-Themed Phishing E-mails. Retrieved November 9, 2018.","url":"https://researchcenter.paloaltonetworks.com/2016/02/nanocorerat-behind-an-increase-in-tax-themed-phishing-e-mails/","source":"MITRE","title":"NanoCoreRAT Behind an Increase in Tax-Themed Phishing E-mails","authors":"Kasza, A., Halfpop, T","date_accessed":"2018-11-09T00:00:00Z","date_published":"2016-02-09T00:00:00Z","owner_name":null,"tidal_id":"f2cb1124-d512-5b48-b29d-af060f6da188","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421267Z"},{"id":"e678414d-4029-5e27-865d-5d67a891306a","name":"N.A. October 2017","description":"N.A. 2017, October What are the different operating modes in PLC?. Retrieved 2021/01/28","url":"https://forumautomation.com/t/what-are-the-different-operating-modes-in-plc/2489","source":"ICS","title":"N.A. October 2017","authors":"","date_accessed":"2021-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b7437453-30cd-5305-89c2-fb636eede201","created":"2026-01-28T13:08:18.176809Z","modified":"2026-01-28T13:08:18.176812Z"},{"id":"276f2008-5323-5245-9321-21d946264e76","name":"National Institute of Standards and Technology April 2013","description":"National Institute of Standards and Technology 2013, April Security and Privacy Controls for Federal Information Systems and Organizations. Retrieved 2020/09/17","url":"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf","source":"ICS","title":"National Institute of Standards and Technology April 2013","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d3acd6f9-3809-54e7-8868-534787639551","created":"2026-01-28T13:08:18.175157Z","modified":"2026-01-28T13:08:18.175160Z"},{"id":"9836dea6-f18b-5d4f-a65c-8e0d2834af02","name":"National Security Agency February 2016","description":"National Security Agency 2016, February Position Zero: Integrity Checking Windows-Based ICS/SCADA Systems. Retrieved 2020/09/25","url":"https://apps.nsa.gov/iaarchive/library/ia-guidance/security-configuration/industrial-control-systems/position-zero-integrity-checking-windows-based-ics-scada-systems.cfm","source":"ICS","title":"National Security Agency February 2016","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8c18dc7c-1cdc-5f1b-a92d-b0808296cb66","created":"2026-01-28T13:08:18.179813Z","modified":"2026-01-28T13:08:18.179816Z"},{"id":"634404e3-e2c9-4872-a280-12d2be168cba","name":"Unit42 BabyShark Feb 2019","description":"Unit 42. (2019, February 22). New BabyShark Malware Targets U.S. National Security Think Tanks. Retrieved October 7, 2019.","url":"https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/","source":"MITRE","title":"National Security Think Tanks","authors":"Unit 42. (2019, February 22)","date_accessed":"2019-10-07T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"aea4df66-d07c-5c52-bdb8-7208e1ba15ca","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421732Z"},{"id":"9b42dcc6-a39c-4d74-adc3-135f9ceac5ba","name":"National Vulnerability Database","description":"National Vulnerability Database. (n.d.). National Vulnerability Database. Retrieved October 15, 2020.","url":"https://nvd.nist.gov/","source":"MITRE","title":"National Vulnerability Database","authors":"National Vulnerability Database","date_accessed":"2020-10-15T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6218f079-cab4-51cf-9888-5b73faa95583","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426724Z"},{"id":"a3e224e7-fe22-48d6-9ff5-35900f06c060","name":"NationsBuying","description":"Nicole Perlroth and David E. Sanger. (2013, July 12). Nations Buying as Hackers Sell Flaws in Computer Code. Retrieved March 9, 2017.","url":"https://www.nytimes.com/2013/07/14/world/europe/nations-buying-as-hackers-sell-computer-flaws.html","source":"MITRE","title":"Nations Buying as Hackers Sell Flaws in Computer Code","authors":"Nicole Perlroth and David E. Sanger","date_accessed":"2017-03-09T00:00:00Z","date_published":"2013-07-12T00:00:00Z","owner_name":null,"tidal_id":"0afba194-9b1f-5a7f-8ea0-80055c219746","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434823Z"},{"id":"02338a66-6820-4505-8239-a1f1fcc60d32","name":"FireEye Maze May 2020","description":"Kennelly, J., Goody, K., Shilko, J. (2020, May 7). Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents. Retrieved May 18, 2020.","url":"https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html","source":"MITRE","title":"Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents","authors":"Kennelly, J., Goody, K., Shilko, J","date_accessed":"2020-05-18T00:00:00Z","date_published":"2020-05-07T00:00:00Z","owner_name":null,"tidal_id":"3573ee8f-bc22-5581-bd2f-cd41609f2431","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421845Z"},{"id":"f644ac27-a923-489b-944e-1ba89c609307","name":"Talos NavRAT May 2018","description":"Mercer, W., Rascagneres, P. (2018, May 31). NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea. Retrieved June 11, 2018.","url":"https://blog.talosintelligence.com/2018/05/navrat.html","source":"MITRE","title":"NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea","authors":"Mercer, W., Rascagneres, P","date_accessed":"2018-06-11T00:00:00Z","date_published":"2018-05-31T00:00:00Z","owner_name":null,"tidal_id":"6cfa9049-6722-5238-a7a8-978651288590","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418623Z"},{"id":"4119091a-96f8-441c-b66f-ee0d9013d7ca","name":"GitHub NBNSpoof","description":"Nomex. (2014, February 7). NBNSpoof. Retrieved November 17, 2017.","url":"https://github.com/nomex/nbnspoof","source":"MITRE","title":"NBNSpoof","authors":"Nomex","date_accessed":"2017-11-17T00:00:00Z","date_published":"2014-02-07T00:00:00Z","owner_name":null,"tidal_id":"afb0e9c1-f030-56e1-a9fa-1d72d0092b32","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424720Z"},{"id":"505c9e8b-66e0-435c-835f-b4405ba91966","name":"SecTools nbtscan June 2003","description":"SecTools. (2003, June 11). NBTscan. Retrieved March 17, 2021.","url":"https://sectools.org/tool/nbtscan/","source":"MITRE","title":"NBTscan","authors":"SecTools","date_accessed":"2021-03-17T00:00:00Z","date_published":"2003-06-11T00:00:00Z","owner_name":null,"tidal_id":"4a2f1354-476c-56ec-a45f-555c1b832e5c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423280Z"},{"id":"8d718be1-9695-4e61-a922-5162d88477c0","name":"Debian nbtscan Nov 2019","description":"Bezroutchko, A. (2019, November 19). NBTscan man page. Retrieved March 17, 2021.","url":"https://manpages.debian.org/testing/nbtscan/nbtscan.1.en.html","source":"MITRE","title":"NBTscan man page","authors":"Bezroutchko, A","date_accessed":"2021-03-17T00:00:00Z","date_published":"2019-11-19T00:00:00Z","owner_name":null,"tidal_id":"c22f227b-47d8-59ac-beaf-57fd8ecc78c7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423266Z"},{"id":"1b1e6b08-fc2a-48f7-82bd-e3c1a7a0d97e","name":"TechNet Nbtstat","description":"Microsoft. (n.d.). Nbtstat. Retrieved April 17, 2016.","url":"https://technet.microsoft.com/en-us/library/cc940106.aspx","source":"MITRE","title":"Nbtstat","authors":"Microsoft","date_accessed":"2016-04-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"acd245ef-0e6d-5b72-956c-79849d56a9f2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423253Z"},{"id":"c177d509-2484-5fdd-af1e-1ba82fe2ade6","name":"NCCIC August 2018","description":"NCCIC 2018, August 2 Recommended Practice: Updating Antivirus in an Industrial Control System. Retrieved 2020/09/17","url":"https://us-cert.cisa.gov/sites/default/files/recommended_practices/Recommended%20Practice%20Updating%20Antivirus%20in%20an%20Industrial%20Control%20System_S508C.pdf","source":"ICS","title":"NCCIC August 2018","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a4db3be0-6451-5edd-b8da-99e37dccbc1e","created":"2026-01-28T13:08:18.175244Z","modified":"2026-01-28T13:08:18.175247Z"},{"id":"88508f0d-11b1-542d-bb8d-6eafe201a89d","name":"NCCIC January 2014","description":"NCCIC 2014, January 1 Internet Accessible Control Systems At Risk. Retrieved 2019/11/07","url":"https://www.us-cert.gov/sites/default/files/Monitors/ICS-CERT_Monitor_Jan-April2014.pdf","source":"ICS","title":"NCCIC January 2014","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8eb9d3b1-2872-5573-9833-be8253e5306d","created":"2026-01-28T13:08:18.178402Z","modified":"2026-01-28T13:08:18.178405Z"},{"id":"d876d037-9d24-44af-b8f0-5c1555632b91","name":"NCSC Sandworm Feb 2020","description":"NCSC. (2020, February 20). NCSC supports US advisory regarding GRU intrusion set Sandworm. Retrieved June 10, 2020.","url":"https://www.ncsc.gov.uk/news/ncsc-supports-sandworm-advisory","source":"MITRE","title":"NCSC supports US advisory regarding GRU intrusion set Sandworm","authors":"NCSC","date_accessed":"2020-06-10T00:00:00Z","date_published":"2020-02-20T00:00:00Z","owner_name":null,"tidal_id":"2cdd8d39-12c8-5939-b00f-f974c2d23e1e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437805Z"},{"id":"264a4f99-b1dc-5afd-8178-e1f37c3db8ff","name":"7 - appv","description":"Nick Landers. (2017, August 8). Need a signed alternative to Powershell.exe? SyncAppvPublishingServer in Win10 has got you covered.. Retrieved September 12, 2024.","url":"https://x.com/monoxgas/status/895045566090010624","source":"MITRE","title":"Need a signed alternative to Powershell.exe? SyncAppvPublishingServer in Win10 has got you covered.","authors":"Nick Landers","date_accessed":"2024-09-12T00:00:00Z","date_published":"2017-08-08T00:00:00Z","owner_name":null,"tidal_id":"3ccdbb3f-7e5e-51cf-a644-b2e1a74f4b47","created":"2024-04-25T13:28:40.854448Z","modified":"2025-12-17T15:08:36.435874Z"},{"id":"d2742561-6d0a-54d6-9c6d-1e2cd789dcc4","name":"Szappanos MgBot 2014","description":"Gabor Szappanos. (2014, February 3). Needle in a haystack. Retrieved July 25, 2024.","url":"https://www.virusbulletin.com/virusbulletin/2014/02/needle-haystack","source":"MITRE","title":"Needle in a haystack","authors":"Gabor Szappanos","date_accessed":"2024-07-25T00:00:00Z","date_published":"2014-02-03T00:00:00Z","owner_name":null,"tidal_id":"0efe5cef-18c3-5ac1-9813-fee53732078b","created":"2024-10-31T16:28:33.974004Z","modified":"2025-12-17T15:08:36.420852Z"},{"id":"5f4f2814-9926-4ae3-8dd9-1d11cb8265bd","name":"Analyst1 Negotiating with LockBit","description":"Anastasia Sentsova. (n.d.). Negotiating with LockBit: Uncovering the Evolution of Operations and Newly Established Rules. Retrieved December 19, 2024.","url":"https://analyst1.com/blog-negotiating-with-lockbit-uncovering-the-evolution-of-operations-and-newly-established-rules/","source":"Tidal Cyber","title":"Negotiating with LockBit: Uncovering the Evolution of Operations and Newly Established Rules","authors":"Anastasia Sentsova","date_accessed":"2024-12-19T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"f19d7336-a51c-5e5c-b442-41eadf78f39a","created":"2025-04-11T15:06:27.592803Z","modified":"2025-04-11T15:06:27.754101Z"},{"id":"10443655-e81a-52fb-9862-bb6d6abb1dd5","name":"GitHub Neo-reGeorg 2019","description":"L-Codes. (2019). Neo-reGeorg. Retrieved December 4, 2024.","url":"https://github.com/L-codes/Neo-reGeorg/blob/master/README-en.md","source":"MITRE","title":"Neo-reGeorg","authors":"L-Codes","date_accessed":"2024-12-04T00:00:00Z","date_published":"2019-01-01T00:00:00Z","owner_name":null,"tidal_id":"affd6ff1-96bb-57dc-a4f8-9f761b3d7056","created":"2025-04-22T20:47:28.526445Z","modified":"2025-12-17T15:08:36.421396Z"},{"id":"f756ee2e-2e79-41df-bf9f-6492a9708663","name":"TechNet NetBIOS","description":"Microsoft. (n.d.). NetBIOS Name Resolution. Retrieved November 17, 2017.","url":"https://technet.microsoft.com/library/cc958811.aspx","source":"MITRE","title":"NetBIOS Name Resolution","authors":"Microsoft","date_accessed":"2017-11-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5be912fd-9d52-5bbd-8770-6ed04a23fb05","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424714Z"},{"id":"a04320b9-0c6a-49f9-8b84-50587278cdfb","name":"Microsoft Net","description":"Microsoft. (2017, February 14). Net Commands On Windows Operating Systems. Retrieved March 19, 2020.","url":"https://support.microsoft.com/en-us/help/556003","source":"MITRE","title":"Net Commands On Windows Operating Systems","authors":"Microsoft","date_accessed":"2020-03-19T00:00:00Z","date_published":"2017-02-14T00:00:00Z","owner_name":null,"tidal_id":"d9de61c9-496d-5e54-b858-6a62222dabca","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440586Z"},{"id":"e814d4a5-b846-4d68-ac00-7021238d287a","name":"Savill 1999","description":"Savill, J. (1999, March 4). Net.exe reference. Retrieved September 22, 2015.","url":"https://web.archive.org/web/20150511162820/http://windowsitpro.com/windows/netexe-reference","source":"MITRE","title":"Net.exe reference","authors":"Savill, J","date_accessed":"2015-09-22T00:00:00Z","date_published":"1999-03-04T00:00:00Z","owner_name":null,"tidal_id":"74c7eb54-fe98-5c33-9999-74556dc10688","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422671Z"},{"id":"75998d1c-69c0-40d2-a64b-43ad8efa05da","name":"Microsoft Net Utility","description":"Microsoft. (2006, October 18). Net.exe Utility. Retrieved September 22, 2015.","url":"https://msdn.microsoft.com/en-us/library/aa939914","source":"MITRE","title":"Net.exe Utility","authors":"Microsoft","date_accessed":"2015-09-22T00:00:00Z","date_published":"2006-10-18T00:00:00Z","owner_name":null,"tidal_id":"02049c8e-7b6e-52a9-8645-a0841b145c5d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422664Z"},{"id":"23ec5471-808c-53fa-8bce-36b3982e9dd1","name":"Microsoft Net Group","description":"Microsoft. (2016, August 31). Net group. Retrieved August 5, 2024.","url":"https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc754051(v=ws.11)","source":"MITRE","title":"Net group","authors":"Microsoft","date_accessed":"2024-08-05T00:00:00Z","date_published":"2016-08-31T00:00:00Z","owner_name":null,"tidal_id":"59243417-9a07-5479-8343-62d79458a597","created":"2024-10-31T16:28:19.658760Z","modified":"2025-12-17T15:08:36.428229Z"},{"id":"f7e55413-2e3f-5e46-ba73-75eaa1ed6ec3","name":"Microsoft Net Localgroup","description":"Microsoft. (2016, August 31). Net Localgroup. Retrieved August 5, 2024.","url":"https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc725622(v=ws.11)","source":"MITRE","title":"Net Localgroup","authors":"Microsoft","date_accessed":"2024-08-05T00:00:00Z","date_published":"2016-08-31T00:00:00Z","owner_name":null,"tidal_id":"221eb0b9-f802-58e2-9bcc-ad643cac81e1","created":"2024-10-31T16:28:19.666056Z","modified":"2025-12-17T15:08:36.428235Z"},{"id":"00fb3fa3-6f72-47ad-a950-f258a70485f2","name":"TechNet Netsh Firewall","description":"Microsoft. (2009, June 3). Netsh Commands for Windows Firewall. Retrieved April 20, 2016.","url":"https://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx","source":"MITRE","title":"Netsh Commands for Windows Firewall","authors":"Microsoft","date_accessed":"2016-04-20T00:00:00Z","date_published":"2009-06-03T00:00:00Z","owner_name":null,"tidal_id":"7b0dffa7-8f5c-5783-be73-6bfe8ada3261","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441672Z"},{"id":"6d76b28f-ab57-46bd-871d-1488212d3a8f","name":"Netsh.exe - LOLBAS Project","description":"LOLBAS. (2019, December 24). Netsh.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Netsh/","source":"Tidal Cyber","title":"Netsh.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2019-12-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bb2c0b15-8efd-5258-a1ea-11579ea05c41","created":"2024-01-12T14:46:50.981213Z","modified":"2024-01-12T14:46:51.195586Z"},{"id":"c3169722-9c32-4a38-a7fe-8d4b6e51ca36","name":"Github Netsh Helper CS Beacon","description":"Smeets, M. (2016, September 26). NetshHelperBeacon. Retrieved February 13, 2017.","url":"https://github.com/outflankbv/NetshHelperBeacon","source":"MITRE","title":"NetshHelperBeacon","authors":"Smeets, M","date_accessed":"2017-02-13T00:00:00Z","date_published":"2016-09-26T00:00:00Z","owner_name":null,"tidal_id":"ff2cf604-0ae8-517a-bcaf-3401c57591a0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434018Z"},{"id":"84ac26d8-9c7c-4c8c-bf64-a9fb4578388c","name":"TechNet Netstat","description":"Microsoft. (n.d.). Netstat. Retrieved April 17, 2016.","url":"https://technet.microsoft.com/en-us/library/bb490947.aspx","source":"MITRE","title":"Netstat","authors":"Microsoft","date_accessed":"2016-04-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b9b11dcb-2e0e-5c10-9928-8f107018ee75","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422946Z"},{"id":"c0bfa6d0-f170-5824-a692-edd2f5bdd0ad","name":"Netstat","description":"Wikipedia. (n.d.). Netstat. Retrieved May","url":"https://en.wikipedia.org/wiki/Netstat","source":"ICS","title":"Netstat","authors":"Wikipedia","date_accessed":"1978-05-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1a45cf07-9889-5e01-b8f9-4550c4a7acdc","created":"2026-01-28T13:08:18.178351Z","modified":"2026-01-28T13:08:18.178356Z"},{"id":"0436db31-42f0-47c1-b9a9-c6bb7c60a1ec","name":"The DFIR Report NetSupport October 30 2023","description":"The DFIR Report. (2023, October 30). NetSupport Intrusion Results in Domain Compromise. Retrieved May 22, 2024.","url":"https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/","source":"Tidal Cyber","title":"NetSupport Intrusion Results in Domain Compromise","authors":"The DFIR Report","date_accessed":"2024-05-22T00:00:00Z","date_published":"2023-10-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"426a5b2b-1191-50df-ac70-ab3fd25fe85c","created":"2024-06-13T20:11:03.050722Z","modified":"2024-06-13T20:11:03.243683Z"},{"id":"83094489-791f-4925-879f-e79f67e4bf1f","name":"TechNet Net Time","description":"Microsoft. (n.d.). Net time. Retrieved November 25, 2016.","url":"https://technet.microsoft.com/bb490716.aspx","source":"MITRE","title":"Net time","authors":"Microsoft","date_accessed":"2016-11-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"57863aee-01b1-5167-a845-9c1ce31618f7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440526Z"},{"id":"f761d4b6-8fc5-4037-aa34-7982c17f8bed","name":"Technet Net Use","description":"Microsoft. (n.d.). Net Use. Retrieved November 25, 2016.","url":"https://technet.microsoft.com/bb490717.aspx","source":"MITRE","title":"Net Use","authors":"Microsoft","date_accessed":"2016-11-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2f120b00-3631-5c8b-9167-6856782513bb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433325Z"},{"id":"ceda9ef6-e609-4a34-9db1-d2a3ebffb679","name":"TrendMicro Netwalker May 2020","description":"Victor, K.. (2020, May 18). Netwalker Fileless Ransomware Injected via Reflective Loading . Retrieved May 26, 2020.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/netwalker-fileless-ransomware-injected-via-reflective-loading/","source":"MITRE","title":"Netwalker Fileless Ransomware Injected via Reflective Loading","authors":"Victor, K.","date_accessed":"2020-05-26T00:00:00Z","date_published":"2020-05-18T00:00:00Z","owner_name":null,"tidal_id":"75e2c40f-0591-55ad-a140-176d278b7f94","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419629Z"},{"id":"721db562-6046-4f47-95a1-36a16f26f3d1","name":"Sophos Netwalker May 2020","description":"Szappanos, G., Brandt, A.. (2020, May 27). Netwalker ransomware tools give insight into threat actor. Retrieved May 27, 2020.","url":"https://news.sophos.com/en-us/2020/05/27/netwalker-ransomware-tools-give-insight-into-threat-actor/","source":"MITRE","title":"Netwalker ransomware tools give insight into threat actor","authors":"Szappanos, G., Brandt, A.","date_accessed":"2020-05-27T00:00:00Z","date_published":"2020-05-27T00:00:00Z","owner_name":null,"tidal_id":"7dd45816-6165-5bd2-8b24-2ac938256db5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440785Z"},{"id":"b02fbf00-f571-4507-941d-ac1d4a8310b0","name":"McAfee Netwire Mar 2015","description":"McAfee. (2015, March 2). Netwire RAT Behind Recent Targeted Attacks. Retrieved February 15, 2018.","url":"https://securingtomorrow.mcafee.com/mcafee-labs/netwire-rat-behind-recent-targeted-attacks/","source":"MITRE","title":"Netwire RAT Behind Recent Targeted Attacks","authors":"McAfee","date_accessed":"2018-02-15T00:00:00Z","date_published":"2015-03-02T00:00:00Z","owner_name":null,"tidal_id":"6327a2b1-1e63-5235-bd6f-d4e7b1a78e23","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417522Z"},{"id":"25e0244a-b829-4df9-a435-b6f9f1a2f0bc","name":"Windows Anonymous Enumeration of SAM Accounts","description":"Microsoft. (2017, April 19). Network access: Do not allow anonymous enumeration of SAM accounts and shares. Retrieved May 20, 2020.","url":"https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares","source":"MITRE","title":"Network access: Do not allow anonymous enumeration of SAM accounts and shares","authors":"Microsoft","date_accessed":"2020-05-20T00:00:00Z","date_published":"2017-04-19T00:00:00Z","owner_name":null,"tidal_id":"fe311fda-68dd-5d91-acc7-19fefc87b26a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442559Z"},{"id":"e0d8c585-e898-43ba-8d46-201dbe52db56","name":"Microsoft Network access Credential Manager","description":"Microsoft. (2016, August 31). Network access: Do not allow storage of passwords and credentials for network authentication. Retrieved November 23, 2020.","url":"https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj852185(v=ws.11)?redirectedfrom=MSDN","source":"MITRE","title":"Network access: Do not allow storage of passwords and credentials for network authentication","authors":"Microsoft","date_accessed":"2020-11-23T00:00:00Z","date_published":"2016-08-31T00:00:00Z","owner_name":null,"tidal_id":"a9e71520-7a52-5898-8c0f-e07c1b3276e3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442245Z"},{"id":"1e49b346-d822-4f82-92db-2989313d07e9","name":"Microsoft NFS Overview","description":"Microsoft. (2018, July 9). Network File System overview. Retrieved September 28, 2021.","url":"https://docs.microsoft.com/en-us/windows-server/storage/nfs/nfs-overview","source":"MITRE","title":"Network File System overview","authors":"Microsoft","date_accessed":"2021-09-28T00:00:00Z","date_published":"2018-07-09T00:00:00Z","owner_name":null,"tidal_id":"d4bade7b-9940-5696-ba12-a18aceee368e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437216Z"},{"id":"12a87eea-11c3-594e-85c6-96620ebc55d0","name":"NetworkInterface","description":"Android. (n.d.). NetworkInterface. Retrieved December","url":"https://developer.android.com/reference/java/net/NetworkInterface.html","source":"Mobile","title":"NetworkInterface","authors":"Android","date_accessed":"1978-12-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"44486369-a4ba-574b-9c18-7ff3fe39a9cd","created":"2026-01-28T13:08:10.046000Z","modified":"2026-01-28T13:08:10.046003Z"},{"id":"b218434e-4233-5963-824e-50ee32d468ed","name":"Network Provider API","description":"Microsoft. (2021, January 7). Network Provider API. Retrieved March 30, 2023.","url":"https://learn.microsoft.com/en-us/windows/win32/secauthn/network-provider-api","source":"MITRE","title":"Network Provider API","authors":"Microsoft","date_accessed":"2023-03-30T00:00:00Z","date_published":"2021-01-07T00:00:00Z","owner_name":null,"tidal_id":"3c384e99-0aec-5ae8-b246-9fa6b3d6ce7c","created":"2023-05-26T01:21:08.164026Z","modified":"2025-12-17T15:08:36.432560Z"},{"id":"b1ae949d-9294-5972-aa3c-f20b2dae2ca4","name":"Android-NetworkSecurityConfig","description":"Google. (n.d.). Network Security Configuration. Retrieved December","url":"https://developer.android.com/training/articles/security-config.html","source":"Mobile","title":"Network Security Configuration","authors":"Google","date_accessed":"1978-12-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"527e7a51-b7cf-5935-a51d-71881b15ef21","created":"2026-01-28T13:08:10.038669Z","modified":"2026-01-28T13:08:10.038673Z"},{"id":"87f4fe4c-54cd-40a7-938b-6e6f6d2efbea","name":"Malwarebytes Agent Tesla April 2020","description":"Jazi, H. (2020, April 16). New AgentTesla variant steals WiFi credentials. Retrieved May 19, 2020.","url":"https://blog.malwarebytes.com/threat-analysis/2020/04/new-agenttesla-variant-steals-wifi-credentials/","source":"MITRE","title":"New AgentTesla variant steals WiFi credentials","authors":"Jazi, H","date_accessed":"2020-05-19T00:00:00Z","date_published":"2020-04-16T00:00:00Z","owner_name":null,"tidal_id":"8d9bc57a-c665-53e2-b1b2-2f29306a0059","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422129Z"},{"id":"b61b7db6-ed0d-546d-b1e0-c2630530975b","name":"Malware Bytes New AgentTesla variant steals WiFi credentials","description":"Hossein Jazi. (2020, April 16). New AgentTesla variant steals WiFi credentials. Retrieved September 8, 2023.","url":"https://www.malwarebytes.com/blog/news/2020/04/new-agenttesla-variant-steals-wifi-credentials","source":"MITRE","title":"New AgentTesla variant steals WiFi credentials","authors":"Hossein Jazi","date_accessed":"2023-09-08T00:00:00Z","date_published":"2020-04-16T00:00:00Z","owner_name":null,"tidal_id":"8c4a94db-6481-5767-abd8-1b418cb95ab4","created":"2023-11-07T00:36:01.905484Z","modified":"2025-12-17T15:08:36.428975Z"},{"id":"b667eb44-8c2f-4319-bc93-f03610214b8b","name":"TrendMicro New Andariel Tactics July 2018","description":"Chen, Joseph. (2018, July 16). New Andariel Reconnaissance Tactics Uncovered. Retrieved September 29, 2021.","url":"https://www.trendmicro.com/en_us/research/18/g/new-andariel-reconnaissance-tactics-hint-at-next-targets.html","source":"MITRE","title":"New Andariel Reconnaissance Tactics Uncovered","authors":"Chen, Joseph","date_accessed":"2021-09-29T00:00:00Z","date_published":"2018-07-16T00:00:00Z","owner_name":null,"tidal_id":"7b3d9623-9fcd-565f-91d0-de5978864ba1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438205Z"},{"id":"91fe1539-0415-5451-8058-86ae9c86382c","name":"PaloAlto-Xbot","description":"Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December","url":"http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/","source":"Mobile","title":"New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom","authors":"Cong Zheng, Claud Xiao and Zhi Xu","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-02-18T00:00:00Z","owner_name":null,"tidal_id":"60aea8da-4a82-5cd1-aa9f-936039e6e6d3","created":"2026-01-28T13:08:10.042589Z","modified":"2026-01-28T13:08:10.042592Z"},{"id":"53fee40c-456b-5200-9f4c-87a52012a7d2","name":"Guardsquare Janus","description":"Guarsquare. (2017, November 13). New Android vulnerability allows attackers to modify apps without affecting their signatures. Retrieved May","url":"https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures","source":"Mobile","title":"New Android vulnerability allows attackers to modify apps without affecting their signatures","authors":"Guarsquare","date_accessed":"1978-05-01T00:00:00Z","date_published":"2017-11-13T00:00:00Z","owner_name":null,"tidal_id":"e31837fa-25fb-5741-ad6c-8a6a9c7299fa","created":"2026-01-28T13:08:10.045975Z","modified":"2026-01-28T13:08:10.045978Z"},{"id":"08147961-e492-5c96-a1ee-8a80430b1e80","name":"SilentPush_GamaredonFastFlux_Sept2023","description":"Silent Push. (2023, September 7). From Russia with a 71: Uncovering Gamaredon's fast flux infrastructure. New Apex domains and ASN/IP diversity patterns discovered. Retrieved July 28, 2025.","url":"https://www.silentpush.com/blog/from-russia-with-a-71/","source":"MITRE","title":"New Apex domains and ASN/IP diversity patterns discovered","authors":"Silent Push. (2023, September 7)","date_accessed":"2025-07-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4e57af48-0853-5b7a-b0f7-af9f5644a459","created":"2025-10-29T21:08:48.167683Z","modified":"2025-12-17T15:08:36.441298Z"},{"id":"c740fc1c-093e-4389-890e-1fd88a824df4","name":"Unit 42 C0d0so0 Jan 2016","description":"Grunzweig, J., Lee, B. (2016, January 22). New Attacks Linked to C0d0so0 Group. Retrieved August 2, 2018.","url":"https://researchcenter.paloaltonetworks.com/2016/01/new-attacks-linked-to-c0d0s0-group/","source":"MITRE","title":"New Attacks Linked to C0d0so0 Group","authors":"Grunzweig, J., Lee, B","date_accessed":"2018-08-02T00:00:00Z","date_published":"2016-01-22T00:00:00Z","owner_name":null,"tidal_id":"82e7daf6-a0f5-57e1-a3f1-4e7af4c152cd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438776Z"},{"id":"4fee21e3-1b8f-4e10-b077-b59e2df94633","name":"Trend Micro Banking Malware Jan 2019","description":"Salvio, J.. (2014, June 27). New Banking Malware Uses Network Sniffing for Data Theft. Retrieved March 25, 2019.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/new-banking-malware-uses-network-sniffing-for-data-theft/","source":"MITRE","title":"New Banking Malware Uses Network Sniffing for Data Theft","authors":"Salvio, J.","date_accessed":"2019-03-25T00:00:00Z","date_published":"2014-06-27T00:00:00Z","owner_name":null,"tidal_id":"d3d23239-bd46-5a8f-a894-9fc8188328ca","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417709Z"},{"id":"fdc56361-24f4-4fa5-949e-02e61c4d3be8","name":"IBM IcedID November 2017","description":"Kessem, L., et al. (2017, November 13). New Banking Trojan IcedID Discovered by IBM X-Force Research. Retrieved July 14, 2020.","url":"https://securityintelligence.com/new-banking-trojan-icedid-discovered-by-ibm-x-force-research/","source":"MITRE","title":"New Banking Trojan IcedID Discovered by IBM X-Force Research","authors":"Kessem, L., et al","date_accessed":"2020-07-14T00:00:00Z","date_published":"2017-11-13T00:00:00Z","owner_name":null,"tidal_id":"afe8f23b-2076-562c-a6df-1eeccce02b59","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418568Z"},{"id":"6358f7ed-41d6-56be-83bb-179e0a8b7873","name":"Minerva Labs Black Basta May 2022","description":"Zargarov, N. (2022, May 2). New Black Basta Ransomware Hijacks Windows Fax Service. Retrieved March 7, 2023.","url":"https://minerva-labs.com/blog/new-black-basta-ransomware-hijacks-windows-fax-service/","source":"MITRE","title":"New Black Basta Ransomware Hijacks Windows Fax Service","authors":"Zargarov, N","date_accessed":"2023-03-07T00:00:00Z","date_published":"2022-05-02T00:00:00Z","owner_name":null,"tidal_id":"24b008d8-fcb3-5d85-b63e-e54781d0233c","created":"2023-05-26T01:21:16.628200Z","modified":"2025-12-17T15:08:36.420303Z"},{"id":"fb4b3427-353d-44c7-8dcd-d257324a83b2","name":"Google TAG Lazarus Jan 2021","description":"Weidemann, A. (2021, January 25). New campaign targeting security researchers. Retrieved December 20, 2021.","url":"https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/","source":"MITRE","title":"New campaign targeting security researchers","authors":"Weidemann, A","date_accessed":"2021-12-20T00:00:00Z","date_published":"2021-01-25T00:00:00Z","owner_name":null,"tidal_id":"d2f3d5d3-a69c-5c9a-8a63-a51946d60283","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440501Z"},{"id":"5f6a0803-342f-4d82-a8d6-58c41f75956e","name":"Securelist December 19 2025","description":"None Identified. (2025, December 19). New Cloud Atlas APT campaign | Securelist. Retrieved December 24, 2025.","url":"https://securelist.com/cloud-atlas-h1-2025-campaign/118517/","source":"Tidal Cyber","title":"New Cloud Atlas APT campaign | Securelist","authors":"None Identified","date_accessed":"2025-12-24T12:00:00Z","date_published":"2025-12-19T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"71fb6105-db11-5dd0-954e-f83c660af16b","created":"2025-12-29T17:39:49.129213Z","modified":"2025-12-29T17:39:49.266513Z"},{"id":"9b419a40-c20b-40dd-8627-9c1c786bf165","name":"Airbus Derusbi 2015","description":"Perigaud, F. (2015, December 15). Newcomers in the Derusbi family. Retrieved September 12, 2024.","url":"https://web.archive.org/web/20180607084223/http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family","source":"MITRE","title":"Newcomers in the Derusbi family","authors":"Perigaud, F","date_accessed":"2024-09-12T00:00:00Z","date_published":"2015-12-15T00:00:00Z","owner_name":null,"tidal_id":"e3a58716-4a91-52eb-b768-36765b5c258d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442202Z"},{"id":"80530288-26a3-4c3e-ace1-47510df10fbd","name":"Malwarebytes Crossrider Apr 2018","description":"Reed, Thomas. (2018, April 24). New Crossrider variant installs configuration profiles on Macs. Retrieved September 6, 2019.","url":"https://blog.malwarebytes.com/threat-analysis/2018/04/new-crossrider-variant-installs-configuration-profiles-on-macs/","source":"MITRE","title":"New Crossrider variant installs configuration profiles on Macs","authors":"Reed, Thomas","date_accessed":"2019-09-06T00:00:00Z","date_published":"2018-04-24T00:00:00Z","owner_name":null,"tidal_id":"64a76101-a261-5fd5-8829-0fc6eca33c77","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422350Z"},{"id":"35467d53-626d-4c81-9f8e-ff9c24b7666b","name":"CERT-UA New cyber threats October 08 2025","description":"CERT-UA. (2025, October 8). New cyber threats: who and how hostile groups attack. Retrieved October 16, 2025.","url":"https://cip.gov.ua/ua/news/novi-kiberzagrozi-kogo-i-yak-atakuyut-vorozhi-ugrupovannya","source":"Tidal Cyber","title":"New cyber threats: who and how hostile groups attack","authors":"CERT-UA","date_accessed":"2025-10-16T12:00:00Z","date_published":"2025-10-08T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1deff6af-824b-5657-af6c-b02621c3fa97","created":"2025-10-17T17:09:11.489257Z","modified":"2025-10-17T17:09:11.664915Z"},{"id":"26ba5292-265d-5db4-a571-215c984fe095","name":"IBM ZeroCleare Wiper December 2019","description":"Kessem, L. (2019, December 4). New Destructive Wiper ZeroCleare Targets Energy Sector in the Middle East. Retrieved September 4, 2024.","url":"https://securityintelligence.com/posts/new-destructive-wiper-zerocleare-targets-energy-sector-in-the-middle-east/","source":"MITRE","title":"New Destructive Wiper ZeroCleare Targets Energy Sector in the Middle East","authors":"Kessem, L","date_accessed":"2024-09-04T00:00:00Z","date_published":"2019-12-04T00:00:00Z","owner_name":null,"tidal_id":"8a1354a4-4e77-53a6-b143-97756f7449de","created":"2024-10-31T16:28:29.740030Z","modified":"2025-12-17T15:08:36.420317Z"},{"id":"8ae4ec67-518e-46dd-872c-7e2a9ca4ef13","name":"CyberBit Early Bird Apr 2018","description":"Gavriel, H. & Erbesfeld, B. (2018, April 11). New ‘Early Bird’ Code Injection Technique Discovered. Retrieved May 24, 2018.","url":"https://www.cyberbit.com/blog/endpoint-security/new-early-bird-code-injection-technique-discovered/","source":"MITRE","title":"New ‘Early Bird’ Code Injection Technique Discovered","authors":"Gavriel, H. & Erbesfeld, B","date_accessed":"2018-05-24T00:00:00Z","date_published":"2018-04-11T00:00:00Z","owner_name":null,"tidal_id":"add140d4-63a7-5e66-9e83-042284a8908b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431530Z"},{"id":"3b39e73e-229f-4ff4-bec3-d83e6364a66e","name":"Zscaler Molerats Campaign","description":"Sahil Antil, Sudeep Singh. (2022, January 20). New espionage attack by Molerats APT targeting users in the Middle East. Retrieved October 10, 2023.","url":"https://www.zscaler.com/blogs/security-research/new-espionage-attack-molerats-apt-targeting-users-middle-east","source":"Tidal Cyber","title":"New espionage attack by Molerats APT targeting users in the Middle East","authors":"Sahil Antil, Sudeep Singh","date_accessed":"2023-10-10T00:00:00Z","date_published":"2022-01-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f9d7691d-a8ca-57c3-95ee-ab9d9456037b","created":"2023-11-10T19:02:31.453466Z","modified":"2023-11-10T19:02:31.572357Z"},{"id":"d7001d6f-97a1-4155-8f74-3d878d4cbb27","name":"CrowdStrike Wizard Spider March 2019","description":"Feeley, B. and Stone-Gross, B. (2019, March 20). New Evidence Proves Ongoing WIZARD SPIDER / LUNAR SPIDER Collaboration. Retrieved June 15, 2020.","url":"https://www.crowdstrike.com/blog/wizard-spider-lunar-spider-shared-proxy-module/","source":"MITRE","title":"New Evidence Proves Ongoing WIZARD SPIDER / LUNAR SPIDER Collaboration","authors":"Feeley, B. and Stone-Gross, B","date_accessed":"2020-06-15T00:00:00Z","date_published":"2019-03-20T00:00:00Z","owner_name":null,"tidal_id":"9e5fb9fb-3c5c-5ec7-bbc8-24b8f7f06f36","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441879Z"},{"id":"5695d3a2-6b6c-433a-9254-d4a2e001a8be","name":"Bleeping Computer Evil Corp mimics PayloadBin gang 2022","description":"Abrams, L. (2021, June 6). New Evil Corp ransomware mimics PayloadBin gang to evade US sanctions. Retrieved July 19, 2022.","url":"https://www.bleepingcomputer.com/news/security/new-evil-corp-ransomware-mimics-payloadbin-gang-to-evade-us-sanctions/","source":"Tidal Cyber","title":"New Evil Corp ransomware mimics PayloadBin gang to evade US sanctions","authors":"Abrams, L","date_accessed":"2022-07-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"567c1c8e-d289-50c5-baba-e91d19c53519","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.283700Z"},{"id":"c6febbb5-b994-5996-a42d-56d4cb151e83","name":"Reliaquest-execution","description":"Reliaquest. (2024, May 31). New Execution Technique in ClearFake Campaign. Retrieved August 2, 2024.","url":"https://www.reliaquest.com/blog/new-execution-technique-in-clearfake-campaign/","source":"MITRE","title":"New Execution Technique in ClearFake Campaign","authors":"Reliaquest","date_accessed":"2024-08-02T00:00:00Z","date_published":"2024-05-31T00:00:00Z","owner_name":null,"tidal_id":"5943917b-e9cb-55c6-a7d9-b1f46e299e6e","created":"2024-10-31T16:28:23.619435Z","modified":"2025-12-17T15:08:36.432451Z"},{"id":"4d0f4d0a-b812-42f8-a52c-a1f5c69e6337","name":"Microsoft Block Office Macros","description":"Windows Defender Research. (2016, March 22). New feature in Office 2016 can block macros and help prevent infection. Retrieved April 11, 2018.","url":"https://cloudblogs.microsoft.com/microsoftsecure/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/","source":"MITRE","title":"New feature in Office 2016 can block macros and help prevent infection","authors":"Windows Defender Research","date_accessed":"2018-04-11T00:00:00Z","date_published":"2016-03-22T00:00:00Z","owner_name":null,"tidal_id":"eec5b335-f385-52dc-ba8d-bda0800426f1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415773Z"},{"id":"f14f08c5-de51-4827-ba3a-f0598dfbe505","name":"TechNet Office Macro Security","description":"Microsoft Malware Protection Center. (2016, March 22). New feature in Office 2016 can block macros and help prevent infection. Retrieved July 3, 2017.","url":"https://blogs.technet.microsoft.com/mmpc/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/","source":"MITRE","title":"New feature in Office 2016 can block macros and help prevent infection","authors":"Microsoft Malware Protection Center","date_accessed":"2017-07-03T00:00:00Z","date_published":"2016-03-22T00:00:00Z","owner_name":null,"tidal_id":"79fe0e8f-76f4-531f-9848-95c9ba3b7855","created":"2022-12-14T20:06:32.013016Z","modified":"2025-04-22T20:47:33.369406Z"},{"id":"1be1b6e0-1b42-4d07-856b-b6321c17bb88","name":"SolarWinds Sunburst Sunspot Update January 2021","description":"Sudhakar Ramakrishna . (2021, January 11). New Findings From Our Investigation of SUNBURST. Retrieved January 13, 2021.","url":"https://orangematter.solarwinds.com/2021/01/11/new-findings-from-our-investigation-of-sunburst/","source":"MITRE","title":"New Findings From Our Investigation of SUNBURST","authors":"Sudhakar Ramakrishna","date_accessed":"2021-01-13T00:00:00Z","date_published":"2021-01-11T00:00:00Z","owner_name":null,"tidal_id":"07fdecfb-8fba-51fc-a17e-3a18b02d200a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420975Z"},{"id":"a8eb8cbc-7ac2-5605-ae40-34b3604cfcf8","name":"bitdefender_flubot_0524","description":"Filip TRUȚĂ, Răzvan GOSA, Adrian Mihai GOZOB. (2022, May 24). New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike. Retrieved February","url":"https://www.bitdefender.com/blog/labs/new-flubot-campaign-sweeps-through-europe-targeting-android-and-ios-users-alike/","source":"Mobile","title":"New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike","authors":"Filip TRUȚĂ, Răzvan GOSA, Adrian Mihai GOZOB","date_accessed":"1978-02-01T00:00:00Z","date_published":"2022-05-24T00:00:00Z","owner_name":null,"tidal_id":"d5f9d238-7414-54b5-986f-811f89fb87aa","created":"2026-01-28T13:08:10.042261Z","modified":"2026-01-28T13:08:10.042264Z"},{"id":"9d563136-2790-5558-8fbf-f5830da832e8","name":"Netskope XLoader 2022","description":"Gustavo Palazolo, Netskope. (2022, March 11). New Formbook Campaign Delivered Through Phishing Emails. Retrieved March 11, 2025.","url":"https://www.netskope.com/blog/new-formbook-campaign-delivered-through-phishing-emails","source":"MITRE","title":"New Formbook Campaign Delivered Through Phishing Emails","authors":"Gustavo Palazolo, Netskope","date_accessed":"2025-03-11T00:00:00Z","date_published":"2022-03-11T00:00:00Z","owner_name":null,"tidal_id":"ade2bb24-254c-5593-b295-367df94f5766","created":"2025-04-22T20:47:30.001181Z","modified":"2025-12-17T15:08:36.440354Z"},{"id":"0ba422b6-5608-5bdb-80b8-9a174fab79c8","name":"Trendmicro GnatSpy 2017","description":"Guo, G., Xu, E. (2017, December 18). New GnatSpy Mobile Malware Family Discovered. Retrieved March","url":"https://www.trendmicro.com/en_us/research/17/l/new-gnatspy-mobile-malware-family-discovered.html","source":"Mobile","title":"New GnatSpy Mobile Malware Family Discovered","authors":"Guo, G., Xu, E","date_accessed":"1978-03-01T00:00:00Z","date_published":"2017-12-18T00:00:00Z","owner_name":null,"tidal_id":"b57f3f9f-fc30-585c-ada7-ed66de01af3a","created":"2026-01-28T13:08:10.040156Z","modified":"2026-01-28T13:08:10.040161Z"},{"id":"fd862d10-79bc-489d-a552-118014d01648","name":"BleepingComp Godlua JUL19","description":"Gatlan, S. (2019, July 3). New Godlua Malware Evades Traffic Monitoring via DNS over HTTPS. Retrieved March 15, 2020.","url":"https://www.bleepingcomputer.com/news/security/new-godlua-malware-evades-traffic-monitoring-via-dns-over-https/","source":"MITRE","title":"New Godlua Malware Evades Traffic Monitoring via DNS over HTTPS","authors":"Gatlan, S","date_accessed":"2020-03-15T00:00:00Z","date_published":"2019-07-03T00:00:00Z","owner_name":null,"tidal_id":"6b08c2f0-b292-5b7b-98d0-026004cf3c1c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429374Z"},{"id":"eb020dac-b213-5b25-be63-834dc63b073c","name":"Trend Micro Agenda Ransomware AUG 2022","description":"Magdy, S. et al. (2022, August 25). New Golang Ransomware Agenda Customizes Attacks. Retrieved September 26, 2025.","url":"https://www.trendmicro.com/en_us/research/22/h/new-golang-ransomware-agenda-customizes-attacks.html","source":"MITRE","title":"New Golang Ransomware Agenda Customizes Attacks","authors":"Magdy, S. et al","date_accessed":"2025-09-26T00:00:00Z","date_published":"2022-08-25T00:00:00Z","owner_name":null,"tidal_id":"a1d6ce04-4751-5fc4-a51c-05cf9ac433ee","created":"2025-10-29T21:08:48.165276Z","modified":"2025-12-17T15:08:36.422037Z"},{"id":"a9fc3502-66c2-4504-9886-458f8a803b5d","name":"HTML Smuggling Menlo Security 2020","description":"Subramanian, K. (2020, August 18). New HTML Smuggling Attack Alert: Duri. Retrieved May 20, 2021.","url":"https://www.menlosecurity.com/blog/new-attack-alert-duri","source":"MITRE","title":"New HTML Smuggling Attack Alert: Duri","authors":"Subramanian, K","date_accessed":"2021-05-20T00:00:00Z","date_published":"2020-08-18T00:00:00Z","owner_name":null,"tidal_id":"a4482be0-9e08-5da6-996d-2781d61d9bdd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435189Z"},{"id":"54fcfc36-e0d5-422f-8a45-eeb7fa077a93","name":"Microsoft New-InboxRule","description":"Microsoft. (n.d.). New-InboxRule. Retrieved June 7, 2021.","url":"https://docs.microsoft.com/en-us/powershell/module/exchange/new-inboxrule?view=exchange-ps","source":"MITRE","title":"New-InboxRule","authors":"Microsoft","date_accessed":"2021-06-07T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b48fab54-cfdc-5263-9cf4-e35cda615cd8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424649Z"},{"id":"dadae802-91a7-46d4-aacd-48f49f22854e","name":"AWS - IAM Console Best Practices","description":"Moncur, Rob. (2020, July 5). New Information in the AWS IAM Console Helps You Follow IAM Best Practices. Retrieved August 4, 2020.","url":"https://aws.amazon.com/blogs/security/newly-updated-features-in-the-aws-iam-console-help-you-adhere-to-iam-best-practices/","source":"MITRE","title":"New Information in the AWS IAM Console Helps You Follow IAM Best Practices","authors":"Moncur, Rob","date_accessed":"2020-08-04T00:00:00Z","date_published":"2020-07-05T00:00:00Z","owner_name":null,"tidal_id":"adf839e9-d405-56e2-80c9-34118b3b3a9f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440532Z"},{"id":"64a86a3f-0160-4766-9ac1-7d287eb2c323","name":"Trend Micro Ransomware February 2021","description":"Centero, R. et al. (2021, February 5). New in Ransomware: Seth-Locker, Babuk Locker, Maoloa, TeslaCrypt, and CobraLocker. Retrieved August 11, 2021.","url":"https://www.trendmicro.com/en_us/research/21/b/new-in-ransomware.html","source":"MITRE","title":"New in Ransomware: Seth-Locker, Babuk Locker, Maoloa, TeslaCrypt, and CobraLocker","authors":"Centero, R. et al","date_accessed":"2021-08-11T00:00:00Z","date_published":"2021-02-05T00:00:00Z","owner_name":null,"tidal_id":"f7ae5341-aee8-54f4-bfc2-857155d14946","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419129Z"},{"id":"1641553f-96e7-4829-8c77-d96388dac5c7","name":"Avast CCleaner3 2018","description":"Avast Threat Intelligence Team. (2018, March 8). New investigations into the CCleaner incident point to a possible third stage that had keylogger capacities. Retrieved March 15, 2018.","url":"https://blog.avast.com/new-investigations-in-ccleaner-incident-point-to-a-possible-third-stage-that-had-keylogger-capacities","source":"MITRE","title":"New investigations into the CCleaner incident point to a possible third stage that had keylogger capacities","authors":"Avast Threat Intelligence Team","date_accessed":"2018-03-15T00:00:00Z","date_published":"2018-03-08T00:00:00Z","owner_name":null,"tidal_id":"bcb8ab29-8992-5a49-8ee5-9c39c7dfe169","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428285Z"},{"id":"95b5b03e-f160-47cf-920c-8f4f3d4114a3","name":"Tsunami","description":"Claud Xiao and Cong Zheng. (2017, April 6). New IoT/Linux Malware Targets DVRs, Forms Botnet. Retrieved December 17, 2020.","url":"https://unit42.paloaltonetworks.com/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/","source":"MITRE","title":"New IoT/Linux Malware Targets DVRs, Forms Botnet","authors":"Claud Xiao and Cong Zheng","date_accessed":"2020-12-17T00:00:00Z","date_published":"2017-04-06T00:00:00Z","owner_name":null,"tidal_id":"5421ecab-81ee-5efe-bcc1-b32f13a7e12f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433915Z"},{"id":"489a6c57-f64c-423b-a7bd-169fa36c4cdf","name":"amnesia malware","description":"Claud Xiao, Cong Zheng, Yanhui Jia. (2017, April 6). New IoT/Linux Malware Targets DVRs, Forms Botnet. Retrieved February 19, 2018.","url":"https://researchcenter.paloaltonetworks.com/2017/04/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/","source":"MITRE","title":"New IoT/Linux Malware Targets DVRs, Forms Botnet","authors":"Claud Xiao, Cong Zheng, Yanhui Jia","date_accessed":"2018-02-19T00:00:00Z","date_published":"2017-04-06T00:00:00Z","owner_name":null,"tidal_id":"2d8aefcc-1e50-57b9-a3f1-2af40a63e479","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433861Z"},{"id":"9485efce-8d54-4461-b64e-0d15e31fbf8c","name":"ClearSky Siamesekitten August 2021","description":"ClearSky Cyber Security . (2021, August). New Iranian Espionage Campaign By “Siamesekitten” - Lyceum. Retrieved June 6, 2022.","url":"https://www.clearskysec.com/siamesekitten/","source":"MITRE","title":"New Iranian Espionage Campaign By “Siamesekitten” - Lyceum","authors":"ClearSky Cyber Security","date_accessed":"2022-06-06T00:00:00Z","date_published":"2021-08-01T00:00:00Z","owner_name":null,"tidal_id":"ff79fb2d-49c4-5f0a-915f-eb9f25007bea","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420629Z"},{"id":"7efb0b47-b903-5b35-bcf9-a3ca7a2a09c1","name":"Check Point-Joker","description":"Hazum, A., Melnykov, B., Wernik, I. (2020, July 9). New Joker variant hits Google Play with an old trick. Retrieved July","url":"https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/","source":"Mobile","title":"New Joker variant hits Google Play with an old trick","authors":"Hazum, A., Melnykov, B., Wernik, I","date_accessed":"1978-07-01T00:00:00Z","date_published":"2020-07-09T00:00:00Z","owner_name":null,"tidal_id":"2e31b698-5d42-5e47-a019-f9da23874190","created":"2026-01-28T13:08:10.047120Z","modified":"2026-01-28T13:08:10.047123Z"},{"id":"f3d3b9bc-4c59-4a1f-b602-e3e884661708","name":"Unit 42 NOKKI Sept 2018","description":"Grunzweig, J., Lee, B. (2018, September 27). New KONNI Malware attacking Eurasia and Southeast Asia. Retrieved November 5, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/","source":"MITRE","title":"New KONNI Malware attacking Eurasia and Southeast Asia","authors":"Grunzweig, J., Lee, B","date_accessed":"2018-11-05T00:00:00Z","date_published":"2018-09-27T00:00:00Z","owner_name":null,"tidal_id":"199c9100-6d9b-5296-a01e-3c312be2af5b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416730Z"},{"id":"b138b07e-d68b-5f68-ba74-ddd7bb654fa6","name":"Bleeping Computer Latrodectus April 2024","description":"Abrams, L. (2024, April 30). New Latrodectus malware attacks use Microsoft, Cloudflare themes. Retrieved September 13, 2024.","url":"https://www.bleepingcomputer.com/news/security/new-latrodectus-malware-attacks-use-microsoft-cloudflare-themes/","source":"MITRE","title":"New Latrodectus malware attacks use Microsoft, Cloudflare themes","authors":"Abrams, L","date_accessed":"2024-09-13T00:00:00Z","date_published":"2024-04-30T00:00:00Z","owner_name":null,"tidal_id":"db1b8e30-d737-571d-8a1b-b4f995313806","created":"2024-10-31T16:28:33.495085Z","modified":"2025-12-17T15:08:36.419718Z"},{"id":"bafb2088-d3c1-5550-a48e-cf1e84662fcc","name":"Arghire LazyScripter","description":"Ionut Arghire. (2021, February 24). New ‘LazyScripter’ Hacking Group Targets Airlines. Retrieved January 10, 2024.","url":"https://www.securityweek.com/new-lazyscripter-hacking-group-targets-airlines/","source":"MITRE","title":"New ‘LazyScripter’ Hacking Group Targets Airlines","authors":"Ionut Arghire","date_accessed":"2024-01-10T00:00:00Z","date_published":"2021-02-24T00:00:00Z","owner_name":null,"tidal_id":"796f96aa-b049-502a-9c27-0f83b45475b9","created":"2024-04-25T13:28:53.202084Z","modified":"2025-12-17T15:08:36.442583Z"},{"id":"43d1212a-356c-56f7-be92-78f2ffe17cf2","name":"Intezer RedXOR 2021","description":"Joakim Kennedy and Avigayil Mechtinger. (2021, March 10). New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor. Retrieved September 19, 2024.","url":"https://intezer.com/blog/malware-analysis/new-linux-backdoor-redxor-likely-operated-by-chinese-nation-state-actor/","source":"MITRE","title":"New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor","authors":"Joakim Kennedy and Avigayil Mechtinger","date_accessed":"2024-09-19T00:00:00Z","date_published":"2021-03-10T00:00:00Z","owner_name":null,"tidal_id":"7921f832-52ce-57ce-b5cf-478394b11462","created":"2024-10-31T16:28:20.466600Z","modified":"2025-12-17T15:08:36.428996Z"},{"id":"ca7ccf2c-37f3-522a-acfb-09daa16e23d8","name":"Trend Micro Cheerscrypt May 2022","description":"Dela Cruz, A. et al. (2022, May 25). New Linux-Based Ransomware Cheerscrypt Targeting ESXi Devices Linked to Leaked Babuk Source Code. Retrieved December 19, 2023.","url":"https://www.trendmicro.com/en_se/research/22/e/new-linux-based-ransomware-cheerscrypt-targets-exsi-devices.html","source":"MITRE","title":"New Linux-Based Ransomware Cheerscrypt Targeting ESXi Devices Linked to Leaked Babuk Source Code","authors":"Dela Cruz, A. et al","date_accessed":"2023-12-19T00:00:00Z","date_published":"2022-05-25T00:00:00Z","owner_name":null,"tidal_id":"f5fcaed6-f732-526f-9293-cb3326e684fb","created":"2024-04-25T13:28:45.336487Z","modified":"2025-12-17T15:08:36.418982Z"},{"id":"6054e0ab-cf61-49ba-b7f5-58b304477451","name":"Malwarebytes Higaisa 2020","description":"Malwarebytes Threat Intelligence Team. (2020, June 4). New LNK attack tied to Higaisa APT discovered. Retrieved March 2, 2021.","url":"https://blog.malwarebytes.com/threat-analysis/2020/06/higaisa/","source":"MITRE","title":"New LNK attack tied to Higaisa APT discovered","authors":"Malwarebytes Threat Intelligence Team","date_accessed":"2021-03-02T00:00:00Z","date_published":"2020-06-04T00:00:00Z","owner_name":null,"tidal_id":"2ccda77e-6502-51b8-a646-88880fdb542a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439054Z"},{"id":"1bdd0957-1f5b-4323-bf49-f5c41b8c397a","name":"New loader on the bloc - AresLoader | Intel471","description":"Intel471. (2023, March 22). New loader on the bloc - AresLoader. Retrieved May 7, 2023.","url":"https://intel471.com/blog/new-loader-on-the-bloc-aresloader","source":"Tidal Cyber","title":"New loader on the bloc - AresLoader","authors":"Intel471","date_accessed":"2023-05-07T00:00:00Z","date_published":"2023-03-22T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"950228a7-d31f-5df8-8525-6a81ba7b3f32","created":"2024-06-13T20:10:09.983784Z","modified":"2024-06-13T20:10:10.194555Z"},{"id":"bf87bbdc-fa15-4d6b-a9a4-868dfb841cbc","name":"Trend Micro 09 25 2025","description":"No author. (2025, September 25). New LockBit 5.0 Targets Windows, Linux, ESXi | Trend Micro (UK). Retrieved October 3, 2025.","url":"https://www.trendmicro.com/en_gb/research/25/i/lockbit-5-targets-windows-linux-esxi.html","source":"Tidal Cyber","title":"New LockBit 5.0 Targets Windows, Linux, ESXi | Trend Micro (UK)","authors":"No author","date_accessed":"2025-10-03T12:00:00Z","date_published":"2025-09-25T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0a1519bb-d26c-598d-b4dd-870ad52d851e","created":"2025-10-07T14:06:56.515900Z","modified":"2025-10-07T14:06:56.661437Z"},{"id":"b1540c5c-0bbc-4b9d-9185-fae224ba31be","name":"Gallagher 2015","description":"Gallagher, S.. (2015, August 5). Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes”. Retrieved January 25, 2016.","url":"http://arstechnica.com/security/2015/08/newly-discovered-chinese-hacking-group-hacked-100-websites-to-use-as-watering-holes/","source":"MITRE","title":"Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes”","authors":"Gallagher, S.","date_accessed":"2016-01-25T00:00:00Z","date_published":"2015-08-05T00:00:00Z","owner_name":null,"tidal_id":"8a8fb3aa-6699-5ea3-8841-ff4a86cb2c8a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427315Z"},{"id":"32c0b9d2-9f31-4e49-8b3a-c63ff4fffa47","name":"FireEye Ursnif Nov 2017","description":"Vaish, A. & Nemes, S. (2017, November 28). Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection. Retrieved June 5, 2019.","url":"https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tls-callback-technique.html","source":"MITRE","title":"Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection","authors":"Vaish, A. & Nemes, S","date_accessed":"2019-06-05T00:00:00Z","date_published":"2017-11-28T00:00:00Z","owner_name":null,"tidal_id":"4ea4e3a9-57ba-5ce0-9e77-918828f4cd8c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417088Z"},{"id":"9737055a-f583-448e-84d0-1d336c4da9a8","name":"FireEye TLS Nov 2017","description":"Vaish, A. & Nemes, S. (2017, November 28). Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection. Retrieved December 18, 2017.","url":"https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tls-callback-technique.html","source":"MITRE","title":"Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection","authors":"Vaish, A. & Nemes, S","date_accessed":"2017-12-18T00:00:00Z","date_published":"2017-11-28T00:00:00Z","owner_name":null,"tidal_id":"a1a60869-106e-5188-93b6-67b3c94b1324","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435744Z"},{"id":"165edb01-2681-45a3-b76b-4eb7dee5dab9","name":"Antiquated Mac Malware","description":"Thomas Reed. (2017, January 18). New Mac backdoor using antiquated code. Retrieved July 5, 2017.","url":"https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/","source":"MITRE","title":"New Mac backdoor using antiquated code","authors":"Thomas Reed","date_accessed":"2017-07-05T00:00:00Z","date_published":"2017-01-18T00:00:00Z","owner_name":null,"tidal_id":"2712fc1e-c461-5815-af5b-a20ef8bcef01","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423817Z"},{"id":"43726cb8-a169-4594-9323-fad65b9bae97","name":"Trend Micro MacOS Backdoor November 2020","description":"Magisa, L. (2020, November 27). New MacOS Backdoor Connected to OceanLotus Surfaces. Retrieved December 2, 2020.","url":"https://www.trendmicro.com/en_us/research/20/k/new-macos-backdoor-connected-to-oceanlotus-surfaces.html","source":"MITRE","title":"New MacOS Backdoor Connected to OceanLotus Surfaces","authors":"Magisa, L","date_accessed":"2020-12-02T00:00:00Z","date_published":"2020-11-27T00:00:00Z","owner_name":null,"tidal_id":"6c998910-f0d2-5dfe-836e-799451a95140","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421131Z"},{"id":"e18ad1a7-1e7e-4aca-be9b-9ee12b41c147","name":"TrendMicro MacOS April 2018","description":"Horejsi, J. (2018, April 04). New MacOS Backdoor Linked to OceanLotus Found. Retrieved November 13, 2018.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-backdoor-linked-to-oceanlotus-found/","source":"MITRE","title":"New MacOS Backdoor Linked to OceanLotus Found","authors":"Horejsi, J","date_accessed":"2018-11-13T00:00:00Z","date_published":"2018-04-04T00:00:00Z","owner_name":null,"tidal_id":"d70b371e-5db6-5b17-83e1-b74e5b08e9fa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421124Z"},{"id":"0ef8691d-48ae-4057-82ef-eb086c05e2b9","name":"TrendMicro macOS Dacls May 2020","description":"Mabutas, G. (2020, May 11). New MacOS Dacls RAT Backdoor Shows Lazarus’ Multi-Platform Attack Capability. Retrieved August 10, 2020.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-dacls-rat-backdoor-show-lazarus-multi-platform-attack-capability/","source":"MITRE","title":"New MacOS Dacls RAT Backdoor Shows Lazarus’ Multi-Platform Attack Capability","authors":"Mabutas, G","date_accessed":"2020-08-10T00:00:00Z","date_published":"2020-05-11T00:00:00Z","owner_name":null,"tidal_id":"da78ad54-69a9-55b6-9016-6d292d2dcc34","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417905Z"},{"id":"8c4bcbc7-ff52-4f7b-a22e-98bf9cfb1040","name":"OSX Malware Exploits MacKeeper","description":"Sergei Shevchenko. (2015, June 4). New Mac OS Malware Exploits Mackeeper. Retrieved July 3, 2017.","url":"https://baesystemsai.blogspot.com/2015/06/new-mac-os-malware-exploits-mackeeper.html","source":"MITRE","title":"New Mac OS Malware Exploits Mackeeper","authors":"Sergei Shevchenko","date_accessed":"2017-07-03T00:00:00Z","date_published":"2015-06-04T00:00:00Z","owner_name":null,"tidal_id":"673777a3-a3e4-50ce-a8d8-63f164aead0b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432625Z"},{"id":"d8212691-4a6e-49bf-bc33-740850a1189a","name":"Carbon Black Shlayer Feb 2019","description":"Carbon Black Threat Analysis Unit. (2019, February 12). New macOS Malware Variant of Shlayer (OSX) Discovered. Retrieved August 8, 2019.","url":"https://blogs.vmware.com/security/2020/02/vmware-carbon-black-tau-threat-analysis-shlayer-macos.html","source":"MITRE","title":"New macOS Malware Variant of Shlayer (OSX) Discovered","authors":"Carbon Black Threat Analysis Unit","date_accessed":"2019-08-08T00:00:00Z","date_published":"2019-02-12T00:00:00Z","owner_name":null,"tidal_id":"61983f14-f20b-55a1-a721-0b8db2eb2e0a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422327Z"},{"id":"bbdf3f49-9875-4d41-986d-b693e82c77e1","name":"Palo Alto Rover","description":"Ray, V., Hayashi, K. (2016, February 29). New Malware ‘Rover’ Targets Indian Ambassador to Afghanistan. Retrieved February 29, 2016.","url":"http://researchcenter.paloaltonetworks.com/2016/02/new-malware-rover-targets-indian-ambassador-to-afghanistan/","source":"MITRE","title":"New Malware ‘Rover’ Targets Indian Ambassador to Afghanistan","authors":"Ray, V., Hayashi, K","date_accessed":"2016-02-29T00:00:00Z","date_published":"2016-02-29T00:00:00Z","owner_name":null,"tidal_id":"899e6326-6f8c-5f4b-8445-48e32108434f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419388Z"},{"id":"69fbe527-2ec4-457b-81b1-2eda65eb8442","name":"Palo Alto Reaver Nov 2017","description":"Grunzweig, J. and Miller-Osborn, J. (2017, November 10). New Malware with Ties to SunOrcal Discovered. Retrieved November 16, 2017.","url":"https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/","source":"MITRE","title":"New Malware with Ties to SunOrcal Discovered","authors":"Grunzweig, J. and Miller-Osborn, J","date_accessed":"2017-11-16T00:00:00Z","date_published":"2017-11-10T00:00:00Z","owner_name":null,"tidal_id":"674ed7b4-9b94-5b9a-b0c5-b791a7f8c561","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419256Z"},{"id":"a4b37a24-b2a0-4fcb-9ec3-0d6b67e4e13b","name":"Trend Micro Xbash Sept 2018","description":"Trend Micro. (2018, September 19). New Multi-Platform Xbash Packs Obfuscation, Ransomware, Coinminer, Worm and Botnet. Retrieved June 4, 2019.","url":"https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/new-multi-platform-xbash-packs-obfuscation-ransomware-coinminer-worm-and-botnet","source":"MITRE","title":"New Multi-Platform Xbash Packs Obfuscation, Ransomware, Coinminer, Worm and Botnet","authors":"Trend Micro","date_accessed":"2019-06-04T00:00:00Z","date_published":"2018-09-19T00:00:00Z","owner_name":null,"tidal_id":"8925b9c9-6d2d-547e-82b5-b3ef938713f1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441939Z"},{"id":"26f0864f-3b2b-5538-87a1-ed85aa4cfe78","name":"Lab52 MUSTANG PANDA PUBLOAD MAY 2023","description":"Dex. (n.d.). New Mustang Panda’s campaing against Australia. Retrieved August 4, 2025.","url":"https://lab52.io/blog/new-mustang-pandas-campaing-against-australia/","source":"MITRE","title":"New Mustang Panda’s campaing against Australia","authors":"Dex","date_accessed":"2025-08-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"22230cb3-1b0f-5e83-b84f-c991987c1b92","created":"2025-10-29T21:08:48.167356Z","modified":"2025-12-17T15:08:36.439696Z"},{"id":"7c0fea50-a125-57eb-9a86-dd0d6693abce","name":"NKAbuse BC","description":"Bill Toulas. (2023, December 14). New NKAbuse malware abuses NKN blockchain for stealthy comms. Retrieved February 8, 2024.","url":"https://www.bleepingcomputer.com/news/security/new-nkabuse-malware-abuses-nkn-blockchain-for-stealthy-comms/#google_vignette","source":"MITRE","title":"New NKAbuse malware abuses NKN blockchain for stealthy comms","authors":"Bill Toulas","date_accessed":"2024-02-08T00:00:00Z","date_published":"2023-12-14T00:00:00Z","owner_name":null,"tidal_id":"4dad4e25-daad-5034-a2a3-3bd2670b2016","created":"2024-04-25T13:28:49.204841Z","modified":"2025-12-17T15:08:36.421430Z"},{"id":"1588799f-a5d2-46bc-978d-f10ed7ceb15c","name":"MSRC Nobelium June 2021","description":"MSRC. (2021, June 25). New Nobelium activity. Retrieved August 4, 2021.","url":"https://msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/","source":"MITRE","title":"New Nobelium activity","authors":"MSRC","date_accessed":"2021-08-04T00:00:00Z","date_published":"2021-06-25T00:00:00Z","owner_name":null,"tidal_id":"1734309a-027a-5d30-bf27-576266600b17","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438117Z"},{"id":"eee5efa1-bbc6-44eb-8fae-23002f351605","name":"Symantec Orangeworm April 2018","description":"Symantec Security Response Attack Investigation Team. (2018, April 23). New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia. Retrieved May 8, 2018.","url":"https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia","source":"MITRE, Tidal Cyber","title":"New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia","authors":"Symantec Security Response Attack Investigation Team","date_accessed":"2018-05-08T00:00:00Z","date_published":"2018-04-23T00:00:00Z","owner_name":null,"tidal_id":"aa3d5f25-584a-5362-92f3-2b87b6391b62","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.261985Z"},{"id":"71d65081-dada-4a69-94c5-f1d8e4e151c1","name":"OSX.Dok Malware","description":"Thomas Reed. (2017, July 7). New OSX.Dok malware intercepts web traffic. Retrieved July 10, 2017.","url":"https://blog.malwarebytes.com/threat-analysis/2017/04/new-osx-dok-malware-intercepts-web-traffic/","source":"MITRE","title":"New OSX.Dok malware intercepts web traffic","authors":"Thomas Reed","date_accessed":"2017-07-10T00:00:00Z","date_published":"2017-07-07T00:00:00Z","owner_name":null,"tidal_id":"5a63104d-3795-54fe-9a84-7bed80259d23","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425305Z"},{"id":"d43e0dd1-0946-4f49-bcc7-3ef38445eac3","name":"OSX Keydnap malware","description":"Marc-Etienne M.Leveille. (2016, July 6). New OSX/Keydnap malware is hungry for credentials. Retrieved July 3, 2017.","url":"https://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/","source":"MITRE","title":"New OSX/Keydnap malware is hungry for credentials","authors":"Marc-Etienne M.Leveille","date_accessed":"2017-07-03T00:00:00Z","date_published":"2016-07-06T00:00:00Z","owner_name":null,"tidal_id":"e6e77eb7-1d70-59ec-9d1e-37734ac6e1be","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418261Z"},{"id":"3ca1254c-db51-4a5d-8242-ffd9e4481c22","name":"Intego Shlayer Apr 2018","description":"Vrijenhoek, Jay. (2018, April 24). New OSX/Shlayer Malware Variant Found Using a Dirty New Trick. Retrieved September 6, 2019.","url":"https://www.intego.com/mac-security-blog/new-osxshlayer-malware-variant-found-using-a-dirty-new-trick/","source":"MITRE","title":"New OSX/Shlayer Malware Variant Found Using a Dirty New Trick","authors":"Vrijenhoek, Jay","date_accessed":"2019-09-06T00:00:00Z","date_published":"2018-04-24T00:00:00Z","owner_name":null,"tidal_id":"9d3bfd82-cdfe-55da-9c20-1cf8c9b13fae","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422356Z"},{"id":"9523d8ae-d749-4c25-8c7b-df2d8c25c3c8","name":"Cybereason Linux Exim Worm","description":"Cybereason Nocturnus. (2019, June 13). New Pervasive Worm Exploiting Linux Exim Server Vulnerability. Retrieved June 24, 2020.","url":"https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability","source":"MITRE","title":"New Pervasive Worm Exploiting Linux Exim Server Vulnerability","authors":"Cybereason Nocturnus","date_accessed":"2020-06-24T00:00:00Z","date_published":"2019-06-13T00:00:00Z","owner_name":null,"tidal_id":"8ded9dfa-752b-5d79-b36b-9832e5205524","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430884Z"},{"id":"175ea9c6-aa18-581b-9af5-d4d44f0909e9","name":"Netskope Device Code Phishing 2021","description":"Jenko Hwong. (2021, August 10). New Phishing Attacks Exploiting OAuth Authorization Flows (Part 1). Retrieved March 19, 2024.","url":"https://www.netskope.com/blog/new-phishing-attacks-exploiting-oauth-authorization-flows-part-1","source":"MITRE","title":"New Phishing Attacks Exploiting OAuth Authorization Flows (Part 1)","authors":"Jenko Hwong","date_accessed":"2024-03-19T00:00:00Z","date_published":"2021-08-10T00:00:00Z","owner_name":null,"tidal_id":"72e99c79-a971-567a-85af-9a1c3db39f8a","created":"2024-04-25T13:28:31.850372Z","modified":"2025-12-17T15:08:36.426744Z"},{"id":"b57e1181-461b-5ada-a739-873ede1ec079","name":"Microsoft Prestige ransomware October 2022","description":"MSTIC. (2022, October 14). New “Prestige” ransomware impacts organizations in Ukraine and Poland. Retrieved January 19, 2023.","url":"https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/","source":"MITRE","title":"New “Prestige” ransomware impacts organizations in Ukraine and Poland","authors":"MSTIC","date_accessed":"2023-01-19T00:00:00Z","date_published":"2022-10-14T00:00:00Z","owner_name":null,"tidal_id":"cdf71911-b6ac-5509-9ff1-312170d15a4e","created":"2023-05-26T01:21:12.933432Z","modified":"2025-12-17T15:08:36.417240Z"},{"id":"2263af27-9c30-4bf6-a204-2f148ebdd17c","name":"Unit 42 MechaFlounder March 2019","description":"Falcone, R. (2019, March 4). New Python-Based Payload MechaFlounder Used by Chafer. Retrieved May 27, 2020.","url":"https://unit42.paloaltonetworks.com/new-python-based-payload-mechaflounder-used-by-chafer/","source":"MITRE","title":"New Python-Based Payload MechaFlounder Used by Chafer","authors":"Falcone, R","date_accessed":"2020-05-27T00:00:00Z","date_published":"2019-03-04T00:00:00Z","owner_name":null,"tidal_id":"ef1e3ea1-d564-582a-a93d-eeb8930ac29f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421948Z"},{"id":"d38096ae-a30c-4f90-9661-e15528803199","name":"Halcyon Tech Inc September 9 2025","description":"Halcyon RISE Team. (2025, September 9). New Qilin.B Ransomware Variant Boasts Enhanced Encryption and Defense Evasion. Retrieved September 12, 2025.","url":"https://www.halcyon.ai/blog/new-qilin-b-ransomware-variant-boasts-enhanced-encryption-and-defense-evasion","source":"Tidal Cyber","title":"New Qilin.B Ransomware Variant Boasts Enhanced Encryption and Defense Evasion","authors":"Halcyon RISE Team","date_accessed":"2025-09-12T12:00:00Z","date_published":"2025-09-09T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6d22f39a-0fb7-52c5-b5f4-a998f7dc2892","created":"2025-09-15T19:13:23.648750Z","modified":"2025-09-15T19:13:23.824048Z"},{"id":"9441efca-3004-52ec-8aac-bcff893eaeba","name":"Halcyon Qilin.B OCT 2024","description":"Halcyon RISE Team. (2024, October 24). New Qilin.B Ransomware Variant Boasts Enhanced Encryption and Defense Evasion. Retrieved September 26, 2025.","url":"https://www.halcyon.ai/blog/new-qilin-b-ransomware-variant-boasts-enhanced-encryption-and-defense-evasion","source":"MITRE","title":"New Qilin.B Ransomware Variant Boasts Enhanced Encryption and Defense Evasion","authors":"Halcyon RISE Team","date_accessed":"2025-09-26T00:00:00Z","date_published":"2024-10-24T00:00:00Z","owner_name":null,"tidal_id":"0ce87769-1742-5ad6-8663-89bebeac42f8","created":"2025-10-29T21:08:48.167494Z","modified":"2025-12-17T15:08:36.440635Z"},{"id":"34422e6e-0e79-48ba-a942-9816e9b4ee7c","name":"ThreatDown RansomHub September 9 2024","description":"Bill Cozens. (2024, September 9). New RansomHub attack uses TDSSKiller and LaZagne, disables EDR. Retrieved September 13, 2024.","url":"https://www.threatdown.com/blog/new-ransomhub-attack-uses-tdskiller-and-lazagne-disables-edr/","source":"Tidal Cyber","title":"New RansomHub attack uses TDSSKiller and LaZagne, disables EDR","authors":"Bill Cozens","date_accessed":"2024-09-13T00:00:00Z","date_published":"2024-09-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9d89d373-926a-56db-a1e6-f058344b7392","created":"2024-09-13T19:19:51.185939Z","modified":"2024-09-13T19:19:51.436183Z"},{"id":"c76e806c-b0e3-4ab9-ba6d-68a9f731f127","name":"Talos Nyetya June 2017","description":"Chiu, A. (2016, June 27). New Ransomware Variant \"Nyetya\" Compromises Systems Worldwide. Retrieved March 26, 2019.","url":"https://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html","source":"MITRE","title":"New Ransomware Variant \"Nyetya\" Compromises Systems Worldwide","authors":"Chiu, A","date_accessed":"2019-03-26T00:00:00Z","date_published":"2016-06-27T00:00:00Z","owner_name":null,"tidal_id":"8612f76a-9d03-5f51-a3b5-8bf05553cf70","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418727Z"},{"id":"18035aba-0ae3-58b8-b426-86c2e38a37ae","name":"Cyble Black Basta May 2022","description":"Cyble. (2022, May 6). New ransomware variant targeting high-value organizations. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20220506143054/https://blog.cyble.com/2022/05/06/black-basta-ransomware/","source":"MITRE","title":"New ransomware variant targeting high-value organizations","authors":"Cyble","date_accessed":"2024-11-17T00:00:00Z","date_published":"2022-05-06T00:00:00Z","owner_name":null,"tidal_id":"6c6a7786-3b33-5a41-9b45-184172310d7d","created":"2023-05-26T01:21:16.608052Z","modified":"2025-12-17T15:08:36.420275Z"},{"id":"a587ea99-a951-4aa8-a3cf-a4822ae97490","name":"Bleepingcomputer RAT malware 2020","description":"Abrams, L. (2020, October 23). New RAT malware gets commands via Discord, has ransomware feature. Retrieved April 1, 2021.","url":"https://www.bleepingcomputer.com/news/security/new-rat-malware-gets-commands-via-discord-has-ransomware-feature/","source":"MITRE","title":"New RAT malware gets commands via Discord, has ransomware feature","authors":"Abrams, L","date_accessed":"2021-04-01T00:00:00Z","date_published":"2020-10-23T00:00:00Z","owner_name":null,"tidal_id":"11ec27a0-eb45-51f8-8727-f5eb091db62e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434541Z"},{"id":"eec48059-a13b-59e2-9b00-af6ead518ccf","name":"Proofpoint RedLine Stealer March 2020","description":"Proofpoint Threat Insight Team, Jeremy H, Axel F. (2020, March 16). New Redline Password Stealer Malware. Retrieved September 17, 2025.","url":"https://www.proofpoint.com/us/blog/threat-insight/new-redline-stealer-distributed-using-coronavirus-themed-email-campaign","source":"MITRE","title":"New Redline Password Stealer Malware","authors":"Proofpoint Threat Insight Team, Jeremy H, Axel F","date_accessed":"2025-09-17T00:00:00Z","date_published":"2020-03-16T00:00:00Z","owner_name":null,"tidal_id":"9b8858fb-3303-5c84-b5c5-91a8cb5f048a","created":"2025-10-29T21:08:48.165192Z","modified":"2025-12-17T15:08:36.420218Z"},{"id":"523b7a1e-88ef-4440-a7b3-3fd0b8d5e199","name":"IBM ITG18 2020","description":"Wikoff, A. Emerson, R. (2020, July 16). New Research Exposes Iranian Threat Group Operations. Retrieved March 8, 2021.","url":"https://securityintelligence.com/posts/new-research-exposes-iranian-threat-group-operations/","source":"MITRE","title":"New Research Exposes Iranian Threat Group Operations","authors":"Wikoff, A. Emerson, R","date_accessed":"2021-03-08T00:00:00Z","date_published":"2020-07-16T00:00:00Z","owner_name":null,"tidal_id":"8fd581ba-67fe-55de-b287-33843cfdf3c9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438101Z"},{"id":"8e0a8a9a-9b1f-4141-b595-80b98daf6b68","name":"new_rogue_DHCP_serv_malware","description":"Irwin, Ullrich, J. (2009, March 16). new rogue-DHCP server malware. Retrieved January 14, 2022.","url":"https://isc.sans.edu/forums/diary/new+rogueDHCP+server+malware/6025/","source":"MITRE","title":"new rogue-DHCP server malware","authors":"Irwin, Ullrich, J","date_accessed":"2022-01-14T00:00:00Z","date_published":"2009-03-16T00:00:00Z","owner_name":null,"tidal_id":"c0c7ddc2-29e3-589e-a6ef-46e66333996b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430088Z"},{"id":"e7ea6602-f448-46f2-9ce8-9afbc226807d","name":"Microsoft Security Blog May 27 2025","description":"Microsoft Threat Intelligence. (2025, May 27). New Russia-affiliated actor Void Blizzard targets critical sectors for espionage . Retrieved June 2, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2025/05/27/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage/","source":"Tidal Cyber","title":"New Russia-affiliated actor Void Blizzard targets critical sectors for espionage","authors":"Microsoft Threat Intelligence","date_accessed":"2025-06-02T00:00:00Z","date_published":"2025-05-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e5cd23eb-d6a0-56a2-81a2-9f6561b6ede8","created":"2025-06-03T14:14:11.573856Z","modified":"2025-06-03T14:14:11.756998Z"},{"id":"bee6cf85-5cb9-4000-b82e-9e15aebfbece","name":"NCSC CISA Cyclops Blink Advisory February 2022","description":"NCSC, CISA, FBI, NSA. (2022, February 23). New Sandworm malware Cyclops Blink replaces VPNFilter. Retrieved March 3, 2022.","url":"https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter","source":"MITRE","title":"New Sandworm malware Cyclops Blink replaces VPNFilter","authors":"NCSC, CISA, FBI, NSA","date_accessed":"2022-03-03T00:00:00Z","date_published":"2022-02-23T00:00:00Z","owner_name":null,"tidal_id":"4df92987-0a96-5f2a-b193-2f46fd56db1f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419115Z"},{"id":"a3407cd2-d579-4d64-8f2e-162c31a99534","name":"Eweek Newscaster and Charming Kitten May 2014","description":"Kerner, S. (2014, May 29). Newscaster Threat Uses Social Media for Intelligence Gathering. Retrieved April 14, 2021.","url":"https://www.eweek.com/security/newscaster-threat-uses-social-media-for-intelligence-gathering","source":"MITRE","title":"Newscaster Threat Uses Social Media for Intelligence Gathering","authors":"Kerner, S","date_accessed":"2021-04-14T00:00:00Z","date_published":"2014-05-29T00:00:00Z","owner_name":null,"tidal_id":"7c1cda86-f2c4-56ac-a0dd-625887f00899","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438063Z"},{"id":"529524c0-123b-459c-bc6f-62aa45c228d1","name":"Deep Instinct TA505 Apr 2019","description":"Vilkomir-Preisman, S. (2019, April 2). New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload. Retrieved September 16, 2024..","url":"https://www.deepinstinct.com/blog/new-servhelper-variant-employs-excel-4-0-macro-to-drop-signed-payload","source":"MITRE","title":"New ServHelper Variant Employs Excel 4.0 Macro to Drop Signed Payload","authors":"Vilkomir-Preisman, S","date_accessed":"2024-09-16T00:00:00Z","date_published":"2019-04-02T00:00:00Z","owner_name":null,"tidal_id":"26c57052-8be6-59a9-ad63-f329f14f8eac","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440891Z"},{"id":"1acc1a83-faac-41d3-a08b-cc3a539567fb","name":"Janicab","description":"Thomas. (2013, July 15). New signed malware called Janicab. Retrieved July 17, 2017.","url":"https://web.archive.org/web/20230331162455/https://www.thesafemac.com/new-signed-malware-called-janicab/","source":"MITRE","title":"New signed malware called Janicab","authors":"Thomas","date_accessed":"2017-07-17T00:00:00Z","date_published":"2013-07-15T00:00:00Z","owner_name":null,"tidal_id":"cff861af-8a07-5bb8-a6e6-8322ec853280","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417343Z"},{"id":"047ec63f-1f4b-4b57-9ab5-8a5cfcc11f4d","name":"MSTIC NOBELIUM May 2021","description":"Microsoft Threat Intelligence Center (MSTIC). (2021, May 27). New sophisticated email-based attack from NOBELIUM. Retrieved May 28, 2021.","url":"https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/","source":"MITRE","title":"New sophisticated email-based attack from NOBELIUM","authors":"Microsoft Threat Intelligence Center (MSTIC)","date_accessed":"2021-05-28T00:00:00Z","date_published":"2021-05-27T00:00:00Z","owner_name":null,"tidal_id":"567f13d2-b9cb-56e3-a583-777fd4763e62","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435182Z"},{"id":"d18bdd11-a362-5465-a1bf-e97e0c580388","name":"MSTI_StarBlizzard_Jan2025","description":"Microsoft Threat Intelligence. (2025, January 16). New Star Blizzard spear-phishing campaign targets WhatsApp accounts. Retrieved May","url":"https://www.microsoft.com/en-us/security/blog/2025/01/16/new-star-blizzard-spear-phishing-campaign-targets-whatsapp-accounts/","source":"Mobile","title":"New Star Blizzard spear-phishing campaign targets WhatsApp accounts","authors":"Microsoft Threat Intelligence","date_accessed":"1978-05-01T00:00:00Z","date_published":"2025-01-16T00:00:00Z","owner_name":null,"tidal_id":"34b2586d-8fa4-5d9c-a2c3-c6d76f240540","created":"2026-01-28T13:08:10.047539Z","modified":"2026-01-28T13:08:10.047542Z"},{"id":"c55a112d-4b05-4c32-a5b3-480b12929115","name":"Microsoft Phosphorus Mar 2019","description":"Burt, T. (2019, March 27). New steps to protect customers from hacking. Retrieved May 27, 2020.","url":"https://blogs.microsoft.com/on-the-issues/2019/03/27/new-steps-to-protect-customers-from-hacking/","source":"MITRE","title":"New steps to protect customers from hacking","authors":"Burt, T","date_accessed":"2020-05-27T00:00:00Z","date_published":"2019-03-27T00:00:00Z","owner_name":null,"tidal_id":"3192179b-d6c0-54d7-b5e5-2f8105bcddb1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438038Z"},{"id":"1cdb8a1e-fbed-4db3-b273-5f8f45356dc1","name":"FireEye SUNSHUTTLE Mar 2021","description":"Smith, L., Leathery, J., Read, B. (2021, March 4). New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452. Retrieved March 12, 2021.","url":"https://www.fireeye.com/blog/threat-research/2021/03/sunshuttle-second-stage-backdoor-targeting-us-based-entity.html","source":"MITRE","title":"New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452","authors":"Smith, L., Leathery, J., Read, B","date_accessed":"2021-03-12T00:00:00Z","date_published":"2021-03-04T00:00:00Z","owner_name":null,"tidal_id":"191aae72-6a2e-5b90-98da-e83619dacc0c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418969Z"},{"id":"46be6b77-ee2b-407e-bdd4-5a1183eda7f3","name":"Blasco 2013","description":"Blasco, J. (2013, March 21). New Sykipot developments [Blog]. Retrieved November 12, 2014.","url":"http://www.alienvault.com/open-threat-exchange/blog/new-sykipot-developments","source":"MITRE","title":"New Sykipot developments [Blog]","authors":"Blasco, J","date_accessed":"2014-11-12T00:00:00Z","date_published":"2013-03-21T00:00:00Z","owner_name":null,"tidal_id":"bac58647-b8e2-5122-95bc-acc08effbdf9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:10:01.187381Z"},{"id":"f2689dfc-83ff-53c6-b074-ce507824799a","name":"AWS RE:Inforce Threat Detection 2024","description":"Ben Fletcher and Steve de Vera. (2024, June). New tactics and techniques for proactive threat detection. Retrieved September 25, 2024.","url":"https://reinforce.awsevents.com/content/dam/reinforce/2024/slides/TDR432_New-tactics-and-techniques-for-proactive-threat-detection.pdf","source":"MITRE","title":"New tactics and techniques for proactive threat detection","authors":"Ben Fletcher and Steve de Vera","date_accessed":"2024-09-25T00:00:00Z","date_published":"2024-06-01T00:00:00Z","owner_name":null,"tidal_id":"c08f56e6-2275-5cf4-a793-fb7cb7d4a78a","created":"2024-10-31T16:28:16.349474Z","modified":"2025-12-17T15:08:36.424596Z"},{"id":"735647f9-9cd4-4a20-8812-4671a3358e46","name":"Malwarebytes Targeted Attack against Saudi Arabia","description":"Malwarebytes Labs. (2017, March 27). New targeted attack against Saudi Arabia Government. Retrieved July 3, 2017.","url":"https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2017/03/new-targeted-attack-saudi-arabia-government/","source":"MITRE","title":"New targeted attack against Saudi Arabia Government","authors":"Malwarebytes Labs","date_accessed":"2017-07-03T00:00:00Z","date_published":"2017-03-27T00:00:00Z","owner_name":null,"tidal_id":"c33d8b44-7648-5dbf-8fa4-97682a4ac2e9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428157Z"},{"id":"88f41728-08ad-4cd8-a418-895738d68b04","name":"FireEye APT34 Dec 2017","description":"Sardiwal, M, et al. (2017, December 7). New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit. Retrieved December 20, 2017.","url":"https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html","source":"MITRE, Tidal Cyber","title":"New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit","authors":"Sardiwal, M, et al","date_accessed":"2017-12-20T00:00:00Z","date_published":"2017-12-07T00:00:00Z","owner_name":null,"tidal_id":"cd352a2d-c1f9-522f-8909-d1350ff5515e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.257145Z"},{"id":"8956f0e5-d07f-4063-bf60-f8b964d03e6d","name":"Unit 42 Cobalt Gang Oct 2018","description":"Unit 42. (2018, October 25). New Techniques to Uncover and Attribute Financial actors Commodity Builders and Infrastructure Revealed. Retrieved December 11, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/10/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed/","source":"MITRE","title":"New Techniques to Uncover and Attribute Financial actors Commodity Builders and Infrastructure Revealed","authors":"Unit 42","date_accessed":"2018-12-11T00:00:00Z","date_published":"2018-10-25T00:00:00Z","owner_name":null,"tidal_id":"71695871-ac63-5654-ad1c-9b8b4a05f1ff","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439753Z"},{"id":"ef9376d8-4792-5883-bb0f-00fe7e34b049","name":"Checkmarx-oss-seo","description":"Yehuda Gelb. (2024, April 10). New Technique to Trick Developers Detected in an Open Source Supply Chain Attack. Retrieved June 18, 2024.","url":"https://checkmarx.com/blog/new-technique-to-trick-developers-detected-in-an-open-source-supply-chain-attack/","source":"MITRE","title":"New Technique to Trick Developers Detected in an Open Source Supply Chain Attack","authors":"Yehuda Gelb","date_accessed":"2024-06-18T00:00:00Z","date_published":"2024-04-10T00:00:00Z","owner_name":null,"tidal_id":"0ad1f150-8ab7-5d0e-8644-8b5b83106e41","created":"2024-10-31T16:28:26.662946Z","modified":"2025-12-17T15:08:36.425670Z"},{"id":"56372448-03f5-49b5-a2a9-384fbd49fefc","name":"ESET TeleBots Oct 2018","description":"Cherepanov, A., Lipovsky, R. (2018, October 11). New TeleBots backdoor: First evidence linking Industroyer to NotPetya. Retrieved November 27, 2018.","url":"https://www.welivesecurity.com/2018/10/11/new-telebots-backdoor-linking-industroyer-notpetya/","source":"MITRE","title":"New TeleBots backdoor: First evidence linking Industroyer to NotPetya","authors":"Cherepanov, A., Lipovsky, R","date_accessed":"2018-11-27T00:00:00Z","date_published":"2018-10-11T00:00:00Z","owner_name":null,"tidal_id":"8cac32ce-71b6-52c6-9fbb-844855c9fe3c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416656Z"},{"id":"3ed07ffb-4a4b-4198-84d6-7b120da03c0d","name":"Cyble December 9 2024","description":"Paul Shread. (2024, December 9). New 'Termite' Ransomware Hits Blue Yonder A Technical Look. Retrieved December 10, 2024.","url":"https://cyble.com/blog/technical-look-at-termite-ransomware-blue-yonder/","source":"Tidal Cyber","title":"New 'Termite' Ransomware Hits Blue Yonder A Technical Look","authors":"Paul Shread","date_accessed":"2024-12-10T00:00:00Z","date_published":"2024-12-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ce7a2236-236f-5c59-ab9e-027d0f92657a","created":"2024-12-10T14:32:50.852243Z","modified":"2024-12-10T14:32:51.070175Z"},{"id":"800279cf-e6f8-4721-818f-46e35ec7892a","name":"Unit 42 DarkHydrus July 2018","description":"Falcone, R., et al. (2018, July 27). New Threat Actor Group DarkHydrus Targets Middle East Government. Retrieved August 2, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/","source":"MITRE, Tidal Cyber","title":"New Threat Actor Group DarkHydrus Targets Middle East Government","authors":"Falcone, R., et al","date_accessed":"2018-08-02T00:00:00Z","date_published":"2018-07-27T00:00:00Z","owner_name":null,"tidal_id":"d3314cf6-4b10-5d48-9c24-13c6bb869e11","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.260725Z"},{"id":"2ccdaded-97f6-47e2-b6c0-9a83e8a945d6","name":"Bitdefender Trickbot March 2020","description":"Tudorica, R., Maximciuc, A., Vatamanu, C. (2020, March 18). New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong. Retrieved March 15, 2021.","url":"https://www.bitdefender.com/files/News/CaseStudies/study/316/Bitdefender-Whitepaper-TrickBot-en-EN-interactive.pdf","source":"MITRE","title":"New TrickBot Module Bruteforces RDP Connections, Targets Select Telecommunication Services in US and Hong Kong","authors":"Tudorica, R., Maximciuc, A., Vatamanu, C","date_accessed":"2021-03-15T00:00:00Z","date_published":"2020-03-18T00:00:00Z","owner_name":null,"tidal_id":"6fbe6b9e-6318-52be-9fd1-7da93d05868d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442166Z"},{"id":"fb8c6402-ec18-414a-85f7-3d76eacbd890","name":"Malwarebytes Konni Aug 2021","description":"Threat Intelligence Team. (2021, August 23). New variant of Konni malware used in campaign targetting Russia. Retrieved January 5, 2022.","url":"https://blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia/","source":"MITRE","title":"New variant of Konni malware used in campaign targetting Russia","authors":"Threat Intelligence Team","date_accessed":"2022-01-05T00:00:00Z","date_published":"2021-08-23T00:00:00Z","owner_name":null,"tidal_id":"d0104519-254e-5e28-a9d9-8280d08a392d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420014Z"},{"id":"c52fe62f-4df4-43b0-a126-2df07dc61fc0","name":"Proofpoint Vega Credential Stealer May 2018","description":"Proofpoint. (2018, May 10). New Vega Stealer shines brightly in targeted campaign . Retrieved June 18, 2019.","url":"https://www.proofpoint.com/us/threat-insight/post/new-vega-stealer-shines-brightly-targeted-campaign","source":"MITRE","title":"New Vega Stealer shines brightly in targeted campaign","authors":"Proofpoint","date_accessed":"2019-06-18T00:00:00Z","date_published":"2018-05-10T00:00:00Z","owner_name":null,"tidal_id":"c73ebb97-e177-525f-a69d-3a2495bb363b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428768Z"},{"id":"a85c869a-3ba3-42c2-9460-d3d1f0874044","name":"Proofpoint Azorult July 2018","description":"Proofpoint. (2018, July 30). New version of AZORult stealer improves loading features, spreads alongside ransomware in new campaign. Retrieved November 29, 2018.","url":"https://www.proofpoint.com/us/threat-insight/post/new-version-azorult-stealer-improves-loading-features-spreads-alongside","source":"MITRE","title":"New version of AZORult stealer improves loading features, spreads alongside ransomware in new campaign","authors":"Proofpoint","date_accessed":"2018-11-29T00:00:00Z","date_published":"2018-07-30T00:00:00Z","owner_name":null,"tidal_id":"f6c61cee-e469-5053-b208-ec5c3fe64470","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422517Z"},{"id":"bc7755a0-5ee3-477b-b8d7-67174a59d0e2","name":"Avira Mustang Panda January 2020","description":"Hamzeloofard, S. (2020, January 31). New wave of PlugX targets Hong Kong | Avira Blog. Retrieved April 13, 2021.","url":"https://www.avira.com/en/blog/new-wave-of-plugx-targets-hong-kong","source":"MITRE","title":"New wave of PlugX targets Hong Kong | Avira Blog","authors":"Hamzeloofard, S","date_accessed":"2021-04-13T00:00:00Z","date_published":"2020-01-31T00:00:00Z","owner_name":null,"tidal_id":"1f6c7f62-9c7d-59aa-8dd8-13e9a518852a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439842Z"},{"id":"6f08aa4e-c89f-4d3e-8f46-e856e21d2d50","name":"PaloAlto DNS Requests May 2016","description":"Grunzweig, J., et al. (2016, May 24). New Wekby Attacks Use DNS Requests As Command and Control Mechanism. Retrieved November 15, 2018.","url":"https://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/","source":"MITRE","title":"New Wekby Attacks Use DNS Requests As Command and Control Mechanism","authors":"Grunzweig, J., et al","date_accessed":"2018-11-15T00:00:00Z","date_published":"2016-05-24T00:00:00Z","owner_name":null,"tidal_id":"c4f839b6-9337-52f3-9ae0-908bfecec9da","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441025Z"},{"id":"4a946c3f-ee0a-4649-8104-2bd9d90ebd49","name":"Palo Alto DNS Requests","description":"Grunzweig, J., et al. (2016, May 24). New Wekby Attacks Use DNS Requests As Command and Control Mechanism. Retrieved August 17, 2016.","url":"http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/","source":"MITRE","title":"New Wekby Attacks Use DNS Requests As Command and Control Mechanism","authors":"Grunzweig, J., et al","date_accessed":"2016-08-17T00:00:00Z","date_published":"2016-05-24T00:00:00Z","owner_name":null,"tidal_id":"b884eec5-5695-59e4-97d4-dd86e81249e8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421362Z"},{"id":"44ceddf6-bcbf-4a60-bb92-f8cdc675d185","name":"Unit42 Azorult Nov 2018","description":"Yan, T., et al. (2018, November 21). New Wine in Old Bottle: New Azorult Variant Found in FindMyName Campaign using Fallout Exploit Kit. Retrieved November 29, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/11/unit42-new-wine-old-bottle-new-azorult-variant-found-findmyname-campaign-using-fallout-exploit-kit/","source":"MITRE","title":"New Wine in Old Bottle: New Azorult Variant Found in FindMyName Campaign using Fallout Exploit Kit","authors":"Yan, T., et al","date_accessed":"2018-11-29T00:00:00Z","date_published":"2018-11-21T00:00:00Z","owner_name":null,"tidal_id":"46210674-bc12-56f0-b22b-71df5ccc9aaf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422524Z"},{"id":"34860107-1a9f-5527-9b2f-4205f7bff312","name":"checkpoint_flixonline_0421","description":"Aviran Hazum, Bodgan Melnykov, Israel Wenik. (2021, April 7). New Wormable Android Malware Spreads by Creating Auto-Replies to Messages in WhatsApp. Retrieved January","url":"https://research.checkpoint.com/2021/new-wormable-android-malware-spreads-by-creating-auto-replies-to-messages-in-whatsapp/","source":"Mobile","title":"New Wormable Android Malware Spreads by Creating Auto-Replies to Messages in WhatsApp","authors":"Aviran Hazum, Bodgan Melnykov, Israel Wenik","date_accessed":"1978-01-01T00:00:00Z","date_published":"2021-04-07T00:00:00Z","owner_name":null,"tidal_id":"c034bbb7-0368-586e-aa3b-6c0ee6c2e918","created":"2026-01-28T13:08:10.038913Z","modified":"2026-01-28T13:08:10.038917Z"},{"id":"012e462b-4d49-5d6a-9eea-c7067fc4103b","name":"Microsoft March 2025 XCSSET","description":"Microsoft Threat Intelligence. (2025, March 11). New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects. Retrieved April 2, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2025/03/11/new-xcsset-malware-adds-new-obfuscation-persistence-techniques-to-infect-xcode-projects/","source":"MITRE","title":"New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects","authors":"Microsoft Threat Intelligence","date_accessed":"2025-04-02T00:00:00Z","date_published":"2025-03-11T00:00:00Z","owner_name":null,"tidal_id":"815dc656-81f1-5c67-87fb-017c3258d7ee","created":"2025-04-22T20:47:28.850557Z","modified":"2025-12-17T15:08:36.421974Z"},{"id":"fd536975-ff27-45fc-a07f-4b2128568df8","name":"FireEye Clandestine Fox","description":"Chen, X., Scott, M., Caselden, D.. (2014, April 26). New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks. Retrieved January 14, 2016.","url":"https://www.fireeye.com/blog/threat-research/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html","source":"MITRE","title":"New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks","authors":"Chen, X., Scott, M., Caselden, D.","date_accessed":"2016-01-14T00:00:00Z","date_published":"2014-04-26T00:00:00Z","owner_name":null,"tidal_id":"1fdff663-ebc1-5c72-a216-b7df9d0a9e33","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441612Z"},{"id":"da02a20d-5ea0-52c4-822c-48015c1d2b44","name":"Roth-Rootkits","description":"Thomas Roth. (2013). Next generation mobile rootkits. Retrieved December","url":"https://hackinparis.com/data/slides/2013/Slidesthomasroth.pdf","source":"Mobile","title":"Next generation mobile rootkits","authors":"Thomas Roth","date_accessed":"1978-12-01T00:00:00Z","date_published":"2013-01-01T00:00:00Z","owner_name":null,"tidal_id":"477160b0-affd-58a1-92e9-806a684bac01","created":"2026-01-28T13:08:10.046638Z","modified":"2026-01-28T13:08:10.046641Z"},{"id":"98e9f234-6ea9-4e2a-8828-2e6e6916d7f1","name":"Ngen.exe - LOLBAS Project","description":"LOLBAS. (2024, February 19). Ngen.exe. Retrieved May 19, 2025.","url":"https://lolbas-project.github.io/lolbas/Binaries/Ngen/","source":"Tidal Cyber","title":"Ngen.exe","authors":"LOLBAS","date_accessed":"2025-05-19T00:00:00Z","date_published":"2024-02-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"aacdf063-1699-54ee-ad9a-61c404e103c9","created":"2025-05-20T16:19:04.908108Z","modified":"2025-05-20T16:19:05.068774Z"},{"id":"12eea502-cf70-474f-8127-352cacc37418","name":"Twitter ItsReallyNick Platinum Masquerade","description":"Carr, N.. (2018, October 25). Nick Carr Status Update. Retrieved September 12, 2024.","url":"https://x.com/ItsReallyNick/status/1055321868641689600","source":"MITRE","title":"Nick Carr Status Update","authors":"Carr, N.","date_accessed":"2024-09-12T00:00:00Z","date_published":"2018-10-25T00:00:00Z","owner_name":null,"tidal_id":"f0f795b6-5ad2-5a93-a21d-9b89955a8f18","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442894Z"},{"id":"731865ea-2410-40ac-85cf-75f768edd08a","name":"Twitter ItsReallyNick APT32 pubprn Masquerade","description":"Carr, N.. (2017, December 26). Nick Carr Status Update APT32 pubprn. Retrieved September 12, 2024.","url":"https://x.com/ItsReallyNick/status/945681177108762624","source":"MITRE","title":"Nick Carr Status Update APT32 pubprn","authors":"Carr, N.","date_accessed":"2024-09-12T00:00:00Z","date_published":"2017-12-26T00:00:00Z","owner_name":null,"tidal_id":"7c7e72a7-1249-5fe2-b4b9-eaf5bb2d4a60","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442382Z"},{"id":"e226a034-b79b-42bd-8115-2537f98e5d46","name":"Twitter ItsReallyNick APT41 EK","description":"Carr, N. (2019, October 30). Nick Carr Status Update APT41 Environmental Keying. Retrieved September 12, 2024.","url":"https://x.com/ItsReallyNick/status/1189622925286084609","source":"MITRE","title":"Nick Carr Status Update APT41 Environmental Keying","authors":"Carr, N","date_accessed":"2024-09-12T00:00:00Z","date_published":"2019-10-30T00:00:00Z","owner_name":null,"tidal_id":"6e2b40e4-b6d7-5e0e-b782-7e687bc1ce01","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441692Z"},{"id":"aca324b7-15f1-47b5-9c13-248d1b1a7fff","name":"Twitter ItsReallyNick Masquerading Update","description":"Carr, N.. (2018, October 25). Nick Carr Status Update Masquerading. Retrieved September 12, 2024.","url":"https://x.com/ItsReallyNick/status/1055321652777619457","source":"MITRE","title":"Nick Carr Status Update Masquerading","authors":"Carr, N.","date_accessed":"2024-09-12T00:00:00Z","date_published":"2018-10-25T00:00:00Z","owner_name":null,"tidal_id":"242c99c1-e2f2-5971-9cd2-a3827cd09249","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425863Z"},{"id":"c78a8379-04a4-4558-820d-831ad4f267fd","name":"SecureWorks NICKEL GLADSTONE profile Sept 2021","description":"SecureWorks. (2021, September 29). NICKEL GLADSTONE Threat Profile. Retrieved September 29, 2021.","url":"https://www.secureworks.com/research/threat-profiles/nickel-gladstone","source":"MITRE","title":"NICKEL GLADSTONE Threat Profile","authors":"SecureWorks","date_accessed":"2021-09-29T00:00:00Z","date_published":"2021-09-29T00:00:00Z","owner_name":null,"tidal_id":"05608701-ae34-5af9-99e4-e6046af48d9c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438305Z"},{"id":"fc16e509-fb76-4f56-9ad0-2031629c5ca4","name":"Secureworks NICKEL TAPESTRY","description":"Secureworks. (n.d.). NICKEL TAPESTRY. Retrieved May 29, 2025.","url":"https://www.secureworks.com/research/threat-profiles/nickel-tapestry","source":"Tidal Cyber","title":"NICKEL TAPESTRY","authors":"Secureworks","date_accessed":"2025-05-29T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"e65d4919-25ac-5ede-9233-eaadbcf670b0","created":"2025-06-03T14:14:09.126644Z","modified":"2025-06-03T14:14:09.296682Z"},{"id":"29a46bb3-f514-4554-ad9c-35f9a5ad9870","name":"Microsoft NICKEL December 2021","description":"MSTIC. (2021, December 6). NICKEL targeting government organizations across Latin America and Europe. Retrieved March 18, 2022.","url":"https://www.microsoft.com/security/blog/2021/12/06/nickel-targeting-government-organizations-across-latin-america-and-europe","source":"MITRE, Tidal Cyber","title":"NICKEL targeting government organizations across Latin America and Europe","authors":"MSTIC","date_accessed":"2022-03-18T00:00:00Z","date_published":"2021-12-06T00:00:00Z","owner_name":null,"tidal_id":"94c49423-830c-555d-8698-283d0a408719","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.258662Z"},{"id":"4cef8c44-d440-4746-b3e8-c8e4d307273d","name":"ProofPoint Ursnif Aug 2016","description":"Proofpoint Staff. (2016, August 25). Nightmare on Tor Street: Ursnif variant Dreambot adds Tor functionality. Retrieved June 5, 2019.","url":"https://www.proofpoint.com/us/threat-insight/post/ursnif-variant-dreambot-adds-tor-functionality","source":"MITRE","title":"Nightmare on Tor Street: Ursnif variant Dreambot adds Tor functionality","authors":"Proofpoint Staff","date_accessed":"2019-06-05T00:00:00Z","date_published":"2016-08-25T00:00:00Z","owner_name":null,"tidal_id":"60950baa-e110-51ea-8612-1edd49cf0e8c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417081Z"},{"id":"350fdf59-6a46-4968-8360-c50faa28c5cd","name":"Cyble May 2 2025","description":"Cyble. (2025, May 2). NightSpire Ransomware Group Tactics, Targets & Threats. Retrieved May 19, 2025.","url":"https://cyble.com/threat-actor-profiles/nightspire-ransomware-group/","source":"Tidal Cyber","title":"NightSpire Ransomware Group Tactics, Targets & Threats","authors":"Cyble","date_accessed":"2025-05-19T00:00:00Z","date_published":"2025-05-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"90f03578-f99f-5874-a271-d338be6242fd","created":"2025-05-20T16:17:25.927977Z","modified":"2025-05-20T16:17:26.202795Z"},{"id":"e813f0cf-b9de-429a-8699-aadd90b5de4f","name":"Check Point Research 09 22 2025","description":"samanthar@checkpoint.com. (2025, September 22). Nimbus Manticore Deploys New Malware Targeting Europe - Check Point Research. Retrieved September 29, 2025.","url":"https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe/","source":"Tidal Cyber","title":"Nimbus Manticore Deploys New Malware Targeting Europe - Check Point Research","authors":"samanthar@checkpoint.com","date_accessed":"2025-09-29T12:00:00Z","date_published":"2025-09-22T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fd576164-0b61-54d3-aa10-f40b3c53f024","created":"2025-10-07T14:06:54.654549Z","modified":"2025-10-07T14:06:54.786189Z"},{"id":"024e4e25-aab7-4231-bb4b-5e399d02d7b2","name":"NirSoft Website","description":"NirSoft. (n.d.). NirSoft Website. Retrieved March 6, 2024.","url":"https://www.nirsoft.net/","source":"Tidal Cyber","title":"NirSoft Website","authors":"NirSoft","date_accessed":"2024-03-06T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"2cafbca4-69bd-593a-94a6-6ba75592b947","created":"2024-03-07T21:00:43.651607Z","modified":"2024-03-07T21:00:43.836779Z"},{"id":"8b97880c-4850-5f09-a3cc-8d2efd4c5d56","name":"NIST-SP800153","description":"M. Souppaya and K. Scarfone. (2012, February). NIST SP 800-153 Guidelines for Securing Wireless Local Area Networks (WLANs). Retrieved December","url":"http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-153.pdf","source":"Mobile","title":"NIST SP 800-153 Guidelines for Securing Wireless Local Area Networks (WLANs)","authors":"M. Souppaya and K. Scarfone","date_accessed":"1978-12-01T00:00:00Z","date_published":"2012-02-01T00:00:00Z","owner_name":null,"tidal_id":"9a28530f-b55d-5ec8-8f6e-f7832b17afe1","created":"2026-01-28T13:08:10.044125Z","modified":"2026-01-28T13:08:10.044128Z"},{"id":"351a444e-2829-4584-83ea-de909e43ee72","name":"NIST Server Security July 2008","description":"Scarfone, K. et al.. (2008, July). NIST Special Publication 800-123 - Guide to General Server Security. Retrieved July 26, 2018.","url":"https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-123.pdf","source":"MITRE","title":"NIST Special Publication 800-123 - Guide to General Server Security","authors":"Scarfone, K. et al.","date_accessed":"2018-07-26T00:00:00Z","date_published":"2008-07-01T00:00:00Z","owner_name":null,"tidal_id":"8568e660-b616-5d47-bc7e-81bc16c9f08a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415674Z"},{"id":"94b5ac75-1fd5-4cad-a604-2b09846eb975","name":"Netskope Nitol","description":"Malik, A. (2016, October 14). Nitol Botnet makes a resurgence with evasive sandbox analysis technique. Retrieved September 30, 2021.","url":"https://www.netskope.com/blog/nitol-botnet-makes-resurgence-evasive-sandbox-analysis-technique","source":"MITRE","title":"Nitol Botnet makes a resurgence with evasive sandbox analysis technique","authors":"Malik, A","date_accessed":"2021-09-30T00:00:00Z","date_published":"2016-10-14T00:00:00Z","owner_name":null,"tidal_id":"d9c7a788-983d-5077-acf5-b9233ec762f0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433150Z"},{"id":"b2ee9f5e-ed34-4141-9740-8f6e37ba4f28","name":"The DFIR Report September 30 2024","description":"The DFIR Report. (2024, September 30). Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware. Retrieved September 30, 2024.","url":"https://thedfirreport.com/2024/09/30/nitrogen-campaign-drops-sliver-and-ends-with-blackcat-ransomware/","source":"Tidal Cyber","title":"Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware","authors":"The DFIR Report","date_accessed":"2024-09-30T00:00:00Z","date_published":"2024-09-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"016dde66-0b0b-53e1-9264-6228f9716632","created":"2024-10-04T20:31:33.585914Z","modified":"2024-10-04T20:31:34.098019Z"},{"id":"062c31b1-7c1e-487f-8340-11f4b3faabc4","name":"FireEye Njw0rm Aug 2013","description":"Dawda, U. and Villeneuve, N. (2013, August 30). Njw0rm - Brother From the Same Mother. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20200302085808/https://www.fireeye.com/blog/threat-research/2013/08/njw0rm-brother-from-the-same-mother.html","source":"MITRE","title":"Njw0rm - Brother From the Same Mother","authors":"Dawda, U. and Villeneuve, N","date_accessed":"2024-11-17T00:00:00Z","date_published":"2013-08-30T00:00:00Z","owner_name":null,"tidal_id":"cfcd9ba8-db0a-5f9a-b696-e81f40bdf7e8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421823Z"},{"id":"4bb113a8-7e2c-4656-86f4-c30b08705ffa","name":"Nltest Manual","description":"ss64. (n.d.). NLTEST.exe - Network Location Test. Retrieved February 14, 2019.","url":"https://ss64.com/nt/nltest.html","source":"MITRE","title":"NLTEST.exe - Network Location Test","authors":"ss64","date_accessed":"2019-02-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"60e18780-6686-55b9-b6fc-922b4c855a02","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423177Z"},{"id":"65f1bbaa-8ad1-4ad5-b726-660558d27efc","name":"Nmap: the Network Mapper","description":"Nmap. (n.d.). Nmap: the Network Mapper - Free Security Scanner. Retrieved September 7, 2023.","url":"https://nmap.org/","source":"Tidal Cyber","title":"Nmap: the Network Mapper - Free Security Scanner","authors":"Nmap","date_accessed":"2023-09-07T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"da9f26fa-ab3e-5903-8fb2-9afc3b84eb96","created":"2023-09-08T15:49:54.344233Z","modified":"2023-09-08T15:49:54.483084Z"},{"id":"aa315293-77a5-4ad9-b024-9af844edff9a","name":"Microsoft Nobelium Admin Privileges","description":"Microsoft Threat Intelligence Center. (2021, October 25). NOBELIUM targeting delegated administrative privileges to facilitate broader attacks. Retrieved January 31, 2022.","url":"https://www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks","source":"MITRE","title":"NOBELIUM targeting delegated administrative privileges to facilitate broader attacks","authors":"Microsoft Threat Intelligence Center","date_accessed":"2022-01-31T00:00:00Z","date_published":"2021-10-25T00:00:00Z","owner_name":null,"tidal_id":"c03be858-9e06-517a-b4e1-d73eca35f182","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442276Z"},{"id":"7b6cc308-9871-47e5-9039-a9a7e66ce373","name":"MSTIC Nobelium Oct 2021","description":"Microsoft Threat Intelligence Center. (2021, October 25). NOBELIUM targeting delegated administrative privileges to facilitate broader attacks. Retrieved March 25, 2022.","url":"https://www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks/","source":"MITRE","title":"NOBELIUM targeting delegated administrative privileges to facilitate broader attacks","authors":"Microsoft Threat Intelligence Center","date_accessed":"2022-03-25T00:00:00Z","date_published":"2021-10-25T00:00:00Z","owner_name":null,"tidal_id":"68ede6a9-f3ba-5b22-a87e-0c1415a9741f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428202Z"},{"id":"afd6808d-2c9f-4926-b7c6-ca9d3abdd923","name":"Symantec Noberus September 22 2022","description":"Symantec Threat Hunter Team. (2022, September 22). Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics. Retrieved September 14, 2023.","url":"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-ransomware-ttps","source":"Tidal Cyber","title":"Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics","authors":"Symantec Threat Hunter Team","date_accessed":"2023-09-14T00:00:00Z","date_published":"2022-09-22T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2434c328-0bfa-54c7-949e-e53231ed102e","created":"2023-09-14T20:17:58.673851Z","modified":"2023-09-14T20:17:58.761280Z"},{"id":"8206240f-c84e-442e-b025-f629e9cc8d91","name":"new_rust_based_ransomware","description":"Symantec Threat Hunter Team. (2021, December 16). Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware. Retrieved January 14, 2022.","url":"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/noberus-blackcat-alphv-rust-ransomware","source":"MITRE","title":"Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware","authors":"Symantec Threat Hunter Team","date_accessed":"2022-01-14T00:00:00Z","date_published":"2021-12-16T00:00:00Z","owner_name":null,"tidal_id":"5c18c998-da4e-53d0-8352-f37486ee7aa8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430486Z"},{"id":"98cf2bb0-f36c-45af-8d47-bf26aca3bb09","name":"SentinelOne NobleBaron June 2021","description":"Guerrero-Saade, J. (2021, June 1). NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks. Retrieved August 4, 2021.","url":"https://labs.sentinelone.com/noblebaron-new-poisoned-installers-could-be-used-in-supply-chain-attacks/","source":"MITRE","title":"NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks","authors":"Guerrero-Saade, J","date_accessed":"2021-08-04T00:00:00Z","date_published":"2021-06-01T00:00:00Z","owner_name":null,"tidal_id":"3715082d-478a-586b-bacd-3bc2ac450645","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421261Z"},{"id":"af710d49-48f4-47f6-98c6-8d4a4568b020","name":"NodeJS","description":"OpenJS Foundation. (n.d.). Node.js. Retrieved June 23, 2020.","url":"https://nodejs.org/","source":"MITRE","title":"Node.js","authors":"OpenJS Foundation","date_accessed":"2020-06-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d137b78f-38fb-524d-a419-6a24120fe05b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424878Z"},{"id":"e7c49ce6-9c5d-483a-b476-8a48799df6fa","name":"Mandiant No Easy Breach","description":"Dunwoody, M. and Carr, N.. (2016, September 27). No Easy Breach DerbyCon 2016. Retrieved October 4, 2016.","url":"http://www.slideshare.net/MatthewDunwoody1/no-easy-breach-derby-con-2016","source":"MITRE","title":"No Easy Breach DerbyCon 2016","authors":"Dunwoody, M. and Carr, N.","date_accessed":"2016-10-04T00:00:00Z","date_published":"2016-09-27T00:00:00Z","owner_name":null,"tidal_id":"435fb02f-7b7a-5fa2-b666-5ff8603ef88f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415803Z"},{"id":"cbc09411-be18-4241-be69-b718a741ed8c","name":"ESET PipeMon May 2020","description":"Tartare, M. et al. (2020, May 21). No “Game over” for the Winnti Group. Retrieved August 24, 2020.","url":"https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/","source":"MITRE","title":"No “Game over” for the Winnti Group","authors":"Tartare, M. et al","date_accessed":"2020-08-24T00:00:00Z","date_published":"2020-05-21T00:00:00Z","owner_name":null,"tidal_id":"ffaab17d-5864-5762-962d-36aa6ed3d971","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419964Z"},{"id":"f61dde91-3518-5a74-8eb8-bb3bae43e8fb","name":"nohup Linux Man","description":"Meyering, J. (n.d.). nohup(1). Retrieved August 30, 2023.","url":"https://linux.die.net/man/1/nohup","source":"MITRE","title":"nohup(1)","authors":"Meyering, J","date_accessed":"2023-08-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"98054a96-70af-5433-8d94-9f388765bf0c","created":"2023-11-07T00:36:01.932883Z","modified":"2025-12-17T15:08:36.429028Z"},{"id":"4eea6638-a71b-4d74-acc4-0fac82ef72f6","name":"Unit 42 Nokki Oct 2018","description":"Grunzweig, J. (2018, October 01). NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT. Retrieved November 5, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/10/unit42-nokki-almost-ties-the-knot-with-dogcall-reaper-group-uses-new-malware-to-deploy-rat/","source":"MITRE","title":"NOKKI Almost Ties the Knot with DOGCALL: Reaper Group Uses New Malware to Deploy RAT","authors":"Grunzweig, J","date_accessed":"2018-11-05T00:00:00Z","date_published":"2018-10-01T00:00:00Z","owner_name":null,"tidal_id":"67325d85-e367-59a2-85e9-f3963c7f3419","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416723Z"},{"id":"50dcb3f0-1461-453a-aab9-38c2e259173f","name":"ESET Nomadic Octopus 2018","description":"Cherepanov, A. (2018, October 4). Nomadic Octopus Cyber espionage in Central Asia. Retrieved October 13, 2021.","url":"https://www.virusbulletin.com/uploads/pdf/conference_slides/2018/Cherepanov-VB2018-Octopus.pdf","source":"MITRE, Tidal Cyber","title":"Nomadic Octopus Cyber espionage in Central Asia","authors":"Cherepanov, A","date_accessed":"2021-10-13T00:00:00Z","date_published":"2018-10-04T00:00:00Z","owner_name":null,"tidal_id":"dcb3d4e4-7f31-55f8-9bb8-1d78d8d0d072","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.262525Z"},{"id":"f8700002-5da6-4cb8-be62-34e421d2a573","name":"Malwarebytes Pony April 2016","description":"hasherezade. (2016, April 11). No money, but Pony! From a mail to a trojan horse. Retrieved May 21, 2020.","url":"https://blog.malwarebytes.com/threat-analysis/2015/11/no-money-but-pony-from-a-mail-to-a-trojan-horse/","source":"MITRE","title":"No money, but Pony! From a mail to a trojan horse","authors":"hasherezade","date_accessed":"2020-05-21T00:00:00Z","date_published":"2016-04-11T00:00:00Z","owner_name":null,"tidal_id":"1ec90fde-cc9b-5355-b111-05a9d9853fb7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417328Z"},{"id":"05a13b06-0034-41be-8a43-c80823b8de9e","name":"Sekoia.io Blog March 1 2024","description":"Amaury G; Maxime A; TDR Threat Detection; Research. (2024, March 1). NoName057(16)'s DDoSia project 2024 updates and behavioural shifts. Retrieved March 5, 2024.","url":"https://blog.sekoia.io/noname05716-ddosia-project-2024-updates-and-behavioural-shifts/","source":"Tidal Cyber","title":"NoName057(16)'s DDoSia project 2024 updates and behavioural shifts","authors":"Amaury G; Maxime A; TDR Threat Detection; Research","date_accessed":"2024-03-05T00:00:00Z","date_published":"2024-03-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7eb2126d-f5d3-5d34-9bfd-656ed3ce28d2","created":"2025-04-11T15:05:57.309599Z","modified":"2025-04-11T15:05:57.693633Z"},{"id":"bbd7e1ee-4f36-482a-b679-15ef0f1c91d3","name":"SentinelOne January 12 2023","description":"Tom Hegel. (2023, January 12). NoName057(16) - The Pro-Russian Hacktivist Group Targeting NATO. Retrieved January 1, 2024.","url":"https://www.sentinelone.com/labs/noname05716-the-pro-russian-hacktivist-group-targeting-nato/","source":"Tidal Cyber","title":"NoName057(16) - The Pro-Russian Hacktivist Group Targeting NATO","authors":"Tom Hegel","date_accessed":"2024-01-01T00:00:00Z","date_published":"2023-01-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ca3335dd-075b-5183-884c-261ad914a3c0","created":"2025-04-11T15:05:59.169833Z","modified":"2025-04-11T15:05:59.336175Z"},{"id":"79752048-f2fd-4357-9e0a-15b9a2927852","name":"BleepingComputer NoName September 10 2024","description":"Bill Toulas. (2024, September 10). NoName ransomware gang deploying RansomHub malware in recent attacks. Retrieved September 13, 2024.","url":"https://www.bleepingcomputer.com/news/security/noname-ransomware-gang-deploying-ransomhub-malware-in-recent-attacks/","source":"Tidal Cyber","title":"NoName ransomware gang deploying RansomHub malware in recent attacks","authors":"Bill Toulas","date_accessed":"2024-09-13T00:00:00Z","date_published":"2024-09-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a6d9f238-5eb2-5df2-aa9c-a2e8fb3d5443","created":"2024-09-13T19:19:51.661656Z","modified":"2024-09-13T19:19:51.932905Z"},{"id":"195922fa-a843-5cd3-a153-32f0b960dcb9","name":"WithSecure Lazarus-NoPineapple Threat Intel Report 2023","description":"Ruohonen, S. & Robinson, S. (2023, February 2). No Pineapple! -DPRK Targeting of Medical Research and Technology Sector. Retrieved July 10, 2023.","url":"https://labs.withsecure.com/content/dam/labs/docs/WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf","source":"MITRE","title":"No Pineapple! -DPRK Targeting of Medical Research and Technology Sector","authors":"Ruohonen, S. & Robinson, S","date_accessed":"2023-07-10T00:00:00Z","date_published":"2023-02-02T00:00:00Z","owner_name":null,"tidal_id":"2473e2b1-fbdd-5c7e-b302-daea54f31618","created":"2023-11-07T00:36:05.575603Z","modified":"2025-12-17T15:08:36.432256Z"},{"id":"84bfd3a1-bda2-4821-ac52-6af8515e5879","name":"xorrior chrome extensions macOS","description":"Chris Ross. (2019, February 8). No Place Like Chrome. Retrieved April 27, 2021.","url":"https://www.xorrior.com/No-Place-Like-Chrome/","source":"MITRE","title":"No Place Like Chrome","authors":"Chris Ross","date_accessed":"2021-04-27T00:00:00Z","date_published":"2019-02-08T00:00:00Z","owner_name":null,"tidal_id":"87954fd8-7a5f-54ad-8fe9-e10a3b0bc327","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426459Z"},{"id":"93c89ca5-1863-4ee2-9fff-258f94f655c4","name":"Cybernews Yanfeng Qilin November 2023","description":"Stefanie Schappert. (2023, November 28). North American auto supplier Yanfeng claimed by Qilin ransom group. Retrieved November 30, 2023.","url":"https://cybernews.com/news/yanfeng-ransomware-attack-claimed-qilin/","source":"Tidal Cyber","title":"North American auto supplier Yanfeng claimed by Qilin ransom group","authors":"Stefanie Schappert","date_accessed":"2023-11-30T00:00:00Z","date_published":"2023-11-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"425f489d-49e6-5df4-95c9-bea3a3950a22","created":"2023-12-01T14:42:09.602670Z","modified":"2023-12-01T14:42:09.738029Z"},{"id":"f3bebc54-1d9c-5462-88e5-4a44ddc8a7ef","name":"North American Electric Reliability Corporation June 2021","description":"North American Electric Reliability Corporation 2021, June 28 Glossary of Terms Used in NERC Reliability Standards. Retrieved 2021/10/11","url":"https://www.nerc.com/pa/Stand/Glossary%20of%20Terms/Glossary_of_Terms.pdf","source":"ICS","title":"North American Electric Reliability Corporation June 2021","authors":"","date_accessed":"2021-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"cca9f4fa-799e-55e7-9564-ae276151a59f","created":"2026-01-28T13:08:18.176934Z","modified":"2026-01-28T13:08:18.176937Z"},{"id":"5dfc3a45-9442-5c59-bd2b-750d74f5f450","name":"North America Transmission Forum December 2019","description":"North America Transmission Forum 2019, December NATF Transient Cyber Asset Guidance. Retrieved 2020/09/25","url":"https://www.natf.net/docs/natf/documents/resources/security/natf-transient-cyber-asset-guidance.pdf","source":"ICS","title":"North America Transmission Forum December 2019","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f6acc922-db33-58b8-baf5-4e1fc5055049","created":"2026-01-28T13:08:18.179765Z","modified":"2026-01-28T13:08:18.179768Z"},{"id":"b615953e-3c6c-4201-914c-4b75e45bb9ed","name":"U.S. CISA Andariel July 25 2024","description":"Cybersecurity and Infrastructure Security Agency. (2024, July 25). North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs. Retrieved July 29, 2024.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a","source":"Tidal Cyber","title":"North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2024-07-29T00:00:00Z","date_published":"2024-07-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5a55611b-175a-5854-8b7d-2743c235ab42","created":"2024-08-02T14:58:10.055700Z","modified":"2024-08-02T14:58:10.248494Z"},{"id":"8ae38830-1547-5cc1-83a4-87c3a7c82aa6","name":"The Hacker News Lazarus Aug 2022","description":"Lakshmanan, R. (2022, August 17). North Korea Hackers Spotted Targeting Job Seekers with macOS Malware. Retrieved April 10, 2023.","url":"https://thehackernews.com/2022/08/north-korea-hackers-spotted-targeting.html","source":"MITRE","title":"North Korea Hackers Spotted Targeting Job Seekers with macOS Malware","authors":"Lakshmanan, R","date_accessed":"2023-04-10T00:00:00Z","date_published":"2022-08-17T00:00:00Z","owner_name":null,"tidal_id":"0e5effa6-f667-5140-9738-b5995f7ce0da","created":"2023-05-26T01:21:11.404245Z","modified":"2025-12-17T15:08:36.438801Z"},{"id":"6253bbc5-4d7d-4b7e-bd6b-59bd6366dc50","name":"Zdnet Kimsuky Group September 2020","description":"Cimpanu, C. (2020, September 30). North Korea has tried to hack 11 officials of the UN Security Council. Retrieved November 4, 2020.","url":"https://www.zdnet.com/article/north-korea-has-tried-to-hack-11-officials-of-the-un-security-council/","source":"MITRE","title":"North Korea has tried to hack 11 officials of the UN Security Council","authors":"Cimpanu, C","date_accessed":"2020-11-04T00:00:00Z","date_published":"2020-09-30T00:00:00Z","owner_name":null,"tidal_id":"e7661c5a-b6de-5e3e-8374-ea89af04c135","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441855Z"},{"id":"76adbd81-2df0-5167-a0ef-a37a582e7739","name":"ic3-dprk","description":"FBI, State Department, NSA. (2024, May 2). North Korean Actors Exploit Weak DMARC Security Policies to Mask Spearphishing Efforts. Retrieved April 2, 2025.","url":"https://www.ic3.gov/CSA/2024/240502.pdf","source":"MITRE","title":"North Korean Actors Exploit Weak DMARC Security Policies to Mask Spearphishing Efforts","authors":"FBI, State Department, NSA","date_accessed":"2025-04-02T00:00:00Z","date_published":"2024-05-02T00:00:00Z","owner_name":null,"tidal_id":"87eab645-762c-5a4b-8097-3fbb9de886b8","created":"2025-04-22T20:47:20.220302Z","modified":"2025-12-17T15:08:36.435625Z"},{"id":"7e394434-364f-4e50-9a96-3e75dacc9866","name":"Volexity InkySquid BLUELIGHT August 2021","description":"Cash, D., Grunzweig, J., Meltzer, M., Adair, S., Lancaster, T. (2021, August 17). North Korean APT InkySquid Infects Victims Using Browser Exploits. Retrieved September 30, 2021.","url":"https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/","source":"MITRE","title":"North Korean APT InkySquid Infects Victims Using Browser Exploits","authors":"Cash, D., Grunzweig, J., Meltzer, M., Adair, S., Lancaster, T","date_accessed":"2021-09-30T00:00:00Z","date_published":"2021-08-17T00:00:00Z","owner_name":null,"tidal_id":"d9b92a48-be18-5681-ab4a-5487bedd195b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420154Z"},{"id":"17927f0e-297a-45ec-8e1c-8a33892205dc","name":"Talos Kimsuky Nov 2021","description":"An, J and Malhotra, A. (2021, November 10). North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets. Retrieved December 29, 2021.","url":"https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html","source":"MITRE","title":"North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets","authors":"An, J and Malhotra, A","date_accessed":"2021-12-29T00:00:00Z","date_published":"2021-11-10T00:00:00Z","owner_name":null,"tidal_id":"b6cadbbc-7048-5e73-9b53-ae3f373fde17","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424284Z"},{"id":"bff1667b-3f87-4653-bd17-b675e997baf1","name":"Volexity InkySquid RokRAT August 2021","description":"Cash, D., Grunzweig, J., Adair, S., Lancaster, T. (2021, August 25). North Korean BLUELIGHT Special: InkySquid Deploys RokRAT. Retrieved October 1, 2021.","url":"https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/","source":"MITRE","title":"North Korean BLUELIGHT Special: InkySquid Deploys RokRAT","authors":"Cash, D., Grunzweig, J., Adair, S., Lancaster, T","date_accessed":"2021-10-01T00:00:00Z","date_published":"2021-08-25T00:00:00Z","owner_name":null,"tidal_id":"6e00b894-1570-5842-bbeb-f3d881bdbfc6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419087Z"},{"id":"68d9fec5-40b0-414a-9d39-21b5f36a013b","name":"The Hacker News Contagious Interview April 25 2025","description":"Ravie Lakshmanan. (2025, April 25). North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures. Retrieved May 23, 2025.","url":"https://thehackernews.com/2025/04/north-korean-hackers-spread-malware-via.html","source":"Tidal Cyber","title":"North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures","authors":"Ravie Lakshmanan","date_accessed":"2025-05-23T00:00:00Z","date_published":"2025-04-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4ca463b0-e631-58ba-88fe-2140335d9cca","created":"2025-06-03T14:14:05.307534Z","modified":"2025-06-03T14:14:05.492452Z"},{"id":"0d575ac7-fa23-4c92-a567-494eeadb4259","name":"The Hacker News Hidden Risk November 7 2024","description":"Ravie Lakshmanan. (2024, November 7). North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS. Retrieved May 29, 2025.","url":"https://thehackernews.com/2024/11/north-korean-hackers-target-crypto.html","source":"Tidal Cyber","title":"North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS","authors":"Ravie Lakshmanan","date_accessed":"2025-05-29T00:00:00Z","date_published":"2024-11-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"375d1c46-9cd7-58b8-9af5-9f1dc65f048b","created":"2025-06-03T14:14:07.750899Z","modified":"2025-06-03T14:14:07.922375Z"},{"id":"43a8823e-e213-49a2-a3a3-80a9cc534706","name":"The Hacker News Nickel Tapestry October 20 2024","description":"Ravie Lakshmanan. (2024, October 20). North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data. Retrieved May 29, 2025.","url":"https://thehackernews.com/2024/10/north-korean-it-workers-in-western.html","source":"Tidal Cyber","title":"North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data","authors":"Ravie Lakshmanan","date_accessed":"2025-05-29T00:00:00Z","date_published":"2024-10-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"91b16fe6-6d47-50d7-b554-07e03553ea90","created":"2025-06-03T14:14:08.095566Z","modified":"2025-06-03T14:14:08.456484Z"},{"id":"1b531975-c7b4-441c-b169-5e586a78feac","name":"The Hacker News October 16 2024","description":"The Hacker News. (2024, October 16). North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware. Retrieved May 5, 2025.","url":"https://thehackernews.com/2024/10/north-korean-scarcruft-exploits-windows.html","source":"Tidal Cyber","title":"North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware","authors":"The Hacker News","date_accessed":"2025-05-05T00:00:00Z","date_published":"2024-10-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a02771ba-b343-5b46-be77-f980564a59b2","created":"2025-05-06T16:28:38.005195Z","modified":"2025-05-06T16:28:38.237231Z"},{"id":"d7ef2e80-30c0-47ce-91d4-db1690c6c689","name":"Microsoft Security Blog August 30 2024","description":"Microsoft Threat Intelligence; Microsoft Security Response Center. (2024, August 30). North Korean threat actor Citrine Sleet exploiting Chromium zero-day . Retrieved September 1, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/","source":"Tidal Cyber","title":"North Korean threat actor Citrine Sleet exploiting Chromium zero-day","authors":"Microsoft Threat Intelligence; Microsoft Security Response Center","date_accessed":"2024-09-01T00:00:00Z","date_published":"2024-08-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1adc46c4-4b7a-5256-84f6-2437b42b4045","created":"2024-10-04T20:31:27.972037Z","modified":"2024-10-04T20:31:28.366557Z"},{"id":"fbd96014-16c3-4ad6-bb3f-f92d15efce13","name":"Lazarus APT January 2022","description":"Saini, A. and Hossein, J. (2022, January 27). North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign. Retrieved January 27, 2022.","url":"https://blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/","source":"MITRE","title":"North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign","authors":"Saini, A. and Hossein, J","date_accessed":"2022-01-27T00:00:00Z","date_published":"2022-01-27T00:00:00Z","owner_name":null,"tidal_id":"894a4fd8-499c-5c43-bffe-f8c7a7182758","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433206Z"},{"id":"72d4b682-ed19-4e0f-aeff-faa52b3a0439","name":"Github NoRunDll","description":"gtworek. (2019, December 17). NoRunDll. Retrieved August 23, 2021.","url":"https://github.com/gtworek/PSBits/tree/master/NoRunDll","source":"MITRE","title":"NoRunDll","authors":"gtworek","date_accessed":"2021-08-23T00:00:00Z","date_published":"2019-12-17T00:00:00Z","owner_name":null,"tidal_id":"841dbd88-06cf-56f6-a43f-3ef5a6323ba3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424063Z"},{"id":"e48760ba-2752-4d30-8f99-152c81f63017","name":"CrowdStrike Scattered Spider SIM Swapping December 22 2022","description":"Tim Parisi. (2022, December 22). Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies. Retrieved September 14, 2023.","url":"https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/","source":"Tidal Cyber","title":"Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies","authors":"Tim Parisi","date_accessed":"2023-09-14T00:00:00Z","date_published":"2022-12-22T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9d00159b-de31-57be-beda-2650fd8314f5","created":"2023-09-14T20:17:59.036740Z","modified":"2023-09-14T20:17:59.126407Z"},{"id":"382785e1-4ef3-506e-b74f-cd07df9ae46e","name":"Crowdstrike TELCO BPO Campaign December 2022","description":"Parisi, T. (2022, December 2). Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies. Retrieved June 30, 2023.","url":"https://www.crowdstrike.com/blog/analysis-of-intrusion-campaign-targeting-telecom-and-bpo-companies/","source":"MITRE","title":"Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies","authors":"Parisi, T","date_accessed":"2023-06-30T00:00:00Z","date_published":"2022-12-02T00:00:00Z","owner_name":null,"tidal_id":"41c9b59f-8308-5486-ad84-68ebe03afd32","created":"2023-11-07T00:36:10.398108Z","modified":"2025-12-17T15:08:36.437301Z"},{"id":"50f9aa49-dde5-42c9-ba5c-f42281a71b7e","name":"Sophos Dyreza April 2015","description":"Ducklin, P. (2015, April 20). Notes from SophosLabs: Dyreza, the malware that discriminates against old computers. Retrieved June 16, 2020.","url":"https://nakedsecurity.sophos.com/2015/04/20/notes-from-sophoslabs-dyreza-the-malware-that-discriminates-against-old-computers/","source":"MITRE","title":"Notes from SophosLabs: Dyreza, the malware that discriminates against old computers","authors":"Ducklin, P","date_accessed":"2020-06-16T00:00:00Z","date_published":"2015-04-20T00:00:00Z","owner_name":null,"tidal_id":"37c5f04f-5f3c-566d-ad93-9f81145f3800","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419199Z"},{"id":"b3171abc-957c-4bd5-a18f-0d66bba396b9","name":"NIST Supply Chain 2012","description":"Boyens, J,. Et al.. (2002, October). Notional Supply Chain Risk Management Practices for Federal Information Systems. Retrieved April 6, 2018.","url":"http://dx.doi.org/10.6028/NIST.IR.7622","source":"MITRE","title":"Notional Supply Chain Risk Management Practices for Federal Information Systems","authors":"Boyens, J,. Et al.","date_accessed":"2018-04-06T00:00:00Z","date_published":"2002-10-01T00:00:00Z","owner_name":null,"tidal_id":"3c20db39-9de1-5175-8f8b-2fde4ba41503","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416051Z"},{"id":"82479890-0b04-51d6-a4ac-87cbddbea502","name":"Kaspersky 3CX Gopuram 2023","description":"Georgy Kucherin, Vasily Berdnikov, Vilen Kamalov. (2023, April 3). Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack. Retrieved August 25, 2025.","url":"https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/","source":"MITRE","title":"Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack","authors":"Georgy Kucherin, Vasily Berdnikov, Vilen Kamalov","date_accessed":"2025-08-25T00:00:00Z","date_published":"2023-04-03T00:00:00Z","owner_name":null,"tidal_id":"a0e3185f-2a55-55b2-8307-48089fe26025","created":"2025-10-29T21:08:48.167297Z","modified":"2025-12-17T15:08:36.439462Z"},{"id":"4b1198b6-7eaa-5dd4-9461-23b7019ebb35","name":"NotMe-BSOD","description":"lzcapp. (n.d.). Retrieved September 22, 2025.","url":"https://github.com/lzcapp/NotMe-BSOD","source":"MITRE","title":"NotMe-BSOD","authors":"","date_accessed":"2025-09-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"41a8e7ea-2665-5493-b51c-d39b491d00ab","created":"2025-10-29T21:08:48.166663Z","modified":"2025-12-17T15:08:36.436862Z"},{"id":"3976dd0e-7dee-4ae7-8c38-484b12ca233e","name":"eSentire FIN7 July 2021","description":"eSentire. (2021, July 21). Notorious Cybercrime Gang, FIN7, Lands Malware in Law Firm Using Fake Legal Complaint Against Jack Daniels’ Owner, Brown-Forman Inc.. Retrieved September 20, 2021.","url":"https://www.esentire.com/security-advisories/notorious-cybercrime-gang-fin7-lands-malware-in-law-firm-using-fake-legal-complaint-against-jack-daniels-owner-brown-forman-inc","source":"MITRE","title":"Notorious Cybercrime Gang, FIN7, Lands Malware in Law Firm Using Fake Legal Complaint Against Jack Daniels’ Owner, Brown-Forman Inc.","authors":"eSentire","date_accessed":"2021-09-20T00:00:00Z","date_published":"2021-07-21T00:00:00Z","owner_name":null,"tidal_id":"27d742a8-4a0c-5336-811e-4766ba9663fc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422429Z"},{"id":"3109e59c-ace2-4e5a-bba2-24b840a7af0d","name":"Secureworks NotPetya June 2017","description":"Counter Threat Research Team. (2017, June 28). NotPetya Campaign: What We Know About the Latest Global Ransomware Attack. Retrieved June 11, 2020.","url":"https://www.secureworks.com/blog/notpetya-campaign-what-we-know-about-the-latest-global-ransomware-attack","source":"MITRE","title":"NotPetya Campaign: What We Know About the Latest Global Ransomware Attack","authors":"Counter Threat Research Team","date_accessed":"2020-06-11T00:00:00Z","date_published":"2017-06-28T00:00:00Z","owner_name":null,"tidal_id":"9f68cda1-24da-50de-8145-84420bbffdcf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442351Z"},{"id":"1bafe35e-f99c-4aa9-8b2f-5a35970ec83b","name":"SensePost NotRuler","description":"SensePost. (2017, September 21). NotRuler - The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange. Retrieved February 4, 2019.","url":"https://github.com/sensepost/notruler","source":"MITRE","title":"NotRuler - The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange","authors":"SensePost","date_accessed":"2019-02-04T00:00:00Z","date_published":"2017-09-21T00:00:00Z","owner_name":null,"tidal_id":"25068476-7f83-5384-97be-ea98c0b2406b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423131Z"},{"id":"30e769e0-4552-429b-b16e-27830d42edea","name":"FireEye APT29 Nov 2018","description":"Dunwoody, M., et al. (2018, November 19). Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign. Retrieved November 27, 2018.","url":"https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html","source":"MITRE","title":"Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign","authors":"Dunwoody, M., et al","date_accessed":"2018-11-27T00:00:00Z","date_published":"2018-11-19T00:00:00Z","owner_name":null,"tidal_id":"897fbfa6-1a08-59bd-8a98-264c68649e92","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438107Z"},{"id":"fc9a1124-53d0-543e-9adb-357bbc0c088b","name":"Mandiant DPRK Laz Org Breakdown 2022","description":"Michael Barnhart, Michelle Cantos, Jeffery Johnson, Elias fox, Gary Freas, Dan Scott. (2022, March 23). Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations. Retrieved September 9, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/mapping-dprk-groups-to-government/","source":"MITRE","title":"Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations","authors":"Michael Barnhart, Michelle Cantos, Jeffery Johnson, Elias fox, Gary Freas, Dan Scott","date_accessed":"2025-09-09T00:00:00Z","date_published":"2022-03-23T00:00:00Z","owner_name":null,"tidal_id":"38794576-3316-5d7d-9d79-6fa89f3e14c7","created":"2025-10-29T21:08:48.166749Z","modified":"2025-12-17T15:08:36.437595Z"},{"id":"4926be5f-0eea-44cc-a73e-2f173eee901b","name":"SonicWall Nova Ransomware April 11 2025","description":"Security News. (2025, April 11). Nova RaaS: The Ransomware That ‘Spares’ Schools and Nonprofits—For Now. Retrieved May 19, 2025.","url":"https://www.sonicwall.com/blog/nova-raas-the-ransomware-that-spares-schools-and-nonprofits-for-now","source":"Tidal Cyber","title":"Nova RaaS: The Ransomware That ‘Spares’ Schools and Nonprofits—For Now","authors":"Security News","date_accessed":"2025-05-19T00:00:00Z","date_published":"2025-04-11T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"89761bb6-c2f6-525b-b4b0-a93533da0fc1","created":"2025-05-20T16:17:24.969516Z","modified":"2025-05-20T16:17:25.599990Z"},{"id":"50f48f4b-64ee-5ce0-a34b-610985db617d","name":"lookout_hornbill_sunbird_0221","description":"Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June","url":"https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict","source":"Mobile","title":"Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict","authors":"Apurva Kumar, Kristin Del Rosso","date_accessed":"1978-06-01T00:00:00Z","date_published":"2021-02-10T00:00:00Z","owner_name":null,"tidal_id":"63ae2168-3a08-5647-afb3-24594daf291f","created":"2026-01-28T13:08:10.038991Z","modified":"2026-01-28T13:08:10.038994Z"},{"id":"eaa08402-6dfc-5f87-acff-b8540f882f4a","name":"PaloAlto-XcodeGhost1","description":"Claud Xiao. (2015, September 17). Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store. Retrieved December","url":"http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/","source":"Mobile","title":"Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store","authors":"Claud Xiao","date_accessed":"1978-12-01T00:00:00Z","date_published":"2015-09-17T00:00:00Z","owner_name":null,"tidal_id":"77513c95-319c-5348-a06a-cc298fcbdfad","created":"2026-01-28T13:08:10.041921Z","modified":"2026-01-28T13:08:10.041924Z"},{"id":"06f668d9-9a68-4d2f-b9a0-b92beb3b75d6","name":"Unit 42 Cuba August 9 2022","description":"Anthony Galiette, Daniel Bunce, Doel Santos, Shawn Westfall. (2022, August 9). Novel News on Cuba Ransomware: Greetings From Tropical Scorpius. Retrieved June 4, 2022.","url":"https://unit42.paloaltonetworks.com/cuba-ransomware-tropical-scorpius/","source":"Tidal Cyber","title":"Novel News on Cuba Ransomware: Greetings From Tropical Scorpius","authors":"Anthony Galiette, Daniel Bunce, Doel Santos, Shawn Westfall","date_accessed":"2022-06-04T00:00:00Z","date_published":"2022-08-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"20c54c68-f6a7-5d7d-8572-9356a736a7f8","created":"2024-06-13T20:10:33.766117Z","modified":"2024-06-13T20:10:33.971924Z"},{"id":"50ad7fc6-a004-54e3-86df-78549222be64","name":"kroll bpl","description":"Dave Truman. (2024, June 24). Novel Technique Combination Used In IDATLOADER Distribution. Retrieved January 30, 2025.","url":"https://www.kroll.com/en/insights/publications/cyber/idatloader-distribution","source":"MITRE","title":"Novel Technique Combination Used In IDATLOADER Distribution","authors":"Dave Truman","date_accessed":"2025-01-30T00:00:00Z","date_published":"2024-06-24T00:00:00Z","owner_name":null,"tidal_id":"c73cb9f6-3234-57ad-9098-59682d1167df","created":"2025-04-22T20:47:11.727888Z","modified":"2025-12-17T15:08:36.427040Z"},{"id":"d6aa87e6-b2f5-56d3-8bbc-1bc36425b5a5","name":"Novetta Threat Research Group February 2016","description":"Novetta Threat Research Group 2016, February 24 Operation Blockbuster: Unraveling the Long Thread of the Sony Attack. Retrieved 2016/02/25","url":"https://web.archive.org/web/20220707091904/https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf","source":"ICS","title":"Novetta Threat Research Group February 2016","authors":"","date_accessed":"2016-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"84510cae-abd8-5a11-9fe2-4a0d4c338758","created":"2026-01-28T13:08:18.179571Z","modified":"2026-01-28T13:08:18.179574Z"},{"id":"306f7da7-caa2-40bf-a3db-e579c541eeb4","name":"NT API Windows","description":"The NTinterlnals.net team. (n.d.). Nowak, T. Retrieved June 25, 2020.","url":"https://undocumented.ntinternals.net/","source":"MITRE","title":"Nowak, T","authors":"The NTinterlnals.net team","date_accessed":"2020-06-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"51fd87c8-416a-541b-8f16-29a6ccc88581","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427872Z"},{"id":"650cdde6-e0b5-5cb4-9dc4-7a2528c9e49b","name":"Malicious Life by Cybereason","description":"Philip Tsukerman. (n.d.). No Win32 Process Needed | Expanding the WMI Lateral Movement Arsenal. Retrieved June 19, 2024.","url":"https://www.cybereason.com/blog/wmi-lateral-movement-win32#blog-subscribe","source":"MITRE","title":"No Win32 Process Needed | Expanding the WMI Lateral Movement Arsenal","authors":"Philip Tsukerman","date_accessed":"2024-06-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4ec02c76-1cd9-532e-8609-24e31068ecfe","created":"2024-10-31T16:28:27.328797Z","modified":"2025-12-17T15:08:36.436530Z"},{"id":"c42e1d00-942c-513d-bdfb-b97afc8f38cf","name":"Now You Serial","description":"Rahman, Alyssa. (2021, December 13). Now You Serial, Now You Don’t — Systematically Hunting for Deserialization Exploits. Retrieved November 28, 2023.","url":"https://www.mandiant.com/resources/blog/hunting-deserialization-exploits","source":"MITRE","title":"Now You Serial, Now You Don’t — Systematically Hunting for Deserialization Exploits","authors":"Rahman, Alyssa","date_accessed":"2023-11-28T00:00:00Z","date_published":"2021-12-13T00:00:00Z","owner_name":null,"tidal_id":"aa6e5a73-3bec-5a48-9e6f-611afd229216","created":"2024-04-25T13:28:52.374553Z","modified":"2025-04-22T20:47:31.613458Z"},{"id":"c8dc5650-eb37-4bb6-b5b7-e6269c79785c","name":"Npcap: Windows Packet Capture Library & Driver","description":"Npcap. (n.d.). Npcap: Windows Packet Capture Library & Driver. Retrieved September 7, 2023.","url":"https://npcap.com/","source":"Tidal Cyber","title":"Npcap: Windows Packet Capture Library & Driver","authors":"Npcap","date_accessed":"2023-09-07T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"9f320253-a10e-52df-bc62-5d81f72a8ad7","created":"2023-09-08T15:49:54.600148Z","modified":"2023-09-08T15:49:54.733086Z"},{"id":"1fda833e-e543-5e68-a0f5-8a4170dd632a","name":"NPLogonNotify","description":"Microsoft. (2021, October 21). NPLogonNotify function (npapi.h). Retrieved March 30, 2023.","url":"https://learn.microsoft.com/en-us/windows/win32/api/npapi/nf-npapi-nplogonnotify","source":"MITRE","title":"NPLogonNotify function (npapi.h)","authors":"Microsoft","date_accessed":"2023-03-30T00:00:00Z","date_published":"2021-10-21T00:00:00Z","owner_name":null,"tidal_id":"c8186112-bb1b-500b-8dff-8887951d4cfc","created":"2023-05-26T01:21:08.168747Z","modified":"2025-12-17T15:08:36.432566Z"},{"id":"727cce1f-abda-4e50-aaf1-2f4707b17a9f","name":"Aikido npm chalk Compromises September 8 2025","description":"Charlie Eriksen. (2025, September 8). npm debug and chalk packages compromised. Retrieved September 9, 2025.","url":"https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised","source":"Tidal Cyber","title":"npm debug and chalk packages compromised","authors":"Charlie Eriksen","date_accessed":"2025-09-09T12:00:00Z","date_published":"2025-09-08T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4874c2cb-0905-50e2-ad26-33ae842b302d","created":"2025-09-15T19:13:20.691282Z","modified":"2025-09-15T19:13:20.877520Z"},{"id":"c12bfaf6-4d83-552e-912b-cc55bce85961","name":"NPPSPY","description":"Grzegorz Tworek. (2021, December 15). NPPSpy. Retrieved March 30, 2023.","url":"https://github.com/gtworek/PSBits/tree/master/PasswordStealing/NPPSpy","source":"MITRE","title":"NPPSpy","authors":"Grzegorz Tworek","date_accessed":"2023-03-30T00:00:00Z","date_published":"2021-12-15T00:00:00Z","owner_name":null,"tidal_id":"2e3102d5-c69e-537f-9bac-2a3ee1a77204","created":"2023-05-26T01:21:08.159056Z","modified":"2025-12-17T15:08:36.432553Z"},{"id":"e1bc5c68-1e48-5e94-a3bc-f301b703f67e","name":"Apple NSBackgroundActivityScheduler","description":"Apple. (n.d.). NSBackgroundActivityScheduler. Retrieved November","url":"https://developer.apple.com/documentation/foundation/nsbackgroundactivityscheduler","source":"Mobile","title":"NSBackgroundActivityScheduler","authors":"Apple","date_accessed":"1978-11-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1f620d24-48e5-56c5-9714-38f24dc6760b","created":"2026-01-28T13:08:10.042614Z","modified":"2026-01-28T13:08:10.042617Z"},{"id":"9d15ab80-86b7-4a69-ae3f-de017ca89f37","name":"ntdsutil.exe - LOLBAS Project","description":"LOLBAS. (2020, January 10). ntdsutil.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Ntdsutil/","source":"Tidal Cyber","title":"ntdsutil.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-01-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fee9baf8-8f42-57fa-9dfb-3673d1838211","created":"2024-01-12T14:47:26.863672Z","modified":"2024-01-12T14:47:27.056062Z"},{"id":"34de2f08-0481-4894-80ef-86506d821cf0","name":"Ntdsutil Microsoft","description":"Microsoft. (2016, August 31). Ntdsutil Microsoft. Retrieved July 11, 2023.","url":"https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc753343(v=ws.11)","source":"Tidal Cyber","title":"Ntdsutil Microsoft","authors":"Microsoft","date_accessed":"2023-07-11T00:00:00Z","date_published":"2016-08-31T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"47f163c2-4563-5064-84de-87ff13fde8b9","created":"2023-07-14T12:56:34.247965Z","modified":"2023-07-14T12:56:34.351316Z"},{"id":"dc4689d2-54b4-4310-ac10-6b234eedbc16","name":"Microsoft NTFS File Attributes Aug 2010","description":"Hughes, J. (2010, August 25). NTFS File Attributes. Retrieved March 21, 2018.","url":"https://blogs.technet.microsoft.com/askcore/2010/08/25/ntfs-file-attributes/","source":"MITRE","title":"NTFS File Attributes","authors":"Hughes, J","date_accessed":"2018-03-21T00:00:00Z","date_published":"2010-08-25T00:00:00Z","owner_name":null,"tidal_id":"9c6094cd-0411-511d-bcd1-29d9936165be","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436412Z"},{"id":"7b533ca9-9075-408d-b125-89bc7446ec8f","name":"NtQueryInformationProcess","description":"Microsoft. (2021, November 23). NtQueryInformationProcess function (winternl.h). Retrieved February 4, 2022.","url":"https://docs.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntqueryinformationprocess","source":"MITRE","title":"NtQueryInformationProcess function (winternl.h)","authors":"Microsoft","date_accessed":"2022-02-04T00:00:00Z","date_published":"2021-11-23T00:00:00Z","owner_name":null,"tidal_id":"33153848-b489-5afa-bf89-6cf09fb224e8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433194Z"},{"id":"2acfc194-3b2c-5181-8124-45805160baf1","name":"NtRaiseHardError","description":"NtDoc. (n.d.). NtRaiseHardError - NtDoc. Retrieved September 22, 2025.","url":"https://ntdoc.m417z.com/ntraiseharderror","source":"MITRE","title":"NtRaiseHardError - NtDoc","authors":"NtDoc","date_accessed":"2025-09-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"217cafdf-809f-5a7d-a9cf-94ad9f06aed2","created":"2025-10-29T21:08:48.166677Z","modified":"2025-12-17T15:08:36.436874Z"},{"id":"0cbc515d-6799-477e-b831-d2caf9ad155e","name":"Ntsd.exe - LOLBAS Project","description":"LOLBAS. (2025, July 16). Ntsd.exe. Retrieved December 30, 2025.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Ntsd/","source":"Tidal Cyber","title":"Ntsd.exe","authors":"LOLBAS","date_accessed":"2025-12-30T12:00:00Z","date_published":"2025-07-16T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"50d8551b-7aa0-544e-a495-d4186d52d75f","created":"2026-01-06T18:03:32.702529Z","modified":"2026-01-06T18:03:32.857387Z"},{"id":"7cbf93a8-0d1b-5c49-851b-5bc2bc3ffb2c","name":"Sentinel Labs NullBulge 2024","description":"Jim Walter. (2024, July 16). NullBulge | Threat Actor Masquerades as Hacktivist Group Rebelling Against AI. Retrieved August 30, 2024.","url":"https://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/","source":"MITRE","title":"NullBulge | Threat Actor Masquerades as Hacktivist Group Rebelling Against AI","authors":"Jim Walter","date_accessed":"2024-08-30T00:00:00Z","date_published":"2024-07-16T00:00:00Z","owner_name":null,"tidal_id":"f4c4834e-c156-591b-b464-ee95ad88e133","created":"2024-10-31T16:28:27.503232Z","modified":"2025-12-17T15:08:36.436720Z"},{"id":"b40fc5d8-02fd-5683-88c3-592c6b06df1a","name":"AsyncRAT GitHub","description":"Nyan-x-Cat. (n.d.). NYAN-x-CAT / AsyncRAT-C-Sharp. Retrieved October 3, 2023.","url":"https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp/blob/master/README.md","source":"MITRE","title":"NYAN-x-CAT / AsyncRAT-C-Sharp","authors":"Nyan-x-Cat","date_accessed":"2023-10-03T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ea1c71a7-4ed9-5e19-8a36-3ca6bcee58f5","created":"2023-11-07T00:36:20.787189Z","modified":"2025-12-17T15:08:36.441985Z"},{"id":"fe6ac288-1c7c-4ec0-a709-c3ca56e5d088","name":"Joe Sec Nymaim","description":"Joe Security. (2016, April 21). Nymaim - evading Sandboxes with API hammering. Retrieved September 30, 2021.","url":"https://www.joesecurity.org/blog/3660886847485093803","source":"MITRE","title":"Nymaim - evading Sandboxes with API hammering","authors":"Joe Security","date_accessed":"2021-09-30T00:00:00Z","date_published":"2016-04-21T00:00:00Z","owner_name":null,"tidal_id":"46272e84-84fc-5022-9ca7-6d7cd85ccf7c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433131Z"},{"id":"7e80ec7f-35bd-5c1e-9a51-a84440fb05a3","name":"Nzyme Alerts Intro","description":"Koopmann, Lennart. (n.d.). Nzyme Alerts Introduction. Retrieved November","url":"https://docs.nzyme.org/wifi/monitoring/network-monitoring/","source":"ICS","title":"Nzyme Alerts Introduction","authors":"Koopmann, Lennart","date_accessed":"1978-11-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f96c96b9-d50b-5e43-8e84-a52e6229f91f","created":"2026-01-28T13:08:18.178553Z","modified":"2026-01-28T13:08:18.178556Z"},{"id":"ec89a48b-3b00-4928-8450-d2fbd307817f","name":"OWASP Fingerprinting","description":"OWASP Wiki. (2018, February 16). OAT-004 Fingerprinting. Retrieved October 20, 2020.","url":"https://wiki.owasp.org/index.php/OAT-004_Fingerprinting","source":"MITRE","title":"OAT-004 Fingerprinting","authors":"OWASP Wiki","date_accessed":"2020-10-20T00:00:00Z","date_published":"2018-02-16T00:00:00Z","owner_name":null,"tidal_id":"b53602c2-3568-553c-ab2b-8fa4ed79ae54","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430637Z"},{"id":"039c0947-1976-4eb8-bb26-4c74dceea7f0","name":"OWASP Vuln Scanning","description":"OWASP. (n.d.). OAT-014 Vulnerability Scanning. Retrieved October 20, 2020.","url":"https://owasp.org/www-project-automated-threats-to-web-applications/assets/oats/EN/OAT-014_Vulnerability_Scanning","source":"MITRE","title":"OAT-014 Vulnerability Scanning","authors":"OWASP","date_accessed":"2020-10-20T00:00:00Z","date_published":"2018-02-16T00:00:00Z","owner_name":null,"tidal_id":"7266e246-ea92-5694-9de9-8e35c05dd0fe","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429731Z"},{"id":"55f73507-cf44-5ac7-a9bd-4de868bbf6ef","name":"GoogleProjectZero-OATmeal","description":"Jann Horn. (2018, September 10). OATmeal on the Universal Cereal Bus: Exploiting Android phones over USB. Retrieved September","url":"https://googleprojectzero.blogspot.com/2018/09/oatmeal-on-universal-cereal-bus.html","source":"Mobile","title":"OATmeal on the Universal Cereal Bus: Exploiting Android phones over USB","authors":"Jann Horn","date_accessed":"1978-09-01T00:00:00Z","date_published":"2018-09-10T00:00:00Z","owner_name":null,"tidal_id":"20227af8-9a05-567d-98d4-81fdfc18f03d","created":"2026-01-28T13:08:10.044277Z","modified":"2026-01-28T13:08:10.044280Z"},{"id":"0cea6734-d877-5007-95cc-0e24bdf33ff8","name":"SecureWorks Device Code Phishing 2021","description":"SecureWorks Counter Threat Unit Research Team. (2021, June 3). OAuth’S Device Code Flow Abused in Phishing Attacks. Retrieved March 19, 2024.","url":"https://www.secureworks.com/blog/oauths-device-code-flow-abused-in-phishing-attacks","source":"MITRE","title":"OAuth’S Device Code Flow Abused in Phishing Attacks","authors":"SecureWorks Counter Threat Unit Research Team","date_accessed":"2024-03-19T00:00:00Z","date_published":"2021-06-03T00:00:00Z","owner_name":null,"tidal_id":"0caa075f-817f-5d34-9d85-572cb5ec0d18","created":"2024-04-25T13:28:31.881056Z","modified":"2025-12-17T15:08:36.426778Z"},{"id":"fc4434c0-373b-42fe-a0f5-683c24fa329e","name":"BlackHat API Packers","description":"Choi, S. (2015, August 6). Obfuscated API Functions in Modern Packers. Retrieved August 22, 2022.","url":"https://www.blackhat.com/docs/us-15/materials/us-15-Choi-API-Deobfuscator-Resolving-Obfuscated-API-Functions-In-Modern-Packers.pdf","source":"MITRE","title":"Obfuscated API Functions in Modern Packers","authors":"Choi, S","date_accessed":"2022-08-22T00:00:00Z","date_published":"2015-08-06T00:00:00Z","owner_name":null,"tidal_id":"ce2e7176-3915-5e4d-81a7-5812bafbd5d0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436066Z"},{"id":"6d1089b7-0efe-4961-8abc-22a882895377","name":"FireEye Obfuscation June 2017","description":"Bohannon, D. & Carr N. (2017, June 30). Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques. Retrieved February 12, 2018.","url":"https://web.archive.org/web/20170923102302/https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html","source":"MITRE","title":"Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques","authors":"Bohannon, D. & Carr N","date_accessed":"2018-02-12T00:00:00Z","date_published":"2017-06-30T00:00:00Z","owner_name":null,"tidal_id":"7b8e3423-36a1-52f4-8584-79e8843a8131","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433660Z"},{"id":"26b757c8-25cd-42ef-bef2-eb7a28455d57","name":"objective-see 2017 review","description":"Patrick Wardle. (n.d.). Retrieved March 20, 2018.","url":"https://objective-see.com/blog/blog_0x25.html","source":"MITRE","title":"objective-see 2017 review","authors":"","date_accessed":"2018-03-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"304c8901-4683-519e-bb56-1757d4dfac8f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431092Z"},{"id":"32c16ce6-ccb6-5a60-975c-39d165dfc0a2","name":"GCP Storage Lifecycles","description":"Google Cloud. (n.d.). Object Lifecycle Management. Retrieved September 25, 2024.","url":"https://cloud.google.com/storage/docs/lifecycle","source":"MITRE","title":"Object Lifecycle Management","authors":"Google Cloud","date_accessed":"2024-09-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"839332c9-91a8-55b2-ad2d-d4347312355e","created":"2024-10-31T16:28:16.738495Z","modified":"2025-12-17T15:08:36.424979Z"},{"id":"20e13efb-4ca1-43b2-83a6-c852e03333d7","name":"Talos Oblique RAT March 2021","description":"Malhotra, A. (2021, March 2). ObliqueRAT returns with new campaign using hijacked websites. Retrieved September 2, 2021.","url":"https://blog.talosintelligence.com/2021/02/obliquerat-new-campaign.html","source":"MITRE","title":"ObliqueRAT returns with new campaign using hijacked websites","authors":"Malhotra, A","date_accessed":"2021-09-02T00:00:00Z","date_published":"2021-03-02T00:00:00Z","owner_name":null,"tidal_id":"4309ea31-eef3-523b-bcc0-8a969943e957","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418757Z"},{"id":"e2d453c3-efb4-44e5-8b60-6a98dd6c3341","name":"IBM ITG07 June 2019","description":"McMillen, D. Sperry, C. (2019, June 14). Observations of ITG07 Cyber Operations. Retrieved May 17, 2021.","url":"https://securityintelligence.com/posts/observations-of-itg07-cyber-operations/","source":"MITRE","title":"Observations of ITG07 Cyber Operations","authors":"McMillen, D. Sperry, C","date_accessed":"2021-05-17T00:00:00Z","date_published":"2019-06-14T00:00:00Z","owner_name":null,"tidal_id":"9e3b1768-121d-5091-94ac-cf5bd5a46b0f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441442Z"},{"id":"0ab158b4-9085-481a-8458-40f7c752179f","name":"Palo Alto CVE-2015-3113 July 2015","description":"Falcone, R. and Wartell, R.. (2015, July 27). Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload. Retrieved January 22, 2016.","url":"http://researchcenter.paloaltonetworks.com/2015/07/ups-observations-on-cve-2015-3113-prior-zero-days-and-the-pirpi-payload/","source":"MITRE","title":"Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload","authors":"Falcone, R. and Wartell, R.","date_accessed":"2016-01-22T00:00:00Z","date_published":"2015-07-27T00:00:00Z","owner_name":null,"tidal_id":"9d6f534d-45bd-59f9-8927-364787851c68","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441232Z"},{"id":"c8cfeb11-832d-5705-beec-ef915eda05da","name":"Expel Atlas Lion 2025","description":"Ben Nahorney and Jennifer Maynard. (2025, April 10). Observing Atlas Lion (part one): Why take control when you can enroll?. Retrieved May 22, 2025.","url":"https://expel.com/blog/observing-atlas-lion-part-one/","source":"MITRE","title":"Observing Atlas Lion (part one): Why take control when you can enroll?","authors":"Ben Nahorney and Jennifer Maynard","date_accessed":"2025-05-22T00:00:00Z","date_published":"2025-04-10T00:00:00Z","owner_name":null,"tidal_id":"02b1d532-e6c5-5871-ab17-b84b8e2ca9af","created":"2025-10-29T21:08:48.166079Z","modified":"2025-12-17T15:08:36.431647Z"},{"id":"ed9f5545-377f-4a12-92e4-c0439cc5b037","name":"Volexity OceanLotus Nov 2017","description":"Lassalle, D., et al. (2017, November 6). OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society. Retrieved November 6, 2017.","url":"https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/","source":"MITRE","title":"OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society","authors":"Lassalle, D., et al","date_accessed":"2017-11-06T00:00:00Z","date_published":"2017-11-06T00:00:00Z","owner_name":null,"tidal_id":"36abc374-92f4-5420-b58e-2f70daaf522c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438336Z"},{"id":"dbea2493-7e0a-47f0-88c1-5867f8bb1199","name":"Volexity Ocean Lotus November 2020","description":"Adair, S. and Lancaster, T. (2020, November 6). OceanLotus: Extending Cyber Espionage Operations Through Fake Websites. Retrieved November 20, 2020.","url":"https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/","source":"MITRE","title":"OceanLotus: Extending Cyber Espionage Operations Through Fake Websites","authors":"Adair, S. and Lancaster, T","date_accessed":"2020-11-20T00:00:00Z","date_published":"2020-11-06T00:00:00Z","owner_name":null,"tidal_id":"32835a0b-7874-56f0-bc11-fedf6144cdfd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428261Z"},{"id":"6e9acc29-06af-4915-8e01-7dcccb204530","name":"OceanLotus for OS X","description":"Eddie Lee. (2016, February 17). OceanLotus for OS X - an Application Bundle Pretending to be an Adobe Flash Update. Retrieved July 5, 2017.","url":"https://www.alienvault.com/blogs/labs-research/oceanlotus-for-os-x-an-application-bundle-pretending-to-be-an-adobe-flash-update","source":"MITRE","title":"OceanLotus for OS X - an Application Bundle Pretending to be an Adobe Flash Update","authors":"Eddie Lee","date_accessed":"2017-07-05T00:00:00Z","date_published":"2016-02-17T00:00:00Z","owner_name":null,"tidal_id":"24f70651-4ca5-5468-bc9b-dfc7eb0aafc9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427275Z"},{"id":"e97e479b-4e6d-40b5-94cb-eac06172c0f8","name":"ESET OceanLotus macOS April 2019","description":"Dumont, R.. (2019, April 9). OceanLotus: macOS malware update. Retrieved April 15, 2019.","url":"https://www.welivesecurity.com/2019/04/09/oceanlotus-macos-malware-update/","source":"MITRE","title":"OceanLotus: macOS malware update","authors":"Dumont, R.","date_accessed":"2019-04-15T00:00:00Z","date_published":"2019-04-09T00:00:00Z","owner_name":null,"tidal_id":"e5cfdbf0-c75a-5a07-ac0c-7df9ebc1a78d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441455Z"},{"id":"a7bcbaca-10c1-403a-9eb5-f111af1cbf6a","name":"ESET OceanLotus","description":"Foltýn, T. (2018, March 13). OceanLotus ships new backdoor using old tricks. Retrieved May 22, 2018.","url":"https://www.welivesecurity.com/2018/03/13/oceanlotus-ships-new-backdoor/","source":"MITRE, Tidal Cyber","title":"OceanLotus ships new backdoor using old tricks","authors":"Foltýn, T","date_accessed":"2018-05-22T00:00:00Z","date_published":"2018-03-13T00:00:00Z","owner_name":null,"tidal_id":"5a3b5172-b7f8-5ed4-9be3-b89b435386ef","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.269821Z"},{"id":"5e09ab9c-8cb2-49f5-b65f-fd5447e71ef4","name":"Okta HAR Files Incident Update","description":"David Bradbury. (2023, November 29). October Customer Support Security Incident - Update and Recommended Actions. Retrieved December 19, 2023.","url":"https://sec.okta.com/harfiles","source":"Tidal Cyber","title":"October Customer Support Security Incident - Update and Recommended Actions","authors":"David Bradbury","date_accessed":"2023-12-19T00:00:00Z","date_published":"2023-11-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"40a2afb8-24f8-5aa2-a26f-ebe2f1e85c36","created":"2024-06-13T20:10:45.970749Z","modified":"2024-06-13T20:10:46.164440Z"},{"id":"77407057-53f1-4fde-bc74-00f73d417f7d","name":"Securelist Octopus Oct 2018","description":"Kaspersky Lab's Global Research & Analysis Team. (2018, October 15). Octopus-infested seas of Central Asia. Retrieved November 14, 2018.","url":"https://securelist.com/octopus-infested-seas-of-central-asia/88200/","source":"MITRE, Tidal Cyber","title":"Octopus-infested seas of Central Asia","authors":"Kaspersky Lab's Global Research & Analysis Team","date_accessed":"2018-11-14T00:00:00Z","date_published":"2018-10-15T00:00:00Z","owner_name":null,"tidal_id":"8b615847-5981-5a39-b38a-2d0390af8d53","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.262531Z"},{"id":"92716d7d-3ca5-5d7a-b719-946e94828f13","name":"MSTIC Octo Tempest Operations October 2023","description":"Microsoft. (2023, October 25). Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction. Retrieved March 18, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/","source":"MITRE","title":"Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction","authors":"Microsoft","date_accessed":"2024-03-18T00:00:00Z","date_published":"2023-10-25T00:00:00Z","owner_name":null,"tidal_id":"5283be69-63a0-5c59-be8a-cf1fbff53b3f","created":"2024-04-25T13:28:44.294993Z","modified":"2025-12-17T15:08:36.438927Z"},{"id":"febcaaec-b535-4347-a4c7-b3284b251897","name":"LOLBAS Odbcconf","description":"LOLBAS. (n.d.). Odbcconf.exe. Retrieved March 7, 2019.","url":"https://lolbas-project.github.io/lolbas/Binaries/Odbcconf/","source":"MITRE","title":"Odbcconf.exe","authors":"LOLBAS","date_accessed":"2019-03-07T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2cf3ce54-9cb2-5080-a6d2-a0e3362c0cdc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431000Z"},{"id":"9df74876-2abf-4ced-b986-36212225d795","name":"Microsoft odbcconf.exe","description":"Microsoft. (2017, January 18). ODBCCONF.EXE. Retrieved March 7, 2019.","url":"https://docs.microsoft.com/en-us/sql/odbc/odbcconf-exe?view=sql-server-2017","source":"MITRE","title":"ODBCCONF.EXE","authors":"Microsoft","date_accessed":"2019-03-07T00:00:00Z","date_published":"2017-01-18T00:00:00Z","owner_name":null,"tidal_id":"6a1c68f1-dd16-59ca-8ca5-e05eada1f1ca","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430993Z"},{"id":"cab25908-63da-484d-8c42-4451f46086e2","name":"GrimBlog UsernameEnum","description":"GrimHacker. (2017, July 24). Office365 ActiveSync Username Enumeration. Retrieved December 9, 2021.","url":"https://grimhacker.com/2017/07/24/office365-activesync-username-enumeration/","source":"MITRE","title":"Office365 ActiveSync Username Enumeration","authors":"GrimHacker","date_accessed":"2021-12-09T00:00:00Z","date_published":"2017-07-24T00:00:00Z","owner_name":null,"tidal_id":"586d54c1-9a9f-5525-a5d5-05845c8ae3ce","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429527Z"},{"id":"314fb591-d5f2-4f0c-ab0b-97977308b5dc","name":"GitHub Office 365 User Enumeration","description":"gremwell. (2020, March 24). Office 365 User Enumeration. Retrieved May 27, 2022.","url":"https://github.com/gremwell/o365enum","source":"MITRE","title":"Office 365 User Enumeration","authors":"gremwell","date_accessed":"2022-05-27T00:00:00Z","date_published":"2020-03-24T00:00:00Z","owner_name":null,"tidal_id":"078f538b-dcbd-53cc-bb77-6c9b37285073","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430794Z"},{"id":"6298d7b0-c6f9-46dd-91f0-41ef0ad515a5","name":"GitHub Office-Crackros Aug 2016","description":"Carr, N. (2016, August 14). OfficeCrackros. Retrieved February 12, 2018.","url":"https://github.com/itsreallynick/office-crackros","source":"MITRE","title":"OfficeCrackros","authors":"Carr, N","date_accessed":"2018-02-12T00:00:00Z","date_published":"2016-08-14T00:00:00Z","owner_name":null,"tidal_id":"fcb90f3d-c481-5b85-9706-f26c6da0e0ee","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433672Z"},{"id":"f574182a-5d91-43c8-b560-e84a7e941c96","name":"GlobalDotName Jun 2019","description":"Shukrun, S. (2019, June 2). Office Templates and GlobalDotName - A Stealthy Office Persistence Technique. Retrieved August 26, 2019.","url":"https://www.221bluestreet.com/post/office-templates-and-globaldotname-a-stealthy-office-persistence-technique","source":"MITRE","title":"Office Templates and GlobalDotName - A Stealthy Office Persistence Technique","authors":"Shukrun, S","date_accessed":"2019-08-26T00:00:00Z","date_published":"2019-06-02T00:00:00Z","owner_name":null,"tidal_id":"d6cfb575-7459-543d-bf1a-60547fd65cf9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427520Z"},{"id":"ba0e3c5d-7934-4ece-b4a1-c03bc355f378","name":"Microsoft VBA","description":"Microsoft. (2019, June 11). Office VBA Reference. Retrieved June 23, 2020.","url":"https://docs.microsoft.com/office/vba/api/overview/","source":"MITRE","title":"Office VBA Reference","authors":"Microsoft","date_accessed":"2020-06-23T00:00:00Z","date_published":"2019-06-11T00:00:00Z","owner_name":null,"tidal_id":"896d950e-71ff-5496-88d9-bf0afb32513f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435491Z"},{"id":"a3cee503-91f4-5c04-8386-1f514535ff27","name":"WPXI Aliquippa Water November 2023","description":"WPXI. (2023, November 27). Officials investigating cyberattack on Municipal Water Authority of Aliquippa. Retrieved March","url":"https://www.wpxi.com/news/local/officials-investigating-cyberattack-municipal-water-authority-aliquippa/K5A3BEW35RAXJPMNHNE35RZ7WA/","source":"ICS","title":"Officials investigating cyberattack on Municipal Water Authority of Aliquippa","authors":"WPXI","date_accessed":"1978-03-01T00:00:00Z","date_published":"2023-11-27T00:00:00Z","owner_name":null,"tidal_id":"8f2b021f-fba5-54e7-ab31-ece2c0c926b3","created":"2026-01-28T13:08:18.179280Z","modified":"2026-01-28T13:08:18.179283Z"},{"id":"8194442f-4f86-438e-bd0c-f4cbda0264b8","name":"OfflineScannerShell.exe - LOLBAS Project","description":"LOLBAS. (2021, August 16). OfflineScannerShell.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/OfflineScannerShell/","source":"Tidal Cyber","title":"OfflineScannerShell.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-08-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"688efe18-4a05-50bd-88dd-59ffb683193f","created":"2024-01-12T14:46:51.374846Z","modified":"2024-01-12T14:46:51.554273Z"},{"id":"e3d932fc-0148-43b9-bcc7-971dd7ba3bf8","name":"Bitdefender Agent Tesla April 2020","description":"Arsene, L. (2020, April 21). Oil & Gas Spearphishing Campaigns Drop Agent Tesla Spyware in Advance of Historic OPEC+ Deal. Retrieved May 19, 2020.","url":"https://labs.bitdefender.com/2020/04/oil-gas-spearphishing-campaigns-drop-agent-tesla-spyware-in-advance-of-historic-opec-deal/","source":"MITRE","title":"Oil & Gas Spearphishing Campaigns Drop Agent Tesla Spyware in Advance of Historic OPEC+ Deal","authors":"Arsene, L","date_accessed":"2020-05-19T00:00:00Z","date_published":"2020-04-21T00:00:00Z","owner_name":null,"tidal_id":"eb107001-8d1d-5d90-a0c5-1c358075fb88","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422115Z"},{"id":"db9985eb-d536-45b9-a82b-34d8cdd2b699","name":"CFR OilRig Profile","description":"Council on Foreign Relations. (n.d.). OilRig. Retrieved September 1, 2024.","url":"https://www.cfr.org/cyber-operations/oilrig","source":"Tidal Cyber","title":"OilRig","authors":"Council on Foreign Relations","date_accessed":"2024-09-01T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"e47e8435-5b3f-5b89-8bc6-cdb542e6fa56","created":"2024-09-04T12:49:07.473541Z","modified":"2024-09-04T12:49:07.870451Z"},{"id":"fb561cdd-03f6-4867-b5b5-7e4deb11f0d0","name":"Palo Alto OilRig April 2017","description":"Falcone, R.. (2017, April 27). OilRig Actors Provide a Glimpse into Development and Testing Efforts. Retrieved May 3, 2017.","url":"http://researchcenter.paloaltonetworks.com/2017/04/unit42-oilrig-actors-provide-glimpse-development-testing-efforts/","source":"MITRE","title":"OilRig Actors Provide a Glimpse into Development and Testing Efforts","authors":"Falcone, R.","date_accessed":"2017-05-03T00:00:00Z","date_published":"2017-04-27T00:00:00Z","owner_name":null,"tidal_id":"3bc6bfc0-b918-5289-af19-469b2d42be28","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437492Z"},{"id":"f5f3e1e7-1d83-4ddc-a878-134cd0d268ce","name":"OilRig New Delivery Oct 2017","description":"Falcone, R. and Lee, B. (2017, October 9). OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan. Retrieved January 8, 2018.","url":"https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-attacks-new-delivery-documents-new-injector-trojan/","source":"MITRE","title":"OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan","authors":"Falcone, R. and Lee, B","date_accessed":"2018-01-08T00:00:00Z","date_published":"2017-10-09T00:00:00Z","owner_name":null,"tidal_id":"1fd6fbc4-c845-5044-b18b-549191c48747","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418925Z"},{"id":"14bbb07b-caeb-4d17-8e54-047322a5930c","name":"Palo Alto OilRig Oct 2016","description":"Grunzweig, J. and Falcone, R.. (2016, October 4). OilRig Malware Campaign Updates Toolset and Expands Targets. Retrieved May 3, 2017.","url":"http://researchcenter.paloaltonetworks.com/2016/10/unit42-oilrig-malware-campaign-updates-toolset-and-expands-targets/","source":"MITRE, Tidal Cyber","title":"OilRig Malware Campaign Updates Toolset and Expands Targets","authors":"Grunzweig, J. and Falcone, R.","date_accessed":"2017-05-03T00:00:00Z","date_published":"2016-10-04T00:00:00Z","owner_name":null,"tidal_id":"c471178f-211c-55f8-8d7f-1ea153eff503","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.273546Z"},{"id":"799db594-6a65-5b80-9d64-c530fadbd9ae","name":"ESET OilRig Campaigns Sep 2023","description":"Hromcova, Z. and Burgher, A. (2023, September 21). OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes. Retrieved November 21, 2024.","url":"https://www.welivesecurity.com/en/eset-research/oilrigs-outer-space-juicy-mix-same-ol-rig-new-drill-pipes/","source":"MITRE","title":"OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes","authors":"Hromcova, Z. and Burgher, A","date_accessed":"2024-11-21T00:00:00Z","date_published":"2023-09-21T00:00:00Z","owner_name":null,"tidal_id":"48b24e23-cad5-5a78-a44e-841a61830c85","created":"2025-04-22T20:47:21.844320Z","modified":"2025-12-17T15:08:36.420969Z"},{"id":"21ee3e95-ac4b-48f7-b948-249e1884bc96","name":"ESET OilRig September 21 2023","description":"ESET Research. (2024, September 21). OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes. Retrieved September 3, 2024.","url":"https://www.welivesecurity.com/en/eset-research/oilrigs-outer-space-juicy-mix-same-ol-rig-new-drill-pipes/","source":"Tidal Cyber","title":"OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes","authors":"ESET Research","date_accessed":"2024-09-03T00:00:00Z","date_published":"2024-09-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e153c2f1-e5e4-5167-86ce-630f3e90358a","created":"2024-09-04T12:49:08.634004Z","modified":"2024-09-04T12:49:08.855692Z"},{"id":"f96b74d5-ff75-47c6-a9a2-b2f43db351bc","name":"ESET OilRig December 14 2023","description":"Zuzana Hromcová, Adam Burgher. (2023, December 14). OilRig’s persistent attacks using cloud service-powered downloaders. Retrieved September 1, 2024.","url":"https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/","source":"Tidal Cyber","title":"OilRig’s persistent attacks using cloud service-powered downloaders","authors":"Zuzana Hromcová, Adam Burgher","date_accessed":"2024-09-01T00:00:00Z","date_published":"2023-12-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a2c6d6cc-e4be-57fc-a584-9cf661949eae","created":"2024-09-04T12:49:06.357667Z","modified":"2024-09-04T12:49:06.837796Z"},{"id":"7f2e0dcb-43a6-59e6-bc44-d01ace24b154","name":"ESET OilRig Downloaders DEC 2023","description":"Hromcova, Z. and Burgher, A. (2023, December 14). OilRig’s persistent attacks using cloud service-powered downloaders. Retrieved November 26, 2024.","url":"https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/","source":"MITRE","title":"OilRig’s persistent attacks using cloud service-powered downloaders","authors":"Hromcova, Z. and Burgher, A","date_accessed":"2024-11-26T00:00:00Z","date_published":"2023-12-14T00:00:00Z","owner_name":null,"tidal_id":"1708e15a-314e-55b6-8351-b44c03b6ab30","created":"2025-04-22T20:47:26.658068Z","modified":"2025-12-17T15:08:36.418024Z"},{"id":"84815940-b98a-4f5c-82fe-7d8bf2f51a09","name":"Unit 42 OilRig Sept 2018","description":"Falcone, R., et al. (2018, September 04). OilRig Targets a Middle Eastern Government and Adds Evasion Techniques to OopsIE. Retrieved September 24, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/09/unit42-oilrig-targets-middle-eastern-government-adds-evasion-techniques-oopsie/","source":"MITRE","title":"OilRig Targets a Middle Eastern Government and Adds Evasion Techniques to OopsIE","authors":"Falcone, R., et al","date_accessed":"2018-09-24T00:00:00Z","date_published":"2018-09-04T00:00:00Z","owner_name":null,"tidal_id":"ce19688f-9cc1-5fce-b8a1-9e61256e1c8d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420350Z"},{"id":"2929baa5-ead7-4936-ab67-c4742afc473c","name":"Unit42 RDAT July 2020","description":"Falcone, R. (2020, July 22). OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory. Retrieved July 28, 2020.","url":"https://unit42.paloaltonetworks.com/oilrig-novel-c2-channel-steganography/","source":"MITRE","title":"OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory","authors":"Falcone, R","date_accessed":"2020-07-28T00:00:00Z","date_published":"2020-07-22T00:00:00Z","owner_name":null,"tidal_id":"ce74c5e7-5408-5ee9-8876-1472aada5926","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418290Z"},{"id":"320f49df-7b0a-4a6a-8542-17b0f56c94c9","name":"Unit 42 QUADAGENT July 2018","description":"Lee, B., Falcone, R. (2018, July 25). OilRig Targets Technology Service Provider and Government Agency with QUADAGENT. Retrieved August 9, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/07/unit42-oilrig-targets-technology-service-provider-government-agency-quadagent/","source":"MITRE","title":"OilRig Targets Technology Service Provider and Government Agency with QUADAGENT","authors":"Lee, B., Falcone, R","date_accessed":"2018-08-09T00:00:00Z","date_published":"2018-07-25T00:00:00Z","owner_name":null,"tidal_id":"0df264d8-a09e-5698-a766-c99537e4c6fa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419834Z"},{"id":"e42c60cb-7827-4896-96e9-1323d5973aac","name":"OilRig ISMAgent July 2017","description":"Falcone, R. and Lee, B. (2017, July 27). OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group. Retrieved January 8, 2018.","url":"https://researchcenter.paloaltonetworks.com/2017/07/unit42-oilrig-uses-ismdoor-variant-possibly-linked-greenbug-threat-group/","source":"MITRE","title":"OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group","authors":"Falcone, R. and Lee, B","date_accessed":"2018-01-08T00:00:00Z","date_published":"2017-07-27T00:00:00Z","owner_name":null,"tidal_id":"91e28ba3-f011-53bc-a916-e2e440d332f2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440544Z"},{"id":"94b37da6-f808-451e-8f2d-5df0e93358ca","name":"Unit 42 RGDoor Jan 2018","description":"Falcone, R. (2018, January 25). OilRig uses RGDoor IIS Backdoor on Targets in the Middle East. Retrieved July 6, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-middle-east/","source":"MITRE","title":"OilRig uses RGDoor IIS Backdoor on Targets in the Middle East","authors":"Falcone, R","date_accessed":"2018-07-06T00:00:00Z","date_published":"2018-01-25T00:00:00Z","owner_name":null,"tidal_id":"f0b314b4-f8b7-53c0-915f-b0c72ce0ac67","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421375Z"},{"id":"8e27709a-857b-54bc-a5af-1697a089e9cc","name":"OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government","description":"Kyle Wilhoit, Robert Falcone. (2018, September 12). OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government. Retrieved July 21, 2025.","url":"https://unit42.paloaltonetworks.com/unit42-oilrig-uses-updated-bondupdater-target-middle-eastern-government/","source":"MITRE","title":"OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government","authors":"Kyle Wilhoit, Robert Falcone","date_accessed":"2025-07-21T00:00:00Z","date_published":"2018-09-12T00:00:00Z","owner_name":null,"tidal_id":"af99ad53-c71b-5915-b04a-c8e9f864f351","created":"2025-10-29T21:08:48.165628Z","modified":"2025-12-17T15:08:36.425724Z"},{"id":"2ec6eabe-92e2-454c-ba7b-b27fec5b428d","name":"Palo Alto OilRig Sep 2018","description":"Wilhoit, K. and Falcone, R. (2018, September 12). OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government. Retrieved February 18, 2019.","url":"https://unit42.paloaltonetworks.com/unit42-oilrig-uses-updated-bondupdater-target-middle-eastern-government/","source":"MITRE","title":"OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government","authors":"Wilhoit, K. and Falcone, R","date_accessed":"2019-02-18T00:00:00Z","date_published":"2018-09-12T00:00:00Z","owner_name":null,"tidal_id":"116e5419-7c09-5982-bc63-bd7b3949c017","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421759Z"},{"id":"197163a8-1a38-4edd-ba73-f44e7a329f41","name":"ESET Okrum July 2019","description":"Hromcova, Z. (2019, July). OKRUM AND KETRICAN: AN OVERVIEW OF RECENT KE3CHANG GROUP ACTIVITY. Retrieved May 6, 2020.","url":"https://www.welivesecurity.com/wp-content/uploads/2019/07/ESET_Okrum_and_Ketrican.pdf","source":"MITRE","title":"OKRUM AND KETRICAN: AN OVERVIEW OF RECENT KE3CHANG GROUP ACTIVITY","authors":"Hromcova, Z","date_accessed":"2020-05-06T00:00:00Z","date_published":"2019-07-01T00:00:00Z","owner_name":null,"tidal_id":"9011401c-6bf3-5186-9f67-b66f6530e708","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418312Z"},{"id":"daff40d1-f22d-4dac-92d4-d0cdc3a25c10","name":"BleepingComputer January 22 2026","description":"None Identified. (2026, January 22). Okta SSO accounts targeted in vishing-based data theft attacks. Retrieved January 23, 2026.","url":"https://www.bleepingcomputer.com/news/security/okta-sso-accounts-targeted-in-vishing-based-data-theft-attacks/","source":"Tidal Cyber","title":"Okta SSO accounts targeted in vishing-based data theft attacks","authors":"None Identified","date_accessed":"2026-01-23T12:00:00Z","date_published":"2026-01-22T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fb4eb423-a1c9-5f3f-a5d4-6b2531dc7ee2","created":"2026-01-23T20:29:41.481067Z","modified":"2026-01-23T20:29:41.612507Z"},{"id":"a7f38717-afbe-41c1-a404-bcb023c337e3","name":"Talos Agent Tesla Oct 2018","description":"Brumaghin, E., et al. (2018, October 15). Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox. Retrieved November 5, 2018.","url":"https://blog.talosintelligence.com/2018/10/old-dog-new-tricks-analysing-new-rtf_15.html","source":"MITRE","title":"Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox","authors":"Brumaghin, E., et al","date_accessed":"2018-11-05T00:00:00Z","date_published":"2018-10-15T00:00:00Z","owner_name":null,"tidal_id":"971f434e-95de-5f3f-9efc-e1ace410ee00","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422122Z"},{"id":"3430ac9b-1621-42b4-9cc7-5ee60191051f","name":"Securelist Malware Tricks April 2017","description":"Ishimaru, S.. (2017, April 13). Old Malware Tricks To Bypass Detection in the Age of Big Data. Retrieved May 30, 2019.","url":"https://securelist.com/old-malware-tricks-to-bypass-detection-in-the-age-of-big-data/78010/","source":"MITRE","title":"Old Malware Tricks To Bypass Detection in the Age of Big Data","authors":"Ishimaru, S.","date_accessed":"2019-05-30T00:00:00Z","date_published":"2017-04-13T00:00:00Z","owner_name":null,"tidal_id":"ec0cb042-01e1-550b-895c-fb6ba242efc7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429436Z"},{"id":"f64e934f-737d-4461-8158-ae855bc472c4","name":"Red Canary Verclsid.exe","description":"Haag, M., Levan, K. (2017, April 6). Old Phishing Attacks Deploy a New Methodology: Verclsid.exe. Retrieved August 10, 2020.","url":"https://redcanary.com/blog/verclsid-exe-threat-detection/","source":"MITRE","title":"Old Phishing Attacks Deploy a New Methodology: Verclsid.exe","authors":"Haag, M., Levan, K","date_accessed":"2020-08-10T00:00:00Z","date_published":"2017-04-06T00:00:00Z","owner_name":null,"tidal_id":"d59f3a2f-3de0-5bca-a772-1a798d781fb8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431822Z"},{"id":"25a2e179-7abd-4091-8af4-e9d2bf24ef11","name":"Talos Olympic Destroyer 2018","description":"Mercer, W. and Rascagneres, P. (2018, February 12). Olympic Destroyer Takes Aim At Winter Olympics. Retrieved March 14, 2019.","url":"https://blog.talosintelligence.com/2018/02/olympic-destroyer.html","source":"MITRE","title":"Olympic Destroyer Takes Aim At Winter Olympics","authors":"Mercer, W. and Rascagneres, P","date_accessed":"2019-03-14T00:00:00Z","date_published":"2018-02-12T00:00:00Z","owner_name":null,"tidal_id":"853dd7e8-7820-5255-8c2c-0e165674cbe7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417753Z"},{"id":"f71410b4-5f79-439a-ae9e-8965f9bc577f","name":"Crowdstrike Pirate Panda April 2020","description":"Busselen, M. (2020, April 7). On-demand Webcast: CrowdStrike Experts on COVID-19 Cybersecurity Challenges and Recommendations. Retrieved May 20, 2020.","url":"https://www.crowdstrike.com/blog/on-demand-webcast-crowdstrike-experts-on-covid-19-cybersecurity-challenges-and-recommendations/","source":"MITRE","title":"On-demand Webcast: CrowdStrike Experts on COVID-19 Cybersecurity Challenges and Recommendations","authors":"Busselen, M","date_accessed":"2020-05-20T00:00:00Z","date_published":"2020-04-07T00:00:00Z","owner_name":null,"tidal_id":"95402ba0-472d-516a-8737-098a525bf3d0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438731Z"},{"id":"3d7dcd68-a7b2-438c-95bb-b7523a39c6f7","name":"OneDriveStandaloneUpdater.exe - LOLBAS Project","description":"LOLBAS. (2021, August 22). OneDriveStandaloneUpdater.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/OneDriveStandaloneUpdater/","source":"Tidal Cyber","title":"OneDriveStandaloneUpdater.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-08-22T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"77922458-4a5d-599e-b978-0f06ee445dbd","created":"2024-01-12T14:46:51.742698Z","modified":"2024-01-12T14:46:51.921629Z"},{"id":"e4aa340e-de84-5b0d-8fba-405005a46f09","name":"Electron 6-8","description":"Kosayev, U. (2023, June 15). One Electron to Rule Them All. Retrieved March 7, 2024.","url":"https://medium.com/@MalFuzzer/one-electron-to-rule-them-all-dc2e9b263daf","source":"MITRE","title":"One Electron to Rule Them All","authors":"Kosayev, U","date_accessed":"2024-03-07T00:00:00Z","date_published":"2023-06-15T00:00:00Z","owner_name":null,"tidal_id":"53aaaaaa-c62b-59b2-90eb-ec361226b195","created":"2024-04-25T13:28:34.831313Z","modified":"2025-12-17T15:08:36.429771Z"},{"id":"c5aeed6b-2d5d-4d49-b05e-261d565808d9","name":"chasing_avaddon_ransomware","description":"Hernandez, A. S. Tarter, P. Ocamp, E. J. (2022, January 19). One Source to Rule Them All: Chasing AVADDON Ransomware. Retrieved January 26, 2022.","url":"https://www.mandiant.com/resources/chasing-avaddon-ransomware","source":"MITRE","title":"One Source to Rule Them All: Chasing AVADDON Ransomware","authors":"Hernandez, A. S. Tarter, P. Ocamp, E. J","date_accessed":"2022-01-26T00:00:00Z","date_published":"2022-01-19T00:00:00Z","owner_name":null,"tidal_id":"d15e2050-a04b-50c7-bc4b-10e57e6a0836","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433395Z"},{"id":"78c0c51d-5757-4701-8626-c0d99be6f9ac","name":"OPSWAT Detection Engineering August 30 2024","description":"Darren Spruell. (2024, August 30). One Step Ahead - Future Proofing in Detection Engineering. Retrieved February 13, 2025.","url":"https://www.opswat.com/blog/one-step-ahead-future-proofing-in-detection-engineering","source":"Tidal Cyber","title":"One Step Ahead - Future Proofing in Detection Engineering","authors":"Darren Spruell","date_accessed":"2025-02-13T00:00:00Z","date_published":"2024-08-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b4580dad-b696-53ba-b2f7-309b69897da3","created":"2025-02-18T15:18:01.126527Z","modified":"2025-02-18T15:18:01.295539Z"},{"id":"03628704-e8f0-5cca-a58a-3f81afad564b","name":"Barnea DirectSend","description":"Tom Barnea. (2025, September 9). Ongoing Campaign Abuses Microsoft 365’s Direct Send to Deliver Phishing Emails. Retrieved September 24, 2025.","url":"https://www.varonis.com/blog/direct-send-exploit","source":"MITRE","title":"Ongoing Campaign Abuses Microsoft 365’s Direct Send to Deliver Phishing Emails","authors":"Tom Barnea","date_accessed":"2025-09-24T00:00:00Z","date_published":"2025-09-09T00:00:00Z","owner_name":null,"tidal_id":"63df5fe0-6700-5e66-9a2a-7da11a2e3ba1","created":"2025-10-29T21:08:48.166548Z","modified":"2025-12-17T15:08:36.435645Z"},{"id":"b57af46b-a26b-5fca-8509-406889261d41","name":"rapid7-email-bombing","description":"Tyler McGraw, Thomas Elkins, and Evan McCann. (2024, May 10). Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators. Retrieved January 31, 2025.","url":"https://www.rapid7.com/blog/post/2024/05/10/ongoing-social-engineering-campaign-linked-to-black-basta-ransomware-operators","source":"MITRE","title":"Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators","authors":"Tyler McGraw, Thomas Elkins, and Evan McCann","date_accessed":"2025-01-31T00:00:00Z","date_published":"2024-05-10T00:00:00Z","owner_name":null,"tidal_id":"c64b3e36-cd01-5e5e-b3dd-490a9601a6ed","created":"2025-04-22T20:47:18.728883Z","modified":"2025-12-17T15:08:36.434140Z"},{"id":"1f0bceb3-0709-48eb-8d39-98d04b1ceb42","name":"Socket CrowdStrike npm Compromise September 16 2025","description":"Kush Pandya, Peter van der Zee, Olivia Brown. (2025, September 16). Ongoing Supply Chain Attack Targets CrowdStrike npm Packages. Retrieved September 18, 2025.","url":"https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages","source":"Tidal Cyber","title":"Ongoing Supply Chain Attack Targets CrowdStrike npm Packages","authors":"Kush Pandya, Peter van der Zee, Olivia Brown","date_accessed":"2025-09-18T12:00:00Z","date_published":"2025-09-16T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"25069feb-3fcc-5f2c-8254-4399ff147180","created":"2025-09-19T19:47:43.786872Z","modified":"2025-09-19T19:47:43.912484Z"},{"id":"0667caad-39cd-469b-91c0-1210c09e6041","name":"Onion Routing","description":"Wikipedia. (n.d.). Onion Routing. Retrieved October 20, 2020.","url":"https://en.wikipedia.org/wiki/Onion_routing","source":"MITRE","title":"Onion Routing","authors":"Wikipedia","date_accessed":"2020-10-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2efefa90-08de-598d-adf7-f67d51b17ffc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433331Z"},{"id":"54e5f23a-5ca6-4feb-8046-db2fb71b400a","name":"FireEye FIN7 Aug 2018","description":"Carr, N., et al. (2018, August 01). On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation. Retrieved August 23, 2018.","url":"https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html","source":"MITRE","title":"On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation","authors":"Carr, N., et al","date_accessed":"2018-08-23T00:00:00Z","date_published":"2018-08-01T00:00:00Z","owner_name":null,"tidal_id":"923a5747-414e-537f-898f-a905b1cccd10","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437383Z"},{"id":"67d6cf00-7971-55fb-ae5f-e71a3150ceaa","name":"securelist_strongpity","description":"Baumgartner, K. (2016, October 3). On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users. Retrieved March 28, 2024.","url":"https://securelist.com/on-the-strongpity-waterhole-attacks-targeting-italian-and-belgian-encryption-users/76147/","source":"MITRE","title":"On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users","authors":"Baumgartner, K","date_accessed":"2024-03-28T00:00:00Z","date_published":"2016-10-03T00:00:00Z","owner_name":null,"tidal_id":"60fb35e0-d85a-5cc0-b9cf-b14d1cf0ab0d","created":"2024-04-25T13:28:42.465692Z","modified":"2025-12-17T15:08:36.439588Z"},{"id":"27f8ad45-53d2-48ba-b549-f7674cf9c2e7","name":"OSX.FairyTale","description":"Phile Stokes. (2018, September 20). On the Trail of OSX.FairyTale | Adware Playing at Malware. Retrieved August 24, 2021.","url":"https://www.sentinelone.com/blog/trail-osx-fairytale-adware-playing-malware/","source":"MITRE","title":"On the Trail of OSX.FairyTale | Adware Playing at Malware","authors":"Phile Stokes","date_accessed":"2021-08-24T00:00:00Z","date_published":"2018-09-20T00:00:00Z","owner_name":null,"tidal_id":"90404031-8f47-51d7-989e-33863c6f53a2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427560Z"},{"id":"d4c2bac0-e95c-46af-ae52-c93de3d92f19","name":"Unit 42 OopsIE! Feb 2018","description":"Lee, B., Falcone, R. (2018, February 23). OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan. Retrieved July 16, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/02/unit42-oopsie-oilrig-uses-threedollars-deliver-new-trojan/","source":"MITRE","title":"OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan","authors":"Lee, B., Falcone, R","date_accessed":"2018-07-16T00:00:00Z","date_published":"2018-02-23T00:00:00Z","owner_name":null,"tidal_id":"d2b86c91-d981-5f5c-8480-0188b1a2abb7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420344Z"},{"id":"8c1d75b3-2ea9-5390-aefb-88f50730b2a0","name":"Mitiga","description":"Ariel Szarf, Doron Karmi, and Lionel Saposnik. (n.d.). Oops, I Leaked It Again — How Mitiga Found PII in Exposed Amazon RDS Snapshots. Retrieved September 24, 2024.","url":"https://www.mitiga.io/blog/how-mitiga-found-pii-in-exposed-amazon-rds-snapshots","source":"MITRE","title":"Oops, I Leaked It Again — How Mitiga Found PII in Exposed Amazon RDS Snapshots","authors":"Ariel Szarf, Doron Karmi, and Lionel Saposnik","date_accessed":"2024-09-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b2a0ee04-2200-5d39-a46e-aadedab55c49","created":"2024-10-31T16:28:25.929940Z","modified":"2025-12-17T15:08:36.434997Z"},{"id":"63787035-f136-43e1-b445-22853bbed92b","name":"Proofpoint ZeroT Feb 2017","description":"Huss, D., et al. (2017, February 2). Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX. Retrieved April 5, 2018.","url":"https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx","source":"MITRE","title":"Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX","authors":"Huss, D., et al","date_accessed":"2018-04-05T00:00:00Z","date_published":"2017-02-02T00:00:00Z","owner_name":null,"tidal_id":"9fb71461-5849-5cb8-afe6-031bebbbbd7f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418254Z"},{"id":"e597522a-68ac-4d7e-80c4-db1c66d2da04","name":"OpenConsole.exe - LOLBAS Project","description":"LOLBAS. (2022, June 17). OpenConsole.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/OpenConsole/","source":"Tidal Cyber","title":"OpenConsole.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-06-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"731a44c0-542f-538b-9862-92c3c1874bf5","created":"2024-01-12T14:47:27.246210Z","modified":"2024-01-12T14:47:27.421899Z"},{"id":"46a480eb-52d1-44c9-8b44-7e516b27cf82","name":"Open Login Items Apple","description":"Apple. (n.d.). Open items automatically when you log in on Mac. Retrieved October 1, 2021.","url":"https://support.apple.com/guide/mac-help/open-items-automatically-when-you-log-in-mh15189/mac","source":"MITRE","title":"Open items automatically when you log in on Mac","authors":"Apple","date_accessed":"2021-10-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"72f97bf3-9962-5e96-8a49-5fd165d2ab08","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432045Z"},{"id":"e5ca6811-cd22-4be5-a751-d23fb99d206e","name":"OpenSSH Project Page","description":"OpenSSH. (2023, March 15). OpenSSH. Retrieved May 25, 2023.","url":"https://www.openssh.com/","source":"Tidal Cyber","title":"OpenSSH","authors":"OpenSSH","date_accessed":"2023-05-25T00:00:00Z","date_published":"2023-03-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6c61debd-c23d-5b6d-b87b-fc7a52b55d5d","created":"2024-03-07T21:00:44.728098Z","modified":"2024-03-07T21:00:44.912031Z"},{"id":"8ab9903b-db4b-4459-9791-f9ab12b7577b","name":"OpenSSH Server Listening On Socket","description":"mdecrevoisier. (2022, October 25). OpenSSH Server Listening On Socket. Retrieved May 25, 2023.","url":"https://github.com/SigmaHQ/sigma/blob/master/rules/windows/builtin/openssh/win_sshd_openssh_server_listening_on_socket.yml","source":"Tidal Cyber","title":"OpenSSH Server Listening On Socket","authors":"mdecrevoisier","date_accessed":"2023-05-25T00:00:00Z","date_published":"2022-10-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e20c9f58-7c34-5cc6-9651-dc94d6134b94","created":"2024-06-13T20:10:32.253580Z","modified":"2024-06-13T20:10:32.441264Z"},{"id":"459a4ad5-0e28-4bfc-a73e-b9dd516d516f","name":"Operating with EmPyre","description":"rvrsh3ll. (2016, May 18). Operating with EmPyre. Retrieved July 12, 2017.","url":"https://medium.com/rvrsh3ll/operating-with-empyre-ea764eda3363","source":"MITRE","title":"Operating with EmPyre","authors":"rvrsh3ll","date_accessed":"2017-07-12T00:00:00Z","date_published":"2016-05-18T00:00:00Z","owner_name":null,"tidal_id":"ecf9eb63-5d0c-5642-a789-2ec5636fcd05","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427144Z"},{"id":"3a616f81-7052-5e99-ab44-c40991c0ea52","name":"ESET MirrorFace 2025","description":"Dominik Breitenbacher. (2025, March 18). Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor. Retrieved May 22, 2025.","url":"https://www.welivesecurity.com/en/eset-research/operation-akairyu-mirrorface-invites-europe-expo-2025-revives-anel-backdoor/","source":"MITRE","title":"Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor","authors":"Dominik Breitenbacher","date_accessed":"2025-05-22T00:00:00Z","date_published":"2025-03-18T00:00:00Z","owner_name":null,"tidal_id":"aece2c3a-7c08-51ca-a17e-917874c5387d","created":"2025-10-29T21:08:48.166255Z","modified":"2025-12-17T15:08:36.433765Z"},{"id":"336ea5f5-d8cc-4af5-9aa0-203e319b3c28","name":"Windows AppleJeus GReAT","description":"Global Research & Analysis Team, Kaspersky Lab (GReAT). (2018, August 23). Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware. Retrieved September 27, 2022.","url":"https://securelist.com/operation-applejeus/87553/","source":"MITRE","title":"Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware","authors":"Global Research & Analysis Team, Kaspersky Lab (GReAT)","date_accessed":"2022-09-27T00:00:00Z","date_published":"2018-08-23T00:00:00Z","owner_name":null,"tidal_id":"1cd210cd-2149-5db1-9dac-b02bb3eda59c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435326Z"},{"id":"57b3ee67-b2b8-4937-a557-411a870bb5b3","name":"None December 21 2025","description":"None Identified. (2025, December 21). Operation Artemis: Analysis of HWP-Based DLL Side Loading Attacks. Retrieved December 24, 2025.","url":"https://www.genians.co.kr/en/blog/threat_intelligence/dll","source":"Tidal Cyber","title":"Operation Artemis: Analysis of HWP-Based DLL Side Loading Attacks","authors":"None Identified","date_accessed":"2025-12-24T12:00:00Z","date_published":"2025-12-21T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4cbe9d01-9d73-5ed6-a1cf-bd66b008b557","created":"2025-12-29T17:39:48.295589Z","modified":"2025-12-29T17:39:48.446804Z"},{"id":"7d71b7c9-531e-4e4f-ab85-df2380555b7a","name":"Cybereason Operation Bearded Barbie April 5 2022","description":"Cybereason Nocturnus. (2022, April 5). Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials. Retrieved October 30, 2023.","url":"https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials","source":"Tidal Cyber","title":"Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials","authors":"Cybereason Nocturnus","date_accessed":"2023-10-30T00:00:00Z","date_published":"2022-04-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"18781188-75da-5090-ad4c-6c3ee16be84e","created":"2024-04-25T14:10:41.090962Z","modified":"2024-04-25T14:10:41.571920Z"},{"id":"de278b77-52cb-4126-9341-5b32843ae9f1","name":"Novetta Blockbuster Destructive Malware","description":"Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Destructive Malware Report. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20160303200515/https:/operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Destructive-Malware-Report.pdf","source":"MITRE","title":"Operation Blockbuster: Destructive Malware Report","authors":"Novetta Threat Research Group","date_accessed":"2024-11-17T00:00:00Z","date_published":"2016-02-24T00:00:00Z","owner_name":null,"tidal_id":"ae589d0e-82f4-5e03-b93b-a4a9ec87eabb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422939Z"},{"id":"5d3e2f36-3833-4203-9884-c3ff806da286","name":"Novetta Blockbuster Loaders","description":"Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Loaders, Installers and Uninstallers Report. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20190508165631/https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Loaders-Installers-and-Uninstallers-Report.pdf","source":"MITRE","title":"Operation Blockbuster: Loaders, Installers and Uninstallers Report","authors":"Novetta Threat Research Group","date_accessed":"2024-11-17T00:00:00Z","date_published":"2016-02-24T00:00:00Z","owner_name":null,"tidal_id":"3ec56802-d3b6-56af-ad95-a07dbfa70069","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440494Z"},{"id":"80d88e80-b5a7-48b7-a999-96b06d082997","name":"Novetta Blockbuster RATs","description":"Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Remote Administration Tools & Content Staging Malware Report. Retrieved March 16, 2016.","url":"https://web.archive.org/web/20220608001455/https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-RAT-and-Staging-Report.pdf","source":"MITRE","title":"Operation Blockbuster: Remote Administration Tools & Content Staging Malware Report","authors":"Novetta Threat Research Group","date_accessed":"2016-03-16T00:00:00Z","date_published":"2016-02-24T00:00:00Z","owner_name":null,"tidal_id":"87554ac4-07fa-5d89-a96a-d54ba00d2b32","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440196Z"},{"id":"6dd1b091-9ace-4e31-9845-3b1091147ecd","name":"Novetta Blockbuster Tools","description":"Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Tools Report. Retrieved March 10, 2016.","url":"https://web.archive.org/web/20220425194457/https://operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Tools-Report.pdf","source":"MITRE","title":"Operation Blockbuster: Tools Report","authors":"Novetta Threat Research Group","date_accessed":"2016-03-10T00:00:00Z","date_published":"2016-02-24T00:00:00Z","owner_name":null,"tidal_id":"814f40d7-8c37-59ce-a3a9-9b8e14183cb0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440672Z"},{"id":"bde96b4f-5f98-4ce5-a507-4b05d192b6d7","name":"Novetta Blockbuster","description":"Novetta Threat Research Group. (2016, February 24). Operation Blockbuster: Unraveling the Long Thread of the Sony Attack. Retrieved February 25, 2016.","url":"https://web.archive.org/web/20160226161828/https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf","source":"MITRE, Tidal Cyber","title":"Operation Blockbuster: Unraveling the Long Thread of the Sony Attack","authors":"Novetta Threat Research Group","date_accessed":"2016-02-25T00:00:00Z","date_published":"2016-02-24T00:00:00Z","owner_name":null,"tidal_id":"fe54a658-f8b3-568a-b035-72b5a6ab9121","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.266524Z"},{"id":"dbb779c4-4d75-4fb4-ad3a-7d1f0f74e26f","name":"FireEye Clandestine Wolf","description":"Eng, E., Caselden, D.. (2015, June 23). Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign. Retrieved January 14, 2016.","url":"https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html","source":"MITRE, Tidal Cyber","title":"Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign","authors":"Eng, E., Caselden, D.","date_accessed":"2016-01-14T00:00:00Z","date_published":"2015-06-23T00:00:00Z","owner_name":null,"tidal_id":"8567e8ed-4389-51d5-9986-0af747801129","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.259070Z"},{"id":"f0b45225-3ec3-406f-bd74-87f24003761b","name":"Cylance Cleaver","description":"Cylance. (2014, December). Operation Cleaver. Retrieved September 14, 2017.","url":"https://web.archive.org/web/20200302085133/https://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf","source":"MITRE, Tidal Cyber","title":"Operation Cleaver","authors":"Cylance","date_accessed":"2017-09-14T00:00:00Z","date_published":"2014-12-01T00:00:00Z","owner_name":null,"tidal_id":"93bdd355-a6dc-5c55-9419-a9cf9306c04d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.261972Z"},{"id":"fe741064-8cd7-428b-bdb9-9f2ab7e92489","name":"PWC Cloud Hopper April 2017","description":"PwC and BAE Systems. (2017, April). Operation Cloud Hopper. Retrieved April 5, 2017.","url":"https://web.archive.org/web/20220224041316/https:/www.pwc.co.uk/cyber-security/pdf/cloud-hopper-report-final-v4.pdf","source":"MITRE, Tidal Cyber","title":"Operation Cloud Hopper","authors":"PwC and BAE Systems","date_accessed":"2017-04-05T00:00:00Z","date_published":"2017-04-01T00:00:00Z","owner_name":null,"tidal_id":"cb158163-b5e9-5acf-9143-f2d5a115724f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.272040Z"},{"id":"da6c8a72-c732-44d5-81ac-427898706eed","name":"PWC Cloud Hopper Technical Annex April 2017","description":"PwC and BAE Systems. (2017, April). Operation Cloud Hopper: Technical Annex. Retrieved April 13, 2017.","url":"https://www.pwc.co.uk/cyber-security/pdf/pwc-uk-operation-cloud-hopper-technical-annex-april-2017.pdf","source":"MITRE","title":"Operation Cloud Hopper: Technical Annex","authors":"PwC and BAE Systems","date_accessed":"2017-04-13T00:00:00Z","date_published":"2017-04-01T00:00:00Z","owner_name":null,"tidal_id":"19c55b00-57b4-571e-8f12-d060877fd32b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417139Z"},{"id":"bf838a23-1620-4668-807a-4354083d69b1","name":"Cybereason Cobalt Kitty 2017","description":"Dahan, A. (2017). Operation Cobalt Kitty. Retrieved December 27, 2018.","url":"https://cdn2.hubspot.net/hubfs/3354902/Cybereason%20Labs%20Analysis%20Operation%20Cobalt%20Kitty.pdf","source":"MITRE","title":"Operation Cobalt Kitty","authors":"Dahan, A","date_accessed":"2018-12-27T00:00:00Z","date_published":"2017-01-01T00:00:00Z","owner_name":null,"tidal_id":"113f59eb-b25d-5af9-9f11-750a5288e3e7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422175Z"},{"id":"1ef3025b-d4a9-49aa-b744-2dbea10a0abf","name":"Cybereason Oceanlotus May 2017","description":"Dahan, A. (2017, May 24). OPERATION COBALT KITTY: A LARGE-SCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP. Retrieved November 5, 2018.","url":"https://www.cybereason.com/blog/operation-cobalt-kitty-apt","source":"MITRE","title":"OPERATION COBALT KITTY: A LARGE-SCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP","authors":"Dahan, A","date_accessed":"2018-11-05T00:00:00Z","date_published":"2017-05-24T00:00:00Z","owner_name":null,"tidal_id":"11654497-5dc4-5a36-b2bc-3b3a69f72249","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422362Z"},{"id":"fe3e2c7e-2287-406c-b717-cf7721b5843a","name":"Cybereason OperationCuckooBees May 2022","description":"Cybereason Nocturnus. (2022, May 4). Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques. Retrieved September 22, 2022.","url":"https://www.cybereason.com/blog/operation-cuckoobees-deep-dive-into-stealthy-winnti-techniques","source":"MITRE","title":"Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques","authors":"Cybereason Nocturnus","date_accessed":"2022-09-22T00:00:00Z","date_published":"2022-05-04T00:00:00Z","owner_name":null,"tidal_id":"363ffab8-34ee-52a3-8d01-4517e0c137bd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437761Z"},{"id":"04961952-9bac-48f3-adc7-40a3a2bcee84","name":"Securelist ScarCruft Jun 2016","description":"Raiu, C., and Ivanov, A. (2016, June 17). Operation Daybreak. Retrieved February 15, 2018.","url":"https://securelist.com/operation-daybreak/75100/","source":"MITRE, Tidal Cyber","title":"Operation Daybreak","authors":"Raiu, C., and Ivanov, A","date_accessed":"2018-02-15T00:00:00Z","date_published":"2016-06-17T00:00:00Z","owner_name":null,"tidal_id":"9dbb6eee-a191-5c2a-94ed-4dcdaa385ebf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279434Z"},{"id":"a08c9b3b-7666-40f8-a2bf-75b3da9581b1","name":"Bridewell Operation Deceptive Prospect April 29 2025","description":"Joshua Penny, Yashraj Solanki. (2025, April 29). Operation Deceptive Prospect: RomCom Targeting UK Organisations through Customer Feedback Portals. Retrieved May 5, 2025.","url":"https://web.archive.org/web/20250502051216/https://www.bridewell.com/insights/blogs/detail/operation-deceptive-prospect-romcom-targeting-uk-organisations-through-customer-feedback-portals","source":"Tidal Cyber","title":"Operation Deceptive Prospect: RomCom Targeting UK Organisations through Customer Feedback Portals","authors":"Joshua Penny, Yashraj Solanki","date_accessed":"2025-05-05T00:00:00Z","date_published":"2025-04-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"748d7ac4-8797-5721-9527-ccdbeb1068ae","created":"2025-05-06T16:28:38.570513Z","modified":"2025-05-06T16:28:38.907394Z"},{"id":"192cdabe-6c54-5be6-918a-a610186339fb","name":"sentinelone operationDigitalEye Dec 2024","description":"Aleksandar Milenkoski, Luigi Martire. (2024, December 10). Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels. Retrieved February 27, 2025.","url":"https://www.sentinelone.com/labs/operation-digital-eye-chinese-apt-compromises-critical-digital-infrastructure-via-visual-studio-code-tunnels/","source":"MITRE","title":"Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels","authors":"Aleksandar Milenkoski, Luigi Martire","date_accessed":"2025-02-27T00:00:00Z","date_published":"2024-12-10T00:00:00Z","owner_name":null,"tidal_id":"f30f707d-48ea-533c-bf39-9ec5f415f5c9","created":"2025-04-22T20:47:15.989089Z","modified":"2025-12-17T15:08:36.431363Z"},{"id":"4b9af128-98da-48b6-95c7-8d27979c2ab1","name":"FireEye Operation Double Tap","description":"Moran, N., et al. (2014, November 21). Operation Double Tap. Retrieved January 14, 2016.","url":"https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html","source":"MITRE","title":"Operation Double Tap","authors":"Moran, N., et al","date_accessed":"2016-01-14T00:00:00Z","date_published":"2014-11-21T00:00:00Z","owner_name":null,"tidal_id":"a6167ce5-5d7f-5705-82f6-32c351ce7d32","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439245Z"},{"id":"3c33f107-70a3-5b52-a40f-94536e9b305b","name":"gendigital","description":"Threat Research Team. (2022, March 22). Operation Dragon Castling: APT group targeting betting companies. Retrieved September 25, 2025.","url":"https://www.gendigital.com/blog/insights/research/operation-dragon-castling-apt-group-targeting-betting-companies","source":"MITRE","title":"Operation Dragon Castling: APT group targeting betting companies","authors":"Threat Research Team","date_accessed":"2025-09-25T00:00:00Z","date_published":"2022-03-22T00:00:00Z","owner_name":null,"tidal_id":"888c05d2-d937-5cdf-889a-3644d47af087","created":"2025-10-29T21:08:48.165478Z","modified":"2025-12-17T15:08:36.425588Z"},{"id":"2827e6e4-8163-47fb-9e22-b59e59cd338f","name":"ClearSky Lazarus Aug 2020","description":"ClearSky Research Team. (2020, August 13). Operation 'Dream Job' Widespread North Korean Espionage Campaign. Retrieved December 20, 2021.","url":"https://www.clearskysec.com/wp-content/uploads/2020/08/Dream-Job-Campaign.pdf","source":"MITRE","title":"Operation 'Dream Job' Widespread North Korean Espionage Campaign","authors":"ClearSky Research Team","date_accessed":"2021-12-20T00:00:00Z","date_published":"2020-08-13T00:00:00Z","owner_name":null,"tidal_id":"e6c3096c-7775-5bb5-9daf-d2d159c9596d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418707Z"},{"id":"001dd53c-74e6-4add-aeb7-da76b0d2afe8","name":"Cylance Dust Storm","description":"Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.","url":"https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf","source":"MITRE","title":"Operation Dust Storm","authors":"Gross, J","date_accessed":"2021-12-22T00:00:00Z","date_published":"2016-02-23T00:00:00Z","owner_name":null,"tidal_id":"a2f41ff4-941e-568d-81ab-410a886a3156","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416994Z"},{"id":"b9e0770d-f54a-4ada-abd1-65c45eee00fa","name":"DustySky","description":"ClearSky. (2016, January 7). Operation DustySky. Retrieved January 8, 2016.","url":"https://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf","source":"MITRE, Tidal Cyber","title":"Operation DustySky","authors":"ClearSky","date_accessed":"2016-01-08T00:00:00Z","date_published":"2016-01-07T00:00:00Z","owner_name":null,"tidal_id":"b094d911-c1dd-557f-b00f-87dc57460ef1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.259645Z"},{"id":"4a3ecdec-254c-4eb4-9126-f540bb21dffe","name":"DustySky2","description":"ClearSky Cybersecurity. (2016, June 9). Operation DustySky - Part 2. Retrieved August 3, 2016.","url":"http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf","source":"MITRE","title":"Operation DustySky - Part 2","authors":"ClearSky Cybersecurity","date_accessed":"2016-08-03T00:00:00Z","date_published":"2016-06-09T00:00:00Z","owner_name":null,"tidal_id":"6bcc0af1-fccb-57d4-bd51-4b72050f2b59","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419318Z"},{"id":"93adbf0d-5f5e-498e-aca1-ed3eb11561e7","name":"Trend Micro Tick November 2019","description":"Chen, J. et al. (2019, November). Operation ENDTRADE: TICK’s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data. Retrieved June 9, 2020.","url":"https://documents.trendmicro.com/assets/pdf/Operation-ENDTRADE-TICK-s-Multi-Stage-Backdoors-for-Attacking-Industries-and-Stealing-Classified-Data.pdf","source":"MITRE","title":"Operation ENDTRADE: TICK’s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data","authors":"Chen, J. et al","date_accessed":"2020-06-09T00:00:00Z","date_published":"2019-11-01T00:00:00Z","owner_name":null,"tidal_id":"7553bfb4-a217-5769-b1d5-c740048c3b08","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417828Z"},{"id":"68b5a913-b696-4ca5-89ed-63453023d2a2","name":"FireEye DeputyDog 9002 November 2013","description":"Moran, N. et al.. (2013, November 10). Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20190221032148/http://www.fireeye.com/blog/threat-research/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html","source":"MITRE","title":"Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method","authors":"Moran, N. et al.","date_accessed":"2024-11-17T00:00:00Z","date_published":"2013-11-10T00:00:00Z","owner_name":null,"tidal_id":"12cd0637-9b01-5b86-9fcb-494f2e99d772","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419585Z"},{"id":"ef0626e9-281c-4770-b145-ffe36e18e369","name":"Volexity Exchange Marauder March 2021","description":"Gruzweig, J. et al. (2021, March 2). Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities. Retrieved March 3, 2021.","url":"https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/","source":"MITRE, Tidal Cyber","title":"Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities","authors":"Gruzweig, J. et al","date_accessed":"2021-03-03T00:00:00Z","date_published":"2021-03-02T00:00:00Z","owner_name":null,"tidal_id":"9b805bfe-52b2-5d67-9ff8-954b0a702c07","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.270929Z"},{"id":"fbc77b85-cc5a-4c65-956d-b8556974b4ef","name":"ESET Dukes October 2019","description":"Faou, M., Tartare, M., Dupuy, T. (2019, October). OPERATION GHOST. Retrieved September 23, 2020.","url":"https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Operation_Ghost_Dukes.pdf","source":"MITRE","title":"OPERATION GHOST","authors":"Faou, M., Tartare, M., Dupuy, T","date_accessed":"2020-09-23T00:00:00Z","date_published":"2019-10-01T00:00:00Z","owner_name":null,"tidal_id":"6e27709e-2407-5977-b8be-2395a0f0ef2e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417945Z"},{"id":"10a21964-d31f-40af-bf32-5ccd7d8c99a2","name":"IssueMakersLab Andariel GoldenAxe May 2017","description":"IssueMakersLab. (2017, May 1). Operation GoldenAxe. Retrieved September 12, 2024.","url":"http://www.issuemakerslab.com/research3/","source":"MITRE","title":"Operation GoldenAxe","authors":"IssueMakersLab","date_accessed":"2024-09-12T00:00:00Z","date_published":"2017-05-01T00:00:00Z","owner_name":null,"tidal_id":"2607adc5-fe02-5e55-8be8-21a9e9240a4c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438217Z"},{"id":"218e69fd-558c-459b-9a57-ad2ee3e96296","name":"ESET Operation Groundbait","description":"Cherepanov, A.. (2016, May 17). Operation Groundbait: Analysis of a surveillance toolkit. Retrieved May 18, 2016.","url":"http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdf","source":"MITRE","title":"Operation Groundbait: Analysis of a surveillance toolkit","authors":"Cherepanov, A.","date_accessed":"2016-05-18T00:00:00Z","date_published":"2016-05-17T00:00:00Z","owner_name":null,"tidal_id":"b49e5816-c3d3-5c08-9f66-ac0c05e16489","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417842Z"},{"id":"fd581c0c-d93e-4396-a372-99cde3cd0c7c","name":"Operation Hangover May 2013","description":"Fagerland, S., et al. (2013, May). Operation Hangover: Unveiling an Indian Cyberattack Infrastructure. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20140424084220/http://enterprise-manage.norman.c.bitbit.net/resources/files/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf","source":"MITRE","title":"Operation Hangover: Unveiling an Indian Cyberattack Infrastructure","authors":"Fagerland, S., et al","date_accessed":"2024-11-17T00:00:00Z","date_published":"2013-05-01T00:00:00Z","owner_name":null,"tidal_id":"d159d5b4-98ce-593d-a37b-89ca4ce98f01","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437904Z"},{"id":"481ac64d-912b-4c69-97e5-004bb5768b48","name":"ESET Operation Interception June 17 2020","description":"Dominik Breitenbacher, Kaspars Osis. (2020, June 17). Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies. Retrieved June 20, 2024.","url":"https://www.welivesecurity.com/2020/06/17/operation-interception-aerospace-military-companies-cyberspies/","source":"Tidal Cyber","title":"Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies","authors":"Dominik Breitenbacher, Kaspars Osis","date_accessed":"2024-06-20T00:00:00Z","date_published":"2020-06-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2b5b9364-8631-5631-ad68-ff2d27ecd972","created":"2024-06-24T14:58:42.587178Z","modified":"2024-06-24T14:58:42.954502Z"},{"id":"b16a0141-dea3-4b34-8279-7bc1ce3d7052","name":"ESET Lazarus Jun 2020","description":"Breitenbacher, D and Osis, K. (2020, June 17). OPERATION IN(TER)CEPTION: Targeted Attacks Against European Aerospace and Military Companies. Retrieved December 20, 2021.","url":"https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_Operation_Interception.pdf","source":"MITRE","title":"OPERATION IN(TER)CEPTION: Targeted Attacks Against European Aerospace and Military Companies","authors":"Breitenbacher, D and Osis, K","date_accessed":"2021-12-20T00:00:00Z","date_published":"2020-06-17T00:00:00Z","owner_name":null,"tidal_id":"09acd00c-0007-565a-8b1b-a75e53e6cf9f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438790Z"},{"id":"4035e871-9291-4d7f-9c5f-d8482d4dc8a7","name":"AhnLab Kimsuky Kabar Cobra Feb 2019","description":"AhnLab. (2019, February 28). Operation Kabar Cobra - Tenacious cyber-espionage campaign by Kimsuky Group. Retrieved September 29, 2021.","url":"https://global.ahnlab.com/global/upload/download/techreport/%5BAnalysis_Report%5DOperation%20Kabar%20Cobra.pdf","source":"MITRE","title":"Operation Kabar Cobra - Tenacious cyber-espionage campaign by Kimsuky Group","authors":"AhnLab","date_accessed":"2021-09-29T00:00:00Z","date_published":"2019-02-28T00:00:00Z","owner_name":null,"tidal_id":"a8c2d759-efb2-5e40-b104-1fec8aaf450c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438382Z"},{"id":"bb45cf96-ceae-4f46-a0f5-08cd89f699c9","name":"Mandiant Operation Ke3chang November 2014","description":"Villeneuve, N., Bennett, J. T., Moran, N., Haq, T., Scott, M., & Geers, K. (2014). OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs. Retrieved November 12, 2014.","url":"https://www.mandiant.com/resources/operation-ke3chang-targeted-attacks-against-ministries-of-foreign-affairs","source":"MITRE, Tidal Cyber","title":"OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs","authors":"Villeneuve, N., Bennett, J. T., Moran, N., Haq, T., Scott, M., & Geers, K","date_accessed":"2014-11-12T00:00:00Z","date_published":"2014-01-01T00:00:00Z","owner_name":null,"tidal_id":"245faf3a-b185-5abd-95ac-da8df9252f28","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.259639Z"},{"id":"31504d92-6c4d-43f0-8548-ccc3aa05ba48","name":"Villeneuve et al 2014","description":"Villeneuve, N., Bennett, J. T., Moran, N., Haq, T., Scott, M., & Geers, K. (2014). OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs. Retrieved November 12, 2014.","url":"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-ke3chang.pdf","source":"MITRE","title":"OPERATION “KE3CHANG”: Targeted Attacks Against Ministries of Foreign Affairs","authors":"Villeneuve, N., Bennett, J. T., Moran, N., Haq, T., Scott, M., & Geers, K","date_accessed":"2014-11-12T00:00:00Z","date_published":"2014-01-01T00:00:00Z","owner_name":null,"tidal_id":"8db80a38-a959-5db9-8c5d-6308db70a3f4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438001Z"},{"id":"f19b4bd5-99f9-54c0-bffe-cc9c052aea12","name":"Cisco Operation Layover September 2021","description":"Ventura, V. (2021, September 16). Operation Layover: How we tracked an attack on the aviation industry to five years of compromise. Retrieved September 15, 2023.","url":"https://blog.talosintelligence.com/operation-layover-how-we-tracked-attack/","source":"MITRE","title":"Operation Layover: How we tracked an attack on the aviation industry to five years of compromise","authors":"Ventura, V","date_accessed":"2023-09-15T00:00:00Z","date_published":"2021-09-16T00:00:00Z","owner_name":null,"tidal_id":"d474d6c7-8a5d-531c-bed0-b90d33fcc1c3","created":"2023-11-07T00:36:12.339038Z","modified":"2025-12-17T15:08:36.423022Z"},{"id":"46fdb8ca-b14d-43bd-a20f-cae7b26e56c6","name":"Lotus Blossom Jun 2015","description":"Falcone, R., et al.. (2015, June 16). Operation Lotus Blossom. Retrieved February 15, 2016.","url":"https://www.paloaltonetworks.com/resources/research/unit42-operation-lotus-blossom.html","source":"MITRE, Tidal Cyber","title":"Operation Lotus Blossom","authors":"Falcone, R., et al.","date_accessed":"2016-02-15T00:00:00Z","date_published":"2015-06-16T00:00:00Z","owner_name":null,"tidal_id":"04d970fd-e76a-551e-8ae9-6938a50d6e72","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.260012Z"},{"id":"6b24e4aa-e773-4ca3-8267-19e036dc1144","name":"FireEye Operation Molerats","description":"Villeneuve, N., Haq, H., Moran, N. (2013, August 23). OPERATION MOLERATS: MIDDLE EAST CYBER ATTACKS USING POISON IVY. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20201031075438/https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html","source":"MITRE","title":"OPERATION MOLERATS: MIDDLE EAST CYBER ATTACKS USING POISON IVY","authors":"Villeneuve, N., Haq, H., Moran, N","date_accessed":"2024-11-17T00:00:00Z","date_published":"2013-08-23T00:00:00Z","owner_name":null,"tidal_id":"e6c6fa6c-d618-507f-bf5c-78d1e59acb6a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438807Z"},{"id":"a283d229-3a2a-43ef-bcbe-aa6d41098b51","name":"McAfee Lazarus Nov 2020","description":"Beek, C. (2020, November 5). Operation North Star: Behind The Scenes. Retrieved December 20, 2021.","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-behind-the-scenes/","source":"MITRE","title":"Operation North Star: Behind The Scenes","authors":"Beek, C","date_accessed":"2021-12-20T00:00:00Z","date_published":"2020-11-05T00:00:00Z","owner_name":null,"tidal_id":"10708cc2-1acf-5e27-a829-3d267080361f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416716Z"},{"id":"43581a7d-d71a-4121-abb6-127483a49d12","name":"McAfee Lazarus Jul 2020","description":"Cashman, M. (2020, July 29). Operation North Star Campaign. Retrieved December 20, 2021.","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-a-job-offer-thats-too-good-to-be-true/?hilite=%27Operation%27%2C%27North%27%2C%27Star%27","source":"MITRE","title":"Operation North Star Campaign","authors":"Cashman, M","date_accessed":"2021-12-20T00:00:00Z","date_published":"2020-07-29T00:00:00Z","owner_name":null,"tidal_id":"4bf2c9e9-7cb3-5116-88f3-3aaab182c5da","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438795Z"},{"id":"04b475ab-c7f6-4373-a4b0-04b5d8028f95","name":"McAfee Oceansalt Oct 2018","description":"Sherstobitoff, R., Malhotra, A. (2018, October 18). ‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group. Retrieved November 30, 2018.","url":"https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-oceansalt.pdf","source":"MITRE","title":"‘Operation Oceansalt’ Attacks South Korea, U.S., and Canada With Source Code From Chinese Hacker Group","authors":"Sherstobitoff, R., Malhotra, A","date_accessed":"2018-11-30T00:00:00Z","date_published":"2018-10-18T00:00:00Z","owner_name":null,"tidal_id":"74e34943-ab17-59af-97d0-1453b5efe0f3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417420Z"},{"id":"1d57b1c8-930b-4bcb-a51e-39020327cc5d","name":"FireEye OpPoisonedHandover February 2016","description":"Ned Moran, Mike Scott, Mike Oppenheim of FireEye. (2014, November 3). Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kong’s Pro-Democracy Movement. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20201127180357/https://www.fireeye.com/blog/threat-research/2014/11/operation-poisoned-handover-unveiling-ties-between-apt-activity-in-hong-kongs-pro-democracy-movement.html","source":"MITRE","title":"Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kong’s Pro-Democracy Movement","authors":"Ned Moran, Mike Scott, Mike Oppenheim of FireEye","date_accessed":"2024-11-17T00:00:00Z","date_published":"2014-11-03T00:00:00Z","owner_name":null,"tidal_id":"8f6b9a59-645a-5288-9a4e-472884e39afd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434515Z"},{"id":"c94f9652-32c3-4975-a9c0-48f93bdfe790","name":"Operation Quantum Entanglement","description":"Haq, T., Moran, N., Vashisht, S., Scott, M. (2014, September). OPERATION QUANTUM ENTANGLEMENT. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20210920193513/https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf","source":"MITRE, Tidal Cyber","title":"OPERATION QUANTUM ENTANGLEMENT","authors":"Haq, T., Moran, N., Vashisht, S., Scott, M","date_accessed":"2024-11-17T00:00:00Z","date_published":"2014-09-01T00:00:00Z","owner_name":null,"tidal_id":"46c2767f-80ec-5848-aab4-7e3455320b86","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.263926Z"},{"id":"b796f889-400c-440b-86b2-1588fd15f3ae","name":"ProofPoint GoT 9002 Aug 2017","description":"Huss, D. & Mesa, M. (2017, August 25). Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures. Retrieved March 19, 2018.","url":"https://www.proofpoint.com/us/threat-insight/post/operation-rat-cook-chinese-apt-actors-use-fake-game-thrones-leaks-lures","source":"MITRE","title":"Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures","authors":"Huss, D. & Mesa, M","date_accessed":"2018-03-19T00:00:00Z","date_published":"2017-08-25T00:00:00Z","owner_name":null,"tidal_id":"22abd29c-adff-58cb-b279-0dbf4e954712","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419571Z"},{"id":"6f5986b7-07ee-4bca-9cb1-248744e94d7f","name":"FireEye Op RussianDoll","description":"FireEye Labs. (2015, April 18). Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack. Retrieved April 24, 2017.","url":"https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html","source":"MITRE","title":"Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack","authors":"FireEye Labs","date_accessed":"2017-04-24T00:00:00Z","date_published":"2015-04-18T00:00:00Z","owner_name":null,"tidal_id":"1c07198b-034f-5bda-9b0c-b3bbd39811a3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442606Z"},{"id":"2f4c0941-d14e-4eb8-828c-f1d9a1e14a95","name":"FireEye Operation Saffron Rose 2013","description":"Villeneuve, N. et al.. (2013). OPERATION SAFFRON ROSE . Retrieved May 28, 2020.","url":"https://www.mandiant.com/sites/default/files/2021-09/rpt-operation-saffron-rose.pdf","source":"MITRE","title":"OPERATION SAFFRON ROSE","authors":"Villeneuve, N. et al.","date_accessed":"2020-05-28T00:00:00Z","date_published":"2013-01-01T00:00:00Z","owner_name":null,"tidal_id":"59dfe05d-285b-5ca0-b1a8-eb8a62c0301c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438494Z"},{"id":"57802e46-e12c-4230-8d1c-08854a0de06a","name":"Cylance Shaheen Nov 2018","description":"Livelli, K, et al. (2018, November 12). Operation Shaheen. Retrieved May 1, 2019.","url":"https://www.cylance.com/content/dam/cylance-web/en-us/resources/knowledge-center/resource-library/reports/WhiteCompanyOperationShaheenReport.pdf?_ga=2.161661948.1943296560.1555683782-1066572390.1555511517","source":"MITRE","title":"Operation Shaheen","authors":"Livelli, K, et al","date_accessed":"2019-05-01T00:00:00Z","date_published":"2018-11-12T00:00:00Z","owner_name":null,"tidal_id":"495cba62-b7ae-5533-b8a8-10ee94667cf3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421458Z"},{"id":"96b6d012-8620-4ef5-bf9a-5f88e465a495","name":"McAfee Sharpshooter December 2018","description":"Sherstobitoff, R., Malhotra, A., et. al.. (2018, December 18). Operation Sharpshooter Campaign Targets Global Defense, Critical Infrastructure. Retrieved May 14, 2020.","url":"https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf","source":"MITRE","title":"Operation Sharpshooter Campaign Targets Global Defense, Critical Infrastructure","authors":"Sherstobitoff, R., Malhotra, A., et. al.","date_accessed":"2020-05-14T00:00:00Z","date_published":"2018-12-18T00:00:00Z","owner_name":null,"tidal_id":"8f94f6cd-9177-5c68-9e2a-62b16cb7176a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418713Z"},{"id":"0dd428b9-849b-4108-87b1-20050b86f420","name":"Novetta-Axiom","description":"Novetta. (n.d.). Operation SMN: Axiom Threat Actor Group Report. Retrieved November 12, 2014.","url":"https://web.archive.org/web/20230115144216/http://www.novetta.com/wp-content/uploads/2014/11/Executive_Summary-Final_1.pdf","source":"MITRE, Tidal Cyber","title":"Operation SMN: Axiom Threat Actor Group Report","authors":"Novetta","date_accessed":"2014-11-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1ede331d-3994-5a08-8d8c-bee414be8273","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.259564Z"},{"id":"620b7353-0e58-4503-b534-9250a8f5ae3c","name":"Cybereason Soft Cell June 2019","description":"Cybereason Nocturnus. (2019, June 25). Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers. Retrieved July 18, 2019.","url":"https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers","source":"MITRE","title":"Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers","authors":"Cybereason Nocturnus","date_accessed":"2019-07-18T00:00:00Z","date_published":"2019-06-25T00:00:00Z","owner_name":null,"tidal_id":"2b1eb2d6-e23f-5087-8969-9c4bcaa49238","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438866Z"},{"id":"fed0fef5-e366-4e24-9554-0599744cd1c6","name":"Azure AD Graph API","description":"Microsoft. (2016, March 26). Operations overview | Graph API concepts. Retrieved June 18, 2020.","url":"https://docs.microsoft.com/en-us/previous-versions/azure/ad/graph/howto/azure-ad-graph-api-operations-overview","source":"MITRE","title":"Operations overview | Graph API concepts","authors":"Microsoft","date_accessed":"2020-06-18T00:00:00Z","date_published":"2016-03-26T00:00:00Z","owner_name":null,"tidal_id":"e1f8b880-79b0-5ddd-bbac-dfc931e576c3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435651Z"},{"id":"b699dd10-7d3f-4542-bf8a-b3f0c747bd0e","name":"ESET Operation Spalax Jan 2021","description":"M. Porolli. (2021, January 21). Operation Spalax: Targeted malware attacks in Colombia. Retrieved September 16, 2022.","url":"https://www.welivesecurity.com/2021/01/12/operation-spalax-targeted-malware-attacks-colombia/","source":"MITRE","title":"Operation Spalax: Targeted malware attacks in Colombia","authors":"M. Porolli","date_accessed":"2022-09-16T00:00:00Z","date_published":"2021-01-21T00:00:00Z","owner_name":null,"tidal_id":"297c795b-e340-5d22-a8e3-4fcb41ab2b88","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439367Z"},{"id":"a987872f-2176-437c-a38f-58676b7b12de","name":"Proofpoint TA453 July2021","description":"Miller, J. et al. (2021, July 13). Operation SpoofedScholars: A Conversation with TA453. Retrieved August 18, 2021.","url":"https://www.proofpoint.com/us/blog/threat-insight/operation-spoofedscholars-conversation-ta453","source":"MITRE","title":"Operation SpoofedScholars: A Conversation with TA453","authors":"Miller, J. et al","date_accessed":"2021-08-18T00:00:00Z","date_published":"2021-07-13T00:00:00Z","owner_name":null,"tidal_id":"f42ac5c2-e29c-5fe7-a86e-f4a956307ced","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438076Z"},{"id":"03ff59ee-9ed7-5739-9abf-82329d581aab","name":"Sentinel One Tainted Love 2023","description":"Aleksandar Milenkoski, Juan Andres Guerrero-Saade, and Joey Chen. (2023, March 23). Operation Tainted Love | Chinese APTs Target Telcos in New Attacks. Retrieved March 18, 2025.","url":"https://www.sentinelone.com/labs/operation-tainted-love-chinese-apts-target-telcos-in-new-attacks/","source":"MITRE","title":"Operation Tainted Love | Chinese APTs Target Telcos in New Attacks","authors":"Aleksandar Milenkoski, Juan Andres Guerrero-Saade, and Joey Chen","date_accessed":"2025-03-18T00:00:00Z","date_published":"2023-03-23T00:00:00Z","owner_name":null,"tidal_id":"67bf1f9f-6a0c-5042-8a13-1a7dea8706aa","created":"2025-04-22T20:47:12.759570Z","modified":"2025-12-17T15:08:36.428150Z"},{"id":"8e39d0da-114f-4ae6-8130-ca1380077d6a","name":"Proofpoint Operation Transparent Tribe March 2016","description":"Huss, D. (2016, March 1). Operation Transparent Tribe. Retrieved June 8, 2016.","url":"https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf","source":"MITRE, Tidal Cyber","title":"Operation Transparent Tribe","authors":"Huss, D","date_accessed":"2016-06-08T00:00:00Z","date_published":"2016-03-01T00:00:00Z","owner_name":null,"tidal_id":"810680b9-bbb6-52c7-9ac2-17d0beac7490","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.258004Z"},{"id":"e0eaad95-0a74-5e11-8265-1c54f1f19fa9","name":"SecureList OpTriangulation 01Jun2023","description":"Kuznetsov, I., et al. (2023, June 1). Operation Triangulation: iOS devices targeted with previously unknown malware. Retrieved April","url":"https://securelist.com/operation-triangulation/109842/","source":"Mobile","title":"Operation Triangulation: iOS devices targeted with previously unknown malware","authors":"Kuznetsov, I., et al","date_accessed":"1978-04-01T00:00:00Z","date_published":"2023-06-01T00:00:00Z","owner_name":null,"tidal_id":"52a895b6-5e48-5ae1-abb0-42c2e224c63a","created":"2026-01-28T13:08:10.046715Z","modified":"2026-01-28T13:08:10.046718Z"},{"id":"839268a6-15f4-55e6-bec4-a63d94f8d7a2","name":"SecureList OpTriangulation Dec2023","description":"Larin, B. (2023, December 27). Operation Triangulation: The last (hardware) mystery. Retrieved April","url":"https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/","source":"Mobile","title":"Operation Triangulation: The last (hardware) mystery","authors":"Larin, B","date_accessed":"1978-04-01T00:00:00Z","date_published":"2023-12-27T00:00:00Z","owner_name":null,"tidal_id":"8f90994f-d480-5f4e-8dd7-9431dbe5231a","created":"2026-01-28T13:08:10.047614Z","modified":"2026-01-28T13:08:10.047617Z"},{"id":"65d1f980-1dc2-4d36-8148-2d8747a39883","name":"TrendMicro TropicTrooper 2015","description":"Alintanahin, K. (2015). Operation Tropic Trooper: Relying on Tried-and-Tested Flaws to Infiltrate Secret Keepers. Retrieved June 14, 2019.","url":"https://documents.trendmicro.com/assets/wp/wp-operation-tropic-trooper.pdf","source":"MITRE","title":"Operation Tropic Trooper: Relying on Tried-and-Tested Flaws to Infiltrate Secret Keepers","authors":"Alintanahin, K","date_accessed":"2019-06-14T00:00:00Z","date_published":"2015-01-01T00:00:00Z","owner_name":null,"tidal_id":"4a09ee9f-e1ff-5c0d-ae14-970ac03601cd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421581Z"},{"id":"696b12c6-ce1e-4e79-b781-43e0c70f9f2e","name":"ClearSky and Trend Micro Operation Wilted Tulip July 2017","description":"ClearSky and Trend Micro. (2017, July). Operation Wilted Tulip - Exposing a cyber espionage apparatus. Retrieved May 17, 2021.","url":"https://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf","source":"MITRE, Tidal Cyber","title":"Operation Wilted Tulip - Exposing a cyber espionage apparatus","authors":"ClearSky and Trend Micro","date_accessed":"2021-05-17T00:00:00Z","date_published":"2017-07-01T00:00:00Z","owner_name":null,"tidal_id":"8df7c9e8-e741-5581-9219-b89d27d74a0a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.283458Z"},{"id":"50233005-8dc4-4e91-9477-df574271df40","name":"ClearSky Wilted Tulip July 2017","description":"ClearSky Cyber Security and Trend Micro. (2017, July). Operation Wilted Tulip: Exposing a cyber espionage apparatus. Retrieved August 21, 2017.","url":"http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf","source":"MITRE","title":"Operation Wilted Tulip: Exposing a cyber espionage apparatus","authors":"ClearSky Cyber Security and Trend Micro","date_accessed":"2017-08-21T00:00:00Z","date_published":"2017-07-01T00:00:00Z","owner_name":null,"tidal_id":"c7afcce3-6176-55ad-b12e-6d3dfd0c81c4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416898Z"},{"id":"721cdb36-d3fc-4212-b324-6be2b5f9cb46","name":"ESET Windigo Mar 2014","description":"Bilodeau, O., Bureau, M., Calvet, J., Dorais-Joncas, A., Léveillé, M., Vanheuverzwijn, B. (2014, March 18). Operation Windigo – the vivisection of a large Linux server‑side credential‑stealing malware campaign. Retrieved February 10, 2021.","url":"https://www.welivesecurity.com/2014/03/18/operation-windigo-the-vivisection-of-a-large-linux-server-side-credential-stealing-malware-campaign/","source":"MITRE","title":"Operation Windigo – the vivisection of a large Linux server‑side credential‑stealing malware campaign","authors":"Bilodeau, O., Bureau, M., Calvet, J., Dorais-Joncas, A., Léveillé, M., Vanheuverzwijn, B","date_accessed":"2021-02-10T00:00:00Z","date_published":"2014-03-18T00:00:00Z","owner_name":null,"tidal_id":"d712345e-663b-5490-a1f4-191e6bb045bc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438954Z"},{"id":"aa3e31c7-71cd-4a3f-b482-9049c9abb631","name":"FoxIT Wocao December 2019","description":"Dantzig, M. v., Schamper, E. (2019, December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020.","url":"https://www.fox-it.com/media/kadlze5c/201912_report_operation_wocao.pdf","source":"MITRE","title":"Operation Wocao: Shining a light on one of China’s hidden hacking groups","authors":"Dantzig, M. v., Schamper, E","date_accessed":"2020-10-08T00:00:00Z","date_published":"2019-12-19T00:00:00Z","owner_name":null,"tidal_id":"f5cc11c2-530c-58a4-9b0e-6adf8a32190b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422706Z"},{"id":"0f077c93-aeda-4c95-9996-c52812a31267","name":"TrendMicro Operation Woolen Goldfish March 2015","description":"Cedric Pernet, Kenney Lu. (2015, March 19). Operation Woolen-Goldfish - When Kittens Go phishing. Retrieved April 21, 2021.","url":"https://documents.trendmicro.com/assets/wp/wp-operation-woolen-goldfish.pdf","source":"MITRE","title":"Operation Woolen-Goldfish - When Kittens Go phishing","authors":"Cedric Pernet, Kenney Lu","date_accessed":"2021-04-21T00:00:00Z","date_published":"2015-03-19T00:00:00Z","owner_name":null,"tidal_id":"92cbf4c7-2485-5fb6-80cb-997c9c5f7b5c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438475Z"},{"id":"84430646-6568-4288-8710-2827692a8862","name":"Bleeping Computer Op Sharpshooter March 2019","description":"I. Ilascu. (2019, March 3). Op 'Sharpshooter' Connected to North Korea's Lazarus Group. Retrieved September 26, 2022.","url":"https://www.bleepingcomputer.com/news/security/op-sharpshooter-connected-to-north-koreas-lazarus-group/","source":"MITRE","title":"Op 'Sharpshooter' Connected to North Korea's Lazarus Group","authors":"I. Ilascu","date_accessed":"2022-09-26T00:00:00Z","date_published":"2019-03-03T00:00:00Z","owner_name":null,"tidal_id":"a883924c-58b0-5e49-b1ee-cb6ffd681a23","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439380Z"},{"id":"cd23fb70-d507-4b22-8254-6f0f39ea54c1","name":"BleepingComputer March 21 2025","description":"Sergiu Gatlan. (2025, March 21). Oracle denies breach after hacker claims theft of 6 million data records. Retrieved March 31, 2025.","url":"https://www.bleepingcomputer.com/news/security/oracle-denies-data-breach-after-hacker-claims-theft-of-6-million-data-records/","source":"Tidal Cyber","title":"Oracle denies breach after hacker claims theft of 6 million data records","authors":"Sergiu Gatlan","date_accessed":"2025-03-31T00:00:00Z","date_published":"2025-03-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"060b22aa-a4ef-5bac-967b-e8d9470fcca7","created":"2025-03-31T15:01:17.529727Z","modified":"2025-03-31T15:01:17.724280Z"},{"id":"ec72f924-4cc8-4709-9b07-f343bff55895","name":"Google Cloud Blog 10 09 2025","description":"Peter Ukhanov, Genevieve Stark, Zander Work, Ashley Pearson, Josh Murchie, Austin Larsen. (2025, October 9). Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign | Google Cloud Blog. Retrieved October 9, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/oracle-ebusiness-suite-zero-day-exploitation","source":"Tidal Cyber","title":"Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign | Google Cloud Blog","authors":"Peter Ukhanov, Genevieve Stark, Zander Work, Ashley Pearson, Josh Murchie, Austin Larsen","date_accessed":"2025-10-09T12:00:00Z","date_published":"2025-10-09T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4d2b4848-b1b0-5d82-92d7-b20c4b322020","created":"2025-10-13T17:28:44.239333Z","modified":"2025-10-13T17:28:44.390636Z"},{"id":"f52483db-9d3f-4fdc-958f-a53a2c1fc4c1","name":"Oracle Security Alerts CVE-2025-61882 10 05 2025","description":"Oracle. (2025, October 5). Oracle Security Alerts CVE-2025-61882. Retrieved October 6, 2025.","url":"https://www.oracle.com/security-alerts/alert-cve-2025-61882.html","source":"Tidal Cyber","title":"Oracle Security Alerts CVE-2025-61882","authors":"Oracle","date_accessed":"2025-10-06T12:00:00Z","date_published":"2025-10-05T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d50f4700-5fa9-579a-92e6-42dd620dd17c","created":"2025-10-07T14:06:57.593049Z","modified":"2025-10-07T14:06:57.725344Z"},{"id":"293596ad-a13f-456b-8916-d1e1b1afe0da","name":"Symantec Orangeworm IOCs April 2018","description":"Symantec Security Response Attack Investigation Team. (2018, April 23). Orangeworm: Indicators of Compromise. Retrieved July 8, 2018.","url":"https://symantec-enterprise-blogs.security.com/sites/default/files/2018-04/Orangeworm%20IOCs.pdf","source":"MITRE","title":"Orangeworm: Indicators of Compromise","authors":"Symantec Security Response Attack Investigation Team","date_accessed":"2018-07-08T00:00:00Z","date_published":"2018-04-23T00:00:00Z","owner_name":null,"tidal_id":"db2faef2-e76e-52a0-b49a-63f2e2ef5147","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440879Z"},{"id":"061d8f74-a202-4089-acae-687e4f96933b","name":"Symantec WastedLocker June 2020","description":"Symantec Threat Intelligence. (2020, June 25). WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations. Retrieved May 20, 2021.","url":"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us","source":"MITRE","title":"Organizations","authors":"Symantec Threat Intelligence. (2020, June 25)","date_accessed":"2021-05-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b6af400e-9b70-5e5d-ab2c-736a30d90a7d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418129Z"},{"id":"3d2f4092-5173-5f40-8b5f-c1cb886a2e6e","name":"Microsoft Azure Resources","description":"Microsoft Azure. (2024, May 31). Organize your Azure resources effectively. Retrieved September 25, 2024.","url":"https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-setup-guide/organize-resources","source":"MITRE","title":"Organize your Azure resources effectively","authors":"Microsoft Azure","date_accessed":"2024-09-25T00:00:00Z","date_published":"2024-05-31T00:00:00Z","owner_name":null,"tidal_id":"620115b2-1ffc-53cd-b99f-e0b29f9f555a","created":"2024-10-31T16:28:16.362831Z","modified":"2025-12-17T15:08:36.424610Z"},{"id":"b145d452-36c6-5fc3-b4d7-42c52e38d20b","name":"Orkhan Mamedov, Fedor Sinitsyn, Anton Ivanov October 2017","description":"Orkhan Mamedov, Fedor Sinitsyn, Anton Ivanov 2017, October 27 Bad Rabbit Ransomware. Retrieved 2019/10/27","url":"https://securelist.com/bad-rabbit-ransomware/82851/","source":"ICS","title":"Orkhan Mamedov, Fedor Sinitsyn, Anton Ivanov October 2017","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"055a1090-5289-56a0-bae5-d1a08c8a8b17","created":"2026-01-28T13:08:18.178961Z","modified":"2026-01-28T13:08:18.178964Z"},{"id":"cefef3d8-94f5-4d94-9689-6ed38702454f","name":"Symantec Calisto July 2018","description":"Pantig, J. (2018, July 30). OSX.Calisto. Retrieved September 7, 2018.","url":"https://web.archive.org/web/20190111082249/https://www.symantec.com/security-center/writeup/2018-073014-2512-99?om_rssid=sr-latestthreats30days","source":"MITRE","title":"OSX.Calisto","authors":"Pantig, J","date_accessed":"2018-09-07T00:00:00Z","date_published":"2018-07-30T00:00:00Z","owner_name":null,"tidal_id":"819e5ee4-ef8f-54ef-9eb1-92b16426f0dd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421356Z"},{"id":"7240261e-d901-4a68-b6fc-deec308e8a50","name":"Objective-See MacMa Nov 2021","description":"Wardle, P. (2021, November 11). OSX.CDDS (OSX.MacMa). Retrieved June 30, 2022.","url":"https://objective-see.org/blog/blog_0x69.html","source":"MITRE","title":"OSX.CDDS (OSX.MacMa)","authors":"Wardle, P","date_accessed":"2022-06-30T00:00:00Z","date_published":"2021-11-11T00:00:00Z","owner_name":null,"tidal_id":"7ea89266-d80c-5eb5-936c-507850d3de1d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421471Z"},{"id":"96f9d36a-01a5-418e-85f4-957e58d49c1b","name":"hexed osx.dok analysis 2019","description":"fluffybunny. (2019, July 9). OSX.Dok Analysis. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20221007144948/http://www.hexed.in/2019/07/osxdok-analysis.html","source":"MITRE","title":"OSX.Dok Analysis","authors":"fluffybunny","date_accessed":"2024-11-17T00:00:00Z","date_published":"2019-07-09T00:00:00Z","owner_name":null,"tidal_id":"c594e587-8d2c-5f38-ba60-092d1d1e2e5c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422388Z"},{"id":"11ef576f-1bac-49e3-acba-85d70a42503e","name":"malwarebyteslabs xcsset dubrobber","description":"Thomas Reed. (2020, April 21). OSX.DubRobber. Retrieved October 5, 2021.","url":"https://blog.malwarebytes.com/detections/osx-dubrobber/","source":"MITRE","title":"OSX.DubRobber","authors":"Thomas Reed","date_accessed":"2021-10-05T00:00:00Z","date_published":"2020-04-21T00:00:00Z","owner_name":null,"tidal_id":"b5e9d5b8-4c0f-5515-b8e1-d28831692ae6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421988Z"},{"id":"4fee237c-c2ec-47f5-b382-ec6bd4779281","name":"wardle evilquest partii","description":"Patrick Wardle. (2020, July 3). OSX.EvilQuest Uncovered part ii: insidious capabilities. Retrieved March 21, 2021.","url":"https://objective-see.com/blog/blog_0x60.html","source":"MITRE","title":"OSX.EvilQuest Uncovered part ii: insidious capabilities","authors":"Patrick Wardle","date_accessed":"2021-03-21T00:00:00Z","date_published":"2020-07-03T00:00:00Z","owner_name":null,"tidal_id":"4fd0c88b-c41c-589c-989c-f550bdcff786","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419485Z"},{"id":"1ebd91db-9b56-442f-bb61-9e154b5966ac","name":"wardle evilquest parti","description":"Patrick Wardle. (2020, June 29). OSX.EvilQuest Uncovered part i: infection, persistence, and more!. Retrieved March 18, 2021.","url":"https://objective-see.com/blog/blog_0x59.html","source":"MITRE","title":"OSX.EvilQuest Uncovered part i: infection, persistence, and more!","authors":"Patrick Wardle","date_accessed":"2021-03-18T00:00:00Z","date_published":"2020-06-29T00:00:00Z","owner_name":null,"tidal_id":"65b9b08b-88fd-5ad8-a944-c6790db9cd00","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435339Z"},{"id":"ce6e5a21-0063-4356-a77a-5c5f9fd2cf5c","name":"eset_osx_flashback","description":"ESET. (2012, January 1). OSX/Flashback. Retrieved April 19, 2022.","url":"https://www.welivesecurity.com/wp-content/uploads/200x/white-papers/osx_flashback.pdf","source":"MITRE","title":"OSX/Flashback","authors":"ESET","date_accessed":"2022-04-19T00:00:00Z","date_published":"2012-01-01T00:00:00Z","owner_name":null,"tidal_id":"3488fee8-00cf-5356-8602-9029b77cba43","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431563Z"},{"id":"8c178fd8-db34-45c6-901a-a8b2c178d809","name":"CheckPoint Dok","description":"Ofer Caspi. (2017, May 4). OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic. Retrieved October 5, 2021.","url":"https://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/","source":"MITRE","title":"OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic","authors":"Ofer Caspi","date_accessed":"2021-10-05T00:00:00Z","date_published":"2017-05-04T00:00:00Z","owner_name":null,"tidal_id":"e4c8ec9b-625d-597c-9dc8-695f9f0731f7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422394Z"},{"id":"46eb883c-e203-4cd9-8f1c-c6ea12bc2742","name":"Intego Shlayer Feb 2018","description":"Long, Joshua. (2018, February 21). OSX/Shlayer: New Mac malware comes out of its shell. Retrieved August 28, 2019.","url":"https://www.intego.com/mac-security-blog/osxshlayer-new-mac-malware-comes-out-of-its-shell/","source":"MITRE","title":"OSX/Shlayer: New Mac malware comes out of its shell","authors":"Long, Joshua","date_accessed":"2019-08-28T00:00:00Z","date_published":"2018-02-21T00:00:00Z","owner_name":null,"tidal_id":"c1f9f2bf-004f-5961-92dd-f40047c79c55","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422334Z"},{"id":"7b7e55d7-7f17-4433-8972-737007c4b734","name":"None October 15 2025","description":"None Identified. (2025, October 15). OtterCandy, malware used by WaterPlum | セキュリティナレッジ | NTTセキュリティ・ジャパン株式会社. Retrieved November 20, 2025.","url":"https://jp.security.ntt/insights_resources/tech_blog/ottercandy_malware_e","source":"Tidal Cyber","title":"OtterCandy, malware used by WaterPlum | セキュリティナレッジ | NTTセキュリティ・ジャパン株式会社","authors":"None Identified","date_accessed":"2025-11-20T12:00:00Z","date_published":"2025-10-15T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"48768b2c-c96d-5d28-bf49-4a4a8ddee977","created":"2025-12-10T14:13:40.130689Z","modified":"2025-12-10T14:13:40.289882Z"},{"id":"2b43d421-3921-4efa-9bde-4b482811523f","name":"Decoded Avast.io Follina June 3 2022","description":"Threat Intelligence Team. (2022, June 3). Outbreak of Follina in Australia. Retrieved May 7, 2023.","url":"https://decoded.avast.io/threatintel/outbreak-of-follina-in-australia/","source":"Tidal Cyber","title":"Outbreak of Follina in Australia","authors":"Threat Intelligence Team","date_accessed":"2023-05-07T00:00:00Z","date_published":"2022-06-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"16eacbf2-b25a-53ec-bb55-050a4dd97e10","created":"2024-06-13T20:10:13.080207Z","modified":"2024-06-13T20:10:13.270564Z"},{"id":"5d91a713-2f05-43bd-9fef-aa3f51f4c45a","name":"SensePost Outlook Forms","description":"Stalmans, E. (2017, April 28). Outlook Forms and Shells. Retrieved February 4, 2019.","url":"https://sensepost.com/blog/2017/outlook-forms-and-shells/","source":"MITRE","title":"Outlook Forms and Shells","authors":"Stalmans, E","date_accessed":"2019-02-04T00:00:00Z","date_published":"2017-04-28T00:00:00Z","owner_name":null,"tidal_id":"32ea620f-ca8b-509b-9b02-7c8c00fb3bb8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433364Z"},{"id":"d2758a4b-d326-45a7-9ebf-03efcd1832da","name":"SensePost Outlook Home Page","description":"Stalmans, E. (2017, October 11). Outlook Home Page – Another Ruler Vector. Retrieved February 4, 2019.","url":"https://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/","source":"MITRE","title":"Outlook Home Page – Another Ruler Vector","authors":"Stalmans, E","date_accessed":"2019-02-04T00:00:00Z","date_published":"2017-10-11T00:00:00Z","owner_name":null,"tidal_id":"372e57f3-7473-5b95-9bf2-e56e93369357","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434161Z"},{"id":"cb7beffb-a955-40fd-b114-de6533efc80d","name":"Outlook Today Home Page","description":"Soutcast. (2018, September 14). Outlook Today Homepage Persistence. Retrieved February 5, 2019.","url":"https://medium.com/@bwtech789/outlook-today-homepage-persistence-33ea9b505943","source":"MITRE","title":"Outlook Today Homepage Persistence","authors":"Soutcast","date_accessed":"2019-02-05T00:00:00Z","date_published":"2018-09-14T00:00:00Z","owner_name":null,"tidal_id":"faab2970-5788-5c8b-bd9c-fa447ffc232c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426818Z"},{"id":"4e554042-53bb-44d4-9acc-44c86329ac47","name":"Recorded Future Beacon 2019","description":"Recorded Future. (2019, June 20). Out of the Blue: How Recorded Future Identified Rogue Cobalt Strike Servers. Retrieved September 16, 2024.","url":"https://www.recordedfuture.com/blog/identifying-cobalt-strike-servers","source":"MITRE","title":"Out of the Blue: How Recorded Future Identified Rogue Cobalt Strike Servers","authors":"Recorded Future","date_accessed":"2024-09-16T00:00:00Z","date_published":"2019-06-20T00:00:00Z","owner_name":null,"tidal_id":"0eed2e99-527b-5521-a57e-75996c6cbf9b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433174Z"},{"id":"ee34938a-753c-5011-93d6-4564bf95b23d","name":"Android-SELinuxChanges","description":"Various. (2016, March 31). Overly restrictive SELinux filesystem permissions in Android N. Retrieved December","url":"https://code.google.com/p/android/issues/detail?id=205565","source":"Mobile","title":"Overly restrictive SELinux filesystem permissions in Android N","authors":"Various","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-03-31T00:00:00Z","owner_name":null,"tidal_id":"d84f9537-f398-5c02-bc88-f87a39b600d8","created":"2026-01-28T13:08:10.043067Z","modified":"2026-01-28T13:08:10.043070Z"},{"id":"4b4c9e72-eee1-4fa4-8dcb-501ec49882b0","name":"FireEye APT33 Guardrail","description":"Ackerman, G., et al. (2018, December 21). OVERRULED: Containing a Potentially Destructive Adversary. Retrieved January 17, 2019.","url":"https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html","source":"MITRE","title":"OVERRULED: Containing a Potentially Destructive Adversary","authors":"Ackerman, G., et al","date_accessed":"2019-01-17T00:00:00Z","date_published":"2018-12-21T00:00:00Z","owner_name":null,"tidal_id":"8994bd35-c3aa-5fb2-83a9-4932f0474802","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422156Z"},{"id":"baea7cdc-fe34-509a-88eb-ec0f1ab16bf9","name":"ProjectZero-BroadcomWiFi","description":"Gal Beniamini. (2017, April 4). Over The Air: Exploiting Broadcom's Wi-Fi Stack. Retrieved November","url":"https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html","source":"Mobile","title":"Over The Air: Exploiting Broadcom's Wi-Fi Stack","authors":"Gal Beniamini","date_accessed":"1978-11-01T00:00:00Z","date_published":"2017-04-04T00:00:00Z","owner_name":null,"tidal_id":"2a1cbb5e-16e6-5410-a251-0bebf8ca876a","created":"2026-01-28T13:08:10.043344Z","modified":"2026-01-28T13:08:10.043347Z"},{"id":"55ee5bcc-ba56-58ac-9afb-2349aa75fe39","name":"Kubernetes Cloud Native Security","description":"Kubernetes. (n.d.). Overview of Cloud Native Security. Retrieved March 8, 2023.","url":"https://kubernetes.io/docs/concepts/security/overview/","source":"MITRE","title":"Overview of Cloud Native Security","authors":"Kubernetes","date_accessed":"2023-03-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"64a68496-40e4-5baf-b9d3-44ca77de29be","created":"2023-05-26T01:21:20.609489Z","modified":"2025-12-17T15:08:36.442432Z"},{"id":"e3b8cc52-2096-418c-b291-1bc76022961d","name":"Apple Doco Archive Dynamic Libraries","description":"Apple Inc.. (2012, July 23). Overview of Dynamic Libraries. Retrieved March 24, 2021.","url":"https://developer.apple.com/library/archive/documentation/DeveloperTools/Conceptual/DynamicLibraries/100-Articles/OverviewOfDynamicLibraries.html","source":"MITRE","title":"Overview of Dynamic Libraries","authors":"Apple Inc.","date_accessed":"2021-03-24T00:00:00Z","date_published":"2012-07-23T00:00:00Z","owner_name":null,"tidal_id":"caa4b772-5252-5d83-aef0-f719338d53ac","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430331Z"},{"id":"39ffd162-4052-57ec-bd20-2fe6b8e6beab","name":"Apple Dev Dynamic Libraries","description":"Apple. (2012, July 23). Overview of Dynamic Libraries. Retrieved September 7, 2023.","url":"https://developer.apple.com/library/archive/documentation/DeveloperTools/Conceptual/DynamicLibraries/100-Articles/OverviewOfDynamicLibraries.html","source":"MITRE","title":"Overview of Dynamic Libraries","authors":"Apple","date_accessed":"2023-09-07T00:00:00Z","date_published":"2012-07-23T00:00:00Z","owner_name":null,"tidal_id":"68e6b48b-b385-52aa-a776-c47dfe8091e0","created":"2023-11-07T00:35:57.186229Z","modified":"2025-12-17T15:08:36.424419Z"},{"id":"fc117963-580f-5f4a-a969-b2410e00a58f","name":"GCP IAM Conditions","description":"Google Cloud. (n.d.). Overview of IAM Conditions. Retrieved January 2, 2024.","url":"https://cloud.google.com/iam/docs/conditions-overview","source":"MITRE","title":"Overview of IAM Conditions","authors":"Google Cloud","date_accessed":"2024-01-02T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c4b7b455-387f-51c4-bc23-108f72b2a15e","created":"2024-04-25T13:28:39.856229Z","modified":"2025-12-17T15:08:36.434835Z"},{"id":"0b40474c-173c-4a8c-8cc7-bac2dcfcaedd","name":"Kubeflow Pipelines","description":"The Kubeflow Authors. (n.d.). Overview of Kubeflow Pipelines. Retrieved March 29, 2021.","url":"https://www.kubeflow.org/docs/components/pipelines/overview/pipelines-overview/","source":"MITRE","title":"Overview of Kubeflow Pipelines","authors":"The Kubeflow Authors","date_accessed":"2021-03-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"02668911-7cbb-5905-8bf2-423ad2596f86","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429892Z"},{"id":"3e832a4f-b8e6-4c28-bb33-f2db817403b9","name":"TechNet RDP Gateway","description":"Microsoft. (n.d.). Overview of Remote Desktop Gateway. Retrieved June 6, 2016.","url":"https://technet.microsoft.com/en-us/library/cc731150.aspx","source":"MITRE","title":"Overview of Remote Desktop Gateway","authors":"Microsoft","date_accessed":"2016-06-06T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"28ca26c5-55f6-5b83-a07a-24dd46fcd402","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416254Z"},{"id":"fd095ef2-6fc2-4f6f-9e4f-037b2a9217d2","name":"CrowdStrike AQUATIC PANDA December 2021","description":"Wiley, B. et al. (2021, December 29). OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt. Retrieved January 18, 2022.","url":"https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools/","source":"MITRE, Tidal Cyber","title":"OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt","authors":"Wiley, B. et al","date_accessed":"2022-01-18T00:00:00Z","date_published":"2021-12-29T00:00:00Z","owner_name":null,"tidal_id":"5a9c70ad-bfc4-5917-a416-75f00c424375","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.278107Z"},{"id":"044ef2b7-44cc-4da6-b8e2-45d630558534","name":"OWASP Top 10 2017","description":"OWASP. (2017, April 16). OWASP Top 10 2017 - The Ten Most Critical Web Application Security Risks. Retrieved February 12, 2019.","url":"https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/","source":"MITRE","title":"OWASP Top 10 2017 - The Ten Most Critical Web Application Security Risks","authors":"OWASP","date_accessed":"2019-02-12T00:00:00Z","date_published":"2017-04-16T00:00:00Z","owner_name":null,"tidal_id":"984c1a54-4b1a-5587-810e-74caa0ac5e2b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415788Z"},{"id":"c6db3a77-4d01-4b4d-886d-746d676ed6d0","name":"OWASP Top 10","description":"OWASP. (2018, February 23). OWASP Top Ten Project. Retrieved April 3, 2018.","url":"https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project","source":"MITRE","title":"OWASP Top Ten Project","authors":"OWASP","date_accessed":"2018-04-03T00:00:00Z","date_published":"2018-02-23T00:00:00Z","owner_name":null,"tidal_id":"4f8a04d0-b3d3-54cc-bf9b-f23dc961e49c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428355Z"},{"id":"8e589de1-9c94-5ce9-ab6e-dcc1393bf997","name":"Cado Security P2PInfect 2023","description":"jbowen. (2023, December 4). P2Pinfect - New Variant Targets MIPS Devices. Retrieved March 18, 2025.","url":"https://www.cadosecurity.com/blog/p2pinfect-new-variant-targets-mips-devices","source":"MITRE","title":"P2Pinfect - New Variant Targets MIPS Devices","authors":"jbowen","date_accessed":"2025-03-18T00:00:00Z","date_published":"2023-12-04T00:00:00Z","owner_name":null,"tidal_id":"f986561c-4dfc-5672-bca4-e0cfcea60e2d","created":"2025-04-22T20:47:20.362193Z","modified":"2025-12-17T15:08:36.435763Z"},{"id":"a110dd49-d8a4-4425-ae0e-461ffe377d22","name":"Sophos Pacific Rim Overview October 31 2024","description":"Sophos X-Ops, Ross McKerchar. (2024, October 31). Pacific Rim overview. Retrieved November 1, 2024.","url":"https://news.sophos.com/en-us/2024/10/31/pacific-rim-neutralizing-china-based-threat/","source":"Tidal Cyber","title":"Pacific Rim overview","authors":"Sophos X-Ops, Ross McKerchar","date_accessed":"2024-11-01T00:00:00Z","date_published":"2024-10-31T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f7fc843d-9666-5528-986d-fd747390587d","created":"2024-11-08T20:32:28.245458Z","modified":"2024-11-08T20:32:28.758744Z"},{"id":"77146036-d207-465e-a987-3e9e527ea927","name":"Sophos Pacific Rim Timeline October 31 2024","description":"Ross McKerchar, Andrew Brandt. (2024, October 31). Pacific Rim timeline. Retrieved November 1, 2024.","url":"https://news.sophos.com/en-us/2024/10/31/pacific-rim-timeline/","source":"Tidal Cyber","title":"Pacific Rim timeline","authors":"Ross McKerchar, Andrew Brandt","date_accessed":"2024-11-01T00:00:00Z","date_published":"2024-10-31T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a09a32ef-7000-5388-9474-c133c5eaa27b","created":"2024-11-08T20:32:27.492538Z","modified":"2024-11-08T20:32:27.910294Z"},{"id":"e32e293a-f583-494e-9eb5-c82167f2e000","name":"Debian Manual Maintainer Scripts","description":"Debian Policy Manual v4.6.1.1. (2022, August 14). Package maintainer scripts and installation procedure. Retrieved September 27, 2022.","url":"https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html#s-mscriptsinstact","source":"MITRE","title":"Package maintainer scripts and installation procedure","authors":"Debian Policy Manual v4.6.1.1","date_accessed":"2022-09-27T00:00:00Z","date_published":"2022-08-14T00:00:00Z","owner_name":null,"tidal_id":"a574dbf6-1385-5813-87d3-3b07c1c90734","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435320Z"},{"id":"d6c30aeb-21ed-5522-9f4c-61fe70fc209e","name":"Android Package Visibility","description":"Google. (n.d.). Package visibility filtering on Android. Retrieved April","url":"https://developer.android.com/training/package-visibility","source":"Mobile","title":"Package visibility filtering on Android","authors":"Google","date_accessed":"1978-04-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"26f53f9d-c41b-5e8e-ac04-2e5df5feab94","created":"2026-01-28T13:08:10.047740Z","modified":"2026-01-28T13:08:10.047743Z"},{"id":"c91c6399-3520-4410-936d-48c3b13235ca","name":"GCP Packet Mirroring","description":"Google Cloud. (n.d.). Packet Mirroring overview. Retrieved March 17, 2022.","url":"https://cloud.google.com/vpc/docs/packet-mirroring","source":"MITRE","title":"Packet Mirroring overview","authors":"Google Cloud","date_accessed":"2022-03-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8fa4c6b4-831b-5435-92fa-0928526d9843","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427361Z"},{"id":"316f347f-3e92-4861-a075-db64adf6b6a8","name":"Citizenlab Packrat 2015","description":"Scott-Railton, J., et al. (2015, December 8). Packrat. Retrieved December 18, 2020.","url":"https://citizenlab.ca/2015/12/packrat-report/","source":"MITRE","title":"Packrat","authors":"Scott-Railton, J., et al","date_accessed":"2020-12-18T00:00:00Z","date_published":"2015-12-08T00:00:00Z","owner_name":null,"tidal_id":"304734d1-4fb9-5bab-80d6-9da34eadac8c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426253Z"},{"id":"bda43b1b-ea8d-4371-9984-6d8a7cc24965","name":"GitHub Pacu","description":"Rhino Security Labs. (2019, August 22). Pacu. Retrieved October 17, 2019.","url":"https://github.com/RhinoSecurityLabs/pacu","source":"MITRE","title":"Pacu","authors":"Rhino Security Labs","date_accessed":"2019-10-17T00:00:00Z","date_published":"2019-08-22T00:00:00Z","owner_name":null,"tidal_id":"13aaacc1-a54d-54be-8726-3df5e2743a0e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422795Z"},{"id":"deba605b-7abc-5794-a820-448a395aab69","name":"Pacu Detection Disruption Module","description":"Rhino Security Labs. (2021, April 29). Pacu Detection Disruption Module. Retrieved August 4, 2023.","url":"https://github.com/RhinoSecurityLabs/pacu/blob/master/pacu/modules/detection__disruption/main.py","source":"MITRE","title":"Pacu Detection Disruption Module","authors":"Rhino Security Labs","date_accessed":"2023-08-04T00:00:00Z","date_published":"2021-04-29T00:00:00Z","owner_name":null,"tidal_id":"cd965fbd-494d-5403-b4fa-be4a9992d35b","created":"2023-11-07T00:36:07.838136Z","modified":"2025-12-17T15:08:36.434710Z"},{"id":"5a98fe8b-f020-576a-b037-255aa28faea6","name":"Paganini, Pierluigi June 2020","description":"Paganini, Pierluigi 2020, June 14 Ransomware attack disrupts operations at Australian beverage company Lion. Retrieved 2021/10/08","url":"https://securityaffairs.co/wordpress/104749/cyber-crime/ransomware-attack-hit-lion.html","source":"ICS","title":"Paganini, Pierluigi June 2020","authors":"","date_accessed":"2021-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8e8189be-5c09-5c46-b4c8-ef262605d3aa","created":"2026-01-28T13:08:18.177157Z","modified":"2026-01-28T13:08:18.177160Z"},{"id":"413b7917-e22a-4706-aff3-80eb31521b6a","name":"SecurityWeek Cyber Toufan January 3 2024","description":"Ionut Arghire. (2024, January 3). Palestinian Hackers Hit 100 Israeli Organizations in Destructive Attacks. Retrieved August 8, 2024.","url":"https://www.securityweek.com/palestinian-hackers-hit-100-israeli-organizations-in-destructive-attacks/","source":"Tidal Cyber","title":"Palestinian Hackers Hit 100 Israeli Organizations in Destructive Attacks","authors":"Ionut Arghire","date_accessed":"2024-08-08T00:00:00Z","date_published":"2024-01-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"00143498-9f6c-5003-8234-162fa334170c","created":"2024-08-09T14:50:33.184338Z","modified":"2024-08-09T14:50:33.398692Z"},{"id":"84ecd475-8d3f-4e7c-afa8-2dff6078bed5","name":"Symantec Palmerworm Sep 2020","description":"Threat Intelligence. (2020, September 29). Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors. Retrieved March 25, 2022.","url":"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt","source":"MITRE, Tidal Cyber","title":"Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors","authors":"Threat Intelligence","date_accessed":"2022-03-25T00:00:00Z","date_published":"2020-09-29T00:00:00Z","owner_name":null,"tidal_id":"53768284-9e11-5ce8-8347-520336b2ef82","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.278225Z"},{"id":"4838a58e-c00d-4b4c-937d-8da5d9f1a4b5","name":"Apple PAM","description":"Apple. (2011, May 11). PAM - Pluggable Authentication Modules. Retrieved June 25, 2020.","url":"https://opensource.apple.com/source/dovecot/dovecot-239/dovecot/doc/wiki/PasswordDatabase.PAM.txt","source":"MITRE","title":"PAM - Pluggable Authentication Modules","authors":"Apple","date_accessed":"2020-06-25T00:00:00Z","date_published":"2011-05-11T00:00:00Z","owner_name":null,"tidal_id":"7e208d7b-8d9e-5f75-a9dc-79b9bae9e3ad","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424208Z"},{"id":"6bc5ad93-3cc2-4429-ac4c-aae72193df27","name":"Man Pam_Unix","description":"die.net. (n.d.). pam_unix(8) - Linux man page. Retrieved June 25, 2020.","url":"https://linux.die.net/man/8/pam_unix","source":"MITRE","title":"pam_unix(8) - Linux man page","authors":"die.net","date_accessed":"2020-06-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ea042281-bf84-55ff-88fb-812af569c02b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424214Z"},{"id":"27f17e79-ef38-4c20-9250-40c81fa8717a","name":"Palo Alto PlugX June 2017","description":"Lancaster, T. and Idrizovic, E.. (2017, June 27). Paranoid PlugX. Retrieved July 13, 2017.","url":"https://researchcenter.paloaltonetworks.com/2017/06/unit42-paranoid-plugx/","source":"MITRE","title":"Paranoid PlugX","authors":"Lancaster, T. and Idrizovic, E.","date_accessed":"2017-07-13T00:00:00Z","date_published":"2017-06-27T00:00:00Z","owner_name":null,"tidal_id":"b64ab0be-1d02-5914-8cdc-2dc523a3e3ce","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441405Z"},{"id":"9dc629a0-543c-4221-86cc-0dfb93903988","name":"Unit42 PlugX June 2017","description":"Lancaster, T., Idrizovic, E. (2017, June 27). Paranoid PlugX. Retrieved April 19, 2019.","url":"https://unit42.paloaltonetworks.com/unit42-paranoid-plugx/","source":"MITRE","title":"Paranoid PlugX","authors":"Lancaster, T., Idrizovic, E","date_accessed":"2019-04-19T00:00:00Z","date_published":"2017-06-27T00:00:00Z","owner_name":null,"tidal_id":"67b5a597-c0bd-5b80-be92-1688a9bcfeb3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442263Z"},{"id":"0828b2fd-c85f-44c7-bb05-61e6eba34336","name":"Secuirtyinbits Ataware3 May 2019","description":"Secuirtyinbits . (2019, May 14). Parent PID Spoofing (Stage 2) Ataware Ransomware Part 3. Retrieved June 6, 2019.","url":"https://www.securityinbits.com/malware-analysis/parent-pid-spoofing-stage-2-ataware-ransomware-part-3","source":"MITRE","title":"Parent PID Spoofing (Stage 2) Ataware Ransomware Part 3","authors":"Secuirtyinbits","date_accessed":"2019-06-06T00:00:00Z","date_published":"2019-05-14T00:00:00Z","owner_name":null,"tidal_id":"1fe341e3-4e9c-52ff-abfa-c4ac75346f1f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432715Z"},{"id":"15e974db-51a9-4ec1-9725-cff8bb9bc2fa","name":"Dragos PARISITE","description":"Dragos. (n.d.). PARISITE. Retrieved December 21, 2020.","url":"https://www.dragos.com/threat/parisite/","source":"MITRE","title":"PARISITE","authors":"Dragos","date_accessed":"2020-12-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"dd0af3bb-d1d3-58a9-b1e9-f92587a1ddec","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437536Z"},{"id":"950f8c1e-8793-43b7-abc7-0c9f6790b3b7","name":"DOJ Lazarus Sony 2018","description":"Department of Justice. (2018, September 6). Criminal Complaint - United States of America v. PARK JIN HYOK. Retrieved March 29, 2019.","url":"https://www.justice.gov/opa/press-release/file/1092091/download","source":"MITRE","title":"PARK JIN HYOK","authors":"Department of Justice. (2018, September 6)","date_accessed":"2019-03-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6e6b679a-4da9-58c9-ac6c-00fcf3ac1a81","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424488Z"},{"id":"2d1faa93-fed5-4b0d-b6c9-72bbc4782201","name":"intezer stripped binaries elf files 2018","description":"Ignacio Sanmillan. (2018, February 7). Executable and Linkable Format 101. Part 2: Symbols. Retrieved September 29, 2022.","url":"https://www.intezer.com/blog/malware-analysis/executable-linkable-format-101-part-2-symbols/","source":"MITRE","title":"Part 2: Symbols","authors":"Ignacio Sanmillan. (2018, February 7)","date_accessed":"2022-09-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3ce8ac1f-b393-57f7-96e5-676132dc44b5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426992Z"},{"id":"67f3ce33-0197-41ef-a9d0-474c97ecf570","name":"Gabilondo DYLD_INSERT_LIBRARIES Catalina Bypass","description":"Jon Gabilondo. (2019, September 22). How to Inject Code into Mach-O Apps. Part II.. Retrieved March 24, 2021.","url":"https://jon-gabilondo-angulo-7635.medium.com/how-to-inject-code-into-mach-o-apps-part-ii-ddb13ebc8191","source":"MITRE","title":"Part II.","authors":"Jon Gabilondo. (2019, September 22)","date_accessed":"2021-03-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"dce14057-4a97-5c83-bcf5-620d6debb570","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430356Z"},{"id":"fa0ed0fd-bf57-4a0f-9370-e22f27b20e42","name":"Office 365 Delegated Administration","description":"Microsoft. (n.d.). Partners: Offer delegated administration. Retrieved May 27, 2022.","url":"https://support.microsoft.com/en-us/topic/partners-offer-delegated-administration-26530dc0-ebba-415b-86b1-b55bc06b073e?ui=en-us&rs=en-us&ad=us","source":"MITRE","title":"Partners: Offer delegated administration","authors":"Microsoft","date_accessed":"2022-05-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9fe36813-4fb6-5b29-afef-b3d9922297bb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432999Z"},{"id":"183843b5-66dc-4229-ba66-3171d9b8e33d","name":"Microsoft IFEOorMalware July 2015","description":"Microsoft. (2015, July 30). Part of Windows 10 or really Malware?. Retrieved December 18, 2017.","url":"https://answers.microsoft.com/windows/forum/windows_10-security/part-of-windows-10-or-really-malware/af715663-a34a-423c-850d-2a46f369a54c","source":"MITRE","title":"Part of Windows 10 or really Malware?","authors":"Microsoft","date_accessed":"2017-12-18T00:00:00Z","date_published":"2015-07-30T00:00:00Z","owner_name":null,"tidal_id":"03645955-db3e-5224-a353-6ab8b2ae24b4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415595Z"},{"id":"c19f8683-97fb-4e0c-a9f5-12033b1d38ca","name":"Circl Passive DNS","description":"CIRCL Computer Incident Response Center. (n.d.). Passive DNS. Retrieved October 20, 2020.","url":"https://www.circl.lu/services/passive-dns/","source":"MITRE","title":"Passive DNS","authors":"CIRCL Computer Incident Response Center","date_accessed":"2020-10-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e471d3b7-2d6f-53da-8e49-ba9df8dd9407","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424747Z"},{"id":"4cfec669-1db5-4a67-81e2-18383e4c4d3d","name":"ObjectiveSee AppleJeus 2019","description":"Patrick Wardle. (2019, October 12). Pass the AppleJeus. Retrieved September 28, 2022.","url":"https://objective-see.org/blog/blog_0x49.html","source":"MITRE","title":"Pass the AppleJeus","authors":"Patrick Wardle","date_accessed":"2022-09-28T00:00:00Z","date_published":"2019-10-12T00:00:00Z","owner_name":null,"tidal_id":"4f7310ae-5ca9-5743-bed9-95689ecbb405","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440329Z"},{"id":"3ff12b9c-1c4e-4383-a771-792f5e95dcf1","name":"GentilKiwi Pass the Ticket","description":"Deply, B. (2014, January 13). Pass the ticket. Retrieved September 12, 2024.","url":"https://web.archive.org/web/20210515214027/https://blog.gentilkiwi.com/securite/mimikatz/pass-the-ticket-kerberos","source":"MITRE","title":"Pass the ticket","authors":"Deply, B","date_accessed":"2024-09-12T00:00:00Z","date_published":"2014-01-13T00:00:00Z","owner_name":null,"tidal_id":"fad6cda9-55b9-5b4f-9c7c-e74420236947","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431468Z"},{"id":"d5ebb79f-b39a-46cb-b546-2db383783a58","name":"Wikipedia Password cracking","description":"Wikipedia. (n.d.). Password cracking. Retrieved December 23, 2015.","url":"https://en.wikipedia.org/wiki/Password_cracking","source":"MITRE","title":"Password cracking","authors":"Wikipedia","date_accessed":"2015-12-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"43c6fb95-2691-59eb-898e-cab6432e2f59","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425896Z"},{"id":"8877e1f3-11e6-4ae0-adbd-c9b98b07ee25","name":"RDP Hijacking Korznikov","description":"Korznikov, A. (2017, March 17). Passwordless RDP Session Hijacking Feature All Windows versions. Retrieved December 11, 2017.","url":"http://www.korznikov.com/2017/03/0-day-or-feature-privilege-escalation.html","source":"MITRE","title":"Passwordless RDP Session Hijacking Feature All Windows versions","authors":"Korznikov, A","date_accessed":"2017-12-11T00:00:00Z","date_published":"2017-03-17T00:00:00Z","owner_name":null,"tidal_id":"8a8c945b-8bf7-599c-96be-4bcc960b5d07","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429481Z"},{"id":"253104ab-20b0-43d2-8338-afdd3237cc53","name":"ise Password Manager February 2019","description":"ise. (2019, February 19). Password Managers: Under the Hood of Secrets Management. Retrieved January 22, 2021.","url":"https://www.ise.io/casestudies/password-manager-hacking/","source":"MITRE","title":"Password Managers: Under the Hood of Secrets Management","authors":"ise","date_accessed":"2021-01-22T00:00:00Z","date_published":"2019-02-19T00:00:00Z","owner_name":null,"tidal_id":"6fd751cd-df52-5524-b92b-6251bc58a6ff","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427226Z"},{"id":"918d4b6c-5783-4332-96d9-430e4c5ae030","name":"Microsoft Password Complexity","description":"Hall, J., Lich, B. (2017, September 9). Password must meet complexity requirements. Retrieved April 5, 2018.","url":"https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements","source":"MITRE","title":"Password must meet complexity requirements","authors":"Hall, J., Lich, B","date_accessed":"2018-04-05T00:00:00Z","date_published":"2017-09-09T00:00:00Z","owner_name":null,"tidal_id":"7de1a45c-469a-5dc0-9731-c99cd14f2949","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415704Z"},{"id":"f45c7a4b-dafc-4e5c-ad3f-db4b0388a1d7","name":"BlackHillsInfosec Password Spraying","description":"Thyer, J. (2015, October 30). Password Spraying & Other Fun with RPCCLIENT. Retrieved April 25, 2017.","url":"http://www.blackhillsinfosec.com/?p=4645","source":"MITRE","title":"Password Spraying & Other Fun with RPCCLIENT","authors":"Thyer, J","date_accessed":"2017-04-25T00:00:00Z","date_published":"2015-10-30T00:00:00Z","owner_name":null,"tidal_id":"f8e45c03-fdb6-5dfb-a54f-384ada018313","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430781Z"},{"id":"180246ca-94d8-4c78-894d-ae3b6fad3257","name":"how_pwd_rev_enc_1","description":"Teusink, N. (2009, August 25). Passwords stored using reversible encryption: how it works (part 1). Retrieved November 17, 2021.","url":"http://blog.teusink.net/2009/08/passwords-stored-using-reversible.html","source":"MITRE","title":"Passwords stored using reversible encryption: how it works (part 1)","authors":"Teusink, N","date_accessed":"2021-11-17T00:00:00Z","date_published":"2009-08-25T00:00:00Z","owner_name":null,"tidal_id":"c73a90bc-35f7-5ddf-bc24-af162821bfe8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435215Z"},{"id":"cc08f190-5c17-441c-a6fa-99f8fdb8d1ae","name":"how_pwd_rev_enc_2","description":"Teusink, N. (2009, August 26). Passwords stored using reversible encryption: how it works (part 2). Retrieved November 17, 2021.","url":"http://blog.teusink.net/2009/08/passwords-stored-using-reversible_26.html","source":"MITRE","title":"Passwords stored using reversible encryption: how it works (part 2)","authors":"Teusink, N","date_accessed":"2021-11-17T00:00:00Z","date_published":"2009-08-26T00:00:00Z","owner_name":null,"tidal_id":"3f84e6b6-dfd4-510e-913e-cae5eec0fa80","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435221Z"},{"id":"d3ed7dd9-0941-4160-aa6a-c0244c63560f","name":"Volexity Patchwork June 2018","description":"Meltzer, M, et al. (2018, June 07). Patchwork APT Group Targets US Think Tanks. Retrieved July 16, 2018.","url":"https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/","source":"MITRE, Tidal Cyber","title":"Patchwork APT Group Targets US Think Tanks","authors":"Meltzer, M, et al","date_accessed":"2018-07-16T00:00:00Z","date_published":"2018-06-07T00:00:00Z","owner_name":null,"tidal_id":"1c73af76-c256-5a7d-8929-d20ec90a5321","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.263947Z"},{"id":"2609e461-1e23-4dc2-aa44-d09f4acb8c6e","name":"PaloAlto Patchwork Mar 2018","description":"Levene, B. et al.. (2018, March 7). Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent. Retrieved March 31, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/03/unit42-patchwork-continues-deliver-badnews-indian-subcontinent/","source":"MITRE","title":"Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent","authors":"Levene, B. et al.","date_accessed":"2018-03-31T00:00:00Z","date_published":"2018-03-07T00:00:00Z","owner_name":null,"tidal_id":"af914157-8103-5e79-b72a-e7cb6fa03531","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437918Z"},{"id":"a6172463-56e2-49f2-856d-f4f8320d7c6e","name":"Symantec Patchwork","description":"Hamada, J.. (2016, July 25). Patchwork cyberespionage group expands targets from governments to wide range of industries. Retrieved August 17, 2016.","url":"http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries","source":"MITRE, Tidal Cyber","title":"Patchwork cyberespionage group expands targets from governments to wide range of industries","authors":"Hamada, J.","date_accessed":"2016-08-17T00:00:00Z","date_published":"2016-07-25T00:00:00Z","owner_name":null,"tidal_id":"4a0ff400-54c6-55d2-a23f-78a1a3e29d06","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.278420Z"},{"id":"7d12c764-facd-4086-acd0-5c0287344520","name":"Trend Micro Pawn Storm OAuth 2017","description":"Hacquebord, F.. (2017, April 25). Pawn Storm Abuses Open Authentication in Advanced Social Engineering Attacks. Retrieved October 4, 2019.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-abuses-open-authentication-advanced-social-engineering-attacks","source":"MITRE","title":"Pawn Storm Abuses Open Authentication in Advanced Social Engineering Attacks","authors":"Hacquebord, F.","date_accessed":"2019-10-04T00:00:00Z","date_published":"2017-04-25T00:00:00Z","owner_name":null,"tidal_id":"01f3964f-3077-535a-9a5a-66dda7b5c427","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426091Z"},{"id":"104f3264-3e8a-46ca-b9b2-e16a59938570","name":"TrendMicro Pawn Storm 2019","description":"Hacquebord, F. (n.d.). Pawn Storm in 2019 A Year of Scanning and Credential Phishing on High-Profile Targets. Retrieved December 29, 2020.","url":"https://documents.trendmicro.com/assets/white_papers/wp-pawn-storm-in-2019.pdf","source":"MITRE","title":"Pawn Storm in 2019 A Year of Scanning and Credential Phishing on High-Profile Targets","authors":"Hacquebord, F","date_accessed":"2020-12-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8831fc71-635a-5bba-9d63-df1988902c85","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441737Z"},{"id":"3bc249cd-f29a-4a74-a179-a6860e43683f","name":"TrendMicro Pawn Storm Dec 2020","description":"Hacquebord, F., Remorin, L. (2020, December 17). Pawn Storm’s Lack of Sophistication as a Strategy. Retrieved January 13, 2021.","url":"https://www.trendmicro.com/en_us/research/20/l/pawn-storm-lack-of-sophistication-as-a-strategy.html","source":"MITRE","title":"Pawn Storm’s Lack of Sophistication as a Strategy","authors":"Hacquebord, F., Remorin, L","date_accessed":"2021-01-13T00:00:00Z","date_published":"2020-12-17T00:00:00Z","owner_name":null,"tidal_id":"91cc76e9-e403-5de2-bca8-380893bc5292","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433338Z"},{"id":"6e09bc1a-8a5d-4512-9176-40eed91af358","name":"ClearSky Pay2Kitten December 2020","description":"ClearSky. (2020, December 17). Pay2Key Ransomware – A New Campaign by Fox Kitten. Retrieved December 21, 2020.","url":"https://www.clearskysec.com/wp-content/uploads/2020/12/Pay2Kitten.pdf","source":"MITRE","title":"Pay2Key Ransomware – A New Campaign by Fox Kitten","authors":"ClearSky","date_accessed":"2020-12-21T00:00:00Z","date_published":"2020-12-17T00:00:00Z","owner_name":null,"tidal_id":"1d23bf84-1130-5854-b0c1-beb11aa6641a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437530Z"},{"id":"bcea7897-6cb2-467d-ad3b-ffd20badf19f","name":"PaypalScam","description":"Bob Sullivan. (2000, July 24). PayPal alert! Beware the 'PaypaI' scam. Retrieved March 2, 2017.","url":"https://www.zdnet.com/article/paypal-alert-beware-the-paypai-scam-5000109103/","source":"MITRE","title":"PayPal alert! Beware the 'PaypaI' scam","authors":"Bob Sullivan","date_accessed":"2017-03-02T00:00:00Z","date_published":"2000-07-24T00:00:00Z","owner_name":null,"tidal_id":"e8295a92-7dd1-59d0-9cfa-1b7dfa2adb1c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428432Z"},{"id":"958064d4-7f9f-46a9-b475-93d6587ed770","name":"Pcalua.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Pcalua.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Pcalua/","source":"Tidal Cyber","title":"Pcalua.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"62b457ac-3f73-5e52-8c9e-bf7a5965019f","created":"2024-01-12T14:46:52.099477Z","modified":"2024-01-12T14:46:52.282947Z"},{"id":"3057d857-6984-4247-918b-952b75ee152e","name":"pcodedmp Bontchev","description":"Bontchev, V. (2019, July 30). pcodedmp.py - A VBA p-code disassembler. Retrieved September 17, 2020.","url":"https://github.com/bontchev/pcodedmp","source":"MITRE","title":"pcodedmp.py - A VBA p-code disassembler","authors":"Bontchev, V","date_accessed":"2020-09-17T00:00:00Z","date_published":"2019-07-30T00:00:00Z","owner_name":null,"tidal_id":"076d9141-1890-5771-9aeb-7185fefe11a6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434602Z"},{"id":"f113559f-a6da-43bc-bc64-9ff7155b82bc","name":"GitHub PcShare 2014","description":"LiveMirror. (2014, September 17). PcShare. Retrieved October 11, 2022.","url":"https://github.com/LiveMirror/pcshare","source":"MITRE","title":"PcShare","authors":"LiveMirror","date_accessed":"2022-10-11T00:00:00Z","date_published":"2014-09-17T00:00:00Z","owner_name":null,"tidal_id":"800d0def-a023-568f-b6c8-465f93f2dc73","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422925Z"},{"id":"b5946ca4-1f1b-4cba-af2f-0b99d6fff8b0","name":"Pcwrun.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Pcwrun.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Pcwrun/","source":"Tidal Cyber","title":"Pcwrun.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5f7b0c6f-43d8-5b3d-8d22-a686eddd61d5","created":"2024-01-12T14:46:52.454128Z","modified":"2024-01-12T14:46:52.628797Z"},{"id":"1050758d-20da-4c4a-83d3-40aeff3db9ca","name":"Pcwutl.dll - LOLBAS Project","description":"LOLBAS. (2018, May 25). Pcwutl.dll. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Libraries/Pcwutl/","source":"Tidal Cyber","title":"Pcwutl.dll","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fbd9439f-b75d-5c17-b491-6a269aac5dc5","created":"2024-01-12T14:47:12.830098Z","modified":"2024-01-12T14:47:13.025501Z"},{"id":"940c0755-18df-4fcb-9691-9f2eb45e6441","name":"Microsoft Security Blog August 28 2024","description":"Microsoft Threat Intelligence. (2024, August 28). Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations . Retrieved August 29, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2024/08/28/peach-sandstorm-deploys-new-custom-tickler-malware-in-long-running-intelligence-gathering-operations/","source":"Tidal Cyber","title":"Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations","authors":"Microsoft Threat Intelligence","date_accessed":"2024-08-29T00:00:00Z","date_published":"2024-08-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"45af5d43-20a2-5408-8a35-0a2320f4468d","created":"2024-08-30T18:11:26.737157Z","modified":"2024-08-30T18:11:27.214518Z"},{"id":"84d026ed-b8f2-5bbb-865a-2d93aa4b2ef8","name":"Microsoft Peach Sandstorm 2023","description":"Microsoft Threat Intelligence. (2023, September 14). Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets. Retrieved September 18, 2023.","url":"https://www.microsoft.com/en-us/security/blog/2023/09/14/peach-sandstorm-password-spray-campaigns-enable-intelligence-collection-at-high-value-targets/","source":"MITRE","title":"Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets","authors":"Microsoft Threat Intelligence","date_accessed":"2023-09-18T00:00:00Z","date_published":"2023-09-14T00:00:00Z","owner_name":null,"tidal_id":"e9435a02-216c-5991-a5e2-80c25fb4a9fd","created":"2023-11-07T00:36:07.764468Z","modified":"2025-12-17T15:08:36.424616Z"},{"id":"98a631f4-4b95-4159-b311-dee1216ec208","name":"Microsoft Peach Sandstorm September 14 2023","description":"Microsoft Threat Intelligence. (2023, September 14). Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets. Retrieved January 31, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2023/09/14/peach-sandstorm-password-spray-campaigns-enable-intelligence-collection-at-high-value-targets/","source":"Tidal Cyber","title":"Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets","authors":"Microsoft Threat Intelligence","date_accessed":"2024-01-31T00:00:00Z","date_published":"2023-09-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d478fc7c-ab24-5cbd-96f6-26ede6d192da","created":"2024-02-02T19:09:36.616943Z","modified":"2024-02-02T19:09:36.965273Z"},{"id":"0ed4b227-c9b5-45d0-837b-679dc82abdb6","name":"Google Cloud August 22 2024","description":"Mandiant. (2024, August 22). PEAKLIGHT Decoding the Stealthy Memory-Only Malware . Retrieved August 23, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/","source":"Tidal Cyber","title":"PEAKLIGHT Decoding the Stealthy Memory-Only Malware","authors":"Mandiant","date_accessed":"2024-08-23T00:00:00Z","date_published":"2024-08-22T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b714f3ec-8e3b-5b0d-9b9a-87e276c6e6b4","created":"2025-02-11T18:20:03.802086Z","modified":"2025-02-11T18:20:04.178402Z"},{"id":"82edf4be-2288-4828-bc63-14e2f3b82f71","name":"PeaZip Wikipedia","description":"Wikipedia. (2025, April 27). PeaZip Wikipedia. Retrieved June 5, 2025.","url":"https://en.wikipedia.org/wiki/PeaZip","source":"Tidal Cyber","title":"PeaZip Wikipedia","authors":"Wikipedia","date_accessed":"2025-06-05T00:00:00Z","date_published":"2025-04-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"625791c3-45b2-5417-a43e-1d27c628c0fb","created":"2025-06-10T15:50:14.848089Z","modified":"2025-06-10T15:50:15.345520Z"},{"id":"13b1769f-e845-4465-8911-234d8737a617","name":"Blogger June 1 2020","description":"Malwarenailed. (2020, June 1). PebbleDash - Lazarus HiddenCobra RAT. Retrieved February 10, 2025.","url":"https://malwarenailed.blogspot.com/2020/06/peebledash-lazarus-hiddencobra-rat.html","source":"Tidal Cyber","title":"PebbleDash - Lazarus HiddenCobra RAT","authors":"Malwarenailed","date_accessed":"2025-02-10T00:00:00Z","date_published":"2020-06-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0357f0e3-f7cd-5d67-b8f1-697004a60ebc","created":"2025-02-11T18:20:06.283355Z","modified":"2025-02-11T18:20:06.472796Z"},{"id":"e0ec4cf6-1e6a-41ab-8704-a66c5cc4d226","name":"Microsoft PEB 2021","description":"Microsoft. (2021, October 6). PEB structure (winternl.h). Retrieved November 19, 2021.","url":"https://docs.microsoft.com/en-us/windows/win32/api/winternl/ns-winternl-peb","source":"MITRE","title":"PEB structure (winternl.h)","authors":"Microsoft","date_accessed":"2021-11-19T00:00:00Z","date_published":"2021-10-06T00:00:00Z","owner_name":null,"tidal_id":"aa41ae2c-bc08-50ef-bd5b-eb5f46c6cbd4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436943Z"},{"id":"dcc61483-f39b-5a37-96b7-a783b69cfa4d","name":"CERT-UA TelecomAttack 2023","description":"CERT-UA. (2023, October 15). Peculiarities of destructive Sandworm cyber attacks against Ukrainian providers (CERT-UA#7627). Retrieved November 25, 2024.","url":"https://cert.gov.ua/article/6123309","source":"MITRE","title":"Peculiarities of destructive Sandworm cyber attacks against Ukrainian providers (CERT-UA#7627)","authors":"CERT-UA","date_accessed":"2024-11-25T00:00:00Z","date_published":"2023-10-15T00:00:00Z","owner_name":null,"tidal_id":"6ac58f96-840d-5722-8ac8-7fc8c2c8e2b0","created":"2025-04-22T20:47:26.796301Z","modified":"2025-12-17T15:08:36.418276Z"},{"id":"9f88640f-1e45-467f-98e4-046538afc55f","name":"Huntress PeerBlight December 09 2025","description":"None Identified. (2025, December 9). PeerBlight Linux Backdoor Exploits React2Shell CVE-2025-55182 | Huntress. Retrieved December 15, 2025.","url":"https://www.huntress.com/blog/peerblight-linux-backdoor-exploits-react2shell","source":"Tidal Cyber","title":"PeerBlight Linux Backdoor Exploits React2Shell CVE-2025-55182 | Huntress","authors":"None Identified","date_accessed":"2025-12-15T12:00:00Z","date_published":"2025-12-09T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"669e7e61-40f3-541a-85f3-6ae367c4d832","created":"2026-01-14T13:29:36.729728Z","modified":"2026-01-14T13:29:36.916464Z"},{"id":"daa411cf-b40b-445a-81f8-7b851ef15e00","name":"Huntress December 09 2025","description":"None Identified. (2025, December 9). PeerBlight Linux Backdoor Exploits React2Shell CVE-2025-55182 | Huntress. Retrieved December 15, 2025.","url":"https://www.huntress.com/blog/peerblight-linux-backdoor-exploits-react2shell","source":"Tidal Cyber","title":"PeerBlight Linux Backdoor Exploits React2Shell CVE-2025-55182 | Huntress","authors":"None Identified","date_accessed":"2025-12-15T12:00:00Z","date_published":"2025-12-09T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"545a4373-e778-531e-a31a-ad47ccc8c02d","created":"2025-12-17T14:17:41.237512Z","modified":"2025-12-17T14:17:41.378699Z"},{"id":"fff4625a-69de-5c06-89b2-8284936b8438","name":"Lookout-PegasusAndroid","description":"Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April","url":"https://blog.lookout.com/blog/2017/04/03/pegasus-android/","source":"Mobile","title":"Pegasus for Android: the other side of the story emerges","authors":"Mike Murray","date_accessed":"1978-04-01T00:00:00Z","date_published":"2017-04-03T00:00:00Z","owner_name":null,"tidal_id":"a71f7026-e734-5812-ac2b-ede6c713b399","created":"2026-01-28T13:08:10.041088Z","modified":"2026-01-28T13:08:10.041091Z"},{"id":"a75cde8b-76e4-4dc3-b1d5-cf08479905e7","name":"Peirates GitHub","description":"InGuardians. (2022, January 5). Peirates GitHub. Retrieved February 8, 2022.","url":"https://github.com/inguardians/peirates","source":"MITRE","title":"Peirates GitHub","authors":"InGuardians","date_accessed":"2022-02-08T00:00:00Z","date_published":"2022-01-05T00:00:00Z","owner_name":null,"tidal_id":"4ed0c4e5-a94e-5b35-826d-afeb9b9c9a46","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423069Z"},{"id":"3ca2e78e-751e-460b-9f3c-f851d054bce4","name":"Pentesting AD Forests","description":"García, C. (2019, April 3). Pentesting Active Directory Forests. Retrieved October 20, 2020.","url":"https://www.slideshare.net/rootedcon/carlos-garca-pentesting-active-directory-forests-rooted2019","source":"MITRE","title":"Pentesting Active Directory Forests","authors":"García, C","date_accessed":"2020-10-20T00:00:00Z","date_published":"2019-04-03T00:00:00Z","owner_name":null,"tidal_id":"19be19ef-2f50-5574-8211-6293ea883cfb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427672Z"},{"id":"cfb6f191-6c43-423b-9289-02beb3d721d1","name":"FBI PRC Botnet September 18 2024","description":"U.S. Federal Bureau of Investigation. (2024, September 18). People’s Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations. Retrieved September 19, 2024.","url":"https://www.ic3.gov/Media/News/2024/240918.pdf","source":"Tidal Cyber","title":"People’s Republic of China-Linked Actors Compromise Routers and IoT Devices for Botnet Operations","authors":"U.S. Federal Bureau of Investigation","date_accessed":"2024-09-19T00:00:00Z","date_published":"2024-09-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"60637696-cded-57ba-a877-8bfd5afbc321","created":"2024-09-20T15:08:30.622199Z","modified":"2024-09-20T15:08:30.871498Z"},{"id":"309bfb48-76d1-4ae9-9c6a-30b54658133c","name":"U.S. CISA BlackTech September 27 2023","description":"Cybersecurity and Infrastructure Security Agency. (2023, September 27). People's Republic of China-Linked Cyber Actors Hide in Router Firmware. Retrieved September 29, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-270a","source":"Tidal Cyber","title":"People's Republic of China-Linked Cyber Actors Hide in Router Firmware","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-09-29T00:00:00Z","date_published":"2023-09-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c64f2cd6-274d-52af-b26d-18019950efb7","created":"2023-09-29T19:48:17.560176Z","modified":"2023-09-29T19:48:18.020725Z"},{"id":"4b538c35-ffa0-585f-b708-8c69a07f434a","name":"CISA Leviathan 2024","description":"CISA et al. (2024, July 8). People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action. Retrieved February 3, 2025.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a","source":"MITRE","title":"People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action","authors":"CISA et al","date_accessed":"2025-02-03T00:00:00Z","date_published":"2024-07-08T00:00:00Z","owner_name":null,"tidal_id":"4483c27b-a9b5-540d-b25c-813e2aa62e4b","created":"2025-04-22T20:47:22.024090Z","modified":"2025-12-17T15:08:36.438445Z"},{"id":"3bf90a48-caf6-4b9d-adc2-3d1176f49ffc","name":"U.S. CISA APT40 July 8 2024","description":"Cybersecurity and Infrastructure Security Agency. (2024, July 8). People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action. Retrieved July 10, 2024.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a","source":"Tidal Cyber","title":"People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2024-07-10T00:00:00Z","date_published":"2024-07-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"432353eb-de58-5231-b5f0-6589d05a42c8","created":"2024-07-10T17:59:29.152335Z","modified":"2024-07-10T17:59:29.556704Z"},{"id":"12320f38-ebbf-486a-a450-8a548c3722d6","name":"U.S. CISA Volt Typhoon May 24 2023","description":"Cybersecurity and Infrastructure Security Agency. (2023, May 24). People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection. Retrieved May 25, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a","source":"Tidal Cyber","title":"People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-05-25T00:00:00Z","date_published":"2023-05-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"da64bf41-0405-5a8d-a2e9-70a854e15b41","created":"2023-07-14T12:56:31.478080Z","modified":"2023-07-14T12:56:31.574081Z"},{"id":"14872f08-e219-5c0d-a2d7-43a3ba348b4b","name":"Joint Cybersecurity Advisory Volt Typhoon June 2023","description":"NSA et al. (2023, May 24). People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection. Retrieved July 27, 2023.","url":"https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","source":"MITRE","title":"People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection","authors":"NSA et al","date_accessed":"2023-07-27T00:00:00Z","date_published":"2023-05-24T00:00:00Z","owner_name":null,"tidal_id":"6e08b9a7-35c0-5f9a-93a6-a71b14bad604","created":"2023-11-07T00:36:11.311603Z","modified":"2025-12-17T15:08:36.422912Z"},{"id":"bb149242-1916-400d-93b8-d0def161ed85","name":"TechNet Firewall Design","description":"Microsoft. (2004, February 6). Perimeter Firewall Design. Retrieved April 25, 2016.","url":"https://technet.microsoft.com/en-us/library/cc700828.aspx","source":"MITRE","title":"Perimeter Firewall Design","authors":"Microsoft","date_accessed":"2016-04-25T00:00:00Z","date_published":"2004-02-06T00:00:00Z","owner_name":null,"tidal_id":"6d9c7e80-29e1-57ae-a0aa-592b4b057c10","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441556Z"},{"id":"8661b51c-ddb7-484f-919d-22079c39d1e4","name":"Oddvar Moe IFEO APR 2018","description":"Moe, O. (2018, April 10). Persistence using GlobalFlags in Image File Execution Options - Hidden from Autoruns.exe. Retrieved June 27, 2018.","url":"https://oddvar.moe/2018/04/10/persistence-using-globalflags-in-image-file-execution-options-hidden-from-autoruns-exe/","source":"MITRE","title":"Persistence using GlobalFlags in Image File Execution Options - Hidden from Autoruns.exe","authors":"Moe, O","date_accessed":"2018-06-27T00:00:00Z","date_published":"2018-04-10T00:00:00Z","owner_name":null,"tidal_id":"0a05cfc2-bc09-5256-a5d5-d7cd2d6f2157","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430293Z"},{"id":"36d52213-8d9f-4642-892b-40460d5631d7","name":"Oddvar Moe RunOnceEx Mar 2018","description":"Moe, O. (2018, March 21). Persistence using RunOnceEx - Hidden from Autoruns.exe. Retrieved June 29, 2018.","url":"https://oddvar.moe/2018/03/21/persistence-using-runonceex-hidden-from-autoruns-exe/","source":"MITRE","title":"Persistence using RunOnceEx - Hidden from Autoruns.exe","authors":"Moe, O","date_accessed":"2018-06-29T00:00:00Z","date_published":"2018-03-21T00:00:00Z","owner_name":null,"tidal_id":"bd6e6eaa-8fd2-55f5-96b8-33fd0853dfad","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432745Z"},{"id":"e397815d-34ea-4275-90d8-1b85e5b47369","name":"Xorrior Authorization Plugins","description":"Chris Ross. (2018, October 17). Persistent Credential Theft with Authorization Plugins. Retrieved April 22, 2021.","url":"https://xorrior.com/persistent-credential-theft/","source":"MITRE","title":"Persistent Credential Theft with Authorization Plugins","authors":"Chris Ross","date_accessed":"2021-04-22T00:00:00Z","date_published":"2018-10-17T00:00:00Z","owner_name":null,"tidal_id":"6357aa74-566d-593f-a523-f73635eb3f3b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436574Z"},{"id":"d9b6bb05-6ab4-4f5e-9ef0-f3e0cc97ce29","name":"SpecterOps JXA 2020","description":"Pitt, L. (2020, August 6). Persistent JXA. Retrieved April 14, 2021.","url":"https://posts.specterops.io/persistent-jxa-66e1c3cd1cf5","source":"MITRE","title":"Persistent JXA","authors":"Pitt, L","date_accessed":"2021-04-14T00:00:00Z","date_published":"2020-08-06T00:00:00Z","owner_name":null,"tidal_id":"8b04958f-deeb-52ad-b328-b5e3298b7282","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424891Z"},{"id":"2d66932e-1b73-4255-a9a8-ea8effb3a776","name":"PersistentJXA_leopitt","description":"Leo Pitt. (2020, August 6). Persistent JXA - A poor man's Powershell for macOS. Retrieved January 11, 2021.","url":"https://posts.specterops.io/persistent-jxa-66e1c3cd1cf5","source":"MITRE","title":"Persistent JXA - A poor man's Powershell for macOS","authors":"Leo Pitt","date_accessed":"2021-01-11T00:00:00Z","date_published":"2020-08-06T00:00:00Z","owner_name":null,"tidal_id":"51d64040-a9fe-5a06-9d5b-c1fb902143a0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433920Z"},{"id":"c40f03ac-5df2-44c4-975a-86e6282da359","name":"AhnLab February 3 2025","description":"ATCP. (2025, February 3). Persistent Threats from the Kimsuky Group Using RDP Wrapper - ASEC. Retrieved February 10, 2025.","url":"https://asec.ahnlab.com/en/86098/","source":"Tidal Cyber","title":"Persistent Threats from the Kimsuky Group Using RDP Wrapper - ASEC","authors":"ATCP","date_accessed":"2025-02-10T00:00:00Z","date_published":"2025-02-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0c3d8b61-6e2c-55a7-8743-d0141759edfd","created":"2025-02-11T18:20:06.658992Z","modified":"2025-02-11T18:20:06.844335Z"},{"id":"93f281f6-6fcc-474a-b222-b303ea417a18","name":"Pester.bat - LOLBAS Project","description":"LOLBAS. (2018, May 25). Pester.bat. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Scripts/pester/","source":"Tidal Cyber","title":"Pester.bat","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b4c901bc-1f37-5790-986d-d800342d22d9","created":"2024-01-12T14:47:39.916881Z","modified":"2024-01-12T14:47:40.109319Z"},{"id":"0ef81530-8592-5bf6-860a-406c598045a9","name":"Peter Dockrill April 2016","description":"Peter Dockrill 2016, April 28 Multiple Computer Viruses Have Been Discovered in This German Nuclear Plant. Retrieved 2019/10/14","url":"https://www.sciencealert.com/multiple-computer-viruses-have-been-discovered-in-this-german-nuclear-plant","source":"ICS","title":"Peter Dockrill April 2016","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"af2a64e0-1590-50a9-be43-59d2458c25f6","created":"2026-01-28T13:08:18.178065Z","modified":"2026-01-28T13:08:18.178068Z"},{"id":"15125144-0696-534d-bd53-d8743dd39977","name":"Rapid7","description":"Condon, Caitlin. (2022, April 24). PetitPotam: Novel Attack Chain Can Fully Compromise Windows Domains. Retrieved May 30, 2025.","url":"https://www.rapid7.com/blog/post/2021/08/03/petitpotam-novel-attack-chain-can-fully-compromise-windows-domains-running-ad-cs/","source":"MITRE","title":"PetitPotam: Novel Attack Chain Can Fully Compromise Windows Domains","authors":"Condon, Caitlin","date_accessed":"2025-05-30T00:00:00Z","date_published":"2022-04-24T00:00:00Z","owner_name":null,"tidal_id":"180f79e4-6982-5d30-9ba3-a5fac0180823","created":"2025-10-29T21:08:48.166290Z","modified":"2025-12-17T15:08:36.433939Z"},{"id":"71f5b9da-b882-4376-ac93-b4ce952d0271","name":"TrendMicro PE_URSNIF.A2","description":"Trend Micro. (2014, December 11). PE_URSNIF.A2. Retrieved June 5, 2019.","url":"https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/PE_URSNIF.A2?_ga=2.131425807.1462021705.1559742358-1202584019.1549394279","source":"MITRE","title":"PE_URSNIF.A2","authors":"Trend Micro","date_accessed":"2019-06-05T00:00:00Z","date_published":"2014-12-11T00:00:00Z","owner_name":null,"tidal_id":"dd566c91-fff8-54ff-8528-ead4bfebecc2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440074Z"},{"id":"7f885065-109b-5dcb-b821-497d4a12c49e","name":"aquasec-postgres-processes","description":"Assaf Morag. (2024, August 19). PG_MEM: A Malware Hidden in the Postgres Processes. Retrieved January 31, 2025.","url":"https://www.aquasec.com/blog/pg_mem-a-malware-hidden-in-the-postgres-processes/","source":"MITRE","title":"PG_MEM: A Malware Hidden in the Postgres Processes","authors":"Assaf Morag","date_accessed":"2025-01-31T00:00:00Z","date_published":"2024-08-19T00:00:00Z","owner_name":null,"tidal_id":"29d557f7-5f6d-5ff5-bad0-f13f3f7a3be9","created":"2025-04-22T20:47:20.136772Z","modified":"2025-12-17T15:08:36.435554Z"},{"id":"68b7f8a6-12c1-5ba0-9106-69fe6fcac3bc","name":"Google Bread","description":"A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April","url":"https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html","source":"Mobile","title":"PHA Family Highlights: Bread (and Friends)","authors":"A. Guertin, V. Kotov, Android Security & Privacy Team","date_accessed":"1978-04-01T00:00:00Z","date_published":"2020-01-09T00:00:00Z","owner_name":null,"tidal_id":"b72c053a-8177-50f6-8894-a212308f8826","created":"2026-01-28T13:08:10.038939Z","modified":"2026-01-28T13:08:10.038942Z"},{"id":"79c82157-89a8-5789-9de6-f337999235cb","name":"Google Triada June 2019","description":"Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July","url":"https://security.googleblog.com/2019/06/pha-family-highlights-triada.html","source":"Mobile","title":"PHA Family Highlights: Triada","authors":"Lukasz Siewierski","date_accessed":"1978-07-01T00:00:00Z","date_published":"2019-06-06T00:00:00Z","owner_name":null,"tidal_id":"eb5aec2c-d48f-5d7b-8999-6314e49d90d1","created":"2026-01-28T13:08:10.042689Z","modified":"2026-01-28T13:08:10.042692Z"},{"id":"d80020fa-9da4-5b0d-9340-bea5078a0459","name":"Google Security Zen","description":"Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July","url":"https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html","source":"Mobile","title":"PHA Family Highlights: Zen and its cousins","authors":"Siewierski, L","date_accessed":"1978-07-01T00:00:00Z","date_published":"2019-01-11T00:00:00Z","owner_name":null,"tidal_id":"8ab04931-1aac-54d4-8527-d739c225bd3e","created":"2026-01-28T13:08:10.039276Z","modified":"2026-01-28T13:08:10.039280Z"},{"id":"6149f9ed-9218-489b-b87c-8208de89be68","name":"Volatility Phalanx2","description":"Case, A. (2012, October 10). Phalanx 2 Revealed: Using Volatility to Analyze an Advanced Linux Rootkit. Retrieved April 9, 2018.","url":"https://volatility-labs.blogspot.com/2012/10/phalanx-2-revealed-using-volatility-to.html","source":"MITRE","title":"Phalanx 2 Revealed: Using Volatility to Analyze an Advanced Linux Rootkit","authors":"Case, A","date_accessed":"2018-04-09T00:00:00Z","date_published":"2012-10-10T00:00:00Z","owner_name":null,"tidal_id":"62a16a93-1e9f-589b-a050-b217da0c397f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430924Z"},{"id":"533b8ae2-2fc3-4cf4-bcaa-5d8bfcba91c0","name":"Prevailion EvilNum May 2020","description":"Adamitis, D. (2020, May 6). Phantom in the Command Shell. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20221209052853/https://www.prevailion.com/phantom-in-the-command-shell-2/","source":"MITRE","title":"Phantom in the Command Shell","authors":"Adamitis, D","date_accessed":"2024-11-17T00:00:00Z","date_published":"2020-05-06T00:00:00Z","owner_name":null,"tidal_id":"7cbb4653-e5b6-5562-9db8-945280493960","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419799Z"},{"id":"257d2f0e-d60c-4317-b9ab-ed6e76b90d2d","name":"Unit 42 September 30 2025 09 30 2025","description":"Lior Rochberger. (2025, September 30). Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite. Retrieved October 3, 2025.","url":"https://unit42.paloaltonetworks.com/phantom-taurus/","source":"Tidal Cyber","title":"Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite","authors":"Lior Rochberger","date_accessed":"2025-10-03T12:00:00Z","date_published":"2025-09-30T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"213703ff-86a3-5cdd-982a-f755a30ca090","created":"2025-10-07T14:06:55.450654Z","modified":"2025-10-07T14:06:55.596731Z"},{"id":"584506e4-4ce2-5cbc-97ea-a4e68863395d","name":"Netcraft SendGrid 2024","description":"Graham Edgecombe. (2024, February 7). Phishception – SendGrid is abused to host phishing attacks impersonating itself. Retrieved October 15, 2024.","url":"https://www.netcraft.com/blog/popular-email-platform-used-to-impersonate-itself/","source":"MITRE","title":"Phishception – SendGrid is abused to host phishing attacks impersonating itself","authors":"Graham Edgecombe","date_accessed":"2024-10-15T00:00:00Z","date_published":"2024-02-07T00:00:00Z","owner_name":null,"tidal_id":"baf639af-f677-5d67-a41e-ed98e26d7b40","created":"2024-10-31T16:28:19.627871Z","modified":"2025-12-17T15:08:36.428196Z"},{"id":"7e643cf0-5df7-455d-add7-2342f36bdbcb","name":"ryhanson phishery SEPT 2016","description":"Hanson, R. (2016, September 24). phishery. Retrieved July 21, 2018.","url":"https://github.com/ryhanson/phishery","source":"MITRE","title":"phishery","authors":"Hanson, R","date_accessed":"2018-07-21T00:00:00Z","date_published":"2016-09-24T00:00:00Z","owner_name":null,"tidal_id":"cabd73dd-6a69-53cd-adf8-24e51f34c205","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435395Z"},{"id":"6da51561-a813-4802-aa84-1b3de1bc2e14","name":"GitHub Phishery","description":"Ryan Hanson. (2016, September 24). phishery. Retrieved October 23, 2020.","url":"https://github.com/ryhanson/phishery","source":"MITRE","title":"phishery","authors":"Ryan Hanson","date_accessed":"2020-10-23T00:00:00Z","date_published":"2016-09-24T00:00:00Z","owner_name":null,"tidal_id":"98d42a33-59f4-5a41-91bd-936a7a28668b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432368Z"},{"id":"eefa02e0-af27-49df-af14-16c4d4f867d3","name":"Microsoft Security Blog January 06 2026","description":"Microsoft Threat Intelligence. (2026, January 6). Phishing actors exploit complex routing and misconfigurations to spoof domains | Microsoft Security Blog. Retrieved January 12, 2026.","url":"https://www.microsoft.com/en-us/security/blog/2026/01/06/phishing-actors-exploit-complex-routing-and-misconfigurations-to-spoof-domains/","source":"Tidal Cyber","title":"Phishing actors exploit complex routing and misconfigurations to spoof domains | Microsoft Security Blog","authors":"Microsoft Threat Intelligence","date_accessed":"2026-01-12T12:00:00Z","date_published":"2026-01-06T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f813bb88-9470-5405-aac6-9ffcf2e7ea0d","created":"2026-01-14T13:29:42.102738Z","modified":"2026-01-14T13:29:42.270769Z"},{"id":"96ee2b87-9727-4914-affe-d9dc5d58c955","name":"ANSSI Nobelium Phishing December 2021","description":"ANSSI. (2021, December 6). PHISHING CAMPAIGNS BY THE NOBELIUM INTRUSION SET. Retrieved April 13, 2022.","url":"https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-011.pdf","source":"MITRE","title":"PHISHING CAMPAIGNS BY THE NOBELIUM INTRUSION SET","authors":"ANSSI","date_accessed":"2022-04-13T00:00:00Z","date_published":"2021-12-06T00:00:00Z","owner_name":null,"tidal_id":"e65e99e7-d4cf-5244-9bbc-108852d0fd6b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442863Z"},{"id":"f73f45c8-4285-572e-b861-a0ded463a91e","name":"QR-campaign-energy-firm","description":"Jonathan Greig. (2023, August 16). Phishing campaign used QR codes to target large energy company. Retrieved November 27, 2023.","url":"https://therecord.media/phishing-campaign-used-qr-codes-to-target-energy-firm","source":"MITRE","title":"Phishing campaign used QR codes to target large energy company","authors":"Jonathan Greig","date_accessed":"2023-11-27T00:00:00Z","date_published":"2023-08-16T00:00:00Z","owner_name":null,"tidal_id":"06414160-e9c6-5057-9972-d7006ce5f684","created":"2024-04-25T13:28:31.965753Z","modified":"2025-12-17T15:08:36.426851Z"},{"id":"1fa21bef-37d0-58f4-ac27-50ebef856739","name":"Bleeping Computer SVG Smuggling 2024","description":"Lawrence Abrams. (2024, November 17). Phishing emails increasingly use SVG attachments to evade detection. Retrieved March 25, 2025.","url":"https://www.bleepingcomputer.com/news/security/phishing-emails-increasingly-use-svg-attachments-to-evade-detection/","source":"MITRE","title":"Phishing emails increasingly use SVG attachments to evade detection","authors":"Lawrence Abrams","date_accessed":"2025-03-25T00:00:00Z","date_published":"2024-11-17T00:00:00Z","owner_name":null,"tidal_id":"8a7ddef6-498e-5b8e-b7c2-0236213a408f","created":"2025-04-22T20:47:16.052025Z","modified":"2025-12-17T15:08:36.431416Z"},{"id":"7fff81f0-2b99-4f4f-8eca-c6a54c4d8205","name":"Enigma Phishing for Credentials Jan 2015","description":"Nelson, M. (2015, January 21). Phishing for Credentials: If you want it, just ask!. Retrieved December 17, 2018.","url":"https://enigma0x3.net/2015/01/21/phishing-for-credentials-if-you-want-it-just-ask/","source":"MITRE","title":"Phishing for Credentials: If you want it, just ask!","authors":"Nelson, M","date_accessed":"2018-12-17T00:00:00Z","date_published":"2015-01-21T00:00:00Z","owner_name":null,"tidal_id":"1bb0d771-28b8-5324-b912-f19319a88c4f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432637Z"},{"id":"5ba030cc-d314-44ba-8eb1-8bd49319f6c4","name":"www.okta.com January 23 2026","description":"None Identified. (2026, January 23). Phishing kits adapt to the script of callers. Retrieved January 23, 2026.","url":"https://www.okta.com/blog/threat-intelligence/phishing-kits-adapt-to-the-script-of-callers/","source":"Tidal Cyber","title":"Phishing kits adapt to the script of callers","authors":"None Identified","date_accessed":"2026-01-23T12:00:00Z","date_published":"2026-01-23T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c7c28485-0888-5ea2-b7c4-d5558b322c36","created":"2026-01-23T20:29:41.217909Z","modified":"2026-01-23T20:29:41.354871Z"},{"id":"01a1d10f-f8fb-5251-a36a-5ec431718212","name":"Felt-PhishingOnMobileDevices","description":"A.P. Felt and D. Wagner. (2011, May 26). Phishing on Mobile Devices. Retrieved August","url":"http://w2spconf.com/2011/papers/felt-mobilephishing.pdf","source":"Mobile","title":"Phishing on Mobile Devices","authors":"A.P. Felt and D. Wagner","date_accessed":"1978-08-01T00:00:00Z","date_published":"2011-05-26T00:00:00Z","owner_name":null,"tidal_id":"4019b4c7-adda-55a3-af87-3134e0917617","created":"2026-01-28T13:08:10.043570Z","modified":"2026-01-28T13:08:10.043573Z"},{"id":"8742ac96-a316-4264-9d3d-265784483f1a","name":"KISA Operation Muzabi","description":"KISA. (2021). Phishing Target Reconnaissance and Attack Resource Analysis Operation Muzabi. Retrieved March 8, 2024.","url":"https://web.archive.org/web/20220328121326/https://boho.or.kr/filedownload.do?attach_file_seq=2695&attach_file_id=EpF2695.pdf","source":"MITRE","title":"Phishing Target Reconnaissance and Attack Resource Analysis Operation Muzabi","authors":"KISA","date_accessed":"2024-03-08T00:00:00Z","date_published":"2021-01-01T00:00:00Z","owner_name":null,"tidal_id":"3569ed26-6590-58b3-b8ca-9eea3f1e38dd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439975Z"},{"id":"ae139c14-05ec-4c75-861b-15d86b4913fc","name":"Staaldraad Phishing with OAuth 2017","description":"Stalmans, E.. (2017, August 2). Phishing with OAuth and o365/Azure. Retrieved October 4, 2019.","url":"https://staaldraad.github.io/2017/08/02/o356-phishing-with-oauth/","source":"MITRE","title":"Phishing with OAuth and o365/Azure","authors":"Stalmans, E.","date_accessed":"2019-10-04T00:00:00Z","date_published":"2017-08-02T00:00:00Z","owner_name":null,"tidal_id":"9e093541-c255-5012-9ce3-dbf1f05c3141","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426556Z"},{"id":"929dbb22-34a5-4377-95dd-9e240ecb343a","name":"phobos_virustotal","description":"Phobos Ransomware. (2020, December 30). Phobos Ransomware, Fast.exe. Retrieved September 20, 2021.","url":"https://www.virustotal.com/gui/file/0b4c743246478a6a8c9fa3ff8e04f297507c2f0ea5d61a1284fe65387d172f81/detection","source":"MITRE","title":"Phobos Ransomware, Fast.exe","authors":"Phobos Ransomware","date_accessed":"2021-09-20T00:00:00Z","date_published":"2020-12-30T00:00:00Z","owner_name":null,"tidal_id":"f4723ef9-e3e1-573a-9d58-ae95865bfd80","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436937Z"},{"id":"d09d0d9d-73d2-5045-9def-419e0c1fbb98","name":"BankInfoSecurity-BackDoor","description":"Jeremy Kirk. (2016, November 16). Why Did Chinese Spyware Linger in U.S. Phones?. Retrieved February","url":"http://www.bankinfosecurity.com/did-chinese-spyware-linger-in-us-phones-a-9534","source":"Mobile","title":"Phones?","authors":"Jeremy Kirk. (2016, November 16)","date_accessed":"1978-02-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"891cb1c3-fba8-5f9d-8f3d-b6b54754fdea","created":"2026-01-28T13:08:10.042337Z","modified":"2026-01-28T13:08:10.042343Z"},{"id":"bb1027e0-380b-59c2-9574-f016b1772529","name":"NYTimes-BackDoor","description":"Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February","url":"https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html","source":"Mobile","title":"Phones Sent Data to China, Analysts Say","authors":"Matt Apuzzo and Michael S. Schmidt. (2016, November 15)","date_accessed":"1978-02-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e885a266-8cff-53ec-a6dc-41efe9475d0f","created":"2026-01-28T13:08:10.042313Z","modified":"2026-01-28T13:08:10.042316Z"},{"id":"fd42ac0b-eae5-41bb-b56c-cb1c6d19857b","name":"Deep Instinct PhonyC2 June 2023","description":"Simon Kenin. (2023, June 29). PhonyC2: Revealing a New Malicious Command & Control Framework by MuddyWater. Retrieved October 10, 2023.","url":"https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater","source":"Tidal Cyber","title":"PhonyC2: Revealing a New Malicious Command & Control Framework by MuddyWater","authors":"Simon Kenin","date_accessed":"2023-10-10T00:00:00Z","date_published":"2023-06-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"60ea4707-9f7f-5b68-b024-cd98499fa4ff","created":"2024-06-13T20:10:42.991675Z","modified":"2024-06-13T20:10:43.191038Z"},{"id":"f866ba71-dd24-4041-89bf-d0ac0587a12d","name":"PhotoViewer.dll - LOLBAS Project","description":"LOLBAS. (2025, June 22). PhotoViewer.dll. Retrieved December 30, 2025.","url":"https://lolbas-project.github.io/lolbas/Libraries/PhotoViewer/","source":"Tidal Cyber","title":"PhotoViewer.dll","authors":"LOLBAS","date_accessed":"2025-12-30T12:00:00Z","date_published":"2025-06-22T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f47825ee-f94d-5955-8d39-2d692d44bee7","created":"2026-01-06T18:03:30.987748Z","modified":"2026-01-06T18:03:31.137537Z"},{"id":"c5cb2eff-ed48-47ff-bfd6-79152bf51430","name":"Talos Remcos Aug 2018","description":"Brumaghin, E., Unterbrink, H. (2018, August 22). Picking Apart Remcos Botnet-In-A-Box. Retrieved November 6, 2018.","url":"https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html","source":"MITRE","title":"Picking Apart Remcos Botnet-In-A-Box","authors":"Brumaghin, E., Unterbrink, H","date_accessed":"2018-11-06T00:00:00Z","date_published":"2018-08-22T00:00:00Z","owner_name":null,"tidal_id":"905e899f-ae48-50ab-b9ba-de486a0ee121","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423083Z"},{"id":"e8a2bc6a-04e3-484e-af67-5f57656c7206","name":"FireEye FIN6 Apr 2019","description":"McKeague, B. et al. (2019, April 5). Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware. Retrieved April 17, 2019.","url":"https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html","source":"MITRE","title":"Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware","authors":"McKeague, B. et al","date_accessed":"2019-04-17T00:00:00Z","date_published":"2019-04-05T00:00:00Z","owner_name":null,"tidal_id":"ef1ed264-3197-5fef-bdaa-4c8a3bb81a20","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420762Z"},{"id":"e8a50a79-6ca4-5c91-87ad-0b1ba9eca505","name":"Picus Labs Proc cump 2022","description":"Huseyin Can YUCEEL & Picus Labs. (2022, March 22). Retrieved March 31, 2023.","url":"https://www.picussecurity.com/resource/the-mitre-attck-t1003-os-credential-dumping-technique-and-its-adversary-use","source":"MITRE","title":"Picus Labs Proc cump 2022","authors":"","date_accessed":"2023-03-31T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d4ae7080-7ce1-568b-b429-ef445589db6c","created":"2023-05-26T01:21:03.628908Z","modified":"2025-12-17T15:08:36.427179Z"},{"id":"dc833e17-7105-5790-b30b-b4fed7fd2d2f","name":"wired-pig butchering","description":"Lily Hay Newman. (n.d.). ‘Pig Butchering’ Scams Are Now a $3 Billion Threat. Retrieved August 18, 2023.","url":"https://www.wired.com/story/pig-butchering-fbi-ic3-2022-report/","source":"MITRE","title":"‘Pig Butchering’ Scams Are Now a $3 Billion Threat","authors":"Lily Hay Newman","date_accessed":"2023-08-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"35b5b159-3b81-53bf-bbfd-dfd4e1c5ceb9","created":"2023-11-07T00:36:05.533037Z","modified":"2025-12-17T15:08:36.432198Z"},{"id":"5136cc70-ba63-551c-aa7f-ab4c57980a1c","name":"Logpoint Pikabot 2024","description":"Swachchhanda Shrawan Poudel. (2024, February). Pikabot: \u2028 A Sophisticated and Modular Backdoor Trojan with Advanced Evasion Techniques. Retrieved July 12, 2024.","url":"https://www.logpoint.com/wp-content/uploads/2024/02/logpoint-etpr-pikabot.pdf","source":"MITRE","title":"Pikabot: \u2028 A Sophisticated and Modular Backdoor Trojan with Advanced Evasion Techniques","authors":"Swachchhanda Shrawan Poudel","date_accessed":"2024-07-12T00:00:00Z","date_published":"2024-02-01T00:00:00Z","owner_name":null,"tidal_id":"4a2c9c30-5d51-56c7-8f68-b7b9faee85d2","created":"2024-10-31T16:28:32.116021Z","modified":"2025-12-17T15:08:36.416535Z"},{"id":"50b29ef4-7ade-4672-99b6-fdf367170a5b","name":"Malwarebytes Pikabot December 15 2023","description":"Jérôme Segura. (2023, December 15). PikaBot distributed via malicious search ads. Retrieved January 11, 2023.","url":"https://www.malwarebytes.com/blog/threat-intelligence/2023/12/pikabot-distributed-via-malicious-ads","source":"Tidal Cyber","title":"PikaBot distributed via malicious search ads","authors":"Jérôme Segura","date_accessed":"2023-01-11T00:00:00Z","date_published":"2023-12-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"33569b31-f931-5968-839b-1af74b2713eb","created":"2024-01-26T18:00:31.705489Z","modified":"2024-01-26T18:00:31.827723Z"},{"id":"6c222f33-f588-513c-9149-4c2308e05319","name":"Elastic Pikabot 2024","description":"Daniel Stepanic & Salim Bitam. (2024, February 23). PIKABOT, I choose you!. Retrieved July 12, 2024.","url":"https://www.elastic.co/security-labs/pikabot-i-choose-you","source":"MITRE","title":"PIKABOT, I choose you!","authors":"Daniel Stepanic & Salim Bitam","date_accessed":"2024-07-12T00:00:00Z","date_published":"2024-02-23T00:00:00Z","owner_name":null,"tidal_id":"520bad1c-d713-5e70-a993-9b2bee59e12c","created":"2024-10-31T16:28:27.968581Z","modified":"2025-12-17T15:08:36.416526Z"},{"id":"31bf381d-a0fc-4a4f-8d39-832480891685","name":"Trustwave Pillowmint June 2020","description":"Trustwave SpiderLabs. (2020, June 22). Pillowmint: FIN7’s Monkey Thief . Retrieved July 27, 2020.","url":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/pillowmint-fin7s-monkey-thief/","source":"MITRE","title":"Pillowmint: FIN7’s Monkey Thief","authors":"Trustwave SpiderLabs","date_accessed":"2020-07-27T00:00:00Z","date_published":"2020-06-22T00:00:00Z","owner_name":null,"tidal_id":"241dd3c9-2bd2-53a4-aa37-06b1ef116fb8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421444Z"},{"id":"0b655b48-05f5-5e1e-8897-4c57b07e5904","name":"Pinellas County Sheriffs Office February 2021","description":"Pinellas County Sheriffs Office 2021, February 8 Treatment Plant Intrusion Press Conference. Retrieved 2021/10/08","url":"https://www.youtube.com/watch?v=MkXDSOgLQ6M","source":"ICS","title":"Pinellas County Sheriffs Office February 2021","authors":"","date_accessed":"2021-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b1a9b1d0-ccd3-5ab2-b57d-033784c4bb24","created":"2026-01-28T13:08:18.178799Z","modified":"2026-01-28T13:08:18.178804Z"},{"id":"5afc8ad5-f50d-464f-ba84-e347b3f3e994","name":"TechNet Ping","description":"Microsoft. (n.d.). Ping. Retrieved April 8, 2016.","url":"https://technet.microsoft.com/en-us/library/bb490968.aspx","source":"MITRE","title":"Ping","authors":"Microsoft","date_accessed":"2016-04-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9d3209dc-4320-52fc-961c-b136fd5b0b3a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423306Z"},{"id":"0e4f8689-084e-5764-a5ff-c3e50e10baee","name":"Dragos-Pipedream","description":"DRAGOS. (2022, April 13). Pipedream: Chernovite’s Emerging Malware Targeting Industrial Control Systems. Retrieved September","url":"https://hub.dragos.com/hubfs/116-Whitepapers/Dragos_ChernoviteWP_v2b.pdf?hsLang=en","source":"ICS","title":"Pipedream: Chernovite’s Emerging Malware Targeting Industrial Control Systems","authors":"DRAGOS","date_accessed":"1978-09-01T00:00:00Z","date_published":"2022-04-13T00:00:00Z","owner_name":null,"tidal_id":"0b5983ee-ecbf-5b1e-9254-cd83d60f1211","created":"2026-01-28T13:08:18.176122Z","modified":"2026-01-28T13:08:18.176125Z"},{"id":"ba9fe61a-c9a0-5902-9434-8e53724aca31","name":"Xiao-ZergHelper","description":"Claud Xiao. (2016, February 21). Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review. Retrieved December","url":"http://researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client-successfully-evaded-apple-ios-code-review/","source":"Mobile","title":"Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review","authors":"Claud Xiao","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-02-21T00:00:00Z","owner_name":null,"tidal_id":"138e446d-4271-560b-9789-52e05b95ab2a","created":"2026-01-28T13:08:10.040325Z","modified":"2026-01-28T13:08:10.040328Z"},{"id":"dc67930f-5c7b-41be-97e9-d8f4a55e6019","name":"Pass The Cookie","description":"Rehberger, J. (2018, December). Pivot to the Cloud using Pass the Cookie. Retrieved April 5, 2019.","url":"https://wunderwuzzi23.github.io/blog/passthecookie.html","source":"MITRE","title":"Pivot to the Cloud using Pass the Cookie","authors":"Rehberger, J","date_accessed":"2019-04-05T00:00:00Z","date_published":"2018-12-01T00:00:00Z","owner_name":null,"tidal_id":"c8520162-f691-522f-9ea1-e06f0141d877","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425128Z"},{"id":"3093351e-012c-5a82-b44e-09570f77f76d","name":"Trustwave SVG Smuggling 2025","description":"Bernard Bautista and Kevin Adriano. (2025, April 10). Pixel-Perfect Trap: The Surge of SVG-Borne Phishing Attacks. Retrieved April 14, 2025.","url":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/pixel-perfect-trap-the-surge-of-svg-borne-phishing-attacks/","source":"MITRE","title":"Pixel-Perfect Trap: The Surge of SVG-Borne Phishing Attacks","authors":"Bernard Bautista and Kevin Adriano","date_accessed":"2025-04-14T00:00:00Z","date_published":"2025-04-10T00:00:00Z","owner_name":null,"tidal_id":"39d75462-06ed-5eba-86ab-c3a55ec910bc","created":"2025-04-22T20:47:16.043917Z","modified":"2025-12-17T15:08:36.431410Z"},{"id":"5c80dfe7-800b-4890-bf98-da3d2b6782a7","name":"Pixtool.exe - LOLBAS Project","description":"LOLBAS. (2025, September 21). Pixtool.exe. Retrieved December 30, 2025.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Pixtool/","source":"Tidal Cyber","title":"Pixtool.exe","authors":"LOLBAS","date_accessed":"2025-12-30T12:00:00Z","date_published":"2025-09-21T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a7f8934f-7579-51e5-a90a-1006ae067b3c","created":"2026-01-06T18:03:32.992375Z","modified":"2026-01-06T18:03:33.151095Z"},{"id":"8f0ad4ed-869b-4332-b091-7551262cff29","name":"Pktmon.exe - LOLBAS Project","description":"LOLBAS. (2020, August 12). Pktmon.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Pktmon/","source":"Tidal Cyber","title":"Pktmon.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-08-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"52910b14-63d8-5ec5-bcbc-ec0d765bdf36","created":"2024-01-12T14:46:52.815569Z","modified":"2024-01-12T14:46:53.178867Z"},{"id":"991f885e-b3f4-4f3f-b0f9-c9862f918f36","name":"Osanda Stealing NetNTLM Hashes","description":"Osanda Malith Jayathissa. (2017, March 24). Places of Interest in Stealing NetNTLM Hashes. Retrieved January 26, 2018.","url":"https://osandamalith.com/2017/03/24/places-of-interest-in-stealing-netntlm-hashes/","source":"MITRE","title":"Places of Interest in Stealing NetNTLM Hashes","authors":"Osanda Malith Jayathissa","date_accessed":"2018-01-26T00:00:00Z","date_published":"2017-03-24T00:00:00Z","owner_name":null,"tidal_id":"830304d0-5831-5e27-b453-b922534d39e1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433963Z"},{"id":"e71c669e-50bc-4e91-8cee-7cbedab420d1","name":"Microsoft PLATINUM June 2017","description":"Kaplan, D, et al. (2017, June 7). PLATINUM continues to evolve, find ways to maintain invisibility. Retrieved February 19, 2018.","url":"https://cloudblogs.microsoft.com/microsoftsecure/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/?source=mmpc","source":"MITRE","title":"PLATINUM continues to evolve, find ways to maintain invisibility","authors":"Kaplan, D, et al","date_accessed":"2018-02-19T00:00:00Z","date_published":"2017-06-07T00:00:00Z","owner_name":null,"tidal_id":"0b91af9a-6083-5ccf-93c8-670ea65642ba","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440538Z"},{"id":"d0ec5037-aa7f-48ee-8d37-ff8fb2c8c297","name":"Microsoft PLATINUM April 2016","description":"Windows Defender Advanced Threat Hunting Team. (2016, April 29). PLATINUM: Targeted attacks in South and Southeast Asia. Retrieved February 15, 2018.","url":"https://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf","source":"MITRE, Tidal Cyber","title":"PLATINUM: Targeted attacks in South and Southeast Asia","authors":"Windows Defender Advanced Threat Hunting Team","date_accessed":"2018-02-15T00:00:00Z","date_published":"2016-04-29T00:00:00Z","owner_name":null,"tidal_id":"f15272ca-1e1b-5f8a-84be-3cc436c26afc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.257336Z"},{"id":"23b94586-3856-4937-9b02-4fe184b7ba01","name":"Forcepoint Felismus Mar 2017","description":"Somerville, L. and Toro, A. (2017, March 30). Playing Cat & Mouse: Introducing the Felismus Malware. Retrieved November 16, 2017.","url":"https://blogs.forcepoint.com/security-labs/playing-cat-mouse-introducing-felismus-malware","source":"MITRE","title":"Playing Cat & Mouse: Introducing the Felismus Malware","authors":"Somerville, L. and Toro, A","date_accessed":"2017-11-16T00:00:00Z","date_published":"2017-03-30T00:00:00Z","owner_name":null,"tidal_id":"bcb24c8a-ae83-5bdd-8a2c-54785bd156ec","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417169Z"},{"id":"118c3e54-1f29-556d-89f7-ae0e58b9b423","name":"John Stawinski PyTorch Supply Chain Attack 2024","description":"John Stawinski IV. (2024, January 11). Playing with Fire – How We Executed a Critical Supply Chain Attack on PyTorch. Retrieved May 22, 2025.","url":"https://johnstawinski.com/2024/01/11/playing-with-fire-how-we-executed-a-critical-supply-chain-attack-on-pytorch/","source":"MITRE","title":"Playing with Fire – How We Executed a Critical Supply Chain Attack on PyTorch","authors":"John Stawinski IV","date_accessed":"2025-05-22T00:00:00Z","date_published":"2024-01-11T00:00:00Z","owner_name":null,"tidal_id":"08872e1d-bf07-525a-8a88-a2c2fc70361f","created":"2025-10-29T21:08:48.166048Z","modified":"2025-12-17T15:08:36.431313Z"},{"id":"1073def1-b5d1-57b2-8ddf-9e50291ef144","name":"TrendMicro Play","description":"Cj Arsley Mateo, Darrel Tristan Virtusio, Sarah Pearl Camiling, Andrei Alimboyao, Nathaniel Morales, Jacob Santos, Earl John Bareng. (2024, July 19). Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma. Retrieved March 26, 2025.","url":"https://www.trendmicro.com/en_us/research/24/g/new-play-ransomware-linux-variant-targets-esxi-shows-ties-with-p.html","source":"MITRE","title":"Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma","authors":"Cj Arsley Mateo, Darrel Tristan Virtusio, Sarah Pearl Camiling, Andrei Alimboyao, Nathaniel Morales, Jacob Santos, Earl John Bareng","date_accessed":"2025-03-26T00:00:00Z","date_published":"2024-07-19T00:00:00Z","owner_name":null,"tidal_id":"3d6d0837-de4a-592a-aacd-a6b25882a990","created":"2025-04-22T20:47:15.548057Z","modified":"2025-12-17T15:08:36.430911Z"},{"id":"a78613a5-ce17-4d11-8f2f-3e642cd7673c","name":"Symantec Play Ransomware April 19 2023","description":"Symantec Threat Hunter Team. (2023, April 19). Play Ransomware Group Using New Custom Data-Gathering Tools. Retrieved August 10, 2023.","url":"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/play-ransomware-volume-shadow-copy","source":"Tidal Cyber","title":"Play Ransomware Group Using New Custom Data-Gathering Tools","authors":"Symantec Threat Hunter Team","date_accessed":"2023-08-10T00:00:00Z","date_published":"2023-04-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"13a71722-ec7a-5d8a-ab84-2c86923af845","created":"2023-12-22T16:35:56.340567Z","modified":"2023-12-22T16:35:56.878095Z"},{"id":"2fb538dd-96f1-52c0-ab8d-2bec2764ee2d","name":"Symantec Play Ransomware 2023","description":"Symantec Threat Hunter Team. (2023, April 19). Play Ransomware Group Using New Custom Data-Gathering Tools. Retrieved May 22, 2025.","url":"https://www.security.com/threat-intelligence/play-ransomware-volume-shadow-copy","source":"MITRE","title":"Play Ransomware Group Using New Custom Data-Gathering Tools","authors":"Symantec Threat Hunter Team","date_accessed":"2025-05-22T00:00:00Z","date_published":"2023-04-19T00:00:00Z","owner_name":null,"tidal_id":"f4598b54-ea7c-53f7-8c4e-df4a85c81d42","created":"2025-10-29T21:08:48.165941Z","modified":"2025-12-17T15:08:36.429094Z"},{"id":"ed02529c-920d-4a92-8e86-be1ed7083991","name":"Trend Micro Play Ransomware September 06 2022","description":"Don Ovid Ladores, Lucas Silva, Scott Burden, Janus Agcaoili, Ivan Nicole Chavez, Ian Kenefick, Ieriz Nicolle Gonzalez, Paul Pajares. (2022, September 6). Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa. Retrieved September 21, 2023.","url":"https://www.trendmicro.com/es_es/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html","source":"Tidal Cyber","title":"Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa","authors":"Don Ovid Ladores, Lucas Silva, Scott Burden, Janus Agcaoili, Ivan Nicole Chavez, Ian Kenefick, Ieriz Nicolle Gonzalez, Paul Pajares","date_accessed":"2023-09-21T00:00:00Z","date_published":"2022-09-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ca3be5dc-8e6a-52c6-b393-7010acff0e0f","created":"2023-09-22T15:01:25.714332Z","modified":"2023-09-22T15:01:25.822556Z"},{"id":"2d2b527d-25b0-4b58-9ae6-c87060b64069","name":"Trend Micro Play Playbook September 06 2022","description":"Don Ovid Ladores, Lucas Silva, Scott Burden, Janus Agcaoili, Ivan Nicole Chavez, Ian Kenefick, Ieriz Nicolle Gonzalez, Paul Pajares. (2022, September 6). Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa. Retrieved August 10, 2023.","url":"https://www.trendmicro.com/en_us/research/22/i/play-ransomware-s-attack-playbook-unmasks-it-as-another-hive-aff.html","source":"Tidal Cyber","title":"Play Ransomware's Attack Playbook Similar to that of Hive, Nokoyawa","authors":"Don Ovid Ladores, Lucas Silva, Scott Burden, Janus Agcaoili, Ivan Nicole Chavez, Ian Kenefick, Ieriz Nicolle Gonzalez, Paul Pajares","date_accessed":"2023-08-10T00:00:00Z","date_published":"2022-09-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d9a32a6b-7afe-59ea-9675-a0cd68b1dcad","created":"2023-12-22T16:35:58.230054Z","modified":"2023-12-22T16:35:58.416532Z"},{"id":"382c2717-ef81-5e4b-a0d0-915022f9416d","name":"PLCgurus 2021","description":"PLCgurus. (2021). PLC Basics Modes Of Operation. Retrieved 2021/01/28","url":"https://www.plcgurus.net/plc-basics/","source":"ICS","title":"PLC Basics Modes Of Operation","authors":"PLCgurus","date_accessed":"2021-01-01T00:00:00Z","date_published":"2021-01-01T00:00:00Z","owner_name":null,"tidal_id":"5ea58a84-4bc1-5888-a7ef-9d339332fe30","created":"2026-01-28T13:08:18.176858Z","modified":"2026-01-28T13:08:18.176861Z"},{"id":"a76f15b9-6168-526e-b932-7fbc875e1eef","name":"Spenneberg, Ralf 2016","description":"Spenneberg, Ralf. (2016). PLC-Blaster. Retrieved June","url":"https://www.blackhat.com/docs/asia-16/materials/asia-16-Spenneberg-PLC-Blaster-A-Worm-Living-Solely-In-The-PLC.pdf","source":"ICS","title":"PLC-Blaster","authors":"Spenneberg, Ralf","date_accessed":"1978-06-01T00:00:00Z","date_published":"2016-01-01T00:00:00Z","owner_name":null,"tidal_id":"3162f120-bad9-5413-aba4-79995158fbca","created":"2026-01-28T13:08:18.175669Z","modified":"2026-01-28T13:08:18.175672Z"},{"id":"b3f86721-c053-5072-981f-70a5aadf9b18","name":"PLCBlaster - Spenneberg","description":"Spenneberg, Ralf, Maik Brüggemann, and Hendrik Schwartke. (2016, March 31). Plc-blaster: A worm living solely in the plc.. Retrieved September","url":"https://www.blackhat.com/docs/asia-16/materials/asia-16-Spenneberg-PLC-Blaster-A-Worm-Living-Solely-In-The-PLC-wp.pdf","source":"ICS","title":"Plc-blaster: A worm living solely in the plc.","authors":"Spenneberg, Ralf, Maik Brüggemann, and Hendrik Schwartke","date_accessed":"1978-09-01T00:00:00Z","date_published":"2016-03-31T00:00:00Z","owner_name":null,"tidal_id":"1c53f2a3-ab2f-5b87-81c6-e5cd02e4599e","created":"2026-01-28T13:08:18.177401Z","modified":"2026-01-28T13:08:18.177404Z"},{"id":"e6b7f2b3-2043-5c31-8db6-5d109a7628a8","name":"PLCdev","description":"PLCdev Nicolas Falliere, Liam O Murchu, Eric Chien 2011, February W32.Stuxnet Dossier (Version 1.4). Retrieved 2017/09/22","url":"http://www.plcdev.com/book/export/html/373","source":"ICS","title":"PLCdev","authors":"","date_accessed":"2017-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1cba250a-9088-5144-9454-e47c28bf8ee8","created":"2026-01-28T13:08:18.178302Z","modified":"2026-01-28T13:08:18.178306Z"},{"id":"871f4af2-ed99-4256-a74d-b8c0816a82ab","name":"JPCert PLEAD Downloader June 2018","description":"Tomonaga, S. (2018, June 8). PLEAD Downloader Used by BlackTech. Retrieved May 6, 2020.","url":"https://blogs.jpcert.or.jp/en/2018/03/malware-tscooki-7aa0.html","source":"MITRE","title":"PLEAD Downloader Used by BlackTech","authors":"Tomonaga, S","date_accessed":"2020-05-06T00:00:00Z","date_published":"2018-06-08T00:00:00Z","owner_name":null,"tidal_id":"96aaae91-202e-5bd5-b506-fe4c3057489e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419697Z"},{"id":"9a052eba-1708-44c9-a20f-8b4ef208fa14","name":"Trend Micro PLEAD RTLO","description":"Alintanahin, K.. (2014, May 23). PLEAD Targeted Attacks Against Taiwanese Government Agencies. Retrieved April 22, 2019.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/plead-targeted-attacks-against-taiwanese-government-agencies-2/","source":"MITRE","title":"PLEAD Targeted Attacks Against Taiwanese Government Agencies","authors":"Alintanahin, K.","date_accessed":"2019-04-22T00:00:00Z","date_published":"2014-05-23T00:00:00Z","owner_name":null,"tidal_id":"03216078-4072-5c2a-8681-ff768e6958cd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421294Z"},{"id":"24331b9d-68af-4db2-887f-3a984b6c5783","name":"fileinfo plist file description","description":"FileInfo.com team. (2019, November 26). .PLIST File Extension. Retrieved October 12, 2021.","url":"https://fileinfo.com/extension/plist","source":"MITRE","title":".PLIST File Extension","authors":"FileInfo.com team","date_accessed":"2021-10-12T00:00:00Z","date_published":"2019-11-26T00:00:00Z","owner_name":null,"tidal_id":"f0cf63df-93dc-5369-829f-04c00a4fc099","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430656Z"},{"id":"fd6d089e-4549-4442-91bf-3cf1e85db012","name":"ESET PlushDaemon November 19 2025","description":"None Identified. (2025, November 19). PlushDaemon compromises network devices for adversary-in-the-middle attacks. Retrieved November 20, 2025.","url":"https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/","source":"Tidal Cyber","title":"PlushDaemon compromises network devices for adversary-in-the-middle attacks","authors":"None Identified","date_accessed":"2025-11-20T12:00:00Z","date_published":"2025-11-19T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2a4f58bd-23e6-5eea-b393-4d6bb3cb8c7c","created":"2025-12-10T14:13:40.436562Z","modified":"2025-12-10T14:13:40.583975Z"},{"id":"f35fc467-17c4-4eff-a9cb-921bfb3cc5d1","name":"ESET PlushDaemon January 22 2025","description":"Facundo Muñoz. (2025, January 22). PlushDaemon compromises supply chain of Korean VPN service. Retrieved January 28, 2025.","url":"https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/","source":"Tidal Cyber","title":"PlushDaemon compromises supply chain of Korean VPN service","authors":"Facundo Muñoz","date_accessed":"2025-01-28T00:00:00Z","date_published":"2025-01-22T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9397ed3d-55e8-5b0a-96b2-03d3eea5a145","created":"2025-01-28T15:53:35.143772Z","modified":"2025-01-28T15:53:35.355624Z"},{"id":"21d0419a-5454-4808-b7e6-2b1b9de08ed6","name":"Pnputil.exe - LOLBAS Project","description":"LOLBAS. (2020, December 25). Pnputil.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Pnputil/","source":"Tidal Cyber","title":"Pnputil.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-12-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f7e73477-0cd3-5306-bc6c-be903bc33bf2","created":"2024-01-12T14:46:53.364266Z","modified":"2024-01-12T14:46:53.555695Z"},{"id":"edc18649-2fcf-5fb3-a717-db4bb28ca25f","name":"uptycs Fake POC linux malware 2023","description":"Nischay Hegde and Siddartha Malladi. (2023, July 12). PoC Exploit: Fake Proof of Concept with Backdoor Malware. Retrieved September 28, 2023.","url":"https://www.uptycs.com/blog/new-poc-exploit-backdoor-malware","source":"MITRE","title":"PoC Exploit: Fake Proof of Concept with Backdoor Malware","authors":"Nischay Hegde and Siddartha Malladi","date_accessed":"2023-09-28T00:00:00Z","date_published":"2023-07-12T00:00:00Z","owner_name":null,"tidal_id":"90d708be-539e-50a7-979f-084063cbba3f","created":"2023-11-07T00:35:57.329548Z","modified":"2025-12-17T15:08:36.424509Z"},{"id":"1a9bc729-532b-47ab-89ba-90b0ff41f8aa","name":"GitHub SIP POC Sept 2017","description":"Graeber, M. (2017, September 14). PoCSubjectInterfacePackage. Retrieved January 31, 2018.","url":"https://github.com/mattifestation/PoCSubjectInterfacePackage","source":"MITRE","title":"PoCSubjectInterfacePackage","authors":"Graeber, M","date_accessed":"2018-01-31T00:00:00Z","date_published":"2017-09-14T00:00:00Z","owner_name":null,"tidal_id":"753965e4-be5b-5fd2-b029-8c687a8fb041","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429604Z"},{"id":"73d222fb-4b46-53bf-a86d-78f3123b2a07","name":"GitHub","description":"topotam. (2021, July 18). PetitPotam. PoC tool to coerce Windows hosts to authenticate to other machines. Retrieved May 30, 2025.","url":"https://github.com/topotam/PetitPotam","source":"MITRE","title":"PoC tool to coerce Windows hosts to authenticate to other machines","authors":"topotam. (2021, July 18)","date_accessed":"2025-05-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7ae8663e-433e-52d3-95be-c716364c0ce1","created":"2025-10-29T21:08:48.166308Z","modified":"2025-12-17T15:08:36.433975Z"},{"id":"8a7a4a51-e16d-447e-8f1e-c02d6dae3e26","name":"Kube Pod","description":"kubenetes. (n.d.). Pod v1 core. Retrieved October 13, 2021.","url":"https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#pod-v1-core","source":"MITRE","title":"Pod v1 core","authors":"kubenetes","date_accessed":"2021-10-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"452bd869-2c66-54c4-8496-caf31cce54ce","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437011Z"},{"id":"5862c90a-3bae-48d0-8749-9a6510fe3630","name":"Talos PoetRAT October 2020","description":"Mercer, W. Rascagneres, P. Ventura, V. (2020, October 6). PoetRAT: Malware targeting public and private sector in Azerbaijan evolves . Retrieved April 9, 2021.","url":"https://blog.talosintelligence.com/2020/10/poetrat-update.html","source":"MITRE","title":"PoetRAT: Malware targeting public and private sector in Azerbaijan evolves","authors":"Mercer, W. Rascagneres, P. Ventura, V","date_accessed":"2021-04-09T00:00:00Z","date_published":"2020-10-06T00:00:00Z","owner_name":null,"tidal_id":"10378329-f786-5256-b736-632ed2af024b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421658Z"},{"id":"83503473-54c5-555e-954c-12c4f4bbdde6","name":"PoetRat Lua","description":"Mercer, Warren. (2020, October 6). PoetRAT: Malware targeting public and private sector in Azerbaijan evolves. Retrieved August 5, 2024.","url":"https://blog.talosintelligence.com/poetrat-update/","source":"MITRE","title":"PoetRAT: Malware targeting public and private sector in Azerbaijan evolves","authors":"Mercer, Warren","date_accessed":"2024-08-05T00:00:00Z","date_published":"2020-10-06T00:00:00Z","owner_name":null,"tidal_id":"88a6df13-5946-5f53-a814-fb454b3d5265","created":"2024-10-31T16:28:24.561804Z","modified":"2025-12-17T15:08:36.433498Z"},{"id":"fe2a79a5-bc50-4147-b919-f3d0eb7430b6","name":"Talos PoetRAT April 2020","description":"Mercer, W, et al. (2020, April 16). PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors. Retrieved April 27, 2020.","url":"https://blog.talosintelligence.com/2020/04/poetrat-covid-19-lures.html","source":"MITRE","title":"PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors","authors":"Mercer, W, et al","date_accessed":"2020-04-27T00:00:00Z","date_published":"2020-04-16T00:00:00Z","owner_name":null,"tidal_id":"9bc412ac-bf66-53ed-837e-76b1c9dd008f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421652Z"},{"id":"f96711d4-010d-4d7e-8074-31dd1b41c54d","name":"Talos Zeus Panda Nov 2017","description":"Brumaghin, E., et al. (2017, November 02). Poisoning the Well: Banking Trojan Targets Google Search Results. Retrieved November 5, 2018.","url":"https://blog.talosintelligence.com/2017/11/zeus-panda-campaign.html#More","source":"MITRE","title":"Poisoning the Well: Banking Trojan Targets Google Search Results","authors":"Brumaghin, E., et al","date_accessed":"2018-11-05T00:00:00Z","date_published":"2017-11-02T00:00:00Z","owner_name":null,"tidal_id":"0f55bc24-0d74-532f-936f-a46c8bf7fe8d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417176Z"},{"id":"c189447e-a903-4dc2-a38b-1f4accc64e20","name":"FireEye Poison Ivy","description":"FireEye. (2014). POISON IVY: Assessing Damage and Extracting Intelligence. Retrieved September 19, 2024.","url":"https://www.mandiant.com/sites/default/files/2021-09/rpt-poison-ivy.pdf","source":"MITRE","title":"POISON IVY: Assessing Damage and Extracting Intelligence","authors":"FireEye","date_accessed":"2024-09-19T00:00:00Z","date_published":"2014-01-01T00:00:00Z","owner_name":null,"tidal_id":"809edbc8-4a7c-5a04-96ef-913b57357f25","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421240Z"},{"id":"38d9c5a2-8fa5-4cb7-a1a9-86b3f54c1eb7","name":"Umbreon Trend Micro","description":"Fernando Mercês. (2016, September 5). Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems. Retrieved March 5, 2018.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems/?_ga=2.180041126.367598458.1505420282-1759340220.1502477046","source":"MITRE","title":"Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems","authors":"Fernando Mercês","date_accessed":"2018-03-05T00:00:00Z","date_published":"2016-09-05T00:00:00Z","owner_name":null,"tidal_id":"0317eeab-a374-5c5f-a559-0d183e3c318c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417972Z"},{"id":"9bb520fa-0c4f-48aa-8b0a-8f1d42ee1d0c","name":"AWS IAM Policies and Permissions","description":"AWS. (n.d.). Policies and permissions in IAM. Retrieved April 1, 2022.","url":"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html","source":"MITRE","title":"Policies and permissions in IAM","authors":"AWS","date_accessed":"2022-04-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"666e093a-3cd0-5de6-92b8-0268dc1827dd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426939Z"},{"id":"36a7ed58-95ef-594f-a15b-5c3b5911a630","name":"EnableMPRNotifications","description":"Microsoft. (2023, January 26). Policy CSP - WindowsLogon. Retrieved March 30, 2023.","url":"https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-windowslogon","source":"MITRE","title":"Policy CSP - WindowsLogon","authors":"Microsoft","date_accessed":"2023-03-30T00:00:00Z","date_published":"2023-01-26T00:00:00Z","owner_name":null,"tidal_id":"6d1f27e2-0486-5093-8699-0205e637ce19","created":"2023-05-26T01:21:20.986919Z","modified":"2025-12-17T15:08:36.442901Z"},{"id":"80adcb26-0c63-4f9f-872d-75dc75644efd","name":"EclecticIQ March 1 2022","description":"EclecticIQ. (2022, March 1). Polish Healthcare Industry Targeted by Vidar Infostealer Likely Linked to Djvu Ransomware. Retrieved December 19, 2024.","url":"https://blog.eclecticiq.com/polish-healthcare-industry-targeted-by-vidar-infostealer-likely-linked-to-djvu-ransomware","source":"Tidal Cyber","title":"Polish Healthcare Industry Targeted by Vidar Infostealer Likely Linked to Djvu Ransomware","authors":"EclecticIQ","date_accessed":"2024-12-19T00:00:00Z","date_published":"2022-03-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e1d44060-8678-5a51-b1d5-163bebbf1cb7","created":"2025-04-11T15:06:20.867740Z","modified":"2025-04-11T15:06:21.037812Z"},{"id":"6b7ad651-8c48-462d-90db-07ed3d570118","name":"Microsoft DirSync","description":"Microsoft. (n.d.). Polling for Changes Using the DirSync Control. Retrieved March 30, 2018.","url":"https://msdn.microsoft.com/en-us/library/ms677626.aspx","source":"MITRE","title":"Polling for Changes Using the DirSync Control","authors":"Microsoft","date_accessed":"2018-03-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"65aaa58b-d473-5fca-b689-c8ebdb5f6c27","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429820Z"},{"id":"ea9c1fc9-41d7-5629-b714-62f9ecf70e3b","name":"Polyglot Files: a Hacker’s best friend","description":"Li, V. (2019, October 2). Polyglot Files: a Hacker’s best friend. Retrieved September 27, 2022.","url":"https://medium.com/swlh/polyglot-files-a-hackers-best-friend-850bf812dd8a","source":"MITRE","title":"Polyglot Files: a Hacker’s best friend","authors":"Li, V","date_accessed":"2022-09-27T00:00:00Z","date_published":"2019-10-02T00:00:00Z","owner_name":null,"tidal_id":"578a7daa-2960-55e8-9bcb-d45013ba1ae3","created":"2023-05-26T01:21:19.400712Z","modified":"2025-04-22T20:47:30.911177Z"},{"id":"ce64739e-1311-4e1b-8352-ff941786ff39","name":"CheckPoint Redaman October 2019","description":"Eisenkraft, K., Olshtein, A. (2019, October 17). Pony’s C&C servers hidden inside the Bitcoin blockchain. Retrieved June 15, 2020.","url":"https://research.checkpoint.com/2019/ponys-cc-servers-hidden-inside-the-bitcoin-blockchain/","source":"MITRE","title":"Pony’s C&C servers hidden inside the Bitcoin blockchain","authors":"Eisenkraft, K., Olshtein, A","date_accessed":"2020-06-15T00:00:00Z","date_published":"2019-10-17T00:00:00Z","owner_name":null,"tidal_id":"e2b9df0c-0ee7-5cdd-ba7d-cf01874a1848","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441076Z"},{"id":"5adc2cce-07f3-5df8-9bab-4a0ba1f2639f","name":"Bitdefender NPM Repositories Compromised 2021","description":"Silviu Stahie. (2021, November 8). Popular NPM Repositories Compromised in Man-in-the-Middle Attack. Retrieved May 22, 2025.","url":"https://www.bitdefender.com/en-gb/blog/hotforsecurity/popular-npm-repositories-compromised-in-man-in-the-middle-attack","source":"MITRE","title":"Popular NPM Repositories Compromised in Man-in-the-Middle Attack","authors":"Silviu Stahie","date_accessed":"2025-05-22T00:00:00Z","date_published":"2021-11-08T00:00:00Z","owner_name":null,"tidal_id":"df73d877-1cf5-5904-a559-e6772d97b167","created":"2025-10-29T21:08:48.165611Z","modified":"2025-12-17T15:08:36.425656Z"},{"id":"197b6774-25e5-4c02-bf45-20e0c1dfca6c","name":"Socket Tinycolor npm Compromise September 15 2025","description":"Socket Research Team. (2025, September 15). Popular Tinycolor npm Package Compromised in Supply Chain Attack Affecting 40+ Packages. Retrieved September 18, 2025.","url":"https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages","source":"Tidal Cyber","title":"Popular Tinycolor npm Package Compromised in Supply Chain Attack Affecting 40+ Packages","authors":"Socket Research Team","date_accessed":"2025-09-18T12:00:00Z","date_published":"2025-09-15T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"de7b22c4-13f6-50bb-94b2-cf8f1a2b9576","created":"2025-09-19T19:47:43.533677Z","modified":"2025-09-19T19:47:43.664024Z"},{"id":"e53bc63e-986f-4d48-a6b7-ed8e93494ed5","name":"Kaspersky Poseidon Group","description":"Kaspersky Lab's Global Research and Analysis Team. (2016, February 9). Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage. Retrieved March 16, 2016.","url":"https://securelist.com/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/73673/","source":"MITRE, Tidal Cyber","title":"Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage","authors":"Kaspersky Lab's Global Research and Analysis Team","date_accessed":"2016-03-16T00:00:00Z","date_published":"2016-02-09T00:00:00Z","owner_name":null,"tidal_id":"355389fd-0832-5896-a652-3bdc674cac77","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.280180Z"},{"id":"f1d15b92-8840-45ae-b23d-0cba20fc22cc","name":"Breach Post-mortem SSH Hijack","description":"Hodgson, M. (2019, May 8). Post-mortem and remediations for Apr 11 security incident. Retrieved November 17, 2024.","url":"https://matrix.org/blog/2019/05/08/post-mortem-and-remediations-for-apr-11-security-incident/","source":"MITRE","title":"Post-mortem and remediations for Apr 11 security incident","authors":"Hodgson, M","date_accessed":"2024-11-17T00:00:00Z","date_published":"2019-05-08T00:00:00Z","owner_name":null,"tidal_id":"7dbb417f-707f-52e2-a017-ec77cc05881f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429235Z"},{"id":"a02790a1-f7c5-43b6-bc7e-075b2c0aa791","name":"Elastic Docs Potential Protocol Tunneling via EarthWorm","description":"Elastic. (n.d.). Potential Protocol Tunneling via EarthWorm. Retrieved July 7, 2023.","url":"https://www.elastic.co/guide/en/security/current/potential-protocol-tunneling-via-earthworm.html","source":"Tidal Cyber","title":"Potential Protocol Tunneling via EarthWorm","authors":"Elastic","date_accessed":"2023-07-07T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"82cf8c10-5747-59b1-99bc-1d9f58af9947","created":"2023-07-14T12:56:32.932674Z","modified":"2023-07-14T12:56:33.042347Z"},{"id":"c0cdb878-ef43-570a-8d5b-d643ec01f435","name":"sus mofcomp","description":"detection.fyi. (2023, October 28). Potential Suspicious Mofcomp Execution. Retrieved February 9, 2024.","url":"https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_mofcomp_execution/","source":"MITRE","title":"Potential Suspicious Mofcomp Execution","authors":"detection.fyi","date_accessed":"2024-02-09T00:00:00Z","date_published":"2023-10-28T00:00:00Z","owner_name":null,"tidal_id":"3f4ca8d5-6a83-5479-9c32-67c09e82a8e6","created":"2024-04-25T13:28:53.002189Z","modified":"2025-04-22T20:47:32.238086Z"},{"id":"7d473936-ba57-4b8c-86b9-99b31ece58b9","name":"Watchtowr Labs - Blog November 19 2024","description":"Sonny. (2024, November 19). Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474. Retrieved December 2, 2024.","url":"https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/","source":"Tidal Cyber","title":"Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474","authors":"Sonny","date_accessed":"2024-12-02T00:00:00Z","date_published":"2024-11-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"85fad03b-d4fd-58de-9dd8-05f508992cb9","created":"2024-12-02T20:28:33.473711Z","modified":"2024-12-02T20:28:33.646609Z"},{"id":"49a21bba-b77d-4b0e-b666-20ef2826e92c","name":"This is Security Command Line Confusion","description":"B. Ancel. (2014, August 20). Poweliks – Command Line Confusion. Retrieved March 5, 2018.","url":"https://www.stormshield.com/news/poweliks-command-line-confusion/","source":"MITRE","title":"Poweliks – Command Line Confusion","authors":"B. Ancel","date_accessed":"2018-03-05T00:00:00Z","date_published":"2014-08-20T00:00:00Z","owner_name":null,"tidal_id":"377bc0f4-afff-5484-a076-4b3ffac15ddf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424055Z"},{"id":"4a42df15-4d09-4f4f-8333-2b41356fdb80","name":"TrendMicro POWELIKS AUG 2014","description":"Santos, R. (2014, August 1). POWELIKS: Malware Hides In Windows Registry. Retrieved August 9, 2018.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/poweliks-malware-hides-in-windows-registry/","source":"MITRE","title":"POWELIKS: Malware Hides In Windows Registry","authors":"Santos, R","date_accessed":"2018-08-09T00:00:00Z","date_published":"2014-08-01T00:00:00Z","owner_name":null,"tidal_id":"8438bcfc-9915-53d9-8465-c0d70859da1f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429978Z"},{"id":"d9b5be77-5e44-5786-a683-82642b8dd8c9","name":"Microsoft: Powercfg command-line options","description":"Microsoft. (2021, December 15). Powercfg command-line options. Retrieved June 5, 2023.","url":"https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/powercfg-command-line-options?adlt=strict","source":"MITRE","title":"Powercfg command-line options","authors":"Microsoft","date_accessed":"2023-06-05T00:00:00Z","date_published":"2021-12-15T00:00:00Z","owner_name":null,"tidal_id":"1c5a3946-9c06-5f09-9127-f8036d64c6f2","created":"2023-11-07T00:36:08.967184Z","modified":"2025-12-17T15:08:36.436053Z"},{"id":"4026c055-6020-41bb-a4c8-54b308867023","name":"Volexity PowerDuke November 2016","description":"Adair, S.. (2016, November 9). PowerDuke: Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks and NGOs. Retrieved January 11, 2017.","url":"https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phishing-campaigns-targeting-think-tanks-and-ngos/","source":"MITRE","title":"PowerDuke: Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks and NGOs","authors":"Adair, S.","date_accessed":"2017-01-11T00:00:00Z","date_published":"2016-11-09T00:00:00Z","owner_name":null,"tidal_id":"63bcba22-2b8e-5008-874e-8e75ce9591f2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416465Z"},{"id":"095aaa25-b674-4313-bc4f-3227b00c0459","name":"Cybereason PowerLess February 2022","description":"Cybereason Nocturnus. (2022, February 1). PowerLess Trojan: Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage. Retrieved June 1, 2022.","url":"https://www.cybereason.com/blog/research/powerless-trojan-iranian-apt-phosphorus-adds-new-powershell-backdoor-for-espionage","source":"MITRE","title":"PowerLess Trojan: Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage","authors":"Cybereason Nocturnus","date_accessed":"2022-06-01T00:00:00Z","date_published":"2022-02-01T00:00:00Z","owner_name":null,"tidal_id":"b6b0ac8b-9641-5636-ad07-9b81bd861c8a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417813Z"},{"id":"9a9a6ca1-d7c5-4385-924b-cdeffd66602e","name":"MalwareTech Power Loader Aug 2013","description":"MalwareTech. (2013, August 13). PowerLoader Injection – Something truly amazing. Retrieved December 16, 2017.","url":"https://www.malwaretech.com/2013/08/powerloader-injection-something-truly.html","source":"MITRE","title":"PowerLoader Injection – Something truly amazing","authors":"MalwareTech","date_accessed":"2017-12-16T00:00:00Z","date_published":"2013-08-13T00:00:00Z","owner_name":null,"tidal_id":"f2e20467-2751-5a24-b370-923fe20e0641","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416883Z"},{"id":"23c48ab3-9426-4949-9a35-d1b9ecb4bb47","name":"Powerpnt.exe - LOLBAS Project","description":"LOLBAS. (2019, July 19). Powerpnt.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Powerpnt/","source":"Tidal Cyber","title":"Powerpnt.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2019-07-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"06ee12f4-951b-5f7e-beba-8fe1154b79ea","created":"2024-01-12T14:47:27.608220Z","modified":"2024-01-12T14:47:27.787947Z"},{"id":"9cff28da-c379-49e7-b971-7dccc72054fc","name":"Sophos PowerShell Command History Forensics","description":"Vikas, S. (2020, August 26). PowerShell Command History Forensics. Retrieved November 17, 2024.","url":"https://community.sophos.com/sophos-labs/b/blog/posts/powershell-command-history-forensics","source":"MITRE","title":"PowerShell Command History Forensics","authors":"Vikas, S","date_accessed":"2024-11-17T00:00:00Z","date_published":"2020-08-26T00:00:00Z","owner_name":null,"tidal_id":"77cd7b9c-d49f-5242-a60f-10c91573c8bf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428051Z"},{"id":"d6eaa28f-f900-528a-bba0-560a37c90a98","name":"Microsoft PowerShell CLM","description":"PowerShell Team. (2017, November 2). PowerShell Constrained Language Mode. Retrieved March 27, 2023.","url":"https://devblogs.microsoft.com/powershell/powershell-constrained-language-mode/","source":"MITRE","title":"PowerShell Constrained Language Mode","authors":"PowerShell Team","date_accessed":"2023-03-27T00:00:00Z","date_published":"2017-11-02T00:00:00Z","owner_name":null,"tidal_id":"646fca10-634c-5ce5-9324-8b77735f7d79","created":"2023-05-26T01:21:20.496357Z","modified":"2025-12-17T15:08:36.441100Z"},{"id":"28b3c105-8d64-4767-a735-d353d1fee756","name":"SensePost PS DDE May 2016","description":"El-Sherei, S. (2016, May 20). PowerShell, C-Sharp and DDE The Power Within. Retrieved November 22, 2017.","url":"https://sensepost.com/blog/2016/powershell-c-sharp-and-dde-the-power-within/","source":"MITRE","title":"PowerShell, C-Sharp and DDE The Power Within","authors":"El-Sherei, S","date_accessed":"2017-11-22T00:00:00Z","date_published":"2016-05-20T00:00:00Z","owner_name":null,"tidal_id":"ecfbaf53-98fd-5305-aebb-cafbda108805","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426287Z"},{"id":"ffacff4b-6f4f-5300-b1fa-5393c5c6de38","name":"Cantoris Computing","description":"Cantoris. (2016, July 22). PowerShell Malware. Retrieved December 12, 2024.","url":"https://cantoriscomputing.wordpress.com/2016/07/22/powershell-malware/","source":"MITRE","title":"PowerShell Malware","authors":"Cantoris","date_accessed":"2024-12-12T00:00:00Z","date_published":"2016-07-22T00:00:00Z","owner_name":null,"tidal_id":"beb59a63-745f-54b0-81fe-74e3db713168","created":"2025-04-22T20:47:19.292309Z","modified":"2025-12-17T15:08:36.434716Z"},{"id":"8e870f75-ed76-4898-bfbb-ad3c0c1ae0ca","name":"Powersploit","description":"PowerSploit. (n.d.). Retrieved December 4, 2014.","url":"https://github.com/mattifestation/PowerSploit","source":"MITRE","title":"Powersploit","authors":"","date_accessed":"2014-12-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e3cf21e8-8483-55c9-b03a-0f55a1392c8a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415511Z"},{"id":"7765d4f7-bf2d-43b9-a87e-74114a092645","name":"PowerShellMagazine PowerSploit July 2014","description":"Graeber, M. (2014, July 8). PowerSploit. Retrieved February 6, 2018.","url":"http://www.powershellmagazine.com/2014/07/08/powersploit/","source":"MITRE","title":"PowerSploit","authors":"Graeber, M","date_accessed":"2018-02-06T00:00:00Z","date_published":"2014-07-08T00:00:00Z","owner_name":null,"tidal_id":"80ce5dfd-7e9d-51eb-96a8-eb16a9bebf56","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422775Z"},{"id":"56628e55-94cd-4c5e-8f5a-34ffb7a45174","name":"PowerSploit Documentation","description":"PowerSploit. (n.d.). PowerSploit. Retrieved February 6, 2018.","url":"http://powersploit.readthedocs.io","source":"MITRE","title":"PowerSploit","authors":"PowerSploit","date_accessed":"2018-02-06T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"fc79410a-944b-5445-9ff9-1cba514de763","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422788Z"},{"id":"ec3edb54-9f1b-401d-a265-cd8924e5cb2b","name":"GitHub PowerSploit May 2012","description":"PowerShellMafia. (2012, May 26). PowerSploit - A PowerShell Post-Exploitation Framework. Retrieved February 6, 2018.","url":"https://github.com/PowerShellMafia/PowerSploit","source":"MITRE","title":"PowerSploit - A PowerShell Post-Exploitation Framework","authors":"PowerShellMafia","date_accessed":"2018-02-06T00:00:00Z","date_published":"2012-05-26T00:00:00Z","owner_name":null,"tidal_id":"bd621ddc-f400-5fd1-b49d-8cbde869c284","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422781Z"},{"id":"47e93ad7-c214-51f4-8cb6-62269f83d7f7","name":"Brodie","description":"Daniel Brodie. (2016). Practical Attacks against Mobile Device Management (MDM). Retrieved December","url":"https://media.blackhat.com/eu-13/briefings/Brodie/bh-eu-13-lacoon-attacks-mdm-brodie-wp.pdf","source":"Mobile","title":"Practical Attacks against Mobile Device Management (MDM)","authors":"Daniel Brodie","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-01-01T00:00:00Z","owner_name":null,"tidal_id":"63d079b9-5c61-5c60-869b-35572f5d9af1","created":"2026-01-28T13:08:10.045458Z","modified":"2026-01-28T13:08:10.045461Z"},{"id":"34deeec2-6edc-492c-bb35-5ccb1dc8e4df","name":"byt3bl33d3r NTLM Relaying","description":"Salvati, M. (2017, June 2). Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes). Retrieved February 7, 2019.","url":"https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html","source":"MITRE","title":"Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes)","authors":"Salvati, M","date_accessed":"2019-02-07T00:00:00Z","date_published":"2017-06-02T00:00:00Z","owner_name":null,"tidal_id":"5b960dbb-7d7b-58d1-a999-f2604394841e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415743Z"},{"id":"c74f5ecf-8810-4670-b778-24171c078724","name":"U.S. CISA Volt Typhoon February 7 2024","description":"Cybersecurity and Infrastructure Security Agency. (2024, February 7). PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure. Retrieved February 9, 2024.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a","source":"Tidal Cyber","title":"PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2024-02-09T00:00:00Z","date_published":"2024-02-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"37a9e6fd-3741-5cd4-8353-041cc3e552b4","created":"2024-02-09T17:58:36.310379Z","modified":"2024-02-09T17:58:44.114567Z"},{"id":"f8931e8d-9a03-5407-857a-2a1c5a895eed","name":"Zimbra Preauth","description":"Zimbra. (2023, March 16). Preauth. Retrieved May 31, 2023.","url":"https://wiki.zimbra.com/wiki/Preauth","source":"MITRE","title":"Preauth","authors":"Zimbra","date_accessed":"2023-05-31T00:00:00Z","date_published":"2023-03-16T00:00:00Z","owner_name":null,"tidal_id":"3a93713f-946a-51b4-9553-4dbed7fa6f96","created":"2023-11-07T00:36:06.000128Z","modified":"2025-12-17T15:08:36.432763Z"},{"id":"edaf08ec-0a56-480a-93ef-eb8038147e5c","name":"Microsoft Preauthentication Jul 2012","description":"Microsoft. (2012, July 18). Preauthentication. Retrieved August 24, 2020.","url":"https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc961961(v=technet.10)?redirectedfrom=MSDN","source":"MITRE","title":"Preauthentication","authors":"Microsoft","date_accessed":"2020-08-24T00:00:00Z","date_published":"2012-07-18T00:00:00Z","owner_name":null,"tidal_id":"f088681c-90f8-500e-8dc6-68a82d84b6eb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441417Z"},{"id":"e25aac99-cc74-45f5-9535-51716e27b125","name":"Binding Hook Predatory Sparrow December 9 2024","description":"James Shires, Max Smeets, Hannah-Sophie Weber. (2024, December 9). Predatory Sparrow: cyber sabotage with a conscience?. Retrieved June 20, 2025.","url":"https://bindinghook.com/articles-binding-edge/predatory-sparrow-cyber-sabotage-with-a-conscience/","source":"Tidal Cyber","title":"Predatory Sparrow: cyber sabotage with a conscience?","authors":"James Shires, Max Smeets, Hannah-Sophie Weber","date_accessed":"2025-06-20T12:00:00Z","date_published":"2024-12-09T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d310c7f9-c152-56ba-b8cc-43010e25e0e1","created":"2025-06-23T13:53:26.317881Z","modified":"2025-06-23T13:53:26.536092Z"},{"id":"1c4cee54-034e-47e3-973e-0900ea602a9c","name":"BBC News July 10 2022","description":"Joe Tidy. (2022, July 10). Predatory Sparrow Who are the hackers who say they started a fire in Iran. Retrieved June 20, 2025.","url":"https://www.bbc.com/news/technology-62072480","source":"Tidal Cyber","title":"Predatory Sparrow Who are the hackers who say they started a fire in Iran","authors":"Joe Tidy","date_accessed":"2025-06-20T12:00:00Z","date_published":"2022-07-10T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"58cfd62d-09a7-5ad7-b773-c971d7be8953","created":"2025-06-23T13:53:26.867448Z","modified":"2025-06-23T13:53:27.072650Z"},{"id":"4462e71d-0373-4fc0-8cde-93a2972bedd5","name":"Elastic Predicting DGA","description":"Ahuja, A., Anderson, H., Grant, D., Woodbridge, J.. (2016, November 2). Predicting Domain Generation Algorithms with Long Short-Term Memory Networks. Retrieved April 26, 2019.","url":"https://arxiv.org/pdf/1611.00791.pdf","source":"MITRE","title":"Predicting Domain Generation Algorithms with Long Short-Term Memory Networks","authors":"Ahuja, A., Anderson, H., Grant, D., Woodbridge, J.","date_accessed":"2019-04-26T00:00:00Z","date_published":"2016-11-02T00:00:00Z","owner_name":null,"tidal_id":"0add799d-9fdb-5e6e-9df5-7ab9318cd773","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425160Z"},{"id":"4004e072-9e69-4e81-a2b7-840e106cf3d9","name":"WithSecure SystemBC May 10 2021","description":"Callum Roxan, Sami Ruohonen. (2021, May 10). Prelude to Ransomware: SystemBC. Retrieved September 21, 2023.","url":"https://labs.withsecure.com/publications/prelude-to-ransomware-systembc","source":"Tidal Cyber","title":"Prelude to Ransomware: SystemBC","authors":"Callum Roxan, Sami Ruohonen","date_accessed":"2023-09-21T00:00:00Z","date_published":"2021-05-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d084b5ca-9b25-5fe1-9a08-4409838f28df","created":"2023-09-22T15:01:25.490112Z","modified":"2023-09-22T15:01:25.607322Z"},{"id":"8bb388d4-b7d1-5778-b599-2ed42206b88b","name":"URI","description":"Michael Cobb. (2007, October 11). Preparing for uniform resource identifier (URI) exploits. Retrieved February 9, 2024.","url":"https://www.techtarget.com/searchsecurity/tip/Preparing-for-uniform-resource-identifier-URI-exploits","source":"MITRE","title":"Preparing for uniform resource identifier (URI) exploits","authors":"Michael Cobb","date_accessed":"2024-02-09T00:00:00Z","date_published":"2007-10-11T00:00:00Z","owner_name":null,"tidal_id":"e988728d-9beb-5ba3-a973-3ee700d6fb94","created":"2024-04-25T13:28:33.439497Z","modified":"2025-12-17T15:08:36.428480Z"},{"id":"37539e72-18f5-435a-a949-f9fa5991149a","name":"Presentationhost.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Presentationhost.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Presentationhost/","source":"Tidal Cyber","title":"Presentationhost.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"adf7db9e-41d9-5839-aa22-9e935921b136","created":"2024-01-12T14:46:53.754616Z","modified":"2024-01-12T14:46:53.973569Z"},{"id":"b8005a55-7e77-4dc1-abed-f75a0a3d8afb","name":"Microsoft Sub Takeover 2020","description":"Microsoft. (2020, September 29). Prevent dangling DNS entries and avoid subdomain takeover. Retrieved October 12, 2020.","url":"https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover","source":"MITRE","title":"Prevent dangling DNS entries and avoid subdomain takeover","authors":"Microsoft","date_accessed":"2020-10-12T00:00:00Z","date_published":"2020-09-29T00:00:00Z","owner_name":null,"tidal_id":"b60e0c1e-0ab3-5cb1-82fd-329f3372074d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436682Z"},{"id":"a7145316-cbda-502d-9a74-9bd8830f8c2d","name":"Trend Micro 3CX AppleJeus ICONICSTEALER March 2023","description":"Trend Micro Research. (2023, March 30). Preventing and Detecting Attacks Involving 3CX Desktop App. Retrieved October 21, 2025.","url":"https://www.trendmicro.com/en_us/research/23/c/information-on-attacks-involving-3cx-desktop-app.html","source":"MITRE","title":"Preventing and Detecting Attacks Involving 3CX Desktop App","authors":"Trend Micro Research","date_accessed":"2025-10-21T00:00:00Z","date_published":"2023-03-30T00:00:00Z","owner_name":null,"tidal_id":"883f6bc0-7934-5271-bab4-1e8fc367800b","created":"2025-10-29T21:08:48.167881Z","modified":"2025-12-17T15:08:36.442589Z"},{"id":"cd2fd958-63ce-4ac9-85e6-bb32f29d88b0","name":"Microsoft Preventing SMB","description":"Microsoft. (2020, March 10). Preventing SMB traffic from lateral connections and entering or leaving the network. Retrieved June 1, 2020.","url":"https://support.microsoft.com/en-us/help/3185535/preventing-smb-traffic-from-lateral-connections","source":"MITRE","title":"Preventing SMB traffic from lateral connections and entering or leaving the network","authors":"Microsoft","date_accessed":"2020-06-01T00:00:00Z","date_published":"2020-03-10T00:00:00Z","owner_name":null,"tidal_id":"aed5e43d-3375-5070-99b4-6276e8e78c21","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441922Z"},{"id":"e08bfc40-a580-4fa3-9531-d5e1bede374e","name":"Palo Alto Prince of Persia","description":"Bar, T., Conant, S., Efraim, L. (2016, June 28). Prince of Persia – Game Over. Retrieved July 5, 2017.","url":"https://researchcenter.paloaltonetworks.com/2016/06/unit42-prince-of-persia-game-over/","source":"MITRE","title":"Prince of Persia – Game Over","authors":"Bar, T., Conant, S., Efraim, L","date_accessed":"2017-07-05T00:00:00Z","date_published":"2016-06-28T00:00:00Z","owner_name":null,"tidal_id":"5b1707f1-c596-517f-ad9d-5267f9724ffe","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429924Z"},{"id":"a7ab6f09-c22f-4627-afb1-c13a963efca5","name":"PrintBrm.exe - LOLBAS Project","description":"LOLBAS. (2021, June 21). PrintBrm.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/PrintBrm/","source":"Tidal Cyber","title":"PrintBrm.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-06-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fb44de7e-c9a0-540b-8477-901256a678f5","created":"2024-01-12T14:46:54.619049Z","modified":"2024-01-12T14:46:54.835864Z"},{"id":"696ce89a-b3a1-4993-b30d-33a669a57031","name":"Print.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Print.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Print/","source":"Tidal Cyber","title":"Print.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"eb16d20b-7b56-5e7a-b537-1597d4b92e2e","created":"2024-01-12T14:46:54.211843Z","modified":"2024-01-12T14:46:54.413406Z"},{"id":"2d11fec2-7065-4744-ab4e-9e3f4a0da564","name":"GeeksforGeeks January 16 2019","description":"H HardeepSingh Follow Improve. (2019, January 16). printf command in Linux with Examples - GeeksforGeeks. Retrieved December 12, 2024.","url":"https://www.geeksforgeeks.org/printf-command-in-linux-with-examples/","source":"Tidal Cyber","title":"printf command in Linux with Examples - GeeksforGeeks","authors":"H HardeepSingh Follow Improve","date_accessed":"2024-12-12T00:00:00Z","date_published":"2019-01-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"507c3883-d4f2-5bee-8462-20f737049fe7","created":"2025-04-11T15:06:04.219516Z","modified":"2025-04-11T15:06:04.379095Z"},{"id":"81c5728a-d6a5-5fbc-8448-d0efa5ac8b84","name":"Android 10 Privacy Changes","description":"Android Developers. (n.d.). Privacy changes in Android 10. Retrieved September","url":"https://developer.android.com/about/versions/10/privacy/changes#clipboard-data","source":"Mobile","title":"Privacy changes in Android 10","authors":"Android Developers","date_accessed":"1978-09-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e4cc5cec-afcb-57e2-a74b-2ea932024ccc","created":"2026-01-28T13:08:10.045648Z","modified":"2026-01-28T13:08:10.045651Z"},{"id":"97f57035-561a-5a53-a475-8ab90e6c10e1","name":"Android Privacy Indicators","description":"Google. (n.d.). Privacy Indicators. Retrieved April","url":"https://source.android.com/devices/tech/config/privacy-indicators","source":"Mobile","title":"Privacy Indicators","authors":"Google","date_accessed":"1978-04-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a9530aae-8c28-52eb-941a-10b9f52dbc33","created":"2026-01-28T13:08:10.044442Z","modified":"2026-01-28T13:08:10.044445Z"},{"id":"c84be284-03ad-4674-94db-03f264f2db9f","name":"PrivateLoader: The first step in many malware schemes | Intel471","description":"Intel471. (2022, February 8). PrivateLoader: The first step in many malware schemes. Retrieved May 15, 2023.","url":"https://intel471.com/blog/privateloader-malware","source":"Tidal Cyber","title":"PrivateLoader: The first step in many malware schemes","authors":"Intel471","date_accessed":"2023-05-15T00:00:00Z","date_published":"2022-02-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1d57f173-669b-516e-a351-4d592f75e868","created":"2024-06-13T20:10:24.442798Z","modified":"2024-06-13T20:10:24.639112Z"},{"id":"55373476-1cbe-49f5-aecb-69d60b336d38","name":"Rhingo Security Labs GCP Privilege Escalation","description":"Spencer Gietzen. (n.d.). Privilege Escalation in Google Cloud Platform – Part 1 (IAM). Retrieved May 27, 2022.","url":"https://rhinosecuritylabs.com/gcp/privilege-escalation-google-cloud-platform-part-1/","source":"MITRE","title":"Privilege Escalation in Google Cloud Platform – Part 1 (IAM)","authors":"Spencer Gietzen","date_accessed":"2022-05-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"af971d69-f6f6-5184-b794-e7bf18078e29","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435956Z"},{"id":"55173e12-9edc-5685-ac0b-acd51617cc6e","name":"Rhino Google Cloud Privilege Escalation","description":"Spencer Gietzen. (n.d.). Privilege Escalation in Google Cloud Platform – Part 1 (IAM). Retrieved September 21, 2023.","url":"https://rhinosecuritylabs.com/gcp/privilege-escalation-google-cloud-platform-part-1/","source":"MITRE","title":"Privilege Escalation in Google Cloud Platform – Part 1 (IAM)","authors":"Spencer Gietzen","date_accessed":"2023-09-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1cc3c353-2f65-5898-96de-74e1cf9a1421","created":"2023-11-07T00:36:04.376099Z","modified":"2025-12-17T15:08:36.431073Z"},{"id":"d75508b1-8b85-47c9-a087-bc64e8e4cb33","name":"FireEye APT19","description":"Ahl, I. (2017, June 06). Privileges and Credentials: Phished at the Request of Counsel. Retrieved May 17, 2018.","url":"https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html","source":"MITRE","title":"Privileges and Credentials: Phished at the Request of Counsel","authors":"Ahl, I","date_accessed":"2018-05-17T00:00:00Z","date_published":"2017-06-06T00:00:00Z","owner_name":null,"tidal_id":"a9a3d254-0cb5-5835-b22b-ec634140940e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438763Z"},{"id":"659a720d-108f-5eac-9e8f-ea9de749d22b","name":"Trend Micro SharePoint Attacks JUL 2025","description":"Trend Micro Research. (2022, July 22). Proactive Security Insights for SharePoint Attacks (CVE-2025-53770 and CVE-2025-53771). Retrieved October 15, 2025.","url":"https://www.trendmicro.com/en_us/research/25/g/cve-2025-53770-and-cve-2025-53771-sharepoint-attacks.html","source":"MITRE","title":"Proactive Security Insights for SharePoint Attacks (CVE-2025-53770 and CVE-2025-53771)","authors":"Trend Micro Research","date_accessed":"2025-10-15T00:00:00Z","date_published":"2022-07-22T00:00:00Z","owner_name":null,"tidal_id":"87eac08d-0756-5fe3-aa19-3bd0e34cdd82","created":"2025-10-29T21:08:48.167210Z","modified":"2025-12-17T15:08:36.439297Z"},{"id":"710ed789-de1f-4601-a8ba-32147827adcb","name":"Anomali Static Kitten February 2021","description":"Mele, G. et al. (2021, February 10). Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies. Retrieved March 17, 2021.","url":"https://www.anomali.com/blog/probable-iranian-cyber-actors-static-kitten-conducting-cyberespionage-campaign-targeting-uae-and-kuwait-government-agencies","source":"MITRE","title":"Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies","authors":"Mele, G. et al","date_accessed":"2021-03-17T00:00:00Z","date_published":"2021-02-10T00:00:00Z","owner_name":null,"tidal_id":"e5304a2c-7933-5b7b-8eaf-35a20a22e59b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423104Z"},{"id":"f7c4e24f-b91e-574f-8b16-fb93295ef9d8","name":"sus mofcomp dos","description":"The DFIR Report. (2023, January 8). proc_creation_win_mofcomp_execution.yml. Retrieved February 9, 2024.","url":"https://github.com/The-DFIR-Report/Sigma-Rules/blob/main/rules/windows/process_creation/proc_creation_win_mofcomp_execution.yml","source":"MITRE","title":"proc_creation_win_mofcomp_execution.yml","authors":"The DFIR Report","date_accessed":"2024-02-09T00:00:00Z","date_published":"2023-01-08T00:00:00Z","owner_name":null,"tidal_id":"dc5bf816-6698-5fa6-a39e-ee652f3b5724","created":"2024-04-25T13:28:53.007470Z","modified":"2025-04-22T20:47:32.243640Z"},{"id":"3e37fe71-71d0-424e-96ff-81070e2571ae","name":"Procdump.exe - LOLBAS Project","description":"LOLBAS. (2020, October 14). Procdump.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Procdump/","source":"Tidal Cyber","title":"Procdump.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-10-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f796093d-5722-55eb-98ac-71bc702c05ab","created":"2024-01-12T14:47:27.972772Z","modified":"2024-01-12T14:47:28.166700Z"},{"id":"d4edd219-c91a-4ff1-8f22-10daa1057f29","name":"Microsoft Process Creation Flags May 2018","description":"Schofield, M. & Satran, M. (2018, May 30). Process Creation Flags. Retrieved June 4, 2019.","url":"https://docs.microsoft.com/windows/desktop/ProcThread/process-creation-flags","source":"MITRE","title":"Process Creation Flags","authors":"Schofield, M. & Satran, M","date_accessed":"2019-06-04T00:00:00Z","date_published":"2018-05-30T00:00:00Z","owner_name":null,"tidal_id":"930719d1-93f0-5eed-bb7a-154132aa01ef","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432709Z"},{"id":"b7a86159-7005-4b61-8b4e-a3dcd77c6a7d","name":"hasherezade Process Doppelgänging Dec 2017","description":"hasherezade. (2017, December 18). Process Doppelgänging – a new way to impersonate a process. Retrieved December 20, 2017.","url":"https://hshrzd.wordpress.com/2017/12/18/process-doppelganging-a-new-way-to-impersonate-a-process/","source":"MITRE","title":"Process Doppelgänging – a new way to impersonate a process","authors":"hasherezade","date_accessed":"2017-12-20T00:00:00Z","date_published":"2017-12-18T00:00:00Z","owner_name":null,"tidal_id":"34895177-8780-5e15-86bb-a259307440ec","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431149Z"},{"id":"250c689d-9a9c-4f02-8b99-ca43fbdaddae","name":"Microsoft Processes and Threads","description":"Microsoft. (2018, May 31). Processes and Threads. Retrieved September 28, 2021.","url":"https://docs.microsoft.com/en-us/windows/win32/procthread/processes-and-threads","source":"MITRE","title":"Processes and Threads","authors":"Microsoft","date_accessed":"2021-09-28T00:00:00Z","date_published":"2018-05-31T00:00:00Z","owner_name":null,"tidal_id":"a54484ae-b553-549d-95b6-031c1160482c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437263Z"},{"id":"3fc82a92-cfba-405d-b30e-22eba69ab1ee","name":"ProcessHacker Github","description":"ProcessHacker. (2009, October 27). Process Hacker. Retrieved April 11, 2022.","url":"https://github.com/processhacker/processhacker","source":"MITRE","title":"Process Hacker","authors":"ProcessHacker","date_accessed":"2022-04-11T00:00:00Z","date_published":"2009-10-27T00:00:00Z","owner_name":null,"tidal_id":"963a88b2-a1de-53c7-808f-0b40b480bcc7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435775Z"},{"id":"8feb180a-bfad-42cb-b8ee-792c5088567a","name":"Leitch Hollowing","description":"Leitch, J. (n.d.). Process Hollowing. Retrieved November 12, 2014.","url":"http://www.autosectools.com/process-hollowing.pdf","source":"MITRE","title":"Process Hollowing","authors":"Leitch, J","date_accessed":"2014-11-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"df82db51-b0a2-5e2e-8e9a-f38022f3b2e1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425857Z"},{"id":"d4e2c109-341c-45b3-9d41-3eb980724524","name":"Korean FSI TA505 2020","description":"Financial Security Institute. (2020, February 28). Profiling of TA505 Threat Group That Continues to Attack the Financial Sector. Retrieved July 14, 2022.","url":"https://www.fsec.or.kr/user/bbs/fsec/163/344/bbsDataView/1382.do?page=1&column=&search=&searchSDate=&searchEDate=&bbsDataCategory=","source":"MITRE","title":"Profiling of TA505 Threat Group That Continues to Attack the Financial Sector","authors":"Financial Security Institute","date_accessed":"2022-07-14T00:00:00Z","date_published":"2020-02-28T00:00:00Z","owner_name":null,"tidal_id":"f454f05e-1cb8-52d2-80c6-733ce0b264c9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416663Z"},{"id":"eb0909ea-616c-4d79-b145-ee2f1ae539fb","name":"Microsoft Profiling Mar 2017","description":"Microsoft. (2017, March 30). Profiling Overview. Retrieved June 24, 2020.","url":"https://docs.microsoft.com/en-us/dotnet/framework/unmanaged-api/profiling/profiling-overview","source":"MITRE","title":"Profiling Overview","authors":"Microsoft","date_accessed":"2020-06-24T00:00:00Z","date_published":"2017-03-30T00:00:00Z","owner_name":null,"tidal_id":"037f68c9-1472-5b73-b674-33e5992672a0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436968Z"},{"id":"fc4fc6de-7ee1-502f-ba09-31ab0c8c01c1","name":"Guidance - IEC61131","description":"John Karl-Heinz. (n.d.). Programming Industrial Automation Systems. Retrieved October","url":"http://www.dee.ufrj.br/controle%20automatico/cursos/IEC61131-3%20Programming%20Industrial%20Automation%20Systems.pdf","source":"ICS","title":"Programming Industrial Automation Systems","authors":"John Karl-Heinz","date_accessed":"1978-10-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"edf3d7ba-d0f5-52e9-bb6a-7cf22ebe26c6","created":"2026-01-28T13:08:18.177377Z","modified":"2026-01-28T13:08:18.177380Z"},{"id":"585b9975-3cfb-4485-a9eb-5eea337ebd3c","name":"Microsoft Win32","description":"Microsoft. (n.d.). Programming reference for the Win32 API. Retrieved March 15, 2020.","url":"https://docs.microsoft.com/en-us/windows/win32/api/","source":"MITRE","title":"Programming reference for the Win32 API","authors":"Microsoft","date_accessed":"2020-03-15T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2d2cdf44-3990-5ea5-bd5f-791f79f1dc46","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427860Z"},{"id":"9942b6a5-6ffb-4a26-9392-6c8bb9954997","name":"CameraShy","description":"ThreatConnect Inc. and Defense Group Inc. (DGI). (2015, September 23). Project CameraShy: Closing the Aperture on China's Unit 78020. Retrieved December 17, 2015.","url":"http://cdn2.hubspot.net/hubfs/454298/Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf","source":"MITRE, Tidal Cyber","title":"Project CameraShy: Closing the Aperture on China's Unit 78020","authors":"ThreatConnect Inc. and Defense Group Inc. (DGI)","date_accessed":"2015-12-17T00:00:00Z","date_published":"2015-09-23T00:00:00Z","owner_name":null,"tidal_id":"8eebd9fb-d29a-5762-971e-530425c90176","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279937Z"},{"id":"adee82e6-a74a-4a91-ab5a-97847b135ca3","name":"Unit 42 ProjectM March 2016","description":"Falcone, R. and Conant S. (2016, March 25). ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe. Retrieved September 2, 2021.","url":"https://unit42.paloaltonetworks.com/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe/","source":"MITRE","title":"ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe","authors":"Falcone, R. and Conant S","date_accessed":"2021-09-02T00:00:00Z","date_published":"2016-03-25T00:00:00Z","owner_name":null,"tidal_id":"e701d969-2f00-5054-822b-1ab72232e0b8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438317Z"},{"id":"4d349f2f-c740-55c7-8e7b-b6957e382307","name":"Threatpost Sauron","description":"Michael Mimoso. (2016, August 8). ProjectSauron APT On Par With Equation, Flame, Duqu. Retrieved January 10, 2024.","url":"https://threatpost.com/projectsauron-apt-on-par-with-equation-flame-duqu/119725/","source":"MITRE","title":"ProjectSauron APT On Par With Equation, Flame, Duqu","authors":"Michael Mimoso","date_accessed":"2024-01-10T00:00:00Z","date_published":"2016-08-08T00:00:00Z","owner_name":null,"tidal_id":"9a873911-ae0c-51d0-bf0c-53e0be6ea8e8","created":"2024-04-25T13:28:52.316904Z","modified":"2025-12-17T15:08:36.441756Z"},{"id":"baeaa632-3fa5-4d2b-9537-ccc7674fd7d6","name":"Kaspersky ProjectSauron Blog","description":"Kaspersky Lab's Global Research & Analysis Team. (2016, August 8). ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms. Retrieved August 17, 2016.","url":"https://securelist.com/faq-the-projectsauron-apt/75533/","source":"MITRE, Tidal Cyber","title":"ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms","authors":"Kaspersky Lab's Global Research & Analysis Team","date_accessed":"2016-08-17T00:00:00Z","date_published":"2016-08-08T00:00:00Z","owner_name":null,"tidal_id":"0e7cd53b-f22a-5176-95f8-d6843a59c54b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.259693Z"},{"id":"1ed20522-52ae-4d0c-b42e-c680490958ac","name":"Kaspersky TajMahal April 2019","description":"GReAT. (2019, April 10). Project TajMahal – a sophisticated new APT framework. Retrieved October 14, 2019.","url":"https://securelist.com/project-tajmahal/90240/","source":"MITRE","title":"Project TajMahal – a sophisticated new APT framework","authors":"GReAT","date_accessed":"2019-10-14T00:00:00Z","date_published":"2019-04-10T00:00:00Z","owner_name":null,"tidal_id":"07776566-22d3-59e3-a09c-b16fc66ebd69","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421287Z"},{"id":"afe0549d-dc1b-4bcf-9a1d-55698afd530e","name":"DarkReading FireEye FIN5 Oct 2015","description":"Higgins, K. (2015, October 13). Prolific Cybercrime Gang Favors Legit Login Credentials. Retrieved October 4, 2017.","url":"https://www.darkreading.com/analytics/prolific-cybercrime-gang-favors-legit-login-credentials/d/d-id/1322645?","source":"MITRE","title":"Prolific Cybercrime Gang Favors Legit Login Credentials","authors":"Higgins, K","date_accessed":"2017-10-04T00:00:00Z","date_published":"2015-10-13T00:00:00Z","owner_name":null,"tidal_id":"cc1f5eb1-bc4f-5fb1-9d33-a72c013f4cda","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420580Z"},{"id":"188d990e-f0be-40f2-90f3-913dfe687d27","name":"Talos Promethium June 2020","description":"Mercer, W. et al. (2020, June 29). PROMETHIUM extends global reach with StrongPity3 APT. Retrieved July 20, 2020.","url":"https://blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html","source":"MITRE","title":"PROMETHIUM extends global reach with StrongPity3 APT","authors":"Mercer, W. et al","date_accessed":"2020-07-20T00:00:00Z","date_published":"2020-06-29T00:00:00Z","owner_name":null,"tidal_id":"14783a25-85cf-5f18-a5bc-9aa5e9533b73","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417305Z"},{"id":"6693ff3a-0689-55a8-bd1b-076eab7129ae","name":"Promon FjordPhantom Oct2024","description":"Promon Security Research Team. (2024, October 1). Retrieved February","url":"https://promon.io/security-news/fjordphantom-android-malware","source":"Mobile","title":"Promon FjordPhantom Oct2024","authors":"","date_accessed":"1978-02-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7aeebe0e-0367-59ec-a89d-c3e43079dced","created":"2026-01-28T13:08:10.041821Z","modified":"2026-01-28T13:08:10.041824Z"},{"id":"5b9588a1-7baf-5a10-8663-10cfed41c472","name":"Proofpoint-DMARC","description":"Proofpoint. (n.d.). Retrieved March 24, 2025.","url":"https://www.proofpoint.com/us/threat-reference/dmarc","source":"MITRE","title":"Proofpoint-DMARC","authors":"","date_accessed":"2025-03-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"045b8cab-b266-5ff2-83dd-9a13bb5d4595","created":"2025-04-22T20:47:20.233948Z","modified":"2025-12-17T15:08:36.435638Z"},{"id":"0d279886-6dfd-4587-b0af-98b425b84a50","name":"Cyber Daily Handala June 16 2025","description":"David Hollingworth. (2025, June 16). Pro-Palestinian hackers target Israel in wake of attack on Iran - Cyber Daily. Retrieved November 19, 2025.","url":"https://www.cyberdaily.au/security/12239-pro-palestinian-hackers-target-israel-in-wake-of-attack-on-iran","source":"Tidal Cyber","title":"Pro-Palestinian hackers target Israel in wake of attack on Iran - Cyber Daily","authors":"David Hollingworth","date_accessed":"2025-11-19T12:00:00Z","date_published":"2025-06-16T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b41e8a66-dfbd-5e2d-97e3-811335ffd62e","created":"2025-11-26T19:37:27.638320Z","modified":"2025-11-26T19:37:27.815761Z"},{"id":"bc621380-7094-4877-abbe-5c20588e5dbc","name":"The Record Cyber Toufan December 29 2023","description":"Daryna Antoniuk. (2023, December 29). Pro-Palestinian operation claims dozens of data breaches against Israeli firms. Retrieved August 8, 2024.","url":"https://therecord.media/cyber-toufan-data-breaches-israel-iran-palestinians","source":"Tidal Cyber","title":"Pro-Palestinian operation claims dozens of data breaches against Israeli firms","authors":"Daryna Antoniuk","date_accessed":"2024-08-08T00:00:00Z","date_published":"2023-12-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"113188e5-46f7-572c-8dad-386af22f32aa","created":"2024-08-09T14:50:33.601855Z","modified":"2024-08-09T14:50:33.842283Z"},{"id":"ad9ca269-46d2-4de4-b65e-21602724df82","name":"Cybersecurity and Infrastructure Security Agency CISA December 09 2025","description":"None Identified. (2025, December 9). Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure | CISA. Retrieved December 15, 2025.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-343a","source":"Tidal Cyber","title":"Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure | CISA","authors":"None Identified","date_accessed":"2025-12-15T12:00:00Z","date_published":"2025-12-09T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ae51f024-1496-543a-b88b-e91699b06571","created":"2025-12-17T14:17:41.810600Z","modified":"2025-12-17T14:17:41.954496Z"},{"id":"6de89788-7fd5-4779-abd4-86cf7ccf8ee8","name":"Avast Threat Labs September 6 2022","description":"Martin Chlumecký. (2022, September 6). Pro-Russian Group Targeting Ukraine Supporters with DDoS Attacks - Avast Threat Labs. Retrieved May 2, 2024.","url":"https://decoded.avast.io/martinchlumecky/bobik/","source":"Tidal Cyber","title":"Pro-Russian Group Targeting Ukraine Supporters with DDoS Attacks - Avast Threat Labs","authors":"Martin Chlumecký","date_accessed":"2024-05-02T00:00:00Z","date_published":"2022-09-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ae368040-5e25-54cc-a032-fda064f20c3f","created":"2025-04-11T15:05:57.865602Z","modified":"2025-04-11T15:05:58.026589Z"},{"id":"eebfb4d2-883e-4456-8e3a-79627471022f","name":"Intel471 Pro-Russian Hacktivism July 2 2025","description":"Intel471. (2025, July 2). Pro-Russian hacktivism Shifting alliances, new groups and risks. Retrieved July 31, 2025.","url":"https://www.intel471.com/blog/pro-russian-hacktivism-shifting-alliances-new-groups-and-risks","source":"Tidal Cyber","title":"Pro-Russian hacktivism Shifting alliances, new groups and risks","authors":"Intel471","date_accessed":"2025-07-31T12:00:00Z","date_published":"2025-07-02T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"82c7d52c-2824-558a-a6da-c648539b6945","created":"2025-08-06T14:56:42.986593Z","modified":"2025-08-06T14:56:43.123113Z"},{"id":"f51610a7-1323-4cc4-85ec-2ebdab2a2a50","name":"Intel471 Pro-Russian Hacktivist 2022","description":"Intel471. (2022, September 14). Pro-Russian Hacktivist Groups Target Ukraine Supporters. Retrieved April 30, 2024.","url":"https://intel471.com/blog/pro-russian-hacktivist-groups-target-ukraine-supporters","source":"Tidal Cyber","title":"Pro-Russian Hacktivist Groups Target Ukraine Supporters","authors":"Intel471","date_accessed":"2024-04-30T00:00:00Z","date_published":"2022-09-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9fdc8562-b207-535d-b11f-15a72b86d9ce","created":"2024-06-13T20:11:01.943034Z","modified":"2024-06-13T20:11:02.134808Z"},{"id":"b9a055fc-ed86-568f-9022-cca83c129113","name":"Dwight Anderson 2014","description":"Dwight Anderson. (2014). Protect Critical Infrastructure Systems With Whitelisting. Retrieved 2020/09/25","url":"https://www.sans.org/reading-room/whitepapers/ICS/protect-critical-infrastructure-systems-whitelisting-35312","source":"ICS","title":"Protect Critical Infrastructure Systems With Whitelisting","authors":"Dwight Anderson","date_accessed":"2020-01-01T00:00:00Z","date_published":"2014-01-01T00:00:00Z","owner_name":null,"tidal_id":"d2218fc5-4f4f-557d-a340-90ebdcc4ce83","created":"2026-01-28T13:08:18.179376Z","modified":"2026-01-28T13:08:18.179379Z"},{"id":"d5b2446b-4685-490f-8181-1169cd049bee","name":"TechNet Credential Guard","description":"Lich, B. (2016, May 31). Protect derived domain credentials with Credential Guard. Retrieved June 1, 2016.","url":"https://technet.microsoft.com/en-us/itpro/windows/keep-secure/credential-guard","source":"MITRE","title":"Protect derived domain credentials with Credential Guard","authors":"Lich, B","date_accessed":"2016-06-01T00:00:00Z","date_published":"2016-05-31T00:00:00Z","owner_name":null,"tidal_id":"58344a7d-4ef6-509f-a232-481ce025af46","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416140Z"},{"id":"e6316ecd-da29-4928-a868-c9876badce62","name":"Microsoft Protected Users Security Group","description":"Microsoft. (2016, October 12). Protected Users Security Group. Retrieved May 29, 2020.","url":"https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group","source":"MITRE","title":"Protected Users Security Group","authors":"Microsoft","date_accessed":"2020-05-29T00:00:00Z","date_published":"2016-10-12T00:00:00Z","owner_name":null,"tidal_id":"a096546e-92d2-5d63-b3dd-0dfb1cbe0827","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442016Z"},{"id":"1ee55a8c-9e9d-520a-a3d3-1d2da57e0265","name":"CISA Remote Monitoring and Management Software","description":"CISA. (n.d.). Protecting Against Malicious Use of Remote Monitoring and Management Software. Retrieved February 2, 2023.","url":"https://www.cisa.gov/uscert/ncas/alerts/aa23-025a","source":"MITRE","title":"Protecting Against Malicious Use of Remote Monitoring and Management Software","authors":"CISA","date_accessed":"2023-02-02T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"20c95f44-bf18-5322-96ba-83979e18833f","created":"2023-05-26T01:21:08.628876Z","modified":"2025-12-17T15:08:36.433236Z"},{"id":"95e19778-95ce-585a-892e-e6a8c20389f7","name":"Protecting Microsoft 365 From On-Premises Attacks","description":"Microsoft. (2022, August 26). Protecting Microsoft 365 from on-premises attacks. Retrieved February 21, 2023.","url":"https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/protect-m365-from-on-premises-attacks","source":"MITRE","title":"Protecting Microsoft 365 from on-premises attacks","authors":"Microsoft","date_accessed":"2023-02-21T00:00:00Z","date_published":"2022-08-26T00:00:00Z","owner_name":null,"tidal_id":"4ddc0178-ce67-586f-9959-510ce2ee622b","created":"2023-05-26T01:21:20.581448Z","modified":"2025-12-17T15:08:36.442813Z"},{"id":"a8d1e40d-b291-443c-86cc-edf6db00b898","name":"SANS PsExec","description":"Pilkington, M. (2012, December 17). Protecting Privileged Domain Accounts: PsExec Deep-Dive. Retrieved August 17, 2016.","url":"https://www.sans.org/blog/protecting-privileged-domain-accounts-psexec-deep-dive/","source":"MITRE","title":"Protecting Privileged Domain Accounts: PsExec Deep-Dive","authors":"Pilkington, M","date_accessed":"2016-08-17T00:00:00Z","date_published":"2012-12-17T00:00:00Z","owner_name":null,"tidal_id":"28c85101-7bcf-53de-9e0d-e7d008418893","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423520Z"},{"id":"48ce6b2c-57e7-4467-b0ea-3160ac46817e","name":"Docker Daemon Socket Protect","description":"Docker. (n.d.). Protect the Docker Daemon Socket. Retrieved March 29, 2021.","url":"https://docs.docker.com/engine/security/protect-access/","source":"MITRE","title":"Protect the Docker Daemon Socket","authors":"Docker","date_accessed":"2021-03-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b0fd38c1-0247-5ee7-894c-b68eb39d2ae0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440677Z"},{"id":"3642af0b-f14d-4860-a87c-fb57dc107a49","name":"Malwarebytes Emotet Dec 2017","description":"Smith, A.. (2017, December 22). Protect your network from Emotet Trojan with Malwarebytes Endpoint Security. Retrieved January 17, 2019.","url":"https://support.malwarebytes.com/docs/DOC-2295","source":"MITRE","title":"Protect your network from Emotet Trojan with Malwarebytes Endpoint Security","authors":"Smith, A.","date_accessed":"2019-01-17T00:00:00Z","date_published":"2017-12-22T00:00:00Z","owner_name":null,"tidal_id":"f5d630b9-f8e1-5c22-93a3-cc92eb26800b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417724Z"},{"id":"1f678111-dfa3-4c06-9359-816b9ca12cd0","name":"ProtocolHandler.exe - LOLBAS Project","description":"LOLBAS. (2022, July 24). ProtocolHandler.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/ProtocolHandler/","source":"Tidal Cyber","title":"ProtocolHandler.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-07-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e942d4c0-69ea-52fb-9608-367ac6f679fd","created":"2024-01-12T14:47:28.325881Z","modified":"2024-01-12T14:47:28.495112Z"},{"id":"9c43d646-9ac2-43b5-80b6-9e69dcb57617","name":"cybereason osx proton","description":"Amit Serper. (2018, May 10). ProtonB What this Mac Malware Actually Does. Retrieved March 19, 2018.","url":"https://www.cybereason.com/blog/labs-proton-b-what-this-mac-malware-actually-does","source":"MITRE","title":"ProtonB What this Mac Malware Actually Does","authors":"Amit Serper","date_accessed":"2018-03-19T00:00:00Z","date_published":"2018-05-10T00:00:00Z","owner_name":null,"tidal_id":"a7909a4f-5b77-5cac-9df7-f4cbb671e1ed","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425311Z"},{"id":"56a57369-4707-4dff-ad23-431109f24233","name":"Provlaunch.exe - LOLBAS Project","description":"LOLBAS. (2023, June 30). Provlaunch.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Provlaunch/","source":"Tidal Cyber","title":"Provlaunch.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2023-06-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"27376611-0504-5d11-a388-7ffcbe0ce311","created":"2024-01-12T14:46:55.081922Z","modified":"2024-01-12T14:46:55.306998Z"},{"id":"17f9b7b0-3e1a-5d75-9030-da79fcccdb49","name":"FBI Proxies Credential Stuffing","description":"FBI. (2022, August 18). Proxies and Configurations Used for Credential Stuffing Attacks on Online Customer Accounts . Retrieved July 6, 2023.","url":"https://www.ic3.gov/Media/News/2022/220818.pdf","source":"MITRE","title":"Proxies and Configurations Used for Credential Stuffing Attacks on Online Customer Accounts","authors":"FBI","date_accessed":"2023-07-06T00:00:00Z","date_published":"2022-08-18T00:00:00Z","owner_name":null,"tidal_id":"542e4105-f0e4-5acf-9b3e-8ad10b6417fd","created":"2023-11-07T00:35:56.640356Z","modified":"2025-12-17T15:08:36.423991Z"},{"id":"26562be2-cab6-5867-9a43-d8a59c663596","name":"Sysdig Proxyjacking","description":"Crystal Morin. (2023, April 4). Proxyjacking has Entered the Chat. Retrieved July 6, 2023.","url":"https://sysdig.com/blog/proxyjacking-attackers-log4j-exploited/","source":"MITRE","title":"Proxyjacking has Entered the Chat","authors":"Crystal Morin","date_accessed":"2023-07-06T00:00:00Z","date_published":"2023-04-04T00:00:00Z","owner_name":null,"tidal_id":"c36f2987-112a-52ac-bb1c-8c125eb8d20e","created":"2023-11-07T00:36:04.944950Z","modified":"2025-12-17T15:08:36.431220Z"},{"id":"fe6f3ee6-b0a4-4092-947b-48e02a9255c1","name":"Password Protected Word Docs","description":"Lawrence Abrams. (2017, July 12). PSA: Don't Open SPAM Containing Password Protected Word Docs. Retrieved January 5, 2022.","url":"https://www.bleepingcomputer.com/news/security/psa-dont-open-spam-containing-password-protected-word-docs/","source":"MITRE","title":"PSA: Don't Open SPAM Containing Password Protected Word Docs","authors":"Lawrence Abrams","date_accessed":"2022-01-05T00:00:00Z","date_published":"2017-07-12T00:00:00Z","owner_name":null,"tidal_id":"4bb840e0-5aaa-5e7e-8b26-20de415a0c59","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426321Z"},{"id":"929e37ed-c230-4517-a2ef-b7896bd3e4a2","name":"Github PSAttack","description":"Haight, J. (2016, April 21). PS>Attack. Retrieved September 27, 2024.","url":"https://github.com/Exploit-install/PSAttack-1","source":"MITRE","title":"PS>Attack","authors":"Haight, J","date_accessed":"2024-09-27T00:00:00Z","date_published":"2016-04-21T00:00:00Z","owner_name":null,"tidal_id":"8fc37e64-0305-5b62-b6d2-25820b899d1f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432828Z"},{"id":"d6216ce3-1e63-4bb1-b379-b530c8203a96","name":"PsExec Russinovich","description":"Russinovich, M. (2004, June 28). PsExec. Retrieved December 17, 2015.","url":"http://windowsitpro.com/systems-management/psexec","source":"MITRE","title":"PsExec","authors":"Russinovich, M","date_accessed":"2015-12-17T00:00:00Z","date_published":"2004-06-28T00:00:00Z","owner_name":null,"tidal_id":"c0ab450b-c004-5915-abe2-5dd90ee3f2a4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441105Z"},{"id":"824739ac-633a-40e0-bb01-2bfd43714d67","name":"SANS UAC Bypass","description":"Medin, T. (2013, August 8). PsExec UAC Bypass. Retrieved June 3, 2016.","url":"http://pen-testing.sans.org/blog/pen-testing/2013/08/08/psexec-uac-bypass","source":"MITRE","title":"PsExec UAC Bypass","authors":"Medin, T","date_accessed":"2016-06-03T00:00:00Z","date_published":"2013-08-08T00:00:00Z","owner_name":null,"tidal_id":"80d3dd53-8521-5682-b91b-5342eeb3ecc2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425233Z"},{"id":"ac3d5502-0ab9-446e-bf8c-22675f92f017","name":"GitHub PSPKIAudit","description":"HarmJ0y et al. (2021, June 16). PSPKIAudit. Retrieved August 2, 2022.","url":"https://github.com/GhostPack/PSPKIAudit","source":"MITRE","title":"PSPKIAudit","authors":"HarmJ0y et al","date_accessed":"2022-08-02T00:00:00Z","date_published":"2021-06-16T00:00:00Z","owner_name":null,"tidal_id":"df24a6ef-5fb8-5fb8-9385-177feae28e81","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442756Z"},{"id":"a00782cf-f6b2-4b63-9d8d-97efe17e11c0","name":"Psr.exe - LOLBAS Project","description":"LOLBAS. (2020, June 27). Psr.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Psr/","source":"Tidal Cyber","title":"Psr.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-06-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"73b3402c-2fad-5807-ac36-03f7bfc064a7","created":"2024-01-12T14:46:55.515306Z","modified":"2024-01-12T14:46:55.722253Z"},{"id":"c407645d-1109-49a7-a4c0-51ec9cd54c8d","name":"Microsoft PsSetCreateProcessNotifyRoutine routine","description":"Microsoft. (n.d.). PsSetCreateProcessNotifyRoutine routine. Retrieved December 20, 2017.","url":"https://msdn.microsoft.com/library/windows/hardware/ff559951.aspx","source":"MITRE","title":"PsSetCreateProcessNotifyRoutine routine","authors":"Microsoft","date_accessed":"2017-12-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"fd0a9d11-89e7-5c1d-890a-7a3949c2c7bb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431155Z"},{"id":"fc5e63e7-090a-441b-8e34-9946e1840b49","name":"PTRACE man","description":"Kerrisk, M. (2020, February 9). PTRACE(2) - Linux Programmer's Manual. Retrieved February 21, 2020.","url":"http://man7.org/linux/man-pages/man2/ptrace.2.html","source":"MITRE","title":"PTRACE(2) - Linux Programmer's Manual","authors":"Kerrisk, M","date_accessed":"2020-02-21T00:00:00Z","date_published":"2020-02-09T00:00:00Z","owner_name":null,"tidal_id":"15caff48-d58d-52c8-9ff0-9086854131de","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435988Z"},{"id":"1b7514e7-477d-44a2-acee-d1819066dee4","name":"Wikipedia Public Key Crypto","description":"Wikipedia. (2017, June 29). Public-key cryptography. Retrieved July 5, 2017.","url":"https://en.wikipedia.org/wiki/Public-key_cryptography","source":"MITRE","title":"Public-key cryptography","authors":"Wikipedia","date_accessed":"2017-07-05T00:00:00Z","date_published":"2017-06-29T00:00:00Z","owner_name":null,"tidal_id":"ba9deccc-ed8f-5142-a486-2633ceadf827","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429911Z"},{"id":"d1f699e3-7c9d-4a95-ad58-f46e665a4d37","name":"SingHealth Breach Jan 2019","description":"Committee of Inquiry into the Cyber Attack on SingHealth. (2019, January 10). Public Report of the Committee of Inquiry into the Cyber Attack on Singapore Health Services Private Limited's Patient Database. Retrieved June 29, 2020.","url":"https://www.mci.gov.sg/-/media/mcicorp/doc/report-of-the-coi-into-the-cyber-attack-on-singhealth-10-jan-2019.ashx","source":"MITRE","title":"Public Report of the Committee of Inquiry into the Cyber Attack on Singapore Health Services Private Limited's Patient Database","authors":"Committee of Inquiry into the Cyber Attack on SingHealth","date_accessed":"2020-06-29T00:00:00Z","date_published":"2019-01-10T00:00:00Z","owner_name":null,"tidal_id":"dc5d61da-7019-54e8-b55a-a8b9d006a5e0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433778Z"},{"id":"c845c67a-20ab-405c-95fe-2f667f83b886","name":"pubprn","description":"Jason Gerend. (2017, October 16). pubprn. Retrieved July 23, 2021.","url":"https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/pubprn","source":"MITRE","title":"pubprn","authors":"Jason Gerend","date_accessed":"2021-07-23T00:00:00Z","date_published":"2017-10-16T00:00:00Z","owner_name":null,"tidal_id":"39d91c16-f1b3-5c5e-9143-a5923bdb39bb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424345Z"},{"id":"d2b6b9fd-5f80-41c0-ac22-06b78c86a9e5","name":"Pubprn.vbs - LOLBAS Project","description":"LOLBAS. (2018, May 25). Pubprn.vbs. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Scripts/Pubprn/","source":"Tidal Cyber","title":"Pubprn.vbs","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ae21f7dc-563d-5cd9-bb67-5d37bdb0e247","created":"2024-01-12T14:47:38.259167Z","modified":"2024-01-12T14:47:38.615090Z"},{"id":"069ef9af-3402-4b13-8c60-b397b0b0bfd7","name":"PaloAlto EncodedCommand March 2017","description":"White, J. (2017, March 10). Pulling Back the Curtains on EncodedCommand PowerShell Attacks. Retrieved February 12, 2018.","url":"https://researchcenter.paloaltonetworks.com/2017/03/unit42-pulling-back-the-curtains-on-encodedcommand-powershell-attacks/","source":"MITRE","title":"Pulling Back the Curtains on EncodedCommand PowerShell Attacks","authors":"White, J","date_accessed":"2018-02-12T00:00:00Z","date_published":"2017-03-10T00:00:00Z","owner_name":null,"tidal_id":"ba4dfbd4-40ee-502a-abcb-a0619e3e0f0c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433684Z"},{"id":"e843eb47-21b0-44b9-8065-02aea0a0b05f","name":"Anomali Linux Rabbit 2018","description":"Anomali Labs. (2018, December 6). Pulling Linux Rabbit/Rabbot Malware Out of a Hat. Retrieved March 4, 2019.","url":"https://www.anomali.com/blog/pulling-linux-rabbit-rabbot-malware-out-of-a-hat","source":"MITRE","title":"Pulling Linux Rabbit/Rabbot Malware Out of a Hat","authors":"Anomali Labs","date_accessed":"2019-03-04T00:00:00Z","date_published":"2018-12-06T00:00:00Z","owner_name":null,"tidal_id":"cc2aedc2-b2a5-5627-92f5-2f1010743bc7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417029Z"},{"id":"ec413dc7-028c-4153-9e98-abe85961747f","name":"anomali-linux-rabbit","description":"Anomali Threat Research. (2018, December 6). Pulling Linux Rabbit/Rabbot Malware Out of a Hat. Retrieved December 17, 2020.","url":"https://www.anomali.com/blog/pulling-linux-rabbit-rabbot-malware-out-of-a-hat","source":"MITRE","title":"Pulling Linux Rabbit/Rabbot Malware Out of a Hat","authors":"Anomali Threat Research","date_accessed":"2020-12-17T00:00:00Z","date_published":"2018-12-06T00:00:00Z","owner_name":null,"tidal_id":"87390bbe-1c68-5cff-a98c-0605df6ea66f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417023Z"},{"id":"a16f89a4-5142-559b-acfa-f69ad9410bd2","name":"CrowdStrike PUNK SPIDER","description":"CrowdStrike. (n.d.). Punk Spider. Retrieved February 20, 2024.","url":"https://www.crowdstrike.com/adversaries/punk-spider/","source":"MITRE","title":"Punk Spider","authors":"CrowdStrike","date_accessed":"2024-02-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"35fcfaba-6675-5a89-a4f3-a1bfd8803084","created":"2024-04-25T13:28:44.355346Z","modified":"2025-12-17T15:08:36.438500Z"},{"id":"58b4eb62-4bdc-47fd-98b2-22dfff1b9dc3","name":"Menlo Security PureCrypter February 2023","description":"Abhay Yadav. (2023, February 23). PureCrypter targets government entities through Discord. Retrieved May 10, 2023.","url":"https://www.menlosecurity.com/blog/purecrypter-targets-government-entities-through-discord/","source":"Tidal Cyber","title":"PureCrypter targets government entities through Discord","authors":"Abhay Yadav","date_accessed":"2023-05-10T00:00:00Z","date_published":"2023-02-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"dfa09516-c8d3-5697-9623-05652bc417d8","created":"2024-06-13T20:10:22.011010Z","modified":"2024-06-13T20:10:22.204704Z"},{"id":"410920f2-8e0f-437b-928f-0a7b19a6b96e","name":"BleepingComputer Snowflake June 11 2024","description":"Sergiu Gatlan. (2024, June 11). Pure Storage confirms data breach after Snowflake account hack. Retrieved June 13, 2024.","url":"https://www.bleepingcomputer.com/news/security/pure-storage-confirms-data-breach-after-snowflake-account-hack/","source":"Tidal Cyber","title":"Pure Storage confirms data breach after Snowflake account hack","authors":"Sergiu Gatlan","date_accessed":"2024-06-13T00:00:00Z","date_published":"2024-06-11T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"27f252fb-e771-5705-904b-323e8cbd2219","created":"2024-06-13T20:11:07.563337Z","modified":"2024-06-13T20:11:07.746716Z"},{"id":"841f397d-d103-56d7-9854-7ce43c684879","name":"Free Trial PurpleUrchin","description":"Gamazo, William. Quist, Nathaniel.. (2023, January 5). PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources. Retrieved February 28, 2024.","url":"https://unit42.paloaltonetworks.com/purpleurchin-steals-cloud-resources/","source":"MITRE","title":"PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources","authors":"Gamazo, William. Quist, Nathaniel.","date_accessed":"2024-02-28T00:00:00Z","date_published":"2023-01-05T00:00:00Z","owner_name":null,"tidal_id":"c8532117-c47d-5346-8dc1-410ebb17da7f","created":"2024-04-25T13:28:29.090893Z","modified":"2025-12-17T15:08:36.423998Z"},{"id":"058d6e8e-7ab9-4151-97de-1778ac95e18d","name":"Cylance Putter Panda","description":"Gross, J. and Walter, J.. (2016, January 12). Puttering into the Future.... Retrieved November 17, 2024.","url":"https://blogs.blackberry.com/en/2016/01/puttering-into-the-future","source":"MITRE","title":"Puttering into the Future...","authors":"Gross, J. and Walter, J.","date_accessed":"2024-11-17T00:00:00Z","date_published":"2016-01-12T00:00:00Z","owner_name":null,"tidal_id":"d0261d24-82bd-51fe-91ca-888fbc1a1648","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439252Z"},{"id":"4a711970-870c-4710-9dbc-7cfebd2e315c","name":"Oddvar Moe ADS1 Jan 2018","description":"Moe, O. (2018, January 14). Putting Data in Alternate Data Streams and How to Execute It. Retrieved June 30, 2018.","url":"https://oddvar.moe/2018/01/14/putting-data-in-alternate-data-streams-and-how-to-execute-it/","source":"MITRE","title":"Putting Data in Alternate Data Streams and How to Execute It","authors":"Moe, O","date_accessed":"2018-06-30T00:00:00Z","date_published":"2018-01-14T00:00:00Z","owner_name":null,"tidal_id":"6b32bcc4-6093-5954-ab81-68f78294b3ac","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436431Z"},{"id":"b280f0c8-effe-45a4-a64a-a9a8b6ad2122","name":"Oddvar Moe ADS2 Apr 2018","description":"Moe, O. (2018, April 11). Putting Data in Alternate Data Streams and How to Execute It - Part 2. Retrieved June 30, 2018.","url":"https://oddvar.moe/2018/04/11/putting-data-in-alternate-data-streams-and-how-to-execute-it-part-2/","source":"MITRE","title":"Putting Data in Alternate Data Streams and How to Execute It - Part 2","authors":"Moe, O","date_accessed":"2018-06-30T00:00:00Z","date_published":"2018-04-11T00:00:00Z","owner_name":null,"tidal_id":"c343b44a-c26e-5f01-b850-e5cc81b4e2b6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436424Z"},{"id":"794331fb-f1f2-4aaa-aae8-d1c4c95fb00f","name":"Moran RDPieces","description":"Moran, B. (2020, November 18). Putting Together the RDPieces. Retrieved October 17, 2022.","url":"https://www.osdfcon.org/presentations/2020/Brian-Moran_Putting-Together-the-RDPieces.pdf","source":"MITRE","title":"Putting Together the RDPieces","authors":"Moran, B","date_accessed":"2022-10-17T00:00:00Z","date_published":"2020-11-18T00:00:00Z","owner_name":null,"tidal_id":"4db48b2a-0cf8-5d0b-a2c3-589a200cf7fd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427927Z"},{"id":"bf278270-128e-483b-9f09-ce24f5f6ed80","name":"PuTTY Download Page","description":"PuTTY. (n.d.). PuTTY Download Page. Retrieved November 16, 2023.","url":"https://www.putty.org/","source":"Tidal Cyber","title":"PuTTY Download Page","authors":"PuTTY","date_accessed":"2023-11-16T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"92160133-9ebc-5adc-9cd7-4fedbe35731b","created":"2023-11-17T17:09:17.410301Z","modified":"2023-11-17T17:09:17.524501Z"},{"id":"6a1a1ae1-a587-41f5-945f-011d6808e5b8","name":"Wikipedia pwdump","description":"Wikipedia. (2007, August 9). pwdump. Retrieved June 22, 2016.","url":"https://en.wikipedia.org/wiki/Pwdump","source":"MITRE","title":"pwdump","authors":"Wikipedia","date_accessed":"2016-06-22T00:00:00Z","date_published":"2007-08-09T00:00:00Z","owner_name":null,"tidal_id":"40e94b66-7df2-5c89-ba6e-a0c248aff80b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423198Z"},{"id":"c20fee50-12ea-55fc-a7d3-fc4245e6029b","name":"Meyer PyPI Supply Chain Attack Uncovered","description":"Darren Meyer. (2025, May 28). PyPI Supply Chain Attack Uncovered: Colorama and Colorizr Name Confusion. Retrieved September 24, 2025.","url":"https://checkmarx.com/zero-post/python-pypi-supply-chain-attack-colorama/","source":"MITRE","title":"PyPI Supply Chain Attack Uncovered: Colorama and Colorizr Name Confusion","authors":"Darren Meyer","date_accessed":"2025-09-24T00:00:00Z","date_published":"2025-05-28T00:00:00Z","owner_name":null,"tidal_id":"533f986e-2aeb-5928-bffe-88e184465702","created":"2025-10-29T21:08:48.165517Z","modified":"2025-12-17T15:08:36.425615Z"},{"id":"a00ae87e-6e64-4f1c-8639-adca436c217e","name":"DFIR Pysa Nov 2020","description":"THe DFIR Report. (2020, November 23). PYSA/Mespinoza Ransomware. Retrieved March 17, 2021.","url":"https://thedfirreport.com/2020/11/23/pysa-mespinoza-ransomware/","source":"MITRE","title":"PYSA/Mespinoza Ransomware","authors":"THe DFIR Report","date_accessed":"2021-03-17T00:00:00Z","date_published":"2020-11-23T00:00:00Z","owner_name":null,"tidal_id":"c04063fa-f04f-565a-b29a-acb2f75e9946","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420825Z"},{"id":"5a853dfb-d935-4d85-a5bf-0ab5279fd32e","name":"NHS Digital Pysa Oct 2020","description":"NHS Digital. (2020, October 10). Pysa Ransomware: Another 'big-game hunter' ransomware. Retrieved March 17, 2021.","url":"https://digital.nhs.uk/cyber-alerts/2020/cc-3633","source":"MITRE","title":"Pysa Ransomware: Another 'big-game hunter' ransomware","authors":"NHS Digital","date_accessed":"2021-03-17T00:00:00Z","date_published":"2020-10-10T00:00:00Z","owner_name":null,"tidal_id":"6f79eb24-557f-57c3-add7-a622951a5385","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420832Z"},{"id":"e3021488-2578-49a2-908a-13184997ff82","name":"Engage.morphisec.com December 09 2025","description":"None Identified. (2025, December 9). Pystorerat Threatanalysis.pdf. Retrieved January 12, 2026.","url":"https://engage.morphisec.com/hubfs/2025_PDFs/PyStoreRAT_ThreatAnalysis.pdf","source":"Tidal Cyber","title":"Pystorerat Threatanalysis.pdf","authors":"None Identified","date_accessed":"2026-01-12T12:00:00Z","date_published":"2025-12-09T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6d912336-0dec-504d-a35b-8f2f5073565b","created":"2026-01-14T13:29:43.940826Z","modified":"2026-01-14T13:29:44.082920Z"},{"id":"9036fac0-dca8-4956-b0b4-469801adad28","name":"oletools toolkit","description":"decalage2. (2019, December 3). python-oletools. Retrieved September 18, 2020.","url":"https://github.com/decalage2/oletools","source":"MITRE","title":"python-oletools","authors":"decalage2","date_accessed":"2020-09-18T00:00:00Z","date_published":"2019-12-03T00:00:00Z","owner_name":null,"tidal_id":"c7047b4d-3388-5e2d-a0f7-5d82ec634955","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434607Z"},{"id":"45e79c0e-a2f6-4b56-b621-4142756bd1b1","name":"GitHub PoshC2","description":"Nettitude. (2018, July 23). Python Server for PoshC2. Retrieved April 23, 2019.","url":"https://github.com/nettitude/PoshC2_Python","source":"MITRE","title":"Python Server for PoshC2","authors":"Nettitude","date_accessed":"2019-04-23T00:00:00Z","date_published":"2018-07-23T00:00:00Z","owner_name":null,"tidal_id":"65a6c286-6bc9-5ce4-9264-c1d481ca590b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422953Z"},{"id":"c061ce45-1452-4c11-9586-bd5eb2d718ab","name":"Trend Micro Qakbot December 2020","description":"Trend Micro. (2020, December 17). QAKBOT: A decade-old malware still with new tricks. Retrieved November 17, 2024.","url":"https://success.trendmicro.com/en-US/solution/KA-0011282","source":"MITRE","title":"QAKBOT: A decade-old malware still with new tricks","authors":"Trend Micro","date_accessed":"2024-11-17T00:00:00Z","date_published":"2020-12-17T00:00:00Z","owner_name":null,"tidal_id":"f80cc934-24d8-513b-a3fd-75eb41cb0f8e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422244Z"},{"id":"1baeac94-9168-4813-ab72-72e609250745","name":"Cyberint Qakbot May 2021","description":"Cyberint. (2021, May 25). Qakbot Banking Trojan. Retrieved September 27, 2021.","url":"https://blog.cyberint.com/qakbot-banking-trojan","source":"MITRE","title":"Qakbot Banking Trojan","authors":"Cyberint","date_accessed":"2021-09-27T00:00:00Z","date_published":"2021-05-25T00:00:00Z","owner_name":null,"tidal_id":"23e317cb-8d16-5193-88da-e54d87c9858f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439867Z"},{"id":"c07a87bd-be9d-5bd9-b59a-d89f0e835886","name":"TrellixQakbot","description":"Pham Duy Phuc, John Fokker J.E., Alejandro Houspanossian and Mathanraj Thangaraju. (2023, March 7). Qakbot Evolves to OneNote Malware Distribution. Retrieved August 1, 2024.","url":"https://www.trellix.com/blogs/research/qakbot-evolves-to-onenote-malware-distribution/","source":"MITRE","title":"Qakbot Evolves to OneNote Malware Distribution","authors":"Pham Duy Phuc, John Fokker J.E., Alejandro Houspanossian and Mathanraj Thangaraju","date_accessed":"2024-08-01T00:00:00Z","date_published":"2023-03-07T00:00:00Z","owner_name":null,"tidal_id":"88258245-04d8-5a53-af51-132dc04076ed","created":"2024-10-31T16:28:16.002116Z","modified":"2025-12-17T15:08:36.424264Z"},{"id":"0ffc4317-c88a-5c9b-9c13-cb8b2a8b65e6","name":"Trellix-Qakbot","description":"Pham Duy Phuc, John Fokker J.E., Alejandro Houspanossian and Mathanraj Thangaraju. (2023, March 7). Qakbot Evolves to OneNote Malware Distribution. Retrieved June 7, 2024.","url":"https://www.trellix.com/blogs/research/qakbot-evolves-to-onenote-malware-distribution/","source":"MITRE","title":"Qakbot Evolves to OneNote Malware Distribution","authors":"Pham Duy Phuc, John Fokker J.E., Alejandro Houspanossian and Mathanraj Thangaraju","date_accessed":"2024-06-07T00:00:00Z","date_published":"2023-03-07T00:00:00Z","owner_name":null,"tidal_id":"3d6ca90e-d5d6-5a01-b0c1-e3abde0b1dd9","created":"2024-10-31T16:28:23.426221Z","modified":"2025-12-17T15:08:36.432218Z"},{"id":"716960fd-c22d-42af-ba9b-295fee02657f","name":"Kroll Qakbot June 2020","description":"Sette, N. et al. (2020, June 4). Qakbot Malware Now Exfiltrating Emails for Sophisticated Thread Hijacking Attacks. Retrieved September 27, 2021.","url":"https://www.kroll.com/en/insights/publications/cyber/qakbot-malware-exfiltrating-emails-thread-hijacking-attacks","source":"MITRE","title":"Qakbot Malware Now Exfiltrating Emails for Sophisticated Thread Hijacking Attacks","authors":"Sette, N. et al","date_accessed":"2021-09-27T00:00:00Z","date_published":"2020-06-04T00:00:00Z","owner_name":null,"tidal_id":"dae139fc-bd7c-5856-9106-327f2ecae970","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441400Z"},{"id":"e2791c37-e149-43e7-b7c3-c91a6d1bc91e","name":"Trend Micro Qakbot May 2020","description":"Mendoza, E. et al. (2020, May 25). Qakbot Resurges, Spreads through VBS Files. Retrieved September 27, 2021.","url":"https://www.trendmicro.com/vinfo/ph/security/news/cybercrime-and-digital-threats/qakbot-resurges-spreads-through-vbs-files","source":"MITRE","title":"Qakbot Resurges, Spreads through VBS Files","authors":"Mendoza, E. et al","date_accessed":"2021-09-27T00:00:00Z","date_published":"2020-05-25T00:00:00Z","owner_name":null,"tidal_id":"22353a2f-7862-51e1-99d9-52eb1db35b94","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439963Z"},{"id":"5cb5e645-b77b-4bd1-a742-c8f53f234713","name":"K7 QakBot Returns January 4 2024","description":"Saikumaravel. (2024, January 4). Qakbot Returns. Retrieved January 24, 2024.","url":"https://labs.k7computing.com/index.php/qakbot-returns/","source":"Tidal Cyber","title":"Qakbot Returns","authors":"Saikumaravel","date_accessed":"2024-01-24T00:00:00Z","date_published":"2024-01-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7978e8be-879f-5db9-bcf1-89953ff41612","created":"2024-06-13T20:10:46.346469Z","modified":"2024-06-13T20:10:46.533188Z"},{"id":"f40cabe3-a324-4b4d-8e95-25c036dbd8b5","name":"Kaspersky QakBot September 2021","description":"Kuzmenko, A. et al. (2021, September 2). QakBot technical analysis. Retrieved September 27, 2021.","url":"https://securelist.com/qakbot-technical-analysis/103931/","source":"MITRE","title":"QakBot technical analysis","authors":"Kuzmenko, A. et al","date_accessed":"2021-09-27T00:00:00Z","date_published":"2021-09-02T00:00:00Z","owner_name":null,"tidal_id":"2344e1aa-e70e-5377-9312-f4ffef8b202f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422224Z"},{"id":"6e4960e7-ae5e-4b68-ac85-4bd84e940634","name":"Red Canary Qbot","description":"Rainey, K. (n.d.). Qbot. Retrieved September 27, 2021.","url":"https://redcanary.com/threat-detection-report/threats/qbot/","source":"MITRE","title":"Qbot","authors":"Rainey, K","date_accessed":"2021-09-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5d6f0690-0a8b-5d51-91e0-0f5a30e50239","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422237Z"},{"id":"b83aacf3-26b4-4913-85f2-95cbd1d08bcc","name":"ConnectWise LinkedIn September 25 2024","description":"ConnectWise. (2024, September 25). QDoor A New Backdoor Tool in Blacksuit's Arsenal. Retrieved April 14, 2025.","url":"https://www.linkedin.com/pulse/qdoor-new-backdoor-tool-blacksuits-arsenal-connectwise-uwvhc/","source":"Tidal Cyber","title":"QDoor A New Backdoor Tool in Blacksuit's Arsenal","authors":"ConnectWise","date_accessed":"2025-04-14T00:00:00Z","date_published":"2024-09-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b9163c4a-c6e5-584d-8fdb-fbc1e10e24f5","created":"2025-04-15T17:47:10.851232Z","modified":"2025-04-15T17:47:11.047213Z"},{"id":"04c49bb7-d96c-535c-8d91-ce27b01fcc3c","name":"Sophos Qilin MSP APR 2025","description":"Bradshaw, A. et al. (2025, April 1). Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream. Retrieved September 26, 2025.","url":"https://news.sophos.com/en-us/2025/04/01/sophos-mdr-tracks-ongoing-campaign-by-qilin-affiliates-targeting-screenconnect/","source":"MITRE","title":"Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream","authors":"Bradshaw, A. et al","date_accessed":"2025-09-26T00:00:00Z","date_published":"2025-04-01T00:00:00Z","owner_name":null,"tidal_id":"b5a17b9c-0e57-55f6-979b-39fdd424a006","created":"2025-10-29T21:08:48.165261Z","modified":"2025-12-17T15:08:36.422030Z"},{"id":"7066ca7e-03e9-4d3c-8d10-2a659c79c859","name":"Sophos News April 1 2025","description":"Anthony Bradshaw. (2025, April 1). Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream. Retrieved September 14, 2025.","url":"https://news.sophos.com/en-us/2025/04/01/sophos-mdr-tracks-ongoing-campaign-by-qilin-affiliates-targeting-screenconnect/","source":"Tidal Cyber","title":"Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream","authors":"Anthony Bradshaw","date_accessed":"2025-09-14T12:00:00Z","date_published":"2025-04-01T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4f6cf0db-339a-530a-823d-c32b3c64b251","created":"2025-09-15T19:13:24.317113Z","modified":"2025-09-15T19:13:24.731482Z"},{"id":"38d1f425-b986-5286-bbb9-5320ff15ef42","name":"HC3 Qilin Threat Profile JUN 2024","description":"Health Sector Cybersecurity Coordination Center. (2024, June 18). Qilin, aka Agenda Ransomware. Retrieved September 26, 2025.","url":"https://www.aha.org/system/files/media/file/2024/06/tlp-clear-hc3-threat-profile-qilin-aka-agenda-ransomware-6-18-2024.pdf","source":"MITRE","title":"Qilin, aka Agenda Ransomware","authors":"Health Sector Cybersecurity Coordination Center","date_accessed":"2025-09-26T00:00:00Z","date_published":"2024-06-18T00:00:00Z","owner_name":null,"tidal_id":"1cb5b005-7edc-53a0-b39b-30388d89c8a7","created":"2025-10-29T21:08:48.167341Z","modified":"2025-12-17T15:08:36.439652Z"},{"id":"30fc9cb9-0d58-4ab9-ac21-d6d02206c5d3","name":"Darktrace July 4 2024","description":"Alexandra Sentenac. (2024, July 4). Qilin RaaS Darktrace Detection Insights. Retrieved September 12, 2025.","url":"https://www.darktrace.com/blog/a-busy-agenda-darktraces-detection-of-qilin-ransomware-as-a-service-operator","source":"Tidal Cyber","title":"Qilin RaaS Darktrace Detection Insights","authors":"Alexandra Sentenac","date_accessed":"2025-09-12T12:00:00Z","date_published":"2024-07-04T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"eb9e1d9e-047c-521b-bd65-3ab61a8362c6","created":"2025-09-15T19:13:23.978798Z","modified":"2025-09-15T19:13:24.159609Z"},{"id":"bf5dffdc-1a18-49ed-bc81-493aff20661e","name":"Sophos News August 22 2024","description":"Lee Kirkpatrick. (2024, August 22). Qilin ransomware caught stealing credentials stored in Google Chrome. Retrieved September 12, 2025.","url":"https://news.sophos.com/en-us/2024/08/22/qilin-ransomware-caught-stealing-credentials-stored-in-google-chrome/","source":"Tidal Cyber","title":"Qilin ransomware caught stealing credentials stored in Google Chrome","authors":"Lee Kirkpatrick","date_accessed":"2025-09-12T12:00:00Z","date_published":"2024-08-22T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"13be1194-30d5-5698-85ec-3c3d233153fc","created":"2025-09-15T19:13:22.975253Z","modified":"2025-09-15T19:13:23.140419Z"},{"id":"efe72414-6e7e-42ad-8162-223558cb83cf","name":"Picus Security February 14 2025","description":"Sıla Özeren Hacıoğlu. (2025, February 14). Qilin Ransomware Exposing the TTPs Behind One of the Most Active Ransomware Campaigns of 2024. Retrieved September 12, 2025.","url":"https://www.picussecurity.com/resource/blog/qilin-ransomware","source":"Tidal Cyber","title":"Qilin Ransomware Exposing the TTPs Behind One of the Most Active Ransomware Campaigns of 2024","authors":"Sıla Özeren Hacıoğlu","date_accessed":"2025-09-12T12:00:00Z","date_published":"2025-02-14T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8caba32f-c5fe-55c8-9dac-03bcca87ad32","created":"2025-09-15T19:13:25.207950Z","modified":"2025-09-15T19:13:25.381750Z"},{"id":"dc16fcbb-7cf7-5861-a2a1-256dfafa28dc","name":"Picus Qilin MAR 2025","description":"Hacioglu, S. (2025, March 10). Qilin Ransomware: Exposing the TTPs Behind One of the Most Active Ransomware Campaigns of 2024. Retrieved September 26, 2025.","url":"https://www.picussecurity.com/resource/blog/qilin-ransomware","source":"MITRE","title":"Qilin Ransomware: Exposing the TTPs Behind One of the Most Active Ransomware Campaigns of 2024","authors":"Hacioglu, S","date_accessed":"2025-09-26T00:00:00Z","date_published":"2025-03-10T00:00:00Z","owner_name":null,"tidal_id":"0efefa9d-a52d-565c-85e9-4c20ff883da3","created":"2025-10-29T21:08:48.167403Z","modified":"2025-12-17T15:08:36.440171Z"},{"id":"4f9b515a-3dbf-4371-821e-8bd22856c3ab","name":"Group-IB Qilin Revisited July 17 2024","description":"Dmitry Volkov. (2024, July 17). Qilin Revisited: Diving into the techniques and procedures of the recent Qilin Ransomware Attacks. Retrieved September 12, 2025.","url":"https://www.group-ib.com/blog/qilin-revisited/","source":"Tidal Cyber","title":"Qilin Revisited: Diving into the techniques and procedures of the recent Qilin Ransomware Attacks","authors":"Dmitry Volkov","date_accessed":"2025-09-12T12:00:00Z","date_published":"2024-07-17T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"991453a3-1602-5fb2-8f0b-9f1b0a467401","created":"2025-09-15T19:13:22.654916Z","modified":"2025-09-15T19:13:22.821903Z"},{"id":"58df8729-ab42-55ee-a27d-655644bdeb0d","name":"qr-phish-agriculture","description":"Tim Bedard and Tyler Johnson. (2023, October 4). QR Code Scams & Phishing. Retrieved November 27, 2023.","url":"https://www.proofpoint.com/us/blog/email-and-cloud-threats/cybersecurity-stop-month-qr-code-phishing","source":"MITRE","title":"QR Code Scams & Phishing","authors":"Tim Bedard and Tyler Johnson","date_accessed":"2023-11-27T00:00:00Z","date_published":"2023-10-04T00:00:00Z","owner_name":null,"tidal_id":"86358ae8-e6d5-57b3-8f6b-189bc6c4da72","created":"2024-04-25T13:28:32.000830Z","modified":"2025-12-17T15:08:36.426892Z"},{"id":"2e28c754-911a-4f08-a7bd-4580f5283571","name":"The DFIR Report April 25 2022","description":"The DFIR Report. (2022, April 25). Quantum Ransomware. Retrieved June 28, 2024.","url":"https://thedfirreport.com/2022/04/25/quantum-ransomware/","source":"Tidal Cyber","title":"Quantum Ransomware","authors":"The DFIR Report","date_accessed":"2024-06-28T00:00:00Z","date_published":"2022-04-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"37cbf6f5-c047-54d6-a189-3537a25c5982","created":"2024-06-28T17:22:20.659754Z","modified":"2024-06-28T17:22:20.824049Z"},{"id":"7dffba82-5b07-5d93-86dd-d97a1ea865e7","name":"DFIR_Quantum_Ransomware","description":"DFIR. (2022, April 25). Quantum Ransomware. Retrieved July 26, 2024.","url":"https://thedfirreport.com/2022/04/25/quantum-ransomware/","source":"MITRE","title":"Quantum Ransomware","authors":"DFIR","date_accessed":"2024-07-26T00:00:00Z","date_published":"2022-04-25T00:00:00Z","owner_name":null,"tidal_id":"f9b66cbb-8c28-521d-8f9c-c6a20059b449","created":"2024-10-31T16:28:35.934014Z","modified":"2025-12-17T15:08:36.440458Z"},{"id":"7cce88cc-fbfb-43e1-a330-ac55bce9e394","name":"TheEclecticLightCompany Quarantine and the flag","description":"hoakley. (2020, October 29). Quarantine and the quarantine flag. Retrieved September 13, 2021.","url":"https://eclecticlight.co/2020/10/29/quarantine-and-the-quarantine-flag/","source":"MITRE","title":"Quarantine and the quarantine flag","authors":"hoakley","date_accessed":"2021-09-13T00:00:00Z","date_published":"2020-10-29T00:00:00Z","owner_name":null,"tidal_id":"ace05d7d-10b1-581c-9f31-ac3840f2e6e1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427282Z"},{"id":"18185ffd-8a66-4531-86de-4ba4dd9f675b","name":"Esentire July 31 2024","description":"Esentire Threat Response Unit. (2024, July 31). Quartet of Trouble XWorm, AsyncRAT, VenomRAT, and PureLogs Stealer…. Retrieved August 6, 2024.","url":"https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare","source":"Tidal Cyber","title":"Quartet of Trouble XWorm, AsyncRAT, VenomRAT, and PureLogs Stealer…","authors":"Esentire Threat Response Unit","date_accessed":"2024-08-06T00:00:00Z","date_published":"2024-07-31T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"89405811-57bb-5804-8138-2767c331f2b8","created":"2024-10-14T19:18:54.722874Z","modified":"2024-10-14T19:18:54.883160Z"},{"id":"c87e4427-af97-4e93-9596-ad5a588aa171","name":"GitHub QuasarRAT","description":"MaxXor. (n.d.). QuasarRAT. Retrieved July 10, 2018.","url":"https://github.com/quasar/QuasarRAT","source":"MITRE","title":"QuasarRAT","authors":"MaxXor","date_accessed":"2018-07-10T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9d23f476-ca81-54e8-953c-bab9dc00aa8d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423443Z"},{"id":"c19734df-a92f-4346-9446-2ff190873bd6","name":"Cado Security Ltd February 1 2024","description":"Nate Bill. (2024, February 1). Qubitstrike - An Emerging Malware Campaign Targeting Jupyter Notebooks. Retrieved March 10, 2025.","url":"https://www.cadosecurity.com/blog/qubitstrike-an-emerging-malware-campaign-targeting-jupyter-notebooks","source":"Tidal Cyber","title":"Qubitstrike - An Emerging Malware Campaign Targeting Jupyter Notebooks","authors":"Nate Bill","date_accessed":"2025-03-10T00:00:00Z","date_published":"2024-02-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3202c778-8828-5eb9-a9f1-8b63517e0d6a","created":"2025-03-10T18:05:48.241008Z","modified":"2025-03-10T18:05:48.464011Z"},{"id":"377292f2-4559-4ecc-a344-8719d0dde4d2","name":"Query.exe - LOLBAS Project","description":"LOLBAS. (2025, July 31). Query.exe. Retrieved December 30, 2025.","url":"https://lolbas-project.github.io/lolbas/Binaries/Query/","source":"Tidal Cyber","title":"Query.exe","authors":"LOLBAS","date_accessed":"2025-12-30T12:00:00Z","date_published":"2025-07-31T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4514d3ec-0e18-5903-bbcd-6ea8f1295857","created":"2026-01-06T18:03:30.429931Z","modified":"2026-01-06T18:03:30.573633Z"},{"id":"08ec9726-5a1d-4b2e-82d5-a5a9e7e917ae","name":"0DAY IN {REA_TEAM} Pikabot January 6 2024","description":"0DAY IN {REA_TEAM}. (2024, January 6). [QuickNote] Technical Analysis of recent Pikabot Core Module. Retrieved January 11, 2024.","url":"https://kienmanowar.wordpress.com/2024/01/06/quicknote-technical-analysis-of-recent-pikabot-core-module/","source":"Tidal Cyber","title":"[QuickNote] Technical Analysis of recent Pikabot Core Module","authors":"0DAY IN {REA_TEAM}","date_accessed":"2024-01-11T00:00:00Z","date_published":"2024-01-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b75853df-852e-5444-8a18-3ba6f58ed9a2","created":"2024-01-26T18:00:32.195661Z","modified":"2024-01-26T18:00:32.331620Z"},{"id":"1fee31b0-2d9c-4c02-b494-d3a6b80f12f3","name":"DidierStevens SelectMyParent Nov 2009","description":"Stevens, D. (2009, November 22). Quickpost: SelectMyParent or Playing With the Windows Process Tree. Retrieved June 3, 2019.","url":"https://blog.didierstevens.com/2009/11/22/quickpost-selectmyparent-or-playing-with-the-windows-process-tree/","source":"MITRE","title":"Quickpost: SelectMyParent or Playing With the Windows Process Tree","authors":"Stevens, D","date_accessed":"2019-06-03T00:00:00Z","date_published":"2009-11-22T00:00:00Z","owner_name":null,"tidal_id":"5b48053b-5cd5-51bc-8043-5e063026ac19","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432721Z"},{"id":"36a06c99-55ca-4163-9450-c3b84ae10039","name":"Microsoft - Azure AD App Registration - May 2019","description":"Microsoft. (2019, May 8). Quickstart: Register an application with the Microsoft identity platform. Retrieved September 12, 2019.","url":"https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app","source":"MITRE","title":"Quickstart: Register an application with the Microsoft identity platform","authors":"Microsoft","date_accessed":"2019-09-12T00:00:00Z","date_published":"2019-05-08T00:00:00Z","owner_name":null,"tidal_id":"bca93d8e-c6a7-5589-a15a-0c74f4438f39","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432336Z"},{"id":"8f076aae-38c0-5335-9f7a-1e29b90fc33f","name":"Microsoft Azure Key Vault","description":"Microsoft. (2023, January 13). Quickstart: Set and retrieve a secret from Azure Key Vault using Azure CLI. Retrieved September 25, 2023.","url":"https://learn.microsoft.com/en-us/azure/key-vault/secrets/quick-create-cli","source":"MITRE","title":"Quickstart: Set and retrieve a secret from Azure Key Vault using Azure CLI","authors":"Microsoft","date_accessed":"2023-09-25T00:00:00Z","date_published":"2023-01-13T00:00:00Z","owner_name":null,"tidal_id":"f3409dee-de19-5766-9479-f59587aa0ce8","created":"2023-11-07T00:36:07.916363Z","modified":"2025-12-17T15:08:36.434876Z"},{"id":"a470fe2a-40ce-4060-8dfc-2cdb56bbc18b","name":"Google Command Center Dashboard","description":"Google. (2019, October 3). Quickstart: Using the dashboard. Retrieved October 8, 2019.","url":"https://cloud.google.com/security-command-center/docs/quickstart-scc-dashboard","source":"MITRE","title":"Quickstart: Using the dashboard","authors":"Google","date_accessed":"2019-10-08T00:00:00Z","date_published":"2019-10-03T00:00:00Z","owner_name":null,"tidal_id":"b0127417-a5dc-5ece-9c48-d050b7e1c656","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435738Z"},{"id":"6afd89ba-2f51-4192-82b3-d961cc86adf1","name":"Trend Micro R980 2016","description":"Antazo, F. and Yambao, M. (2016, August 10). R980 Ransomware Found Abusing Disposable Email Address Service. Retrieved October 13, 2020.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/r980-ransomware-disposable-email-service/","source":"MITRE","title":"R980 Ransomware Found Abusing Disposable Email Address Service","authors":"Antazo, F. and Yambao, M","date_accessed":"2020-10-13T00:00:00Z","date_published":"2016-08-10T00:00:00Z","owner_name":null,"tidal_id":"e821b92c-8b45-5da1-80b3-0216856f504d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430453Z"},{"id":"a94268d8-6b7c-574b-a588-d8fd80c27fd3","name":"Costa AvosLocker May 2022","description":"Costa, F. (2022, May 1). RaaS AvosLocker Incident Response Analysis. Retrieved January 11, 2023.","url":"https://www.linkedin.com/pulse/raas-avoslocker-incident-response-analysis-fl%C3%A1vio-costa?trk=articles_directory","source":"MITRE","title":"RaaS AvosLocker Incident Response Analysis","authors":"Costa, F","date_accessed":"2023-01-11T00:00:00Z","date_published":"2022-05-01T00:00:00Z","owner_name":null,"tidal_id":"8b5e5e08-5781-581a-ac3c-eb6b2cc9acc1","created":"2023-05-26T01:21:11.449096Z","modified":"2025-12-17T15:08:36.438750Z"},{"id":"b53a4c5f-ef68-50a7-ae2d-192b3ace860c","name":"S2W Racoon 2022","description":"S2W TALON. (2022, June 16). Raccoon Stealer is Back with a New Version. Retrieved August 1, 2024.","url":"https://medium.com/s2wblog/raccoon-stealer-is-back-with-a-new-version-5f436e04b20d","source":"MITRE","title":"Raccoon Stealer is Back with a New Version","authors":"S2W TALON","date_accessed":"2024-08-01T00:00:00Z","date_published":"2022-06-16T00:00:00Z","owner_name":null,"tidal_id":"14132e68-8198-56f6-b115-c136d91d9525","created":"2024-10-31T16:28:34.247118Z","modified":"2025-12-17T15:08:36.421308Z"},{"id":"645bc346-747b-5b9b-984b-fa1057cf8eb1","name":"Sekoia Raccoon1 2022","description":"Quentin Bourgue, Pierre le Bourhis, & Sekoia TDR. (2022, June 28). Raccoon Stealer v2 - Part 1: The return of the dead. Retrieved August 1, 2024.","url":"https://blog.sekoia.io/raccoon-stealer-v2-part-1-the-return-of-the-dead/","source":"MITRE","title":"Raccoon Stealer v2 - Part 1: The return of the dead","authors":"Quentin Bourgue, Pierre le Bourhis, & Sekoia TDR","date_accessed":"2024-08-01T00:00:00Z","date_published":"2022-06-28T00:00:00Z","owner_name":null,"tidal_id":"ac344a26-235c-5ea9-bcb6-a84bfbbb71ba","created":"2024-10-31T16:28:34.239445Z","modified":"2025-12-17T15:08:36.421301Z"},{"id":"df0c9cbd-8692-497e-9f81-cf9e44a3a5cd","name":"Sekoia.io Raccoon Stealer June 28 2022","description":"Quentin Bourgue, Pierre Le Bourhis, Threat & Detection Research Team - TDR. (2022, June 28). Raccoon Stealer v2 – Part 1: The return of the dead. Retrieved November 16, 2023.","url":"https://blog.sekoia.io/raccoon-stealer-v2-part-1-the-return-of-the-dead/","source":"Tidal Cyber","title":"Raccoon Stealer v2 – Part 1: The return of the dead","authors":"Quentin Bourgue, Pierre Le Bourhis, Threat & Detection Research Team - TDR","date_accessed":"2023-11-16T00:00:00Z","date_published":"2022-06-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e472268c-bd53-55b9-9029-e705465e8582","created":"2023-11-17T17:09:17.622949Z","modified":"2023-11-17T17:09:17.715874Z"},{"id":"5d4cd7c6-62c1-5e0e-beda-a0575e7f1af5","name":"Sekoia Raccoon2 2022","description":"Pierre Le Bourhis, Quentin Bourgue, & Sekoia TDR. (2022, June 29). Raccoon Stealer v2 - Part 2: In-depth analysis. Retrieved August 1, 2024.","url":"https://blog.sekoia.io/raccoon-stealer-v2-part-2-in-depth-analysis/","source":"MITRE","title":"Raccoon Stealer v2 - Part 2: In-depth analysis","authors":"Pierre Le Bourhis, Quentin Bourgue, & Sekoia TDR","date_accessed":"2024-08-01T00:00:00Z","date_published":"2022-06-29T00:00:00Z","owner_name":null,"tidal_id":"0f586e9e-b136-5b19-a3a6-7aaf293237b8","created":"2024-10-31T16:28:36.359041Z","modified":"2025-12-17T15:08:36.440897Z"},{"id":"7dfdccd5-d035-4678-89c1-f5f1630d7a79","name":"DOJ Iran Indictments March 2018","description":"DOJ. (2018, March 23). U.S. v. Rafatnejad et al . Retrieved February 3, 2021.","url":"https://www.justice.gov/usao-sdny/press-release/file/1045781/download","source":"MITRE","title":"Rafatnejad et al","authors":"DOJ. (2018, March 23). U.S","date_accessed":"2021-02-03T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"fa8c9ebe-ea53-50d8-b65b-c698c1f28f74","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439476Z"},{"id":"09226672-fc83-411d-9c19-9bd8a7ef6ad1","name":"TEHTRIS June 27 2025","description":"Fabien Lefebvre. (2025, June 27). Rage Against the Powershell - Qilin in the Name - TEHTRIS. Retrieved October 26, 2025.","url":"https://tehtris.com/en/blog/rage-against-the-powershell-qilin-in-the-name/","source":"Tidal Cyber","title":"Rage Against the Powershell - Qilin in the Name - TEHTRIS","authors":"Fabien Lefebvre","date_accessed":"2025-10-26T12:00:00Z","date_published":"2025-06-27T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fc993925-02bd-5bfc-b73e-b609c97cbcfc","created":"2025-11-11T13:25:41.592328Z","modified":"2025-11-11T13:25:41.758676Z"},{"id":"4385949d-c5a2-5efe-9006-46ff3c10b2a9","name":"Petsas","description":"Thanasis Petsas, Giannis Voyatzis, Elias Athanasopoulos, Michalis Polychronakis, Sotiris Ioannidis. (2014, April). Rage Against the Virtual Machine: Hindering Dynamic Analysis of Android Malware. Retrieved December","url":"http://dl.acm.org/citation.cfm?id=2592796","source":"Mobile","title":"Rage Against the Virtual Machine: Hindering Dynamic Analysis of Android Malware","authors":"Thanasis Petsas, Giannis Voyatzis, Elias Athanasopoulos, Michalis Polychronakis, Sotiris Ioannidis","date_accessed":"1978-12-01T00:00:00Z","date_published":"2014-04-01T00:00:00Z","owner_name":null,"tidal_id":"98234f94-2078-50e1-985b-4a689ecf2b02","created":"2026-01-28T13:08:10.046182Z","modified":"2026-01-28T13:08:10.046185Z"},{"id":"04ed6dc0-45c2-4e36-8ec7-a75f6f715f0a","name":"Sophos Ragnar May 2020","description":"SophosLabs. (2020, May 21). Ragnar Locker ransomware deploys virtual machine to dodge security. Retrieved June 29, 2020.","url":"https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/","source":"MITRE","title":"Ragnar Locker ransomware deploys virtual machine to dodge security","authors":"SophosLabs","date_accessed":"2020-06-29T00:00:00Z","date_published":"2020-05-21T00:00:00Z","owner_name":null,"tidal_id":"21c4c3af-151d-5d7d-a063-9ff646c287c7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418665Z"},{"id":"69dca68b-f864-509a-ad1b-3c6fea0152f8","name":"SC Magazine Ragnar Locker 2021","description":"Joe Uchill. (2021, December 3). Ragnar Locker reminds breach victims it can read the on-network incident response chat rooms. Retrieved August 30, 2024.","url":"https://www.scmagazine.com/analysis/ragnar-locker-reminds-breach-victims-it-can-read-the-on-network-incident-response-chat-rooms","source":"MITRE","title":"Ragnar Locker reminds breach victims it can read the on-network incident response chat rooms","authors":"Joe Uchill","date_accessed":"2024-08-30T00:00:00Z","date_published":"2021-12-03T00:00:00Z","owner_name":null,"tidal_id":"fc71c1e5-d2f3-5b64-81d4-d97f858c3758","created":"2024-10-31T16:28:27.511038Z","modified":"2025-12-17T15:08:36.436727Z"},{"id":"321bba10-06c6-4c4f-a3e0-318561fa0fed","name":"GitHub Raindance","description":"Stringer, M.. (2018, November 21). RainDance. Retrieved October 6, 2019.","url":"https://github.com/True-Demon/raindance","source":"MITRE","title":"RainDance","authors":"Stringer, M.","date_accessed":"2019-10-06T00:00:00Z","date_published":"2018-11-21T00:00:00Z","owner_name":null,"tidal_id":"95b0c0a3-807e-57db-b081-1387031a6603","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425521Z"},{"id":"9185092d-3d99-466d-b885-f4e76fe74b6b","name":"Symantec RAINDROP January 2021","description":"Symantec Threat Hunter Team. (2021, January 18). Raindrop: New Malware Discovered in SolarWinds Investigation. Retrieved January 19, 2021.","url":"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-raindrop-malware","source":"MITRE","title":"Raindrop: New Malware Discovered in SolarWinds Investigation","authors":"Symantec Threat Hunter Team","date_accessed":"2021-01-19T00:00:00Z","date_published":"2021-01-18T00:00:00Z","owner_name":null,"tidal_id":"3b463adb-ac7c-5a8c-9574-15655767df81","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418518Z"},{"id":"4d14f459-c939-4120-b2e2-2a8a36b01e76","name":"Rakesh Krishnan Devman May 23 2025","description":"Rakesh Krishnan. (2025, May 23). Rakesh Krishnan Devman May 23 2025. Retrieved June 13, 2025.","url":"https://www.linkedin.com/posts/rakesh-krishnan-6179a94b_devman-ransomware-tor-activity-7330477306483838976-yV5K","source":"Tidal Cyber","title":"Rakesh Krishnan Devman May 23 2025","authors":"Rakesh Krishnan","date_accessed":"2025-06-13T12:00:00Z","date_published":"2025-05-23T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8f1628d9-7256-5ab7-addf-44987f1e1429","created":"2025-06-17T14:40:46.250932Z","modified":"2025-06-17T14:40:46.470667Z"},{"id":"09f43dcf-3af4-40cd-9dcb-6a9205fef52b","name":"None April 01 2025","description":"None Identified. (2025, April 1). Ralord Novo Grupo De Ransomware As A Service 1.pdf. Retrieved December 19, 2025.","url":"https://ish.com.br/wp-content/uploads/2025/04/RALord-Novo-grupo-de-Ransomware-as-a-Service-1.pdf","source":"Tidal Cyber","title":"Ralord Novo Grupo De Ransomware As A Service 1.pdf","authors":"None Identified","date_accessed":"2025-12-19T12:00:00Z","date_published":"2025-04-01T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c392cde6-b51d-570f-9b36-2808ac47aa50","created":"2025-12-24T14:56:02.718386Z","modified":"2025-12-24T14:56:02.910571Z"},{"id":"cad46e02-2e68-4347-be1c-7be910adee95","name":"Cyble April 17 2025","description":"Cyble. (2025, April 17). RALord Ransomware Group Threat Profile & Attack Tactics. Retrieved May 19, 2025.","url":"https://cyble.com/threat-actor-profiles/ralord-ransomware-group/","source":"Tidal Cyber","title":"RALord Ransomware Group Threat Profile & Attack Tactics","authors":"Cyble","date_accessed":"2025-05-19T00:00:00Z","date_published":"2025-04-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"655d11c7-3680-5bbf-9850-cb48eafa40c6","created":"2025-05-20T16:17:27.056260Z","modified":"2025-05-20T16:17:27.255808Z"},{"id":"3c149b0b-f37c-4d4e-aa61-351c87fd57ce","name":"Eset Ramsay May 2020","description":"Sanmillan, I.. (2020, May 13). Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks. Retrieved May 27, 2020.","url":"https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/","source":"MITRE","title":"Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks","authors":"Sanmillan, I.","date_accessed":"2020-05-27T00:00:00Z","date_published":"2020-05-13T00:00:00Z","owner_name":null,"tidal_id":"682244a0-43f1-5284-b058-ab1f58a9288f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421390Z"},{"id":"462b8752-aa21-50d1-a21d-c9945373f37c","name":"Rancor WMI","description":"Jen Miller-Osborn and Mike Harbison. (2019, December 17). Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia. Retrieved February 9, 2024.","url":"https://unit42.paloaltonetworks.com/rancor-cyber-espionage-group-uses-new-custom-malware-to-attack-southeast-asia/","source":"MITRE","title":"Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia","authors":"Jen Miller-Osborn and Mike Harbison","date_accessed":"2024-02-09T00:00:00Z","date_published":"2019-12-17T00:00:00Z","owner_name":null,"tidal_id":"38061faf-5421-5b15-885e-2baa860bcfc3","created":"2024-04-25T13:28:53.441857Z","modified":"2025-12-17T15:08:36.442777Z"},{"id":"45098a85-a61f-491a-a549-f62b02dc2ecd","name":"Rancor Unit42 June 2018","description":"Ash, B., et al. (2018, June 26). RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families. Retrieved July 2, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/","source":"MITRE, Tidal Cyber","title":"RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families","authors":"Ash, B., et al","date_accessed":"2018-07-02T00:00:00Z","date_published":"2018-06-26T00:00:00Z","owner_name":null,"tidal_id":"3e13880f-e4e1-5bd8-b0d3-94607868d45f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.257615Z"},{"id":"6443bbea-08c1-4b69-9eb3-c7b144a6079f","name":"BleepingComputer November 6 2020","description":"Lawrence Abrams. (2020, November 6). RansomExx ransomware also encrypts Linux systems. Retrieved December 19, 2024.","url":"https://www.bleepingcomputer.com/news/security/ransomexx-ransomware-also-encrypts-linux-systems/","source":"Tidal Cyber","title":"RansomExx ransomware also encrypts Linux systems","authors":"Lawrence Abrams","date_accessed":"2024-12-19T00:00:00Z","date_published":"2020-11-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f57095cf-fa89-5769-bef4-04c50b47cd8f","created":"2025-04-11T15:06:05.620407Z","modified":"2025-04-11T15:06:05.790732Z"},{"id":"2a116685-6e82-4b33-ab54-dd5714b6d007","name":"Kaspersky November 6 2020","description":"Fedor Sinitsyn. (2020, November 6). RansomEXX Trojan attacks Linux systems. Retrieved May 2, 2024.","url":"https://securelist.com/ransomexx-trojan-attacks-linux-systems/99279/","source":"Tidal Cyber","title":"RansomEXX Trojan attacks Linux systems","authors":"Fedor Sinitsyn","date_accessed":"2024-05-02T00:00:00Z","date_published":"2020-11-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ae105ae2-1a02-5a16-9c4b-6bc50be468d1","created":"2025-04-11T15:06:05.293468Z","modified":"2025-04-11T15:06:05.465410Z"},{"id":"47214846-49b2-44a1-a696-cca24d9caa56","name":"Trellix RansomHouse February 14 2024","description":"Pham Duy Phuc, Max Kersten, Noël Keijzer, Michaël Schrijver. (2024, February 14). RansomHouse am See. Retrieved December 12, 2024.","url":"https://www.trellix.com/blogs/research/ransomhouse-am-see/","source":"Tidal Cyber","title":"RansomHouse am See","authors":"Pham Duy Phuc, Max Kersten, Noël Keijzer, Michaël Schrijver","date_accessed":"2024-12-12T00:00:00Z","date_published":"2024-02-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2d7e5df7-7be5-5203-b0bd-53cc6457628d","created":"2025-04-11T15:06:02.791399Z","modified":"2025-04-11T15:06:02.949461Z"},{"id":"24ef15cc-1777-5be6-9729-dd16ce0c3729","name":"Trellix Rnasomhouse 2024","description":"Pham Duy Phuc, Max Kersten, Noël Keijzer, and Michaël Schrijver. (2024, February 14). RansomHouse am See. Retrieved March 26, 2025.","url":"https://www.trellix.com/en-au/blogs/research/ransomhouse-am-see/","source":"MITRE","title":"RansomHouse am See","authors":"Pham Duy Phuc, Max Kersten, Noël Keijzer, and Michaël Schrijver","date_accessed":"2025-03-26T00:00:00Z","date_published":"2024-02-14T00:00:00Z","owner_name":null,"tidal_id":"7d3f80cf-f30c-5cfc-85a8-b966b5dcb556","created":"2025-04-22T20:47:14.142239Z","modified":"2025-12-17T15:08:36.429587Z"},{"id":"2a0781ed-58f5-5843-b929-232517f3ec8c","name":"Group-IB RansomHub FEB 2025","description":"Alfano, V. et al. (2025, February 12). RansomHub Never Sleeps Episode 1: The evolution of modern ransomware. Retrieved March 17, 2025.","url":"https://www.group-ib.com/blog/ransomhub-never-sleeps-episode-1/","source":"MITRE","title":"RansomHub Never Sleeps Episode 1: The evolution of modern ransomware","authors":"Alfano, V. et al","date_accessed":"2025-03-17T00:00:00Z","date_published":"2025-02-12T00:00:00Z","owner_name":null,"tidal_id":"3f733f66-29e6-5795-8018-4a3a59a3425f","created":"2025-04-22T20:47:26.283293Z","modified":"2025-12-17T15:08:36.417110Z"},{"id":"3fa49490-cb22-4362-bf48-eaba9e83e6f5","name":"BroadcomSW June 5 2024","description":"Threat Hunter Team Symantec. (2024, June 5). RansomHub New Ransomware has Origins in Older Knight. Retrieved June 7, 2024.","url":"https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomhub-knight-ransomware","source":"Tidal Cyber","title":"RansomHub New Ransomware has Origins in Older Knight","authors":"Threat Hunter Team Symantec","date_accessed":"2024-06-07T00:00:00Z","date_published":"2024-06-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5159a960-e464-5d4b-8cf7-e52773683b71","created":"2024-06-13T20:11:05.349130Z","modified":"2024-06-13T20:11:05.535336Z"},{"id":"54e296c9-edcc-5af7-99be-b118da29711f","name":"FBI-ransomware","description":"FBI. (n.d.). Ransomware. Retrieved August 18, 2023.","url":"https://www.cisa.gov/sites/default/files/Ransomware_Trifold_e-version.pdf","source":"MITRE","title":"Ransomware","authors":"FBI","date_accessed":"2023-08-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6f9e0376-1b4b-5051-a62b-68fe41e47b61","created":"2023-11-07T00:36:05.509480Z","modified":"2025-12-17T15:08:36.432171Z"},{"id":"5f82878b-2258-5663-8694-efc3179c1849","name":"SentinelOne INC Ransomware","description":"SentinelOne. (n.d.). What Is Inc. Ransomware?. Retrieved June 5, 2024.","url":"https://www.sentinelone.com/anthology/inc-ransom/","source":"MITRE","title":"Ransomware?","authors":"SentinelOne. (n.d.)","date_accessed":"2024-06-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4435d266-0e65-5387-8a45-ea59a972f1f6","created":"2024-10-31T16:28:31.382241Z","modified":"2025-12-17T15:08:36.422375Z"},{"id":"eb767436-4a96-4e28-bd34-944842d7593e","name":"IBM Ransomware Trends September 2020","description":"Singleton, C. and Kiefer, C. (2020, September 28). Ransomware 2020: Attack Trends Affecting Organizations Worldwide. Retrieved September 20, 2021.","url":"https://securityintelligence.com/posts/ransomware-2020-attack-trends-new-techniques-affecting-organizations-worldwide/","source":"MITRE","title":"Ransomware 2020: Attack Trends Affecting Organizations Worldwide","authors":"Singleton, C. and Kiefer, C","date_accessed":"2021-09-20T00:00:00Z","date_published":"2020-09-28T00:00:00Z","owner_name":null,"tidal_id":"4d959710-5da5-569e-b545-ab2536653a4a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437408Z"},{"id":"984e86e6-32e4-493c-8172-3d29de4720cc","name":"DHS/CISA Ransomware Targeting Healthcare October 2020","description":"DHS/CISA. (2020, October 28). Ransomware Activity Targeting the Healthcare and Public Health Sector. Retrieved October 28, 2020.","url":"https://us-cert.cisa.gov/ncas/alerts/aa20-302a","source":"MITRE, Tidal Cyber","title":"Ransomware Activity Targeting the Healthcare and Public Health Sector","authors":"DHS/CISA","date_accessed":"2020-10-28T00:00:00Z","date_published":"2020-10-28T00:00:00Z","owner_name":null,"tidal_id":"a71f5afe-87ac-58f8-ad8a-5966c647eb5d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.277789Z"},{"id":"e096e1f4-6b62-4756-8811-f263cf1dcecc","name":"FBI Ransomware Tools November 7 2023","description":"Federal Bureau of Investigation. (2023, November 7). Ransomware Actors Continue to Gain Access through Third Parties and Legitimate System Tools. Retrieved June 28, 2024.","url":"https://www.aha.org/system/files/media/file/2023/11/bi-tlp-clear-pin-ransomware-actors-continue-to-gain-access-through-third-parties-and-legitimate-system-tools-11-7-23.pdf","source":"Tidal Cyber","title":"Ransomware Actors Continue to Gain Access through Third Parties and Legitimate System Tools","authors":"Federal Bureau of Investigation","date_accessed":"2024-06-28T00:00:00Z","date_published":"2023-11-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"743562ba-7848-55c4-aa8a-1e9e283e120e","created":"2024-06-28T17:22:18.076741Z","modified":"2024-06-28T17:22:18.307808Z"},{"id":"9ffa0f35-98e4-4265-8b66-9c805a2b6525","name":"FireEye Ransomware Disrupt Industrial Production","description":"Zafra, D. Lunden, K. Brubaker, N. Kennelly, J.. (2020, February 24). Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT. Retrieved February 9, 2021.","url":"https://www.fireeye.com/blog/threat-research/2020/02/ransomware-against-machine-learning-to-disrupt-industrial-production.html","source":"MITRE","title":"Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT","authors":"Zafra, D. Lunden, K. Brubaker, N. Kennelly, J.","date_accessed":"2021-02-09T00:00:00Z","date_published":"2020-02-24T00:00:00Z","owner_name":null,"tidal_id":"ffa2fed3-1b86-553f-b5b3-d6e123c4c4ae","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420399Z"},{"id":"44856547-2de5-45ff-898f-a523095bd593","name":"FireEye Ransomware Feb 2020","description":"Zafra, D., et al. (2020, February 24). Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT. Retrieved March 2, 2021.","url":"https://www.fireeye.com/blog/threat-research/2020/02/ransomware-against-machine-learning-to-disrupt-industrial-production.html","source":"MITRE","title":"Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT","authors":"Zafra, D., et al","date_accessed":"2021-03-02T00:00:00Z","date_published":"2020-02-24T00:00:00Z","owner_name":null,"tidal_id":"cfe0d38e-7795-5bb9-9f10-2654f561ad42","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416487Z"},{"id":"e4ea263d-f70e-4f9c-92a1-cb0e565a5ae9","name":"Check Point Pay2Key November 2020","description":"Check Point. (2020, November 6). Ransomware Alert: Pay2Key. Retrieved January 4, 2021.","url":"https://research.checkpoint.com/2020/ransomware-alert-pay2key/","source":"MITRE","title":"Ransomware Alert: Pay2Key","authors":"Check Point","date_accessed":"2021-01-04T00:00:00Z","date_published":"2020-11-06T00:00:00Z","owner_name":null,"tidal_id":"4ba6fe96-63c5-5f22-a15d-d9924f923d48","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419750Z"},{"id":"833018b5-6ef6-5327-9af5-1a551df25cd2","name":"Microsoft Ransomware as a Service","description":"Microsoft. (2022, May 9). Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself. Retrieved March 10, 2023.","url":"https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/","source":"MITRE","title":"Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself","authors":"Microsoft","date_accessed":"2023-03-10T00:00:00Z","date_published":"2022-05-09T00:00:00Z","owner_name":null,"tidal_id":"e89b3e4d-1656-576c-a15b-c34d3b75789d","created":"2023-05-26T01:21:09.928407Z","modified":"2025-12-17T15:08:36.418505Z"},{"id":"d0811fd4-e89d-4337-9bc1-a9a8774d44b1","name":"Sophos News August 14 2024","description":"Andreas Klopsch. (2024, August 14). Ransomware attackers introduce new EDR killer to their arsenal. Retrieved August 22, 2024.","url":"https://news.sophos.com/en-us/2024/08/14/edr-kill-shifter/","source":"Tidal Cyber","title":"Ransomware attackers introduce new EDR killer to their arsenal","authors":"Andreas Klopsch","date_accessed":"2024-08-22T00:00:00Z","date_published":"2024-08-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"737e025f-63e6-507a-bd1f-44178ffc87fc","created":"2024-08-23T18:41:47.690108Z","modified":"2024-08-23T18:41:48.074953Z"},{"id":"b4afa0fd-d86f-42c9-8a61-531a5c91b1db","name":"Cyble March 1 2023","description":"Cybleinc. (2023, March 1). Ransomware Attack on IL&FS. Retrieved January 1, 2024.","url":"https://blog.cyble.com/2023/03/01/ransomware-attack-on-ilfs/","source":"Tidal Cyber","title":"Ransomware Attack on IL&FS","authors":"Cybleinc","date_accessed":"2024-01-01T00:00:00Z","date_published":"2023-03-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4566003c-8db6-5aff-81cb-573563d25b48","created":"2025-04-11T15:06:20.560865Z","modified":"2025-04-11T15:06:20.712205Z"},{"id":"1c002ea3-0343-4fd6-a3f2-d681d00e7bd2","name":"The Register EDR Killers March 31 2025","description":"Jessica Lyons. (2025, March 31). Ransomware crews add 'EDR killers' to their arsenal – and some aren't even malware. Retrieved June 6, 2025.","url":"https://www.theregister.com/2025/03/31/ransomware_crews_edr_killers/","source":"Tidal Cyber","title":"Ransomware crews add 'EDR killers' to their arsenal – and some aren't even malware","authors":"Jessica Lyons","date_accessed":"2025-06-06T00:00:00Z","date_published":"2025-03-31T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"170990fa-dff7-5d3c-8940-5dc229ebc4c6","created":"2025-06-10T15:50:15.835004Z","modified":"2025-06-10T15:50:16.302420Z"},{"id":"47ec4fef-5558-4ba2-9f71-392152b12fd1","name":"Rapid7 Blog October 3 2024","description":"Rapid. (2024, October 3). Ransomware Groups Demystified CyberVolk Ransomware . Retrieved April 9, 2025.","url":"https://www.rapid7.com/blog/post/2024/10/03/ransomware-groups-demystified-cybervolk-ransomware/","source":"Tidal Cyber","title":"Ransomware Groups Demystified CyberVolk Ransomware","authors":"Rapid","date_accessed":"2025-04-09T00:00:00Z","date_published":"2024-10-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9e8f970e-fe7e-5db9-8fac-8b847dfa5ce5","created":"2025-04-11T15:33:24.079940Z","modified":"2025-04-11T15:33:24.270171Z"},{"id":"21d393ae-d135-4c5a-8c6d-1baa8c0a1e08","name":"Rapid7 Blog September 12 2024","description":"Rapid. (2024, September 12). Ransomware Groups Demystified Lynx Ransomware . Retrieved September 12, 2024.","url":"https://www.rapid7.com/blog/post/2024/09/12/ransomware-groups-demystified-lynx-ransomware/","source":"Tidal Cyber","title":"Ransomware Groups Demystified Lynx Ransomware","authors":"Rapid","date_accessed":"2024-09-12T00:00:00Z","date_published":"2024-09-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5043bc5f-1b4d-5e42-8616-35bc3513cce7","created":"2024-09-13T19:19:45.914000Z","modified":"2024-09-13T19:19:47.468548Z"},{"id":"334bff44-68e9-5042-aad7-9bb812e2e7bd","name":"CERT AT Fortinent Ransomware 2025","description":"CERT Austria. (2025, March 20). Ransomware-Gruppen nutzen weiterhin kritische Fortinet-Schwachstellen - Warnung vor gepatchten, aber bereits kompromittierten Geräten. Retrieved March 31, 2025.","url":"https://www.cert.at/de/warnungen/2025/3/ransomware-gruppen-nutzen-weiterhin-kritische-fortinet-schwachstellen-warnung-vor-gepatchten-aber-bereits-kompromittierten-geraten","source":"MITRE","title":"Ransomware-Gruppen nutzen weiterhin kritische Fortinet-Schwachstellen - Warnung vor gepatchten, aber bereits kompromittierten Geräten","authors":"CERT Austria","date_accessed":"2025-03-31T00:00:00Z","date_published":"2025-03-20T00:00:00Z","owner_name":null,"tidal_id":"6f7ef769-8449-56d0-89db-c2451e23e5a5","created":"2025-04-22T20:47:20.144447Z","modified":"2025-12-17T15:08:36.435561Z"},{"id":"ffa47884-4eef-445e-99e3-02f64cc2f7fc","name":"S-RM March 25 2025","description":"Lori Murphy. (2025, March 25). Ransomware in focus Meet NightSpire. Retrieved May 19, 2025.","url":"https://www.s-rminform.com/latest-thinking/ransomware-in-focus-meet-nightspire","source":"Tidal Cyber","title":"Ransomware in focus Meet NightSpire","authors":"Lori Murphy","date_accessed":"2025-05-19T00:00:00Z","date_published":"2025-03-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"65d975b5-bb6e-5261-ab5f-4bbd6ef7f93d","created":"2025-05-20T16:17:26.430882Z","modified":"2025-05-20T16:17:26.616295Z"},{"id":"5e2a0756-d8f6-4359-9ca3-1e96fb8b5ac9","name":"Www.invictus-ir.com 1 11 2024","description":"Www.invictus-ir.com. (2024, January 11). Ransomware in the cloud. Retrieved April 17, 2024.","url":"https://www.invictus-ir.com/news/ransomware-in-the-cloud","source":"Tidal Cyber","title":"Ransomware in the cloud","authors":"Www.invictus-ir.com","date_accessed":"2024-04-17T00:00:00Z","date_published":"2024-01-11T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"62d9e88a-3cb0-5088-a062-81ac78b82d0b","created":"2024-06-13T20:10:57.108666Z","modified":"2024-06-13T20:10:57.299807Z"},{"id":"5c22be5c-e906-454a-9de0-e051775a0b95","name":"www.invictus-ir.com 1 11 2024","description":"Www.invictus-ir.com. (2024, January 11). Ransomware in the cloud. Retrieved April 17, 2024.","url":"https://www.invictus-ir.com/news/ransomware-in-the-cloud","source":"Tidal Cyber","title":"Ransomware in the cloud","authors":"Www.invictus-ir.com","date_accessed":"2024-04-17T12:00:00Z","date_published":"2024-01-11T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0b983f53-5c28-5814-8432-7f8edf0b2a26","created":"2026-01-23T20:29:32.427190Z","modified":"2026-01-23T20:29:32.565368Z"},{"id":"2ff4aed1-88a0-5e19-8fe9-1ecf4604f245","name":"Invictus IR Cloud Ransomware 2024","description":"Invictus IR. (2024, January 11). Ransomware in the cloud. Retrieved August 5, 2024.","url":"https://www.invictus-ir.com/news/ransomware-in-the-cloud","source":"MITRE","title":"Ransomware in the cloud","authors":"Invictus IR","date_accessed":"2024-08-05T00:00:00Z","date_published":"2024-01-11T00:00:00Z","owner_name":null,"tidal_id":"3144aecb-f1f7-5326-8e2a-b793be4cbcdc","created":"2024-10-31T16:28:26.007705Z","modified":"2025-12-17T15:08:36.435085Z"},{"id":"d23216df-be77-59a0-9910-ab9bf54da6d7","name":"Palo Alto Cloud Ransomware","description":"Ofir Balassiano and Ofir Shaty. (2023, November 29). Ransomware in the Cloud: Breaking Down the Attack Vectors. Retrieved September 25, 2024.","url":"https://www.paloaltonetworks.com/blog/prisma-cloud/ransomware-data-protection-cloud/","source":"MITRE","title":"Ransomware in the Cloud: Breaking Down the Attack Vectors","authors":"Ofir Balassiano and Ofir Shaty","date_accessed":"2024-09-25T00:00:00Z","date_published":"2023-11-29T00:00:00Z","owner_name":null,"tidal_id":"b1fdef3e-816e-5564-896e-96880e238234","created":"2024-10-31T16:28:16.753661Z","modified":"2025-12-17T15:08:36.425000Z"},{"id":"49840002-47ee-4a77-9ceb-577752798dc0","name":"Cyble Safepay Devman June 3 2025","description":"Cybleinc. (2025, June 3). Ransomware Landscape May 2025: SafePay, DevMan Emerge as Major Threats. Retrieved June 13, 2025.","url":"https://cyble.com/blog/top-ransomware-groups-may-2025-safepay-devman-rise/","source":"Tidal Cyber","title":"Ransomware Landscape May 2025: SafePay, DevMan Emerge as Major Threats","authors":"Cybleinc","date_accessed":"2025-06-13T12:00:00Z","date_published":"2025-06-03T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"55cc15cc-3aed-5b31-8c01-ef1426424592","created":"2025-06-17T14:40:44.874196Z","modified":"2025-06-17T14:40:45.426264Z"},{"id":"627a14dd-5300-4f58-869c-0ec91ffb664e","name":"McAfee Maze March 2020","description":"Mundo, A. (2020, March 26). Ransomware Maze. Retrieved May 18, 2020.","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/","source":"MITRE","title":"Ransomware Maze","authors":"Mundo, A","date_accessed":"2020-05-18T00:00:00Z","date_published":"2020-03-26T00:00:00Z","owner_name":null,"tidal_id":"33c68664-5c88-51ae-ad58-c47851592336","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421852Z"},{"id":"eca1301f-deeb-4a97-8c4e-e61210706116","name":"Sophos SystemBC December 16 2020","description":"Sivagnanam Gn, Sean Gallagher. (2020, December 16). Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor. Retrieved September 21, 2023.","url":"https://news.sophos.com/en-us/2020/12/16/systembc/","source":"Tidal Cyber","title":"Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor","authors":"Sivagnanam Gn, Sean Gallagher","date_accessed":"2023-09-21T00:00:00Z","date_published":"2020-12-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"33f413e0-a68e-5d3a-b311-f6a1a2b2e780","created":"2023-09-22T15:01:25.240015Z","modified":"2023-09-22T15:01:25.376531Z"},{"id":"1396b02b-c5f7-4d18-9182-9a126f9731b5","name":"FortiGuard Labs Interlock November 29 2024","description":"Shunichi Imano, Fred Gutierrez. (2024, November 29). Ransomware Roundup - Interlock. Retrieved July 24, 2025.","url":"https://www.fortinet.com/blog/threat-research/ransomware-roundup-interlock","source":"Tidal Cyber","title":"Ransomware Roundup - Interlock","authors":"Shunichi Imano, Fred Gutierrez","date_accessed":"2025-07-24T12:00:00Z","date_published":"2024-11-29T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2cd1d10c-6462-5fe3-97bf-42e8c3b37fb4","created":"2025-07-24T19:09:36.297684Z","modified":"2025-07-24T19:09:36.803143Z"},{"id":"a3fa463f-dd2f-4d23-8834-c428d90ea09b","name":"Fortinet Play Ransomware December 22 2022","description":"Shunichi Imano, James Slaughter. (2022, December 22). Ransomware Roundup – Play. Retrieved August 10, 2023.","url":"https://www.fortinet.com/blog/threat-research/ransomware-roundup-play-ransomware","source":"Tidal Cyber","title":"Ransomware Roundup – Play","authors":"Shunichi Imano, James Slaughter","date_accessed":"2023-08-10T00:00:00Z","date_published":"2022-12-22T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ce0c133f-f07f-5bd4-bc22-f38f9bec272e","created":"2024-06-13T20:10:37.569361Z","modified":"2024-06-13T20:10:37.760943Z"},{"id":"8f45fb21-c6ad-4b97-b459-da96eb643069","name":"TrendMicro Akira October 5 2023","description":"Trend Micro Research. (2023, October 5). Ransomware Spotlight: Akira. Retrieved February 27, 2024.","url":"http:/www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-akira","source":"Tidal Cyber","title":"Ransomware Spotlight: Akira","authors":"Trend Micro Research","date_accessed":"2024-02-27T00:00:00Z","date_published":"2023-10-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"65b91c47-d951-588d-9bd9-36bb02a59311","created":"2024-04-04T20:38:52.225837Z","modified":"2024-04-04T20:38:52.383411Z"},{"id":"01fdc732-0951-59e2-afaf-5fe761357e7f","name":"Trend Micro AvosLocker Apr 2022","description":"Trend Micro Research. (2022, April 4). Ransomware Spotlight AvosLocker. Retrieved January 11, 2023.","url":"https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-avoslocker","source":"MITRE","title":"Ransomware Spotlight AvosLocker","authors":"Trend Micro Research","date_accessed":"2023-01-11T00:00:00Z","date_published":"2022-04-04T00:00:00Z","owner_name":null,"tidal_id":"25aa9b79-8c80-5611-a4f0-1dd468431133","created":"2023-05-26T01:21:15.315910Z","modified":"2025-12-17T15:08:36.416824Z"},{"id":"1f2942ab-e6a9-5a50-b266-3436c8c0b5ec","name":"Trend Micro Black Basta Spotlight September 2022","description":"Trend Micro. (2022, September 1). Ransomware Spotlight Black Basta. Retrieved March 8, 2023.","url":"https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackbasta","source":"MITRE","title":"Ransomware Spotlight Black Basta","authors":"Trend Micro","date_accessed":"2023-03-08T00:00:00Z","date_published":"2022-09-01T00:00:00Z","owner_name":null,"tidal_id":"52d21676-19f9-5985-a7f2-919ceb18ccf9","created":"2023-05-26T01:21:18.173837Z","modified":"2025-12-17T15:08:36.439746Z"},{"id":"94aef206-b4cb-4d91-9843-96cf50af157c","name":"Trend Micro BlackCat October 27 2022","description":"Trend Micro Research. (2022, October 27). Ransomware Spotlight: BlackCat. Retrieved March 5, 2024.","url":"https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackcat","source":"Tidal Cyber","title":"Ransomware Spotlight: BlackCat","authors":"Trend Micro Research","date_accessed":"2024-03-05T00:00:00Z","date_published":"2022-10-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"04333c1f-2643-5313-ba22-7a6d184f497a","created":"2024-03-07T21:00:43.286565Z","modified":"2024-03-07T21:00:43.472370Z"},{"id":"3dacc043-780d-46fc-b61b-4be1d1dbdbad","name":"None October 29 2025","description":"None Identified. (2025, October 29). Ransomware Spotlight: DragonForce | Trend Micro (US). Retrieved November 13, 2025.","url":"https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce","source":"Tidal Cyber","title":"Ransomware Spotlight: DragonForce | Trend Micro (US)","authors":"None Identified","date_accessed":"2025-11-13T12:00:00Z","date_published":"2025-10-29T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"83528cf5-bae2-52f0-9ad0-ad8aaf39caf6","created":"2025-11-19T17:44:51.112772Z","modified":"2025-11-19T17:44:51.251087Z"},{"id":"f72dade0-ec82-40e7-96a0-9f124d59bd35","name":"Trend Micro LockBit Spotlight February 08 2023","description":"Trend Micro Research. (2022, February 8). Ransomware Spotlight: LockBit. Retrieved August 18, 2023.","url":"https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-lockbit","source":"Tidal Cyber","title":"Ransomware Spotlight: LockBit","authors":"Trend Micro Research","date_accessed":"2023-08-18T00:00:00Z","date_published":"2022-02-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"385be7cf-1167-54b2-9635-3bc9a20878b1","created":"2023-08-18T18:56:15.181240Z","modified":"2023-08-18T18:56:15.331285Z"},{"id":"6cf9c6f0-7818-45dd-9afc-f69e394c23e4","name":"Trend Micro Play Spotlight July 21 2023","description":"Trend Micro Research. (2023, July 21). Ransomware Spotlight: Play. Retrieved August 10, 2023.","url":"https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-play","source":"Tidal Cyber","title":"Ransomware Spotlight: Play","authors":"Trend Micro Research","date_accessed":"2023-08-10T00:00:00Z","date_published":"2023-07-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a9de7c6e-9c7b-5940-a48c-e67ba2b87dc8","created":"2023-12-22T16:35:57.158082Z","modified":"2023-12-22T16:35:57.341931Z"},{"id":"399eac4c-5638-595c-9ee6-997dcd2d47c3","name":"Trend Micro Ransomware Spotlight Play July 2023","description":"Trend Micro Research. (2023, July 21). Ransomware Spotlight: Play. Retrieved September 24, 2024.","url":"https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-play","source":"MITRE","title":"Ransomware Spotlight: Play","authors":"Trend Micro Research","date_accessed":"2024-09-24T00:00:00Z","date_published":"2023-07-21T00:00:00Z","owner_name":null,"tidal_id":"a97c1aa9-cb29-5d87-824c-6adcbadec343","created":"2024-10-31T16:28:31.688969Z","modified":"2025-12-17T15:08:36.417441Z"},{"id":"0914ce86-86f2-4f17-af37-a0d4ca9ff615","name":"Trend Micro Royal Ransomware March 15 2023","description":"Trend Micro Research. (2023, March 15). Ransomware Spotlight: Royal. Retrieved October 11, 2024.","url":"https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-royal","source":"Tidal Cyber","title":"Ransomware Spotlight: Royal","authors":"Trend Micro Research","date_accessed":"2024-10-11T00:00:00Z","date_published":"2023-03-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"af1356e4-349b-5981-8827-899dc8c44f7d","created":"2024-10-14T19:18:53.083633Z","modified":"2024-10-14T19:18:53.429351Z"},{"id":"18d20965-f1f4-439f-a4a3-34437ad1fe14","name":"Group IB Ransomware May 2020","description":"Group IB. (2020, May). Ransomware Uncovered: Attackers’ Latest Methods. Retrieved August 5, 2020.","url":"https://www.group-ib.com/whitepapers/ransomware-uncovered.html","source":"MITRE","title":"Ransomware Uncovered: Attackers’ Latest Methods","authors":"Group IB","date_accessed":"2020-08-05T00:00:00Z","date_published":"2020-05-01T00:00:00Z","owner_name":null,"tidal_id":"9478f8db-6ff5-5c79-aaa9-6023d0a1ec5e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421027Z"},{"id":"62037959-58e4-475a-bb91-ff360d20c1d7","name":"GitHub ransomwatch","description":"joshhighet. (n.d.). ransomwatch. Retrieved June 30, 2023.","url":"https://github.com/joshhighet/ransomwatch","source":"Tidal Cyber","title":"ransomwatch","authors":"joshhighet","date_accessed":"2023-06-30T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"a4291819-4a1c-5e24-8632-2196d2741f8b","created":"2023-08-18T18:56:15.457840Z","modified":"2023-08-18T18:56:15.581482Z"},{"id":"af4a38bc-32d5-5eab-a13a-0f3533beedb1","name":"Microsoft PlayCrypt August 2022","description":"Microsoft Security Intelligence. (2022, August 27). Ransom:Win32/PlayCrypt.PA. Retrieved September 24, 2024.","url":"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/PlayCrypt.PA&ThreatID=2147830341","source":"MITRE","title":"Ransom:Win32/PlayCrypt.PA","authors":"Microsoft Security Intelligence","date_accessed":"2024-09-24T00:00:00Z","date_published":"2022-08-27T00:00:00Z","owner_name":null,"tidal_id":"2b4d4b7a-f9e2-5ef5-8c4f-be8c7cff927b","created":"2024-10-31T16:28:32.449139Z","modified":"2025-12-17T15:08:36.417433Z"},{"id":"e40d1cc8-b8c7-4f43-b6a7-c50a4f7bf1f0","name":"PyPI RAR","description":"mkz. (2020). rarfile 3.1. Retrieved February 20, 2020.","url":"https://pypi.org/project/rarfile/","source":"MITRE","title":"rarfile 3.1","authors":"mkz","date_accessed":"2020-02-20T00:00:00Z","date_published":"2020-01-01T00:00:00Z","owner_name":null,"tidal_id":"f080914d-147d-517e-9af7-130ba7943b58","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428530Z"},{"id":"c1334e4f-67c8-451f-b50a-86003f6e3d3b","name":"WinRAR Homepage","description":"A. Roshal. (2020). RARLAB. Retrieved February 20, 2020.","url":"https://www.rarlab.com/","source":"MITRE","title":"RARLAB","authors":"A. Roshal","date_accessed":"2020-02-20T00:00:00Z","date_published":"2020-01-01T00:00:00Z","owner_name":null,"tidal_id":"04acf6a3-31ed-5ec1-8dd7-4b24bf84a780","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423660Z"},{"id":"2327592e-4e8a-481e-bdf9-d548c776adee","name":"Aquino RARSTONE","description":"Aquino, M. (2013, June 13). RARSTONE Found In Targeted Attacks. Retrieved December 17, 2015.","url":"http://blog.trendmicro.com/trendlabs-security-intelligence/rarstone-found-in-targeted-attacks/","source":"MITRE","title":"RARSTONE Found In Targeted Attacks","authors":"Aquino, M","date_accessed":"2015-12-17T00:00:00Z","date_published":"2013-06-13T00:00:00Z","owner_name":null,"tidal_id":"6ebd0dc9-55e5-5f38-b812-39275145e900","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420197Z"},{"id":"dc299f7a-403b-4a22-9386-0be3e160d185","name":"Rasautou.exe - LOLBAS Project","description":"LOLBAS. (2020, January 10). Rasautou.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Rasautou/","source":"Tidal Cyber","title":"Rasautou.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-01-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a0c47643-de28-5c23-b063-8803cb61b33a","created":"2024-01-12T14:46:55.915571Z","modified":"2024-01-12T14:46:56.099613Z"},{"id":"fb04d89a-3f39-48be-b986-9c4eac4dd8a4","name":"Red Canary Raspberry Robin May 2022","description":"Lauren Podber, Stef Rand. (2022, May 5). Raspberry Robin gets the worm early. Retrieved May 19, 2023.","url":"https://redcanary.com/blog/raspberry-robin/","source":"Tidal Cyber","title":"Raspberry Robin gets the worm early","authors":"Lauren Podber, Stef Rand","date_accessed":"2023-05-19T00:00:00Z","date_published":"2022-05-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ff7bc39c-99fd-5588-a90e-028f446d1e28","created":"2023-07-14T12:56:31.037365Z","modified":"2023-07-14T12:56:31.164550Z"},{"id":"ca6aa417-3da7-5173-818c-c539983033b5","name":"RedCanary RaspberryRobin 2022","description":"Lauren Podber and Stef Rand. (2022, May 5). Raspberry Robin gets the worm early. Retrieved May 17, 2024.","url":"https://redcanary.com/blog/threat-intelligence/raspberry-robin/","source":"MITRE","title":"Raspberry Robin gets the worm early","authors":"Lauren Podber and Stef Rand","date_accessed":"2024-05-17T00:00:00Z","date_published":"2022-05-05T00:00:00Z","owner_name":null,"tidal_id":"f279390a-dfc5-5bc0-bdc4-b85db4c7a86b","created":"2024-10-31T16:28:32.866641Z","modified":"2025-12-17T15:08:36.418419Z"},{"id":"b454f50a-57fe-56f2-a8c0-ae1ab65fa945","name":"TrendMicro RaspberryRobin 2022","description":"Christopher So. (2022, December 20). Raspberry Robin Malware Targets Telecom, Governments. Retrieved May 17, 2024.","url":"https://www.trendmicro.com/en_us/research/22/l/raspberry-robin-malware-targets-telecom-governments.html","source":"MITRE","title":"Raspberry Robin Malware Targets Telecom, Governments","authors":"Christopher So","date_accessed":"2024-05-17T00:00:00Z","date_published":"2022-12-20T00:00:00Z","owner_name":null,"tidal_id":"43b40688-4ba1-55d2-9f3d-015771970251","created":"2024-10-31T16:28:32.851873Z","modified":"2025-12-17T15:08:36.418406Z"},{"id":"f01c041a-f8f5-51de-ab2f-1f513bf6d38c","name":"HP RaspberryRobin 2024","description":"Patrick Schläpfer . (2024, April 10). Raspberry Robin Now Spreading Through Windows Script Files. Retrieved May 17, 2024.","url":"https://threatresearch.ext.hp.com/raspberry-robin-now-spreading-through-windows-script-files/","source":"MITRE","title":"Raspberry Robin Now Spreading Through Windows Script Files","authors":"Patrick Schläpfer","date_accessed":"2024-05-17T00:00:00Z","date_published":"2024-04-10T00:00:00Z","owner_name":null,"tidal_id":"69f17323-7cf9-54ce-8253-b652a766aba6","created":"2024-10-31T16:28:32.888902Z","modified":"2025-12-17T15:08:36.418433Z"},{"id":"3ebeefee-42cd-5130-8d6b-d0520d8bb8c2","name":"Avast RaspberryRobin 2022","description":"Jan Vojtěšek. (2022, September 22). Raspberry Robin’s Roshtyak: A Little Lesson in Trickery. Retrieved May 17, 2024.","url":"https://decoded.avast.io/janvojtesek/raspberry-robins-roshtyak-a-little-lesson-in-trickery/","source":"MITRE","title":"Raspberry Robin’s Roshtyak: A Little Lesson in Trickery","authors":"Jan Vojtěšek","date_accessed":"2024-05-17T00:00:00Z","date_published":"2022-09-22T00:00:00Z","owner_name":null,"tidal_id":"6ab26fd5-f937-5f95-83e7-df5b5f6cc172","created":"2024-10-31T16:28:32.859412Z","modified":"2025-12-17T15:08:36.418413Z"},{"id":"8017e42a-8373-4d24-8d89-638a925b704b","name":"Microsoft Security Raspberry Robin October 2022","description":"Microsoft Threat Intelligence. (2022, October 27). Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity. Retrieved May 19, 2023.","url":"https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/","source":"Tidal Cyber","title":"Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity","authors":"Microsoft Threat Intelligence","date_accessed":"2023-05-19T00:00:00Z","date_published":"2022-10-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"065f1664-2264-543f-8c04-c5a4c3320a4e","created":"2023-07-14T12:56:31.265738Z","modified":"2023-07-14T12:56:31.377580Z"},{"id":"fe2dd68c-6e25-5fae-bc57-3a072ecf4f72","name":"Microsoft RaspberryRobin 2022","description":"Microsoft Threat Intelligence. (2022, October 27). Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity. Retrieved May 17, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/","source":"MITRE","title":"Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity","authors":"Microsoft Threat Intelligence","date_accessed":"2024-05-17T00:00:00Z","date_published":"2022-10-27T00:00:00Z","owner_name":null,"tidal_id":"fea935ae-3700-5297-940e-6102df062004","created":"2024-10-31T16:28:32.873600Z","modified":"2025-12-17T15:08:36.418426Z"},{"id":"bf4ccd52-0a03-41b6-bde7-34ead90171c3","name":"Dragos Raspite Aug 2018","description":"Dragos, Inc. (2018, August 2). RASPITE. Retrieved November 26, 2018.","url":"https://www.dragos.com/blog/20180802Raspite.html","source":"MITRE","title":"RASPITE","authors":"Dragos, Inc","date_accessed":"2018-11-26T00:00:00Z","date_published":"2018-08-02T00:00:00Z","owner_name":null,"tidal_id":"35d9b668-e612-552e-a67d-bcefc65f59af","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438032Z"},{"id":"7d08ec64-7fb8-4520-b26b-95b0dee891fe","name":"RATANKBA","description":"Trend Micro. (2017, February 27). RATANKBA: Delving into Large-scale Watering Holes against Enterprises. Retrieved May 22, 2018.","url":"https://www.trendmicro.com/en_us/research/17/b/ratankba-watering-holes-against-enterprises.html","source":"MITRE","title":"RATANKBA: Delving into Large-scale Watering Holes against Enterprises","authors":"Trend Micro","date_accessed":"2018-05-22T00:00:00Z","date_published":"2017-02-27T00:00:00Z","owner_name":null,"tidal_id":"0cf78605-a179-5374-a642-884f9a9e3c63","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420686Z"},{"id":"e483ed86-713b-42c6-ad77-e9b889bbcb81","name":"TrendMicro RawPOS April 2015","description":"TrendLabs Security Intelligence Blog. (2015, April). RawPOS Technical Brief. Retrieved October 4, 2017.","url":"http://sjc1-te-ftp.trendmicro.com/images/tex/pdf/RawPOS%20Technical%20Brief.pdf","source":"MITRE","title":"RawPOS Technical Brief","authors":"TrendLabs Security Intelligence Blog","date_accessed":"2017-10-04T00:00:00Z","date_published":"2015-04-01T00:00:00Z","owner_name":null,"tidal_id":"86ee35de-e53a-5a75-a17f-57c5a6820ccf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420566Z"},{"id":"3c7824de-d958-4254-beec-bc4e5ab989b0","name":"Rclone","description":"Nick Craig-Wood. (n.d.). Rclone syncs your files to cloud storage. Retrieved August 30, 2022.","url":"https://rclone.org","source":"MITRE","title":"Rclone syncs your files to cloud storage","authors":"Nick Craig-Wood","date_accessed":"2022-08-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2a4b3909-7067-5705-917c-688675dad105","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422987Z"},{"id":"d47e5f7c-cf70-4f7c-ac83-57e4e1187485","name":"Rclone Wars","description":"Justin Schoenfeld and Aaron Didier. (2021, May 4). Rclone Wars: Transferring leverage in a ransomware attack. Retrieved August 30, 2022.","url":"https://redcanary.com/blog/rclone-mega-extortion/","source":"MITRE","title":"Rclone Wars: Transferring leverage in a ransomware attack","authors":"Justin Schoenfeld and Aaron Didier","date_accessed":"2022-08-30T00:00:00Z","date_published":"2021-05-04T00:00:00Z","owner_name":null,"tidal_id":"1eefed42-9218-5961-868d-3d36ab67acd7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422981Z"},{"id":"dc02058a-7ed3-4253-a976-6f99b9e91406","name":"rcsi.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). rcsi.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Rcsi/","source":"Tidal Cyber","title":"rcsi.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bd22e2a5-87e7-59fd-acf0-0ed18a51f10e","created":"2024-01-12T14:47:28.683071Z","modified":"2024-01-12T14:47:28.854575Z"},{"id":"0a615508-c155-4004-86b8-916bbfd8ae42","name":"RDP Hijacking Medium","description":"Beaumont, K. (2017, March 19). RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an organisation. Retrieved December 11, 2017.","url":"https://medium.com/@networksecurity/rdp-hijacking-how-to-hijack-rds-and-remoteapp-sessions-transparently-to-move-through-an-da2a1e73a5f6","source":"MITRE","title":"RDP hijacking — how to hijack RDS and RemoteApp sessions transparently to move through an organisation","authors":"Beaumont, K","date_accessed":"2017-12-11T00:00:00Z","date_published":"2017-03-19T00:00:00Z","owner_name":null,"tidal_id":"ec23b07e-7565-5adc-a65f-2f5bb8654027","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429488Z"},{"id":"777a0a6f-3684-4888-ae1b-adc386be763a","name":"RDPWrap Github","description":"Stas'M Corp. (2014, October 22). RDP Wrapper Library by Stas'M. Retrieved March 28, 2022.","url":"https://github.com/stascorp/rdpwrap","source":"MITRE","title":"RDP Wrapper Library by Stas'M","authors":"Stas'M Corp","date_accessed":"2022-03-28T00:00:00Z","date_published":"2014-10-22T00:00:00Z","owner_name":null,"tidal_id":"982e4db2-a5e6-59d6-9f52-57fd70aee416","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427736Z"},{"id":"1feff728-2230-4a45-bd64-6093f8b42646","name":"rdrleakdiag.exe - LOLBAS Project","description":"LOLBAS. (2022, May 18). rdrleakdiag.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Rdrleakdiag/","source":"Tidal Cyber","title":"rdrleakdiag.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-05-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c45f827f-6ded-5fe8-908c-b373f13ca3b0","created":"2024-01-12T14:46:56.282587Z","modified":"2024-01-12T14:46:56.459402Z"},{"id":"1ebae9fa-bab1-4a26-8d49-ae6778fdf094","name":"blog.vincss.net 1 13 2021","description":"Yến Hứa. (2021, January 13). [RE019] From A to X analyzing some real cases which used recent Emotet samples. Retrieved February 27, 2024.","url":"https://blog.vincss.net/re019-from-a-to-x-analyzing-some-real-cases-which-used-recent-emotet-samples/","source":"Tidal Cyber","title":"[RE019] From A to X analyzing some real cases which used recent Emotet samples","authors":"Yến Hứa","date_accessed":"2024-02-27T00:00:00Z","date_published":"2021-01-13T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"198c566f-dfe0-548f-934d-658a751cccd3","created":"2024-06-13T20:10:52.010858Z","modified":"2024-06-13T20:10:52.207609Z"},{"id":"4b67e021-f0d9-43c8-91aa-ae84c14e85db","name":"BleepingComputer React2Shell December 07 2025","description":"Lawrence Abrams. (2025, December 7). React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable. Retrieved December 6, 2025.","url":"https://www.bleepingcomputer.com/news/security/react2shell-flaw-exploited-to-breach-30-orgs-77k-ip-addresses-vulnerable/","source":"Tidal Cyber","title":"React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable","authors":"Lawrence Abrams","date_accessed":"2025-12-06T12:00:00Z","date_published":"2025-12-07T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"27fc11e7-5cb9-565c-8d3d-fa2df4011b31","created":"2025-12-10T14:13:48.167730Z","modified":"2025-12-10T14:13:48.322172Z"},{"id":"86e08e0a-7bad-46fd-873f-07ca80486de8","name":"S-RM React2Shell December 16 2025","description":"James Tytler. (2025, December 16). React2Shell used as initial access vector for Weaxor ransomware deployment. Retrieved December 24, 2025.","url":"https://www.s-rminform.com/latest-thinking/react2shell-used-as-initial-access-vector-for-weaxor-ransomware-deployment","source":"Tidal Cyber","title":"React2Shell used as initial access vector for Weaxor ransomware deployment","authors":"James Tytler","date_accessed":"2025-12-24T12:00:00Z","date_published":"2025-12-16T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3e3c36a2-9b73-5251-b432-ca5df203384e","created":"2026-01-14T13:29:39.743416Z","modified":"2026-01-14T13:29:39.968460Z"},{"id":"51c3ec28-7ff0-4266-9d22-eb13ed6c487d","name":"VulnCheck December 08 2025","description":"None Identified. (2025, December 8). Reacting to Shells: React2Shell Variants & the CVE-2025-55182 Exploit Ecosystem | Blog | VulnCheck. Retrieved December 15, 2025.","url":"https://www.vulncheck.com/blog/reacting-to-shells-react2shell-variants-ecosystem","source":"Tidal Cyber","title":"Reacting to Shells: React2Shell Variants & the CVE-2025-55182 Exploit Ecosystem | Blog | VulnCheck","authors":"None Identified","date_accessed":"2025-12-15T12:00:00Z","date_published":"2025-12-08T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"58e1b632-a23b-5bf2-b884-eb782c6a4c72","created":"2025-12-17T14:17:40.960878Z","modified":"2025-12-17T14:17:41.104581Z"},{"id":"ab2cced7-05b8-4788-8d3c-8eadb0aaf38c","name":"ESET RTM Feb 2017","description":"Faou, M. and Boutin, J. (2017, February). Read The Manual: A Guide to the RTM Banking Trojan. Retrieved March 9, 2017.","url":"https://www.welivesecurity.com/wp-content/uploads/2017/02/Read-The-Manual.pdf","source":"MITRE, Tidal Cyber","title":"Read The Manual: A Guide to the RTM Banking Trojan","authors":"Faou, M. and Boutin, J","date_accessed":"2017-03-09T00:00:00Z","date_published":"2017-02-01T00:00:00Z","owner_name":null,"tidal_id":"9c4cadb8-b82c-5997-94b2-523e7cd08925","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.260814Z"},{"id":"ec246c7a-3396-46f9-acc4-a100cb5e5fe6","name":"FireEye Sunshop Campaign May 2013","description":"Moran, N. (2013, May 20). Ready for Summer: The Sunshop Campaign. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20200302085651/https://www.fireeye.com/blog/threat-research/2013/05/ready-for-summer-the-sunshop-campaign.html","source":"MITRE","title":"Ready for Summer: The Sunshop Campaign","authors":"Moran, N","date_accessed":"2024-11-17T00:00:00Z","date_published":"2013-05-20T00:00:00Z","owner_name":null,"tidal_id":"64d3db17-7c0e-5c99-8a3e-a7831f181b36","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419578Z"},{"id":"60eb0109-9655-41ab-bf76-37b17bf9594a","name":"Mandiant golang stripped binaries explanation","description":"STEPHEN ECKELS. (2022, February 28). Ready, Set, Go — Golang Internals and Symbol Recovery. Retrieved September 29, 2022.","url":"https://www.mandiant.com/resources/blog/golang-internals-symbol-recovery","source":"MITRE","title":"Ready, Set, Go — Golang Internals and Symbol Recovery","authors":"STEPHEN ECKELS","date_accessed":"2022-09-29T00:00:00Z","date_published":"2022-02-28T00:00:00Z","owner_name":null,"tidal_id":"f0edede8-33de-56af-ad0f-062b934ea4db","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426999Z"},{"id":"d26c830b-c196-5503-bf8c-4cfe90a6e7e5","name":"reagentc_cmd","description":"Microsoft, EliotSeattle, et al. (2022, August 18). REAgentC command-line options. Retrieved October 19, 2022.","url":"https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/reagentc-command-line-options?view=windows-11","source":"MITRE","title":"REAgentC command-line options","authors":"Microsoft, EliotSeattle, et al","date_accessed":"2022-10-19T00:00:00Z","date_published":"2022-08-18T00:00:00Z","owner_name":null,"tidal_id":"bd5795bb-a567-5f26-97fc-0f79ecca3027","created":"2023-05-26T01:21:20.825274Z","modified":"2025-12-17T15:08:36.442667Z"},{"id":"bd8c6a86-1a63-49cd-a97f-3d119e4223d4","name":"Microsoft DART Case Report 001","description":"Berk Veral. (2020, March 9). Real-life cybercrime stories from DART, the Microsoft Detection and Response Team. Retrieved May 27, 2022.","url":"https://www.microsoft.com/security/blog/2020/03/09/real-life-cybercrime-stories-dart-microsoft-detection-and-response-team","source":"MITRE","title":"Real-life cybercrime stories from DART, the Microsoft Detection and Response Team","authors":"Berk Veral","date_accessed":"2022-05-27T00:00:00Z","date_published":"2020-03-09T00:00:00Z","owner_name":null,"tidal_id":"1c096e2b-ad1c-59d7-88dc-3af5bd65ed23","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433855Z"},{"id":"54dd37f8-b32a-5100-9197-4802ba9201d7","name":"RootDSE AD Detection 2022","description":"Scarred Monk. (2022, May 6). Real-time detection scenarios in Active Directory environments. Retrieved August 5, 2024.","url":"https://rootdse.org/posts/monitoring-realtime-activedirectory-domain-scenarios","source":"MITRE","title":"Real-time detection scenarios in Active Directory environments","authors":"Scarred Monk","date_accessed":"2024-08-05T00:00:00Z","date_published":"2022-05-06T00:00:00Z","owner_name":null,"tidal_id":"d6e3ba79-d293-5cd2-8ff1-4fff99e8f7bb","created":"2024-10-31T16:28:19.680949Z","modified":"2025-12-17T15:08:36.428249Z"},{"id":"1f9f5bfc-c044-4046-8586-39163a305c1e","name":"Sans ARP Spoofing Aug 2003","description":"Siles, R. (2003, August). Real World ARP Spoofing. Retrieved October 15, 2020.","url":"https://pen-testing.sans.org/resources/papers/gcih/real-world-arp-spoofing-105411","source":"MITRE","title":"Real World ARP Spoofing","authors":"Siles, R","date_accessed":"2020-10-15T00:00:00Z","date_published":"2003-08-01T00:00:00Z","owner_name":null,"tidal_id":"d7ed80dd-f80a-5b77-a318-2abd1e977e61","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434667Z"},{"id":"a04ce4fd-f229-55fc-8fd1-6c222fdba730","name":"ReasonLabs Cyberpedia Junk Code","description":"What is Junk Code?. (n.d.). ReasonLabs. Retrieved April 4, 2025.","url":"https://cyberpedia.reasonlabs.com/EN/junk%20code.html","source":"MITRE","title":"ReasonLabs","authors":"What is Junk Code?","date_accessed":"2025-04-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6d04c636-5553-5046-a6c1-f2d55841236d","created":"2025-04-22T20:47:15.307154Z","modified":"2025-12-17T15:08:36.430650Z"},{"id":"9e7a5fbb-68d2-4890-87e7-9ef17206c684","name":"www.cloudsek.com January 09 2026","description":"Prajwal Awasthi. (2026, January 9). Reborn in Rust: Muddy Water Evolves Tooling with RustyWater Implant | CloudSEK. Retrieved January 12, 2026.","url":"https://www.cloudsek.com/blog/reborn-in-rust-muddywater-evolves-tooling-with-rustywater-implant","source":"Tidal Cyber","title":"Reborn in Rust: Muddy Water Evolves Tooling with RustyWater Implant | CloudSEK","authors":"Prajwal Awasthi","date_accessed":"2026-01-12T12:00:00Z","date_published":"2026-01-09T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0a098a15-4e46-54f9-992c-c0afa92fad10","created":"2026-01-23T20:29:34.902132Z","modified":"2026-01-23T20:29:35.047860Z"},{"id":"1f12b457-540c-4e11-bd9b-df360a318aa6","name":"Www.cloudsek.com January 09 2026","description":"Prajwal Awasthi. (2026, January 9). Reborn in Rust: Muddy Water Evolves Tooling with RustyWater Implant | CloudSEK. Retrieved January 12, 2026.","url":"https://www.cloudsek.com/blog/reborn-in-rust-muddywater-evolves-tooling-with-rustywater-implant","source":"Tidal Cyber","title":"Reborn in Rust: Muddy Water Evolves Tooling with RustyWater Implant | CloudSEK","authors":"Prajwal Awasthi","date_accessed":"2026-01-12T12:00:00Z","date_published":"2026-01-09T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a4ea70a6-f95f-5a6e-820a-ad4780b572e1","created":"2026-01-14T13:29:44.220561Z","modified":"2026-01-14T13:29:44.362822Z"},{"id":"8ddee62e-adc0-5b28-b271-4b14b01f84c1","name":"Github CLI Create Webhook","description":"Github. (n.d.). Receiving webhooks with the GitHub CLI. Retrieved August 4, 2023.","url":"https://docs.github.com/en/webhooks-and-events/webhooks/receiving-webhooks-with-the-github-cli","source":"MITRE","title":"Receiving webhooks with the GitHub CLI","authors":"Github","date_accessed":"2023-08-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a73f3b88-1d20-5203-9a30-2561478a243c","created":"2023-11-07T00:36:20.635133Z","modified":"2025-04-22T20:47:31.666112Z"},{"id":"4c3ae600-0787-4847-b528-ae3e8ff1b5ef","name":"Kaspersky Cloud Atlas August 2019","description":"GReAT. (2019, August 12). Recent Cloud Atlas activity. Retrieved May 8, 2020.","url":"https://securelist.com/recent-cloud-atlas-activity/92016/","source":"MITRE","title":"Recent Cloud Atlas activity","authors":"GReAT","date_accessed":"2020-05-08T00:00:00Z","date_published":"2019-08-12T00:00:00Z","owner_name":null,"tidal_id":"9213b24a-57ad-5896-8916-3fc75f54c8e4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418610Z"},{"id":"5b8b6429-14ef-466b-b806-5603e694efc1","name":"Talos MuddyWater May 2019","description":"Adamitis, D. et al. (2019, May 20). Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques. Retrieved June 5, 2019.","url":"https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html","source":"MITRE","title":"Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques","authors":"Adamitis, D. et al","date_accessed":"2019-06-05T00:00:00Z","date_published":"2019-05-20T00:00:00Z","owner_name":null,"tidal_id":"0e41a894-5aa8-57e5-b5d5-74cc45c860ce","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440848Z"},{"id":"5620adaf-c2a7-5f0f-ae70-554ce720426e","name":"Mandiant Pulse Secure Update May 2021","description":"Perez, D. et al. (2021, May 27). Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices. Retrieved February 5, 2024.","url":"https://www.mandiant.com/resources/blog/updates-on-chinese-apt-compromising-pulse-secure-vpn-devices","source":"MITRE","title":"Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices","authors":"Perez, D. et al","date_accessed":"2024-02-05T00:00:00Z","date_published":"2021-05-27T00:00:00Z","owner_name":null,"tidal_id":"23bfb416-4520-5665-b199-5e7a790549f7","created":"2024-04-25T13:28:45.814152Z","modified":"2025-12-17T15:08:36.420045Z"},{"id":"4ffb9866-1cf4-46d1-b7e5-d75bd98de018","name":"Free Desktop Entry Keys","description":"Free Desktop. (2017, December 24). Recognized Desktop Entry Keys. Retrieved November 17, 2024.","url":"https://specifications.freedesktop.org/desktop-entry-spec/latest/recognized-keys.html","source":"MITRE","title":"Recognized Desktop Entry Keys","authors":"Free Desktop","date_accessed":"2024-11-17T00:00:00Z","date_published":"2017-12-24T00:00:00Z","owner_name":null,"tidal_id":"7c1b29bd-ae33-59ab-8c05-d0ac6497407d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435592Z"},{"id":"a7112f39-19ef-5b3e-ae0d-561caf514bc6","name":"Dragos Oldsmar Feb 2021","description":"Serino, G., et al . (2021, February 8). Recommendations Following the Oldsmar Water Treatment Facility Cyber Attack. Retrieved October","url":"https://www.dragos.com/blog/industry-news/recommendations-following-the-oldsmar-water-treatment-facility-cyber-attack/","source":"ICS","title":"Recommendations Following the Oldsmar Water Treatment Facility Cyber Attack","authors":"Serino, G., et al","date_accessed":"1978-10-01T00:00:00Z","date_published":"2021-02-08T00:00:00Z","owner_name":null,"tidal_id":"19107c5f-156f-5c78-bb2d-7d0ded794786","created":"2026-01-28T13:08:18.178837Z","modified":"2026-01-28T13:08:18.178840Z"},{"id":"a894d79f-5977-4ef9-9aa5-7bfec795ceb2","name":"Recorded Future APT3 May 2017","description":"Insikt Group (Recorded Future). (2017, May 17). Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3. Retrieved September 16, 2024.","url":"https://www.recordedfuture.com/research/chinese-mss-behind-apt3","source":"MITRE","title":"Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3","authors":"Insikt Group (Recorded Future)","date_accessed":"2024-09-16T00:00:00Z","date_published":"2017-05-17T00:00:00Z","owner_name":null,"tidal_id":"d40f66e9-76f8-55d8-9e37-d32d8676c4c3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439232Z"},{"id":"1421a29a-c42b-582a-855c-08a1cf5d6c8c","name":"Sophos Red Alert 2.0","description":"J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December","url":"https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/","source":"Mobile","title":"Red Alert 2.0: Android Trojan targets security-seekers","authors":"J. Chandraiah","date_accessed":"1978-12-01T00:00:00Z","date_published":"2018-07-23T00:00:00Z","owner_name":null,"tidal_id":"29db9525-91a3-5b77-9893-531fcd1e95d9","created":"2026-01-28T13:08:10.040906Z","modified":"2026-01-28T13:08:10.040909Z"},{"id":"4ca0e6a9-8c20-49a0-957a-7108083a8a29","name":"Trend Micro Daserf Nov 2017","description":"Chen, J. and Hsieh, M. (2017, November 7). REDBALDKNIGHT/BRONZE BUTLER’s Daserf Backdoor Now Using Steganography. Retrieved December 27, 2017.","url":"http://blog.trendmicro.com/trendlabs-security-intelligence/redbaldknight-bronze-butler-daserf-backdoor-now-using-steganography/","source":"MITRE, Tidal Cyber","title":"REDBALDKNIGHT/BRONZE BUTLER’s Daserf Backdoor Now Using Steganography","authors":"Chen, J. and Hsieh, M","date_accessed":"2017-12-27T00:00:00Z","date_published":"2017-11-07T00:00:00Z","owner_name":null,"tidal_id":"a026c04e-b1ab-536f-8a65-85d484227660","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.261767Z"},{"id":"70fa26e4-109c-5a48-b9fd-ac8b9acf2cf3","name":"Red Canary SocGholish March 2024","description":"Red Canary. (2024, March). Red Canary 2024 Threat Detection Report: SocGholish. Retrieved March 22, 2024.","url":"https://redcanary.com/threat-detection-report/threats/socgholish/","source":"MITRE","title":"Red Canary 2024 Threat Detection Report: SocGholish","authors":"Red Canary","date_accessed":"2024-03-22T00:00:00Z","date_published":"2024-03-01T00:00:00Z","owner_name":null,"tidal_id":"0a9f3f3d-8dec-5cc8-acbd-2be834452fe7","created":"2024-04-25T13:28:47.800850Z","modified":"2025-12-17T15:08:36.418812Z"},{"id":"c9561395-08eb-5e37-b9ba-154e08e2e1ab","name":"therecord_redcurl","description":"Antoniuk, D. (2023, July 17). RedCurl hackers return to spy on 'major Russian bank,' Australian company. Retrieved August 9, 2024.","url":"https://therecord.media/redcurl-hackers-russian-bank-australian-company","source":"MITRE","title":"RedCurl hackers return to spy on 'major Russian bank,' Australian company","authors":"Antoniuk, D","date_accessed":"2024-08-09T00:00:00Z","date_published":"2023-07-17T00:00:00Z","owner_name":null,"tidal_id":"779eb0c8-a338-564a-bbeb-ed0e660c9093","created":"2024-10-31T16:28:35.497171Z","modified":"2025-12-17T15:08:36.440006Z"},{"id":"1fc20d89-def2-5a1e-8e58-37383a019132","name":"group-ib_redcurl2","description":"Group-IB. (2021, November). RedCurl: The Awakening. Retrieved August 14, 2024.","url":"https://www.group-ib.com/resources/research-hub/red-curl-2/","source":"MITRE","title":"RedCurl: The Awakening","authors":"Group-IB","date_accessed":"2024-08-14T00:00:00Z","date_published":"2021-11-01T00:00:00Z","owner_name":null,"tidal_id":"784aa253-99ac-5778-b134-8bd56700fc24","created":"2024-10-31T16:28:30.431934Z","modified":"2025-12-17T15:08:36.438987Z"},{"id":"e9200100-cc58-5c30-b837-e6e73bfe2cbb","name":"group-ib_redcurl1","description":"Group-IB. (2020, August). RedCurl: The Pentest You Didn’t Know About. Retrieved August 9, 2024.","url":"https://www.group-ib.com/resources/research-hub/red-curl/","source":"MITRE","title":"RedCurl: The Pentest You Didn’t Know About","authors":"Group-IB","date_accessed":"2024-08-09T00:00:00Z","date_published":"2020-08-01T00:00:00Z","owner_name":null,"tidal_id":"874a1142-a8f6-537a-970a-dc309fbb0081","created":"2024-10-31T16:28:30.424629Z","modified":"2025-12-17T15:08:36.438981Z"},{"id":"b32da1da-bb84-41eb-922e-aa3e00b3efdf","name":"SC Media January 24 2025","description":"Laura French. (2025, January 24). Reddit, WeTransfer pages spoofed in Lumma Stealer campaign. Retrieved February 7, 2025.","url":"https://www.scworld.com/news/reddit-wetransfer-pages-spoofed-in-lumma-stealer-campaign","source":"Tidal Cyber","title":"Reddit, WeTransfer pages spoofed in Lumma Stealer campaign","authors":"Laura French","date_accessed":"2025-02-07T00:00:00Z","date_published":"2025-01-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"612f8c04-509f-5957-a3d1-65be49b127c6","created":"2025-02-11T18:20:04.765776Z","modified":"2025-02-11T18:20:04.973891Z"},{"id":"fe7a6e65-6fce-5a3a-a952-b012f49214d6","name":"Wandera-RedDrop","description":"Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved November","url":"https://web.archive.org/web/20180618225805/https://www.wandera.com/reddrop-malware/","source":"Mobile","title":"RedDrop: the blackmailing mobile malware family lurking in app stores","authors":"Nell Campbell","date_accessed":"1978-11-01T00:00:00Z","date_published":"2018-02-27T00:00:00Z","owner_name":null,"tidal_id":"d6beb09e-cbdc-5eff-bd45-1dd1f4ece98c","created":"2026-01-28T13:08:10.041233Z","modified":"2026-01-28T13:08:10.041238Z"},{"id":"198467fc-372a-4ddf-b042-cbd22ae49c06","name":"BleepingComputer 10 02 2025","description":"Lawrence Abrams. (2025, October 2). Red Hat confirms security incident after hackers breach GitLab instance. Retrieved October 6, 2025.","url":"https://www.bleepingcomputer.com/news/security/red-hat-confirms-security-incident-after-hackers-breach-gitlab-instance/","source":"Tidal Cyber","title":"Red Hat confirms security incident after hackers breach GitLab instance","authors":"Lawrence Abrams","date_accessed":"2025-10-06T12:00:00Z","date_published":"2025-10-02T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ee36a51e-49ff-5572-a517-90b398b730ae","created":"2025-10-07T14:06:58.612363Z","modified":"2025-10-07T14:06:58.740112Z"},{"id":"cdedab06-7745-4a5e-aa62-00ed81ccc8d0","name":"RHEL auditd","description":"Jahoda, M. et al.. (2017, March 14). redhat Security Guide - Chapter 7 - System Auditing. Retrieved December 20, 2017.","url":"https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/chap-system_auditing","source":"MITRE","title":"redhat Security Guide - Chapter 7 - System Auditing","authors":"Jahoda, M. et al.","date_accessed":"2017-12-20T00:00:00Z","date_published":"2017-03-14T00:00:00Z","owner_name":null,"tidal_id":"518ac8b8-0446-5d93-97c7-461d638c63bb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428649Z"},{"id":"599337b3-8587-5578-9be5-e6e4f0edd0ef","name":"Red Hat System Auditing","description":"Jahoda, M. et al.. (2017, March 14). Red Hat Security Guide - Chapter 7 - System Auditing. Retrieved December 20, 2017.","url":"https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/chap-system_auditing","source":"MITRE","title":"Red Hat Security Guide - Chapter 7 - System Auditing","authors":"Jahoda, M. et al.","date_accessed":"2017-12-20T00:00:00Z","date_published":"2017-03-14T00:00:00Z","owner_name":null,"tidal_id":"68da0d49-177e-5055-bfc4-c3a12f2248e1","created":"2023-11-07T00:36:02.902076Z","modified":"2025-12-17T15:08:36.429795Z"},{"id":"b9f9662b-bcf6-4179-8dfb-e017e50cbd5c","name":"Recorded Future RedHotel August 7 2023","description":"Recorded Future. (2023, August 7). RedHotel: A Prolific Chinese State-Sponsored Group Operating at a Global Scale. Retrieved March 22, 2025.","url":"https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf","source":"Tidal Cyber","title":"RedHotel: A Prolific Chinese State-Sponsored Group Operating at a Global Scale","authors":"Recorded Future","date_accessed":"2025-03-22T00:00:00Z","date_published":"2023-08-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4f533561-786e-5108-867a-4696882634a1","created":"2025-03-25T13:15:56.994566Z","modified":"2025-03-25T13:15:57.277271Z"},{"id":"006715e1-9354-51aa-812b-21a33a37ebb4","name":"Recorded Future RedHotel August 2023","description":"Insikt Group. (2023, August 8). RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale. Retrieved March 11, 2024.","url":"https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf","source":"MITRE","title":"RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale","authors":"Insikt Group","date_accessed":"2024-03-11T00:00:00Z","date_published":"2023-08-08T00:00:00Z","owner_name":null,"tidal_id":"eb90f807-ba3a-5758-8471-a83c3c582958","created":"2024-04-25T13:28:46.014130Z","modified":"2025-12-17T15:08:36.437754Z"},{"id":"32c7626a-b284-424c-8294-7fac37e71336","name":"Cylance Redirect to SMB","description":"Cylance. (2015, April 13). Redirect to SMB. Retrieved December 21, 2017.","url":"https://www.cylance.com/content/dam/cylance/pdfs/white_papers/RedirectToSMB.pdf","source":"MITRE","title":"Redirect to SMB","authors":"Cylance","date_accessed":"2017-12-21T00:00:00Z","date_published":"2015-04-13T00:00:00Z","owner_name":null,"tidal_id":"a4654924-0f43-591a-83eb-674974aac366","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433945Z"},{"id":"879e1a99-9cdd-4066-88a4-02d7108be4ee","name":"RedLine | Malware Trends Tracker August 19 2021","description":"Stanislav Gayvoronsky; ANY RUN. (2021, August 19). RedLine . Retrieved January 29, 2025.","url":"https://any.run/malware-trends/redline","source":"Tidal Cyber","title":"RedLine","authors":"Stanislav Gayvoronsky; ANY RUN","date_accessed":"2025-01-29T00:00:00Z","date_published":"2021-08-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"68a0a7d5-a229-5c64-bf9b-693518221a12","created":"2025-02-03T21:08:13.966954Z","modified":"2025-02-03T21:08:15.105992Z"},{"id":"a31fa7ab-c06a-4436-9c77-3a62fa6cf869","name":"McAfee April 17 2024","description":"McAfee Labs. (2024, April 17). Redline Stealer A Novel Approach . Retrieved April 17, 2024.","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/redline-stealer-a-novel-approach/","source":"Tidal Cyber","title":"Redline Stealer A Novel Approach","authors":"McAfee Labs","date_accessed":"2024-04-17T00:00:00Z","date_published":"2024-04-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"82e0ce99-ed90-57ff-a8bf-fe52a70786c2","created":"2025-02-03T21:08:17.410720Z","modified":"2025-02-03T21:08:17.856340Z"},{"id":"337f829b-b360-5175-8021-28952a0e0367","name":"McAfee RedLine Stealer April 2024","description":"Mohansundaram M, Neil Tyagi. (2024, April 17). Redline Stealer: A Novel Approach. Retrieved September 17, 2025.","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/redline-stealer-a-novel-approach/","source":"MITRE","title":"Redline Stealer: A Novel Approach","authors":"Mohansundaram M, Neil Tyagi","date_accessed":"2025-09-17T00:00:00Z","date_published":"2024-04-17T00:00:00Z","owner_name":null,"tidal_id":"dce0d7be-e289-5675-b009-8457d218d0bc","created":"2025-10-29T21:08:48.167711Z","modified":"2025-12-17T15:08:36.441343Z"},{"id":"d90ea207-0a1e-47da-b349-eb13ff99e633","name":"Netskope May 12 2022","description":"Gustavo Palazolo. (2022, May 12). RedLine Stealer Campaign Using Binance Mystery Box Videos to Spread GitHub-Hosted Payload. Retrieved January 29, 2025.","url":"https://www.netskope.com/jp/blog/redline-stealer-campaign-using-binance-mystery-box-videos-to-spread-github-hosted-payload","source":"Tidal Cyber","title":"RedLine Stealer Campaign Using Binance Mystery Box Videos to Spread GitHub-Hosted Payload","authors":"Gustavo Palazolo","date_accessed":"2025-01-29T00:00:00Z","date_published":"2022-05-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"abd7c0e6-0a0b-5922-a7fc-503ac3e98af8","created":"2025-02-03T21:08:16.255092Z","modified":"2025-02-03T21:08:16.961297Z"},{"id":"47fb022f-6cae-5e8d-a84e-d20be49eeb5b","name":"Kroll RedLine Stealer August 2024","description":"George Glass. (2024, August 14). REDLINESTEALER Malware Driving the Initial Access Broker Market. Retrieved September 17, 2025.","url":"https://www.kroll.com/en/publications/cyber/redlinestealer-malware","source":"MITRE","title":"REDLINESTEALER Malware Driving the Initial Access Broker Market","authors":"George Glass","date_accessed":"2025-09-17T00:00:00Z","date_published":"2024-08-14T00:00:00Z","owner_name":null,"tidal_id":"c881645c-5483-5af8-b0d7-a29b146fe694","created":"2025-10-29T21:08:48.165176Z","modified":"2025-12-17T15:08:36.420211Z"},{"id":"569fabf6-cb44-45ef-a167-1741259f6916","name":"APOPHIS RedLine June 6 2023","description":"APOPHIS. (2023, June 6). RedLine Technical Analysis Report. Retrieved January 30, 2025.","url":"https://web.archive.org/web/20230606224056/https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152","source":"Tidal Cyber","title":"RedLine Technical Analysis Report","authors":"APOPHIS","date_accessed":"2025-01-30T00:00:00Z","date_published":"2023-06-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"48179e9b-4f2f-504a-a4a8-1039d25346c9","created":"2025-02-03T21:08:18.603416Z","modified":"2025-02-03T21:08:19.155224Z"},{"id":"004bb617-4a46-4e95-84d3-6ce4aeb49f2f","name":"Recorded Future RedMike February 13 2025","description":"Insikt Group. (2025, February 13). RedMike (Salt Typhoon) Exploits Vulnerable Cisco Devices of Global Telecommunications Providers. Retrieved April 17, 2025.","url":"https://go.recordedfuture.com/hubfs/reports/cta-cn-2025-0213.pdf","source":"Tidal Cyber","title":"RedMike (Salt Typhoon) Exploits Vulnerable Cisco Devices of Global Telecommunications Providers","authors":"Insikt Group","date_accessed":"2025-04-17T00:00:00Z","date_published":"2025-02-13T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"af89a41d-02ee-59f5-a058-bcbb79c3bd86","created":"2025-04-23T15:51:09.835418Z","modified":"2025-04-23T15:51:10.170552Z"},{"id":"48971032-8fa2-40ff-adef-e91d7109b859","name":"Black Hills Red Teaming MS AD Azure, 2018","description":"Felch, M.. (2018, August 31). Red Teaming Microsoft Part 1 Active Directory Leaks via Azure. Retrieved October 6, 2019.","url":"https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/","source":"MITRE","title":"Red Teaming Microsoft Part 1 Active Directory Leaks via Azure","authors":"Felch, M.","date_accessed":"2019-10-06T00:00:00Z","date_published":"2018-08-31T00:00:00Z","owner_name":null,"tidal_id":"5b28dff1-42cf-54d6-8d1e-014550d29907","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425493Z"},{"id":"c4c3370a-2d6b-4ebd-961e-58d584066377","name":"OutFlank System Calls","description":"de Plaa, C. (2019, June 19). Red Team Tactics: Combining Direct System Calls and sRDI to bypass AV/EDR. Retrieved September 29, 2021.","url":"https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/","source":"MITRE","title":"Red Team Tactics: Combining Direct System Calls and sRDI to bypass AV/EDR","authors":"de Plaa, C","date_accessed":"2021-09-29T00:00:00Z","date_published":"2019-06-19T00:00:00Z","owner_name":null,"tidal_id":"8ca9300d-ee90-52c5-9f69-567cf30f3d38","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427808Z"},{"id":"82b814f3-2853-48a9-93ff-701d16d97535","name":"US-CERT TA17-156A SNMP Abuse 2017","description":"US-CERT. (2017, June 5). Reducing the Risk of SNMP Abuse. Retrieved October 19, 2020.","url":"https://us-cert.cisa.gov/ncas/alerts/TA17-156A","source":"MITRE","title":"Reducing the Risk of SNMP Abuse","authors":"US-CERT","date_accessed":"2020-10-19T00:00:00Z","date_published":"2017-06-05T00:00:00Z","owner_name":null,"tidal_id":"a403fabb-07e8-5052-9ed5-2cdc7ed10818","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424446Z"},{"id":"2eac359d-9795-441f-8a0c-164d4d59bf60","name":"www.huntress.com January 12 2026","description":"None Identified. (2026, January 12). Reflecting on AI in 2025: Faster Attacks, Same Old Tradecraft | Huntress. Retrieved January 13, 2026.","url":"https://www.huntress.com/blog/ai-2025-faster-attacks-same-tradecraft","source":"Tidal Cyber","title":"Reflecting on AI in 2025: Faster Attacks, Same Old Tradecraft | Huntress","authors":"None Identified","date_accessed":"2026-01-13T12:00:00Z","date_published":"2026-01-12T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"55407191-0074-51bb-9767-d1f077f05e5d","created":"2026-01-23T20:29:35.425158Z","modified":"2026-01-23T20:29:35.557570Z"},{"id":"88ccd20a-70ed-4cc2-87e1-644201feb4a4","name":"Www.huntress.com January 12 2026","description":"None Identified. (2026, January 12). Reflecting on AI in 2025: Faster Attacks, Same Old Tradecraft | Huntress. Retrieved January 13, 2026.","url":"https://www.huntress.com/blog/ai-2025-faster-attacks-same-tradecraft","source":"Tidal Cyber","title":"Reflecting on AI in 2025: Faster Attacks, Same Old Tradecraft | Huntress","authors":"None Identified","date_accessed":"2026-01-13T12:00:00Z","date_published":"2026-01-12T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"936d22b5-f343-57b6-9775-709785508b1c","created":"2026-01-14T13:29:46.149801Z","modified":"2026-01-14T13:29:46.305071Z"},{"id":"a6914c13-f95f-4c30-a129-905ed43e3454","name":"Cloudflare ReflectionDoS May 2017","description":"Marek Majkowsk, Cloudflare. (2017, May 24). Reflections on reflection (attacks). Retrieved April 23, 2019.","url":"https://blog.cloudflare.com/reflections-on-reflections/","source":"MITRE","title":"Reflections on reflection (attacks)","authors":"Marek Majkowsk, Cloudflare","date_accessed":"2019-04-23T00:00:00Z","date_published":"2017-05-24T00:00:00Z","owner_name":null,"tidal_id":"db2748d2-8252-55af-9bd6-a6223981ad33","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427691Z"},{"id":"2d4cb6f1-bc44-454b-94c1-88a81324903e","name":"Trend Micro","description":"Karen Victor. (2020, May 18). Reflective Loading Runs Netwalker Fileless Ransomware. Retrieved September 30, 2022.","url":"https://www.trendmicro.com/en_us/research/20/e/netwalker-fileless-ransomware-injected-via-reflective-loading.html","source":"MITRE","title":"Reflective Loading Runs Netwalker Fileless Ransomware","authors":"Karen Victor","date_accessed":"2022-09-30T00:00:00Z","date_published":"2020-05-18T00:00:00Z","owner_name":null,"tidal_id":"28d4cb19-aaf6-5c89-a7cb-8d83c4fe007d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424180Z"},{"id":"1e1b21bd-18b3-4c77-8eb8-911b028ab603","name":"Microsoft Reg","description":"Microsoft. (2012, April 17). Reg. Retrieved May 1, 2015.","url":"https://technet.microsoft.com/en-us/library/cc732643.aspx","source":"MITRE","title":"Reg","authors":"Microsoft","date_accessed":"2015-05-01T00:00:00Z","date_published":"2012-04-17T00:00:00Z","owner_name":null,"tidal_id":"743fd502-47a8-5025-9083-9a44357553c2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423387Z"},{"id":"b6a3356f-72c2-4ec2-a276-2432eb691055","name":"LOLBAS Regasm","description":"LOLBAS. (n.d.). Regasm.exe. Retrieved July 31, 2019.","url":"https://lolbas-project.github.io/lolbas/Binaries/Regasm/","source":"MITRE","title":"Regasm.exe","authors":"LOLBAS","date_accessed":"2019-07-31T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9ea0a3c1-8099-5bf8-9951-4753cb842fcb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426180Z"},{"id":"66a3de54-4a16-4b1b-b18f-e3842aeb7b40","name":"MSDN Regasm","description":"Microsoft. (n.d.). Regasm.exe (Assembly Registration Tool). Retrieved July 1, 2016.","url":"https://msdn.microsoft.com/en-us/library/tzat5yw6.aspx","source":"MITRE","title":"Regasm.exe (Assembly Registration Tool)","authors":"Microsoft","date_accessed":"2016-07-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"658a6c94-197f-59bc-a7df-d0928c76c3ec","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426167Z"},{"id":"d34d35ee-9d0b-4556-ad19-04cfa9001bf2","name":"Microsoft RegDelNull July 2016","description":"Russinovich, M. & Sharkey, K. (2016, July 4). RegDelNull v1.11. Retrieved August 10, 2018.","url":"https://docs.microsoft.com/en-us/sysinternals/downloads/regdelnull","source":"MITRE","title":"RegDelNull v1.11","authors":"Russinovich, M. & Sharkey, K","date_accessed":"2018-08-10T00:00:00Z","date_published":"2016-07-04T00:00:00Z","owner_name":null,"tidal_id":"4c6206a6-0d41-589f-9f85-4232b4fff084","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429972Z"},{"id":"86e47198-751b-4754-8741-6dd8f2960416","name":"Regedit.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Regedit.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Regedit/","source":"Tidal Cyber","title":"Regedit.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fcd515df-b2e6-5e55-8954-606b5a46b339","created":"2024-01-12T14:46:57.180848Z","modified":"2024-01-12T14:46:57.383140Z"},{"id":"75a78707-61b2-5dfd-aac1-95399d0c7e16","name":"Fortinet reGeorg MAR 2019","description":"FortiGard Labs. (2019, March 12). ReGeorg.HTTP.Tunnel. Retrieved December 3, 2024.","url":"https://www.fortiguard.com/encyclopedia/ips/47584/regeorg-http-tunnel","source":"MITRE","title":"ReGeorg.HTTP.Tunnel","authors":"FortiGard Labs","date_accessed":"2024-12-03T00:00:00Z","date_published":"2019-03-12T00:00:00Z","owner_name":null,"tidal_id":"2eafb344-6f2a-59d9-bc44-54387aec3677","created":"2025-04-22T20:47:26.221141Z","modified":"2025-12-17T15:08:36.417001Z"},{"id":"5d99c065-220c-57bd-ade7-d7aac7e2d2d9","name":"GitHub reGeorg 2016","description":"xl7dev. (2016). reGeorg-master. Retrieved December 3, 2024.","url":"https://github.com/xl7dev/WebShell/tree/master/reGeorg-master","source":"MITRE","title":"reGeorg-master","authors":"xl7dev","date_accessed":"2024-12-03T00:00:00Z","date_published":"2016-01-01T00:00:00Z","owner_name":null,"tidal_id":"a1cee64e-1ac3-590b-8bc6-094cb9ceda7a","created":"2025-04-22T20:47:26.228896Z","modified":"2025-12-17T15:08:36.417008Z"},{"id":"ba0e31a1-125b-43c3-adf0-567ca393eeab","name":"Reg.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Reg.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Reg/","source":"Tidal Cyber","title":"Reg.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"79172969-723f-5381-9364-de2ea08fcd27","created":"2024-01-12T14:46:56.817326Z","modified":"2024-01-12T14:46:56.995290Z"},{"id":"42503ec7-f5da-4116-a3b3-a1b18a66eed3","name":"Microsoft Reghide NOV 2006","description":"Russinovich, M. & Sharkey, K. (2006, January 10). Reghide. Retrieved August 9, 2018.","url":"https://docs.microsoft.com/sysinternals/downloads/reghide","source":"MITRE","title":"Reghide","authors":"Russinovich, M. & Sharkey, K","date_accessed":"2018-08-09T00:00:00Z","date_published":"2006-01-10T00:00:00Z","owner_name":null,"tidal_id":"a1685c0e-0809-5680-a523-583eb4689c0b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429966Z"},{"id":"db2573d2-6ecd-4c5a-b038-2f799f9723ae","name":"Regini.exe - LOLBAS Project","description":"LOLBAS. (2020, July 3). Regini.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Regini/","source":"Tidal Cyber","title":"Regini.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-07-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a77ace27-2218-51e9-83e5-16a0d443a340","created":"2024-01-12T14:46:57.585788Z","modified":"2024-01-12T14:46:57.763298Z"},{"id":"d445d016-c4f1-45c8-929d-913867275417","name":"Register-cimprovider.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Register-cimprovider.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Register-cimprovider/","source":"Tidal Cyber","title":"Register-cimprovider.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"724e9899-c735-5a78-889f-a391e80b674a","created":"2024-01-12T14:46:57.940081Z","modified":"2024-01-12T14:46:58.121189Z"},{"id":"08dc94ff-a289-45bd-93c2-1183fd507493","name":"Microsoft Registry","description":"Microsoft. (2018, May 31). Registry. Retrieved September 29, 2021.","url":"https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry","source":"MITRE","title":"Registry","authors":"Microsoft","date_accessed":"2021-09-29T00:00:00Z","date_published":"2018-05-31T00:00:00Z","owner_name":null,"tidal_id":"64378e29-2dbf-5a1f-9bea-f6eff87a24ce","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437023Z"},{"id":"136325ee-0712-49dd-b3ab-a6f2bfb218b0","name":"Tilbury 2014","description":"Tilbury, C. (2014, August 28). Registry Analysis with CrowdResponse. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20200730053039/https://www.crowdstrike.com/blog/registry-analysis-with-crowdresponse/","source":"MITRE","title":"Registry Analysis with CrowdResponse","authors":"Tilbury, C","date_accessed":"2024-11-17T00:00:00Z","date_published":"2014-08-28T00:00:00Z","owner_name":null,"tidal_id":"30e102c6-7e88-5a72-93b7-738501a0625a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430987Z"},{"id":"4e85ef68-dfb7-4db3-ac76-92f4b78cb1cd","name":"Microsoft COR_PROFILER Feb 2013","description":"Microsoft. (2013, February 4). Registry-Free Profiler Startup and Attach. Retrieved June 24, 2020.","url":"https://docs.microsoft.com/en-us/previous-versions/dotnet/netframework-4.0/ee471451(v=vs.100)","source":"MITRE","title":"Registry-Free Profiler Startup and Attach","authors":"Microsoft","date_accessed":"2020-06-24T00:00:00Z","date_published":"2013-02-04T00:00:00Z","owner_name":null,"tidal_id":"92943622-2c79-52e4-b849-1326743b5f1f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436974Z"},{"id":"f58ac1e4-c470-4aac-a077-7f358e25b0fa","name":"Microsoft Registry Auditing Aug 2016","description":"Microsoft. (2016, August 31). Registry (Global Object Access Auditing). Retrieved January 31, 2018.","url":"https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn311461(v=ws.11)","source":"MITRE","title":"Registry (Global Object Access Auditing)","authors":"Microsoft","date_accessed":"2018-01-31T00:00:00Z","date_published":"2016-08-31T00:00:00Z","owner_name":null,"tidal_id":"05e0284f-20ce-5c1b-a053-fba70f21fb2f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429623Z"},{"id":"c5627d86-1b59-4c2a-aac0-88f1b4dc6974","name":"MSDN Registry Key Security","description":"Microsoft. (n.d.). Registry Key Security and Access Rights. Retrieved March 16, 2017.","url":"https://msdn.microsoft.com/library/windows/desktop/ms724878.aspx","source":"MITRE","title":"Registry Key Security and Access Rights","authors":"Microsoft","date_accessed":"2017-03-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ee6cb955-92a3-58a3-8d96-b87c0378defe","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427981Z"},{"id":"f8f12cbb-029c-48b1-87ce-624a7f98c8ab","name":"Registry Key Security","description":"Microsoft. (2018, May 31). Registry Key Security and Access Rights. Retrieved March 16, 2017.","url":"https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry-key-security-and-access-rights?redirectedfrom=MSDN","source":"MITRE","title":"Registry Key Security and Access Rights","authors":"Microsoft","date_accessed":"2017-03-16T00:00:00Z","date_published":"2018-05-31T00:00:00Z","owner_name":null,"tidal_id":"15322297-70bf-5203-b88f-19b2defef41d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425574Z"},{"id":"4bde767e-d4a7-56c5-9aa3-b3f3cc2e3e70","name":"Microsoft Registry Drivers","description":"Microsoft. (2021, December 14). Registry Trees for Devices and Drivers. Retrieved March 28, 2023.","url":"https://learn.microsoft.com/windows-hardware/drivers/install/overview-of-registry-trees-and-keys","source":"MITRE","title":"Registry Trees for Devices and Drivers","authors":"Microsoft","date_accessed":"2023-03-28T00:00:00Z","date_published":"2021-12-14T00:00:00Z","owner_name":null,"tidal_id":"a420b75d-b365-5dc8-93b3-21b18d6d9d86","created":"2023-05-26T01:21:02.581456Z","modified":"2025-12-17T15:08:36.426192Z"},{"id":"e0836ebc-66fd-46ac-adf6-727b46f2fb38","name":"Microsoft System Wide Com Keys","description":"Microsoft. (n.d.). Registry Values for System-Wide Security. Retrieved November 21, 2017.","url":"https://msdn.microsoft.com/en-us/library/windows/desktop/ms694331(v=vs.85).aspx","source":"MITRE","title":"Registry Values for System-Wide Security","authors":"Microsoft","date_accessed":"2017-11-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2b1dba1d-7e9a-527e-b98d-670ce8b90c55","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415974Z"},{"id":"3f669f4c-0b94-4b78-ad3e-fd62f7600902","name":"LOLBAS Regsvcs","description":"LOLBAS. (n.d.). Regsvcs.exe. Retrieved July 31, 2019.","url":"https://lolbas-project.github.io/lolbas/Binaries/Regsvcs/","source":"MITRE","title":"Regsvcs.exe","authors":"LOLBAS","date_accessed":"2019-07-31T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2514da68-c4ef-578a-96cc-783dd7bb8a5a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426174Z"},{"id":"4f3651df-159e-4006-8cb6-de0d0712a194","name":"MSDN Regsvcs","description":"Microsoft. (n.d.). Regsvcs.exe (.NET Services Installation Tool). Retrieved July 1, 2016.","url":"https://msdn.microsoft.com/en-us/library/04za0hca.aspx","source":"MITRE","title":"Regsvcs.exe (.NET Services Installation Tool)","authors":"Microsoft","date_accessed":"2016-07-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"003516f8-491c-5f9f-9fe2-1c2adc481f53","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426160Z"},{"id":"8e32abef-534e-475a-baad-946b6ec681c1","name":"LOLBAS Regsvr32","description":"LOLBAS. (n.d.). Regsvr32.exe. Retrieved July 31, 2019.","url":"https://lolbas-project.github.io/lolbas/Binaries/Regsvr32/","source":"MITRE","title":"Regsvr32.exe","authors":"LOLBAS","date_accessed":"2019-07-31T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"fc88d76a-ca40-5e13-9a5a-300e3bb00de5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430748Z"},{"id":"65978e95-7291-5df5-bdc2-e54ba3a5c071","name":"TrendMicro_CherryBlos_July2023","description":"Trend Micro Research. (2023, July 28). Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns. Retrieved March","url":"https://www.trendmicro.com/en_us/research/23/g/cherryblos-and-faketrade-android-malware-involved-in-scam-campai.html","source":"Mobile","title":"Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns","authors":"Trend Micro Research","date_accessed":"1978-03-01T00:00:00Z","date_published":"2023-07-28T00:00:00Z","owner_name":null,"tidal_id":"667b6d57-8743-5d4c-915b-ea385cc129d1","created":"2026-01-28T13:08:10.040368Z","modified":"2026-01-28T13:08:10.040371Z"},{"id":"c4d5d6e7-47c0-457a-b396-53d34f87e444","name":"Fortinet Remcos Feb 2017","description":"Bacurio, F., Salvio, J. (2017, February 14). REMCOS: A New RAT In The Wild. Retrieved November 6, 2018.","url":"https://www.fortinet.com/blog/threat-research/remcos-a-new-rat-in-the-wild-2.html","source":"MITRE","title":"REMCOS: A New RAT In The Wild","authors":"Bacurio, F., Salvio, J","date_accessed":"2018-11-06T00:00:00Z","date_published":"2017-02-14T00:00:00Z","owner_name":null,"tidal_id":"14ca2ab6-23c4-584d-bac3-eed9a4b45912","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423076Z"},{"id":"4054604b-7c0f-5012-b40c-2b117f6b54c2","name":"Mandiant Remediation and Hardening Strategies for Microsoft 365","description":"Mandiant. (2022, August). Remediation and Hardening Strategies for Microsoft 365 to Defend Against APT29. Retrieved February 21, 2023.","url":"https://www.mandiant.com/sites/default/files/2022-08/remediation-hardening-strategies-for-m365-defend-against-apt29-white-paper.pdf","source":"MITRE","title":"Remediation and Hardening Strategies for Microsoft 365 to Defend Against APT29","authors":"Mandiant","date_accessed":"2023-02-21T00:00:00Z","date_published":"2022-08-01T00:00:00Z","owner_name":null,"tidal_id":"b4cc692a-b2c5-5f61-9a8b-bfbb3fe4b27f","created":"2023-05-26T01:21:20.571059Z","modified":"2025-12-17T15:08:36.442357Z"},{"id":"ed031297-d0f5-44a7-9723-ba692e923a6e","name":"Mandiant Defend UNC2452 White Paper","description":"Mandiant. (2021, January 19). Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452. Retrieved January 22, 2021.","url":"https://www.mandiant.com/resources/blog/remediation-and-hardening-strategies-for-microsoft-365-to-defend-against-unc2452","source":"MITRE","title":"Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452","authors":"Mandiant","date_accessed":"2021-01-22T00:00:00Z","date_published":"2021-01-19T00:00:00Z","owner_name":null,"tidal_id":"4e6537ad-e7e6-5977-b21f-559b76457ee9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435923Z"},{"id":"7aa5c294-df8e-4994-9b9e-69444d75ef37","name":"Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452","description":"Mike Burns, Matthew McWhirt, Douglas Bienstock, Nick Bennett. (2021, January 19). Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452. Retrieved September 25, 2021.","url":"https://www.fireeye.com/blog/threat-research/2021/01/remediation-and-hardening-strategies-for-microsoft-365-to-defend-against-unc2452.html","source":"MITRE","title":"Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452","authors":"Mike Burns, Matthew McWhirt, Douglas Bienstock, Nick Bennett","date_accessed":"2021-09-25T00:00:00Z","date_published":"2021-01-19T00:00:00Z","owner_name":null,"tidal_id":"1e946abc-10bf-5ab8-b053-0956e4bd6213","created":"2022-12-14T20:06:32.013016Z","modified":"2023-11-07T00:36:08.887161Z"},{"id":"b8fc1bdf-f602-4a9b-a51c-fa49e70f24cd","name":"TechNet Remote Desktop Services","description":"Microsoft. (n.d.). Remote Desktop Services. Retrieved June 1, 2016.","url":"https://technet.microsoft.com/en-us/windowsserver/ee236407.aspx","source":"MITRE","title":"Remote Desktop Services","authors":"Microsoft","date_accessed":"2016-06-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"945e5451-4b1b-5832-a673-87fd30aadc63","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429468Z"},{"id":"9a298f83-80b8-45a3-9f63-6119be6621b4","name":"Remote.exe - LOLBAS Project","description":"LOLBAS. (2021, June 1). Remote.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Remote/","source":"Tidal Cyber","title":"Remote.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-06-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"cce387fb-769d-5b85-93ce-de3cf3413591","created":"2024-01-12T14:47:29.035824Z","modified":"2024-01-12T14:47:29.222481Z"},{"id":"489c9ce0-684f-5cc6-9f43-47a58d277f5d","name":"Oberheide-RemoteInstall","description":"Jon Oberheide. (2010, June 25). Remote Kill and Install on Google Android. Retrieved December","url":"https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/","source":"Mobile","title":"Remote Kill and Install on Google Android","authors":"Jon Oberheide","date_accessed":"1978-12-01T00:00:00Z","date_published":"2010-06-25T00:00:00Z","owner_name":null,"tidal_id":"1ebbbe7f-7745-51d5-8f5a-7681058e9329","created":"2026-01-28T13:08:10.046098Z","modified":"2026-01-28T13:08:10.046101Z"},{"id":"2239d595-4b80-4828-9d06-f8de221f9534","name":"Microsoft Remote Use of Local","description":"Margosis, A.. (2018, December 10). Remote Use of Local Accounts: LAPS Changes Everything. Retrieved March 13, 2020.","url":"https://blogs.technet.microsoft.com/secguide/2018/12/10/remote-use-of-local-accounts-laps-changes-everything/","source":"MITRE","title":"Remote Use of Local Accounts: LAPS Changes Everything","authors":"Margosis, A.","date_accessed":"2020-03-13T00:00:00Z","date_published":"2018-12-10T00:00:00Z","owner_name":null,"tidal_id":"f369d3c9-d76f-5643-a9dd-04828f8ed47d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441654Z"},{"id":"27812e3f-9177-42ad-8681-91c65aba4743","name":"SigmaHQ","description":"Sittikorn S. (2022, April 15). Removal Of SD Value to Hide Schedule Task - Registry. Retrieved June 1, 2022.","url":"https://github.com/SigmaHQ/sigma/blob/master/rules/windows/registry/registry_delete/registry_delete_schtasks_hide_task_via_sd_value_removal.yml","source":"MITRE","title":"Removal Of SD Value to Hide Schedule Task - Registry","authors":"Sittikorn S","date_accessed":"2022-06-01T00:00:00Z","date_published":"2022-04-15T00:00:00Z","owner_name":null,"tidal_id":"bafc2685-e828-5d65-947e-217a11ed8f39","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423625Z"},{"id":"19cfa79f-5ba9-5521-8c21-aba94039c8c8","name":"mac security virus popup","description":"David Balaban. (2022, October 7). Remove Guroshied virus popup from Mac. Retrieved March 14, 2025.","url":"https://macsecurity.net/view/543-remove-guroshied-mac","source":"MITRE","title":"Remove Guroshied virus popup from Mac","authors":"David Balaban","date_accessed":"2025-03-14T00:00:00Z","date_published":"2022-10-07T00:00:00Z","owner_name":null,"tidal_id":"67b65244-a9d7-54ae-9c51-3921d3db370e","created":"2025-04-22T20:47:32.030125Z","modified":"2025-12-17T15:08:36.442182Z"},{"id":"408c0c8c-5d8e-5ebe-bd31-81b405c615d8","name":"disable_win_evt_logging","description":"Heiligenstein, L. (n.d.). REP-25: Disable Windows Event Logging. Retrieved April 7, 2022.","url":"https://ptylu.github.io/content/report/report.html?report=25","source":"MITRE","title":"REP-25: Disable Windows Event Logging","authors":"Heiligenstein, L","date_accessed":"2022-04-07T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f3081800-32fe-54e7-b531-63b86b50a49e","created":"2023-05-26T01:21:05.487318Z","modified":"2025-12-17T15:08:36.429276Z"},{"id":"75130a36-e859-438b-9536-410c2831b2de","name":"Microsoft Replace Process Token","description":"Brower, N., Lich, B. (2017, April 19). Replace a process level token. Retrieved December 19, 2017.","url":"https://docs.microsoft.com/windows/device-security/security-policy-settings/replace-a-process-level-token","source":"MITRE","title":"Replace a process level token","authors":"Brower, N., Lich, B","date_accessed":"2017-12-19T00:00:00Z","date_published":"2017-04-19T00:00:00Z","owner_name":null,"tidal_id":"66274807-dc3f-5372-9929-a2c211c0e07e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416268Z"},{"id":"82a473e9-208c-4c47-bf38-92aee43238dd","name":"Replace.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Replace.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Replace/","source":"Tidal Cyber","title":"Replace.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"52de9c91-b67c-5c3c-a259-48dfd31824a1","created":"2024-01-12T14:46:58.297131Z","modified":"2024-01-12T14:46:58.471375Z"},{"id":"ed31056c-23cb-5cb0-9b70-f363c54b27f7","name":"Bugcrowd Replay Attack","description":"Bugcrowd. (n.d.). Replay Attack. Retrieved September 27, 2023.","url":"https://www.bugcrowd.com/glossary/replay-attack/","source":"MITRE","title":"Replay Attack","authors":"Bugcrowd","date_accessed":"2023-09-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"139f1e85-3c16-58b3-b32f-a37dbec9a4be","created":"2023-11-07T00:36:06.172461Z","modified":"2025-12-17T15:08:36.432898Z"},{"id":"0ff40575-cd2d-4a70-a07b-fff85f520062","name":"Mac Forwarding Rules","description":"Apple. (n.d.). Reply to, forward, or redirect emails in Mail on Mac. Retrieved June 22, 2021.","url":"https://support.apple.com/guide/mail/reply-to-forward-or-redirect-emails-mlhlp1010/mac","source":"MITRE","title":"Reply to, forward, or redirect emails in Mail on Mac","authors":"Apple","date_accessed":"2021-06-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e0fa92cf-6cd9-5a42-aded-8c581f59d537","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431596Z"},{"id":"6e8cc88a-fb3f-4464-9380-868f597def6e","name":"GitHub Reptile","description":"Augusto, I. (2018, March 8). Reptile - LMK Linux rootkit. Retrieved April 9, 2018.","url":"https://github.com/f0rb1dd3n/Reptile","source":"MITRE","title":"Reptile - LMK Linux rootkit","authors":"Augusto, I","date_accessed":"2018-04-09T00:00:00Z","date_published":"2018-03-08T00:00:00Z","owner_name":null,"tidal_id":"ba0a7b09-baa2-58b3-917d-bb37a2453e60","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430930Z"},{"id":"2aabb249-c4af-5e0e-b451-82d68b343539","name":"Cyble","description":"Cyble. (2024, September 9). Reputation Hijacking with JamPlus: A Maneuver to Bypass Smart App Control (SAC). Retrieved March 21, 2025.","url":"https://cyble.com/blog/reputation-hijacking-with-jamplus-a-maneuver-to-bypass-smart-app-control-sac/","source":"MITRE","title":"Reputation Hijacking with JamPlus: A Maneuver to Bypass Smart App Control (SAC)","authors":"Cyble","date_accessed":"2025-03-21T00:00:00Z","date_published":"2024-09-09T00:00:00Z","owner_name":null,"tidal_id":"096d3e8a-9c2d-5e7d-b9cc-0c623abfee34","created":"2025-04-22T20:47:16.217080Z","modified":"2025-12-17T15:08:36.431576Z"},{"id":"1bea99a8-8291-5d1f-82e3-9116189018c1","name":"Apple Requesting Authorization for Location Services","description":"Apple Developers. (n.d.). Requesting Authorization for Location Services. Retrieved April","url":"https://developer.apple.com/documentation/corelocation/requesting_authorization_for_location_services","source":"Mobile","title":"Requesting Authorization for Location Services","authors":"Apple Developers","date_accessed":"1978-04-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"300b75b8-77bb-5bf9-b46b-2322c1203fc8","created":"2026-01-28T13:08:10.045162Z","modified":"2026-01-28T13:08:10.045165Z"},{"id":"b4413e90-6114-5acb-b3be-1f2a9eb59320","name":"Apple Location Services","description":"Apple. (n.d.). Requesting Authorization for Location Services. Retrieved September","url":"https://developer.apple.com/documentation/corelocation/requesting_authorization_for_location_services","source":"Mobile","title":"Requesting Authorization for Location Services","authors":"Apple","date_accessed":"1978-09-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f417d6d9-00dd-503a-9f8a-4d5b0e1fd454","created":"2026-01-28T13:08:10.044840Z","modified":"2026-01-28T13:08:10.044843Z"},{"id":"ca22a783-d83c-55ff-9d6b-d86444f9381c","name":"Requesting Auth-Media Capture","description":"Apple Developers. (n.d.). Requesting Authorization for Media Capture on iOS. Retrieved April","url":"https://developer.apple.com/documentation/avfoundation/cameras_and_media_capture/requesting_authorization_for_media_capture_on_ios","source":"Mobile","title":"Requesting Authorization for Media Capture on iOS","authors":"Apple Developers","date_accessed":"1978-04-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ed6098e1-03d3-52af-808e-289995bb1811","created":"2026-01-28T13:08:10.044418Z","modified":"2026-01-28T13:08:10.044421Z"},{"id":"c6f29134-5af2-42e1-af4f-fbb9eae03432","name":"AWS Temporary Security Credentials","description":"AWS. (n.d.). Requesting temporary security credentials. Retrieved April 1, 2022.","url":"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html","source":"MITRE","title":"Requesting temporary security credentials","authors":"AWS","date_accessed":"2022-04-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"54ae1a86-9718-50d1-b2dc-81df9bdbf5d9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432751Z"},{"id":"086129a4-8963-5e29-a8b6-b9fb3e992ae9","name":"Android Request Location Permissions","description":"Android Developers. (2022, March 24). Request Location Permissions. Retrieved April","url":"https://developer.android.com/training/location/permissions","source":"Mobile","title":"Request Location Permissions","authors":"Android Developers","date_accessed":"1978-04-01T00:00:00Z","date_published":"2022-03-24T00:00:00Z","owner_name":null,"tidal_id":"2cde5831-3164-59a7-a299-547dd66d539b","created":"2026-01-28T13:08:10.045137Z","modified":"2026-01-28T13:08:10.045140Z"},{"id":"c9c647b6-f4fb-44d6-9376-23c1ae9520b4","name":"ARS Technica China Hack SK April 2017","description":"Sean Gallagher. (2017, April 21). Researchers claim China trying to hack South Korea missile defense efforts. Retrieved October 17, 2021.","url":"https://arstechnica.com/information-technology/2017/04/researchers-claim-china-trying-to-hack-south-korea-missile-defense-efforts/","source":"MITRE, Tidal Cyber","title":"Researchers claim China trying to hack South Korea missile defense efforts","authors":"Sean Gallagher","date_accessed":"2021-10-17T00:00:00Z","date_published":"2017-04-21T00:00:00Z","owner_name":null,"tidal_id":"7223cbbb-9e31-558e-bd99-ab2cf198a184","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279758Z"},{"id":"aafed56e-bbaf-5086-bb6c-95c435f32bdf","name":"Computerworld-Femtocell","description":"Jaikumar Vijayan. (2013, August 1). Researchers exploit cellular tech flaws to intercept phone calls. Retrieved December","url":"http://www.computerworld.com/article/2484538/cybercrime-hacking/researchers-exploit-cellular-tech-flaws-to-intercept-phone-calls.html","source":"Mobile","title":"Researchers exploit cellular tech flaws to intercept phone calls","authors":"Jaikumar Vijayan","date_accessed":"1978-12-01T00:00:00Z","date_published":"2013-08-01T00:00:00Z","owner_name":null,"tidal_id":"efa1b2e1-ca76-5fbf-8cd3-9e81d3da698d","created":"2026-01-28T13:08:10.045385Z","modified":"2026-01-28T13:08:10.045388Z"},{"id":"96265ecd-5c0b-59a7-a82e-9af6177e484b","name":"The Hacker News PyPi Revival Hijack 2024","description":"Ravie Lakshmanan. (2024, September 4). Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack. Retrieved May 22, 2025.","url":"https://thehackernews.com/2024/09/hackers-hijack-22000-removed-pypi.html","source":"MITRE","title":"Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack","authors":"Ravie Lakshmanan","date_accessed":"2025-05-22T00:00:00Z","date_published":"2024-09-04T00:00:00Z","owner_name":null,"tidal_id":"7b754fb9-be61-5ea3-b679-0e1232d25e69","created":"2025-10-29T21:08:48.165596Z","modified":"2025-12-17T15:08:36.425650Z"},{"id":"5f28adee-1313-48ec-895c-27341bd1071f","name":"Wired SandCat Oct 2019","description":"Zetter, K. (2019, October 3). Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC. Retrieved October 15, 2020.","url":"https://www.vice.com/en/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec","source":"MITRE","title":"Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC","authors":"Zetter, K","date_accessed":"2020-10-15T00:00:00Z","date_published":"2019-10-03T00:00:00Z","owner_name":null,"tidal_id":"8a80f7ff-c022-5c27-a68a-f778d1b7bd46","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436567Z"},{"id":"742c8a5c-21e5-58d8-a90d-f4c186c0699a","name":"Vincens AcidPour 2024","description":"A.J. Vincens, CyberScoop. (2024, March 18). Researchers spot updated version of malware that hit Viasat. Retrieved March 25, 2024.","url":"https://cyberscoop.com/viasat-malware-wiper-acidrain/","source":"MITRE","title":"Researchers spot updated version of malware that hit Viasat","authors":"A.J. Vincens, CyberScoop","date_accessed":"2024-03-25T00:00:00Z","date_published":"2024-03-18T00:00:00Z","owner_name":null,"tidal_id":"7fd19459-896d-53a9-b1a6-acaa181eac69","created":"2024-04-25T13:28:46.795151Z","modified":"2025-12-17T15:08:36.416626Z"},{"id":"8dbbf13b-e73c-43c2-a053-7b07fdf25c85","name":"MSitPros CMSTP Aug 2017","description":"Moe, O. (2017, August 15). Research on CMSTP.exe. Retrieved April 11, 2018.","url":"https://msitpros.com/?p=3960","source":"MITRE","title":"Research on CMSTP.exe","authors":"Moe, O","date_accessed":"2018-04-11T00:00:00Z","date_published":"2017-08-15T00:00:00Z","owner_name":null,"tidal_id":"4ffce8aa-122a-5c06-ba3d-559fce93c452","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415996Z"},{"id":"0d6c5b86-bab1-5bca-9218-ffbf31e7e49b","name":"Nightwatch screencap April 2016","description":"Nightwatch Cybersecurity. (2016, April 13). Research: Securing Android Applications from Screen Capture (FLAG_SECURE). Retrieved November","url":"https://wwws.nightwatchcybersecurity.com/2016/04/13/research-securing-android-applications-from-screen-capture/","source":"Mobile","title":"Research: Securing Android Applications from Screen Capture (FLAG_SECURE)","authors":"Nightwatch Cybersecurity","date_accessed":"1978-11-01T00:00:00Z","date_published":"2016-04-13T00:00:00Z","owner_name":null,"tidal_id":"d044e0dd-ac86-5fab-bf27-37427cff8473","created":"2026-01-28T13:08:10.047920Z","modified":"2026-01-28T13:08:10.047923Z"},{"id":"31108705-a1d3-49c8-ad22-663abeea2078","name":"Reset.exe - LOLBAS Project","description":"LOLBAS. (2025, July 31). Reset.exe. Retrieved December 30, 2025.","url":"https://lolbas-project.github.io/lolbas/Binaries/Reset/","source":"Tidal Cyber","title":"Reset.exe","authors":"LOLBAS","date_accessed":"2025-12-30T12:00:00Z","date_published":"2025-07-31T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9860b1c2-9085-5322-b70a-b83cf9b62de1","created":"2026-01-06T18:03:30.706668Z","modified":"2026-01-06T18:03:30.853739Z"},{"id":"0008dfd8-25a1-4e6a-9154-da7bcbb7daa7","name":"sentinellabs resource named fork 2020","description":"Phil Stokes. (2020, November 5). Resourceful macOS Malware Hides in Named Fork. Retrieved October 12, 2021.","url":"https://www.sentinelone.com/labs/resourceful-macos-malware-hides-in-named-fork/","source":"MITRE","title":"Resourceful macOS Malware Hides in Named Fork","authors":"Phil Stokes","date_accessed":"2021-10-12T00:00:00Z","date_published":"2020-11-05T00:00:00Z","owner_name":null,"tidal_id":"78724b8c-79a8-53d5-9226-c72d3daab47d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433611Z"},{"id":"3ef681a9-4ab0-420b-9d1a-b8152c50b3ca","name":"GitHub Responder","description":"Gaffie, L. (2016, August 25). Responder. Retrieved November 17, 2017.","url":"https://github.com/SpiderLabs/Responder","source":"MITRE","title":"Responder","authors":"Gaffie, L","date_accessed":"2017-11-17T00:00:00Z","date_published":"2016-08-25T00:00:00Z","owner_name":null,"tidal_id":"fabe0078-9a5f-5e18-a4b8-972661196ad7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423204Z"},{"id":"63d89139-9dd4-4ed6-bf6e-8cd872c5d034","name":"Mandiant UNC2589 March 2022","description":"Sadowski, J; Hall, R. (2022, March 4). Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation. Retrieved June 9, 2022.","url":"https://www.mandiant.com/resources/russia-invasion-ukraine-retaliation","source":"MITRE","title":"Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation","authors":"Sadowski, J; Hall, R","date_accessed":"2022-06-09T00:00:00Z","date_published":"2022-03-04T00:00:00Z","owner_name":null,"tidal_id":"2cf94ede-c453-5b4c-8d37-e2b83db357f5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437864Z"},{"id":"a4cb3caf-e7ef-4662-93c6-63a0c3352a32","name":"CrowdStrike BGH Ransomware 2021","description":"Falcon Complete Team. (2021, May 11). Response When Minutes Matter: Rising Up Against Ransomware. Retrieved October 8, 2021.","url":"https://www.crowdstrike.com/blog/how-falcon-complete-stopped-a-big-game-hunting-ransomware-attack/","source":"MITRE","title":"Response When Minutes Matter: Rising Up Against Ransomware","authors":"Falcon Complete Team","date_accessed":"2021-10-08T00:00:00Z","date_published":"2021-05-11T00:00:00Z","owner_name":null,"tidal_id":"dd6d0694-e701-574d-a75c-0046d33fc89d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431884Z"},{"id":"ffa46676-518e-4fef-965d-e91efae95dfc","name":"Google - Restore Cloud Snapshot","description":"Google. (2019, October 7). Restoring and deleting persistent disk snapshots. Retrieved October 8, 2019.","url":"https://cloud.google.com/compute/docs/disks/restore-and-delete-snapshots","source":"MITRE","title":"Restoring and deleting persistent disk snapshots","authors":"Google","date_accessed":"2019-10-08T00:00:00Z","date_published":"2019-10-07T00:00:00Z","owner_name":null,"tidal_id":"0e2d59e1-673e-5b07-be17-4cf0b9ad61b3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424251Z"},{"id":"9733447c-072f-4da8-9cc7-0a0ce6a3b820","name":"Google Instances Resource","description":"Google. (n.d.). Rest Resource: instance. Retrieved March 3, 2020.","url":"https://cloud.google.com/compute/docs/reference/rest/v1/instances","source":"MITRE","title":"Rest Resource: instance","authors":"Google","date_accessed":"2020-03-03T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2af3c0fb-8825-587e-83f7-88d2c86ceb32","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427540Z"},{"id":"ffc6efd3-1928-5b56-8f46-686e6c976371","name":"Android Background","description":"Android Developers. (n.d.). Restrictions on starting activities from the background. Retrieved September","url":"https://developer.android.com/guide/components/activities/background-starts","source":"Mobile","title":"Restrictions on starting activities from the background","authors":"Android Developers","date_accessed":"1978-09-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"488d2966-5c92-5336-ab5e-87ef63375301","created":"2026-01-28T13:08:10.043595Z","modified":"2026-01-28T13:08:10.043598Z"},{"id":"9dc18a57-b5f0-4231-b851-eeb872121407","name":"Microsoft Security Blog January 22 2026","description":"Microsoft Defender Security Research Team. (2026, January 22). Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint  | Microsoft Security Blog. Retrieved January 23, 2026.","url":"https://www.microsoft.com/en-us/security/blog/2026/01/21/multistage-aitm-phishing-bec-campaign-abusing-sharepoint/","source":"Tidal Cyber","title":"Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint  | Microsoft Security Blog","authors":"Microsoft Defender Security Research Team","date_accessed":"2026-01-23T12:00:00Z","date_published":"2026-01-22T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"71d4e3e5-a61e-5c94-b19f-0d2b9df5b7f8","created":"2026-01-23T20:29:40.692350Z","modified":"2026-01-23T20:29:40.830326Z"},{"id":"c666200d-5392-43f2-9ad0-1268d7b2e86f","name":"Secureworks IRON LIBERTY July 2019","description":"Secureworks. (2019, July 24). Resurgent Iron Liberty Targeting Energy Sector. Retrieved August 12, 2020.","url":"https://www.secureworks.com/research/resurgent-iron-liberty-targeting-energy-sector","source":"MITRE, Tidal Cyber","title":"Resurgent Iron Liberty Targeting Energy Sector","authors":"Secureworks","date_accessed":"2020-08-12T00:00:00Z","date_published":"2019-07-24T00:00:00Z","owner_name":null,"tidal_id":"d709513b-c8fc-50a0-a523-ec25261002ca","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.277939Z"},{"id":"52f841b0-10a8-4f48-8265-5b336489ff80","name":"Palo Alto Retefe","description":"Levene, B., Falcone, R., Grunzweig, J., Lee, B., Olson, R. (2015, August 20). Retefe Banking Trojan Targets Sweden, Switzerland and Japan. Retrieved July 3, 2017.","url":"https://researchcenter.paloaltonetworks.com/2015/08/retefe-banking-trojan-targets-sweden-switzerland-and-japan/","source":"MITRE","title":"Retefe Banking Trojan Targets Sweden, Switzerland and Japan","authors":"Levene, B., Falcone, R., Grunzweig, J., Lee, B., Olson, R","date_accessed":"2017-07-03T00:00:00Z","date_published":"2015-08-20T00:00:00Z","owner_name":null,"tidal_id":"830e90fb-bca2-5af1-8c21-edfe0d8e6b02","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441723Z"},{"id":"ec87e183-3018-5cac-9fab-711003be54f7","name":"AWS Secrets Manager","description":"AWS. (n.d.). Retrieve secrets from AWS Secrets Manager. Retrieved September 25, 2023.","url":"https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html","source":"MITRE","title":"Retrieve secrets from AWS Secrets Manager","authors":"AWS","date_accessed":"2023-09-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f1b5e9a8-1445-582a-9b77-431c1ec53b57","created":"2023-11-07T00:36:07.900955Z","modified":"2025-12-17T15:08:36.434865Z"},{"id":"e48dc4ce-e7c5-44e4-b033-7ab4bbdbe1cb","name":"Directory Services Internals DPAPI Backup Keys Oct 2015","description":"Grafnetter, M. (2015, October 26). Retrieving DPAPI Backup Keys from Active Directory. Retrieved December 19, 2017.","url":"https://www.dsinternals.com/en/retrieving-dpapi-backup-keys-from-active-directory/","source":"MITRE","title":"Retrieving DPAPI Backup Keys from Active Directory","authors":"Grafnetter, M","date_accessed":"2017-12-19T00:00:00Z","date_published":"2015-10-26T00:00:00Z","owner_name":null,"tidal_id":"0f535324-3c49-54e3-a922-e413054104cb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439720Z"},{"id":"62ad7dbc-3ed2-4fa5-a56a-2810ce131167","name":"Malwarebytes RokRAT VBA January 2021","description":"Jazi, Hossein. (2021, January 6). Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat. Retrieved March 22, 2022.","url":"https://blog.malwarebytes.com/threat-analysis/2021/01/retrohunting-apt37-north-korean-apt-used-vba-self-decode-technique-to-inject-rokrat/","source":"MITRE","title":"Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat","authors":"Jazi, Hossein","date_accessed":"2022-03-22T00:00:00Z","date_published":"2021-01-06T00:00:00Z","owner_name":null,"tidal_id":"f3c8b08d-008d-5ed9-bd94-d78131a0397a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440203Z"},{"id":"4929c08e-cc20-5f85-8ae0-6bb691ce7917","name":"TCC Database","description":"Marina Liang. (2024, April 23). Return of the mac(OS): Transparency, Consent, and Control (TCC) Database Manipulation. Retrieved March 28, 2024.","url":"https://interpressecurity.com/resources/return-of-the-macos-tcc/","source":"MITRE","title":"Return of the mac(OS): Transparency, Consent, and Control (TCC) Database Manipulation","authors":"Marina Liang","date_accessed":"2024-03-28T00:00:00Z","date_published":"2024-04-23T00:00:00Z","owner_name":null,"tidal_id":"1fa4a86e-3ff3-5e6a-9106-dec1af030c94","created":"2024-04-25T13:28:40.940492Z","modified":"2025-12-17T15:08:36.435969Z"},{"id":"8aed9534-2ec6-4c9f-b63b-9bb135432cfb","name":"jRAT Symantec Aug 2018","description":"Sharma, R. (2018, August 15). Revamped jRAT Uses New Anti-Parsing Techniques. Retrieved September 21, 2018.","url":"https://www.symantec.com/blogs/threat-intelligence/jrat-new-anti-parsing-techniques","source":"MITRE","title":"Revamped jRAT Uses New Anti-Parsing Techniques","authors":"Sharma, R","date_accessed":"2018-09-21T00:00:00Z","date_published":"2018-08-15T00:00:00Z","owner_name":null,"tidal_id":"6ebc2a75-b1d9-5c6a-aa26-50c68ceb2e6b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422278Z"},{"id":"f9e40a71-c963-53de-9266-13f9f326c5bf","name":"Sygnia Emperor Dragonfly October 2022","description":"Biderman, O. et al. (2022, October 3). REVEALING EMPEROR DRAGONFLY: NIGHT SKY AND CHEERSCRYPT - A SINGLE RANSOMWARE GROUP. Retrieved December 6, 2023.","url":"https://blog.sygnia.co/revealing-emperor-dragonfly-a-chinese-ransomware-group","source":"MITRE","title":"REVEALING EMPEROR DRAGONFLY: NIGHT SKY AND CHEERSCRYPT - A SINGLE RANSOMWARE GROUP","authors":"Biderman, O. et al","date_accessed":"2023-12-06T00:00:00Z","date_published":"2022-10-03T00:00:00Z","owner_name":null,"tidal_id":"f1069ecc-e631-5d73-b336-745e720a0faa","created":"2024-04-25T13:28:45.330843Z","modified":"2025-12-17T15:08:36.418975Z"},{"id":"abe44c50-8347-5c98-8b04-d41afbe59d4c","name":"Morphisec Snip3 May 2021","description":"Lorber, N. (2021, May 7). Revealing the Snip3 Crypter, a Highly Evasive RAT Loader. Retrieved September 13, 2023.","url":"https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader","source":"MITRE","title":"Revealing the Snip3 Crypter, a Highly Evasive RAT Loader","authors":"Lorber, N","date_accessed":"2023-09-13T00:00:00Z","date_published":"2021-05-07T00:00:00Z","owner_name":null,"tidal_id":"227c4b5e-a10a-5645-8d2c-d13dde8178a7","created":"2023-11-07T00:36:15.403462Z","modified":"2025-12-17T15:08:36.418059Z"},{"id":"ae28afad-e2d6-4c3c-a309-ee7c44a3e586","name":"Microsoft DUBNIUM June 2016","description":"Microsoft. (2016, June 9). Reverse-engineering DUBNIUM. Retrieved March 31, 2021.","url":"https://www.microsoft.com/security/blog/2016/06/09/reverse-engineering-dubnium-2/","source":"MITRE","title":"Reverse-engineering DUBNIUM","authors":"Microsoft","date_accessed":"2021-03-31T00:00:00Z","date_published":"2016-06-09T00:00:00Z","owner_name":null,"tidal_id":"6088bb31-d7b6-5e93-bfbf-7dbd0f32879f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437994Z"},{"id":"999a471e-6373-463b-a77b-d3020b4a8702","name":"Microsoft DUBNIUM Flash June 2016","description":"Microsoft. (2016, June 20). Reverse-engineering DUBNIUM’s Flash-targeting exploit. Retrieved March 31, 2021.","url":"https://www.microsoft.com/security/blog/2016/06/20/reverse-engineering-dubniums-flash-targeting-exploit/","source":"MITRE","title":"Reverse-engineering DUBNIUM’s Flash-targeting exploit","authors":"Microsoft","date_accessed":"2021-03-31T00:00:00Z","date_published":"2016-06-20T00:00:00Z","owner_name":null,"tidal_id":"79c814c3-021a-561d-afd0-a6d6d3b68abd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437988Z"},{"id":"e1bd8fb3-e0b4-4659-85a1-d37e1c3d167f","name":"Microsoft DUBNIUM July 2016","description":"Microsoft. (2016, July 14). Reverse engineering DUBNIUM – Stage 2 payload analysis . Retrieved March 31, 2021.","url":"https://www.microsoft.com/security/blog/2016/07/14/reverse-engineering-dubnium-stage-2-payload-analysis/","source":"MITRE","title":"Reverse engineering DUBNIUM – Stage 2 payload analysis","authors":"Microsoft","date_accessed":"2021-03-31T00:00:00Z","date_published":"2016-07-14T00:00:00Z","owner_name":null,"tidal_id":"dfa1796c-611c-5c41-b11e-dc9039a33211","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437982Z"},{"id":"f8311977-303c-4d05-a7f4-25b3ae36318b","name":"CSRB LAPSUS$ July 24 2023","description":"Cyber Safety Review Board. (2023, July 24). Review of the Attacks Associated with LAPSUS$ and Related Threat Groups. Retrieved November 16, 2023.","url":"https://www.cisa.gov/sites/default/files/2023-08/CSRB_Lapsus%24_508c.pdf","source":"Tidal Cyber","title":"Review of the Attacks Associated with LAPSUS$ and Related Threat Groups","authors":"Cyber Safety Review Board","date_accessed":"2023-11-16T00:00:00Z","date_published":"2023-07-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"df9f0342-c375-5d02-bf12-650ffbc2d397","created":"2023-11-17T17:09:18.626271Z","modified":"2023-11-17T17:09:18.719414Z"},{"id":"b939dc98-e00e-4d47-84a4-3eaaeb5c0abf","name":"Intel 471 REvil March 2020","description":"Intel 471 Malware Intelligence team. (2020, March 31). REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation. Retrieved August 4, 2020.","url":"https://intel471.com/blog/revil-ransomware-as-a-service-an-analysis-of-a-ransomware-affiliate-operation/","source":"MITRE","title":"REvil Ransomware-as-a-Service – An analysis of a ransomware affiliate operation","authors":"Intel 471 Malware Intelligence team","date_accessed":"2020-08-04T00:00:00Z","date_published":"2020-03-31T00:00:00Z","owner_name":null,"tidal_id":"7987cde3-120d-55c2-9c67-8957874ab42e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421040Z"},{"id":"790ef274-aea4-49b7-8b59-1b95185c5f50","name":"BleepingComputer REvil 2021","description":"Abrams, L. (2021, March 19). REvil ransomware has a new ‘Windows Safe Mode’ encryption mode. Retrieved June 23, 2021.","url":"https://www.bleepingcomputer.com/news/security/revil-ransomware-has-a-new-windows-safe-mode-encryption-mode/","source":"MITRE","title":"REvil ransomware has a new ‘Windows Safe Mode’ encryption mode","authors":"Abrams, L","date_accessed":"2021-06-23T00:00:00Z","date_published":"2021-03-19T00:00:00Z","owner_name":null,"tidal_id":"81eeea50-7d16-5fcf-a1d6-9708fd24a862","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426562Z"},{"id":"8f4e2baf-4227-4bbd-bfdb-5598717dcf88","name":"Secureworks REvil September 2019","description":"Counter Threat Unit Research Team. (2019, September 24). REvil/Sodinokibi Ransomware. Retrieved August 4, 2020.","url":"https://www.secureworks.com/research/revil-sodinokibi-ransomware","source":"MITRE, Tidal Cyber","title":"REvil/Sodinokibi Ransomware","authors":"Counter Threat Unit Research Team","date_accessed":"2020-08-04T00:00:00Z","date_published":"2019-09-24T00:00:00Z","owner_name":null,"tidal_id":"e790c2df-95d0-5abd-8b4c-7c2506320d91","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.261451Z"},{"id":"46b5d57b-17be-48ff-b723-406f6a55d84a","name":"Secureworks GandCrab and REvil September 2019","description":"Secureworks . (2019, September 24). REvil: The GandCrab Connection. Retrieved August 4, 2020.","url":"https://www.secureworks.com/blog/revil-the-gandcrab-connection","source":"MITRE","title":"REvil: The GandCrab Connection","authors":"Secureworks","date_accessed":"2020-08-04T00:00:00Z","date_published":"2019-09-24T00:00:00Z","owner_name":null,"tidal_id":"7a1873ca-6b6b-5434-88a7-9908ceef34a6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421074Z"},{"id":"c5aefcff-432f-4506-acaa-df8be6b58b9f","name":"Trend Micro Revisiting UNC3886 July 28 2025","description":"Cj Arsley Mateo, Ieriz Nicolle Gonzalez, Jacob Santos, Paul John Bardon, Angelo Junio, Rayven Cervantes. (2025, July 28). Revisiting UNC3886 Tactics to Defend Against Present Risk. Retrieved August 29, 2025.","url":"https://www.trendmicro.com/en_us/research/25/g/revisiting-unc3886-tactics-to-defend-against-present-risk.html","source":"Tidal Cyber","title":"Revisiting UNC3886 Tactics to Defend Against Present Risk","authors":"Cj Arsley Mateo, Ieriz Nicolle Gonzalez, Jacob Santos, Paul John Bardon, Angelo Junio, Rayven Cervantes","date_accessed":"2025-08-29T12:00:00Z","date_published":"2025-07-28T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"83f93ff4-37ce-5033-8e39-00980ac9db5f","created":"2025-09-10T16:38:50.444218Z","modified":"2025-09-10T16:38:50.619441Z"},{"id":"188a0f02-8d1e-4e4e-b2c0-ddf1bf1bdf93","name":"Enigma Reviving DDE Jan 2018","description":"Nelson, M. (2018, January 29). Reviving DDE: Using OneNote and Excel for Code Execution. Retrieved February 3, 2018.","url":"https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee","source":"MITRE","title":"Reviving DDE: Using OneNote and Excel for Code Execution","authors":"Nelson, M","date_accessed":"2018-02-03T00:00:00Z","date_published":"2018-01-29T00:00:00Z","owner_name":null,"tidal_id":"8a153b6a-c0ac-5f97-a27f-91f62783a160","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415937Z"},{"id":"3624d75e-be50-4c10-9e8a-28523568ff9f","name":"GitHub Revoke-Obfuscation","description":"Bohannon, D. (2017, July 27). Revoke-Obfuscation. Retrieved February 12, 2018.","url":"https://github.com/danielbohannon/Revoke-Obfuscation","source":"MITRE","title":"Revoke-Obfuscation","authors":"Bohannon, D","date_accessed":"2018-02-12T00:00:00Z","date_published":"2017-07-27T00:00:00Z","owner_name":null,"tidal_id":"a175e44c-d0f9-51c6-b0b3-30facebfd4aa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433654Z"},{"id":"e03e9d19-18bb-4d28-8c96-8c1cef89a20b","name":"FireEye Revoke-Obfuscation July 2017","description":"Bohannon, D. & Holmes, L. (2017, July 27). Revoke-Obfuscation: PowerShell Obfuscation Detection Using Science. Retrieved November 17, 2024.","url":"https://www.blackhat.com/docs/us-17/thursday/us-17-Bohannon-Revoke-Obfuscation-PowerShell-Obfuscation-Detection-And%20Evasion-Using-Science-wp.pdf","source":"MITRE","title":"Revoke-Obfuscation: PowerShell Obfuscation Detection Using Science","authors":"Bohannon, D. & Holmes, L","date_accessed":"2024-11-17T00:00:00Z","date_published":"2017-07-27T00:00:00Z","owner_name":null,"tidal_id":"8af1966f-11c7-53ee-bece-8c2674722c92","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433667Z"},{"id":"c710feb6-0529-4b9a-b0cc-9c1f479daa48","name":"Check Point Research October 01 2025 10 01 2025","description":"shlomoo@checkpoint.com. (2025, October 1). Rhadamanthys 0.9.x - walk through the updates - Check Point Research. Retrieved October 3, 2025.","url":"https://research.checkpoint.com/2025/rhadamanthys-0-9-x-walk-through-the-updates/","source":"Tidal Cyber","title":"Rhadamanthys 0.9.x - walk through the updates - Check Point Research","authors":"shlomoo@checkpoint.com","date_accessed":"2025-10-03T12:00:00Z","date_published":"2025-10-01T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a05f41f0-b6ee-5ec4-91a7-bde7ead9fbad","created":"2025-10-07T14:06:57.067523Z","modified":"2025-10-07T14:06:57.202680Z"},{"id":"5e668cd3-5a5d-4b40-9d4b-6108489a9a91","name":"Recorded Future Rhadamanthys September 26 2024","description":"Insikt Group. (2024, September 26). Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0. Retrieved October 14, 2024.","url":"https://go.recordedfuture.com/hubfs/reports/mtp-2024-0926.pdf","source":"Tidal Cyber","title":"Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0","authors":"Insikt Group","date_accessed":"2024-10-14T00:00:00Z","date_published":"2024-09-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"60def40a-9339-5795-ac2f-61f7ac307132","created":"2024-10-14T19:18:57.400766Z","modified":"2024-10-14T19:18:57.567290Z"},{"id":"fff40da4-46a6-45c1-be26-bf2f140a0bcb","name":"Cyble January 12 2023","description":"Cybleinc. (2023, January 12). RhadaManthys Stealer Spreading Via Google Ads Key Insights. Retrieved May 29, 2025.","url":"https://cyble.com/blog/rhadamanthys-new-stealer-spreading-through-google-ads/","source":"Tidal Cyber","title":"RhadaManthys Stealer Spreading Via Google Ads Key Insights","authors":"Cybleinc","date_accessed":"2025-05-29T00:00:00Z","date_published":"2023-01-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"73d3a053-fb40-582d-8bfc-56dc8bc0a839","created":"2025-06-03T14:14:06.445694Z","modified":"2025-06-03T14:14:06.610281Z"},{"id":"3f6e2821-5073-4382-b5dd-08676eaa2240","name":"HC3 Analyst Note Rhysida Ransomware August 2023","description":"Health Sector Cybersecurity Coordination Center (HC3). (2023, August 4). Rhysida Ransomware. Retrieved August 11, 2023.","url":"https://www.hhs.gov/sites/default/files/rhysida-ransomware-sector-alert-tlpclear.pdf","source":"Tidal Cyber","title":"Rhysida Ransomware","authors":"Health Sector Cybersecurity Coordination Center (HC3)","date_accessed":"2023-08-11T00:00:00Z","date_published":"2023-08-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bb4ab76e-96f8-5d83-96a1-bc5382569b5b","created":"2023-11-17T17:09:18.262214Z","modified":"2023-11-17T17:09:18.354308Z"},{"id":"4fa2a841-71e8-4733-8622-cc068d077ad9","name":"SentinelOne Rhysida June 29 2023","description":"Alex Delamotte, Jim Walter. (2023, June 29). Rhysida Ransomware | RaaS Crawls Out of Crimeware Undergrowth to Attack Chilean Army. Retrieved August 11, 2023.","url":"https://www.sentinelone.com/blog/rhysida-ransomware-raas-crawls-out-of-crimeware-undergrowth-to-attack-chilean-army/","source":"Tidal Cyber","title":"Rhysida Ransomware | RaaS Crawls Out of Crimeware Undergrowth to Attack Chilean Army","authors":"Alex Delamotte, Jim Walter","date_accessed":"2023-08-11T00:00:00Z","date_published":"2023-06-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"90b5a24b-68f0-5ff3-8fd2-5c9cf2c1b9b8","created":"2024-06-13T20:10:39.509904Z","modified":"2024-06-13T20:10:39.695225Z"},{"id":"13ed0c11-f258-47d8-9253-8bd13661c2a9","name":"Prodaft RIG February 2023","description":"PTI Team. (2023, February 27). [RIG] RIG Exploit Kit: In-Depth Analysis. Retrieved May 8, 2023.","url":"https://www.prodaft.com/resource/detail/rig-rig-exploit-kit-depth-analysis","source":"Tidal Cyber","title":"[RIG] RIG Exploit Kit: In-Depth Analysis","authors":"PTI Team","date_accessed":"2023-05-08T00:00:00Z","date_published":"2023-02-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4aa16c6e-4b86-59b0-8b54-3938e3714268","created":"2024-06-13T20:10:19.172450Z","modified":"2024-06-13T20:10:19.358031Z"},{"id":"5bcfbae3-e424-526c-a3df-ab3a8f2a983c","name":"Pulsedive","description":"Pulsedive Threat Research. (2025, March 21). Rilide - An Information Stealing Browser Extension. Retrieved September 22, 2025.","url":"https://blog.pulsedive.com/rilide-an-information-stealing-browser-extension/","source":"MITRE","title":"Rilide - An Information Stealing Browser Extension","authors":"Pulsedive Threat Research","date_accessed":"2025-09-22T00:00:00Z","date_published":"2025-03-21T00:00:00Z","owner_name":null,"tidal_id":"9647fae3-bf76-58d5-b9b4-9eacac76566b","created":"2025-10-29T21:08:48.165760Z","modified":"2025-12-17T15:08:36.426446Z"},{"id":"05d8e05f-9691-5a72-aa64-8f11fe6f7927","name":"Kaspersky Riltok June 2019","description":"Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August","url":"https://securelist.com/mobile-banker-riltok/91374/","source":"Mobile","title":"Riltok mobile Trojan: A banker with global reach","authors":"Tatyana Shishkova","date_accessed":"1978-08-01T00:00:00Z","date_published":"2019-06-25T00:00:00Z","owner_name":null,"tidal_id":"d5326042-1f6a-5486-938b-5d4620c3572e","created":"2026-01-28T13:08:10.041642Z","modified":"2026-01-28T13:08:10.041645Z"},{"id":"6425d351-2c88-5af9-970a-4d0d184d0c70","name":"Microsoft XorDdos Linux Stealth 2022","description":"Microsoft Threat Intelligence. (2022, May 19). Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices. Retrieved September 27, 2023.","url":"https://www.microsoft.com/en-us/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/","source":"MITRE","title":"Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices","authors":"Microsoft Threat Intelligence","date_accessed":"2023-09-27T00:00:00Z","date_published":"2022-05-19T00:00:00Z","owner_name":null,"tidal_id":"075478a2-8fe3-5fdb-87ef-672fbeee2822","created":"2023-11-07T00:36:00.278013Z","modified":"2025-12-17T15:08:36.427475Z"},{"id":"a4a3fd3d-1c13-40e5-b462-fa69a1861986","name":"httrack_unhcr","description":"RISKIQ. (2022, March 15). RiskIQ Threat Intelligence Roundup: Campaigns Targeting Ukraine and Global Malware Infrastructure. Retrieved July 29, 2022.","url":"https://web.archive.org/web/20220527112908/https://www.riskiq.com/blog/labs/ukraine-malware-infrastructure/","source":"MITRE","title":"RiskIQ Threat Intelligence Roundup: Campaigns Targeting Ukraine and Global Malware Infrastructure","authors":"RISKIQ","date_accessed":"2022-07-29T00:00:00Z","date_published":"2022-03-15T00:00:00Z","owner_name":null,"tidal_id":"b8ee92c3-3708-5061-ab1c-b8757eb7f839","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428512Z"},{"id":"0c365c3f-3aa7-4c63-b96e-7716b95db049","name":"US-CERT Alert TA13-175A Risks of Default Passwords on the Internet","description":"US-CERT. (n.d.). Risks of Default Passwords on the Internet. Retrieved April 12, 2019.","url":"https://www.us-cert.gov/ncas/alerts/TA13-175A","source":"MITRE","title":"Risks of Default Passwords on the Internet","authors":"US-CERT","date_accessed":"2019-04-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"73472e09-82eb-5a41-9f8c-b79dafa31a86","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416334Z"},{"id":"7586edbe-fbeb-5f91-a27f-25fe31cba770","name":"Risky Bulletin Threat actor impersonates FSB APT","description":"Catalin Cimpanu. (2025, January 22). Risky Bulletin: Threat actor impersonates FSB APT for months to target Russian orgs. Retrieved June 14, 2025.","url":"https://news.risky.biz/risky-bulletin-threat-actor-impersonates-fsb-apt-for-months-to-target-russian-orgs/","source":"MITRE","title":"Risky Bulletin: Threat actor impersonates FSB APT for months to target Russian orgs","authors":"Catalin Cimpanu","date_accessed":"2025-06-14T00:00:00Z","date_published":"2025-01-22T00:00:00Z","owner_name":null,"tidal_id":"3ebcae98-62ff-56ad-af69-5e64c0496f57","created":"2025-10-29T21:08:48.165688Z","modified":"2025-12-17T15:08:36.426125Z"},{"id":"0d81ec58-2e12-5824-aa53-feb0d2260f30","name":"Mandiant ROADSWEEP August 2022","description":"Jenkins, L. at al. (2022, August 4). ROADSWEEP Ransomware - Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations. Retrieved August 6, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/likely-iranian-threat-actor-conducts-politically-motivated-disruptive-activity-against/","source":"MITRE","title":"ROADSWEEP Ransomware - Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations","authors":"Jenkins, L. at al","date_accessed":"2024-08-06T00:00:00Z","date_published":"2022-08-04T00:00:00Z","owner_name":null,"tidal_id":"47953fdc-16ca-5367-8ea3-7f6a176e1157","created":"2024-10-31T16:28:27.898363Z","modified":"2025-12-17T15:08:36.418651Z"},{"id":"90c592dc-2c9d-401a-96ab-b539f7522956","name":"ROADtools Github","description":"Dirk-jan Mollema. (2022, January 31). ROADtools. Retrieved January 31, 2022.","url":"https://github.com/dirkjanm/ROADtools","source":"MITRE","title":"ROADtools","authors":"Dirk-jan Mollema","date_accessed":"2022-01-31T00:00:00Z","date_published":"2022-01-31T00:00:00Z","owner_name":null,"tidal_id":"8c4b1de0-f474-5f98-b029-a491e4bda508","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423028Z"},{"id":"d5307024-13fb-43ce-9c90-0957c77c50ee","name":"Roar Media Archive February 26 2021","description":"Neville. (2021, February 26). Roar Media Archive - What We Can Learn From The LK Domain Registry Hack. Retrieved January 20, 2026.","url":"https://archive.roar.media/english/life/technology/what-the-lk-domain-registry-hack-mean","source":"Tidal Cyber","title":"Roar Media Archive - What We Can Learn From The LK Domain Registry Hack","authors":"Neville","date_accessed":"2026-01-20T12:00:00Z","date_published":"2021-02-26T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a664b128-6042-57ad-9cbd-f617828649ce","created":"2026-01-23T20:29:37.872706Z","modified":"2026-01-23T20:29:38.006504Z"},{"id":"bfb01fbf-4dc0-4943-8a21-457f28f4b01f","name":"Harmj0y Roasting AS-REPs Jan 2017","description":"HarmJ0y. (2017, January 17). Roasting AS-REPs. Retrieved September 23, 2024.","url":"https://blog.harmj0y.net/activedirectory/roasting-as-reps/","source":"MITRE","title":"Roasting AS-REPs","authors":"HarmJ0y","date_accessed":"2024-09-23T00:00:00Z","date_published":"2017-01-17T00:00:00Z","owner_name":null,"tidal_id":"1347bbd0-64e1-523c-b851-7a7fbac7e5cb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427947Z"},{"id":"170a1b5c-a7ed-577a-bdfb-9c2e79ce439d","name":"Robert A. Martin January 2021","description":"Robert A. Martin 2021, January TRUSTING OUR SUPPLY CHAINS: A COMPREHENSIVE DATA-DRIVEN APPROACH. Retrieved 2021/04/12","url":"https://www.mitre.org/sites/default/files/publications/pr-20-01465-37-trusting-our-supply-chains-a-comprehensive-data-driven-approach.pdf","source":"ICS","title":"Robert A. Martin January 2021","authors":"","date_accessed":"2021-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"fd0fec5b-5f8b-5da6-9db2-32c619b38b80","created":"2026-01-28T13:08:18.180471Z","modified":"2026-01-28T13:08:18.180474Z"},{"id":"ab4a0fc2-4c20-586a-9754-6156ee5906f4","name":"Robert Falcone, Bryan Lee May 2016","description":"Robert Falcone, Bryan Lee 2016, May 26 The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor. Retrieved 2019/11/19","url":"https://unit42.paloaltonetworks.com/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/","source":"ICS","title":"Robert Falcone, Bryan Lee May 2016","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"efd58e9d-a765-52e6-a259-e5bfce994b2f","created":"2026-01-28T13:08:18.179622Z","modified":"2026-01-28T13:08:18.179625Z"},{"id":"0027a941-bc2d-54e3-9adf-85333d68b244","name":"Register Robots TXT 2015","description":"Darren Pauli. (2015, May 19). Robots.txt tells hackers the places you don't want them to look. Retrieved July 18, 2024.","url":"https://www.theregister.com/2015/05/19/robotstxt/","source":"MITRE","title":"Robots.txt tells hackers the places you don't want them to look","authors":"Darren Pauli","date_accessed":"2024-07-18T00:00:00Z","date_published":"2015-05-19T00:00:00Z","owner_name":null,"tidal_id":"9ae25cdd-d13b-5e12-ac1f-a38d24475dfa","created":"2024-10-31T16:28:17.233397Z","modified":"2025-12-17T15:08:36.425473Z"},{"id":"31051c8a-b523-4b8e-b834-2168c59e783b","name":"Anomali Rocke March 2019","description":"Anomali Labs. (2019, March 15). Rocke Evolves Its Arsenal With a New Malware Family Written in Golang. Retrieved April 24, 2019.","url":"https://www.anomali.com/blog/rocke-evolves-its-arsenal-with-a-new-malware-family-written-in-golang","source":"MITRE","title":"Rocke Evolves Its Arsenal With a New Malware Family Written in Golang","authors":"Anomali Labs","date_accessed":"2019-04-24T00:00:00Z","date_published":"2019-03-15T00:00:00Z","owner_name":null,"tidal_id":"a3127df4-e270-587d-b45c-0238fa05f133","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423893Z"},{"id":"bff0ee40-e583-4f73-a013-4669ca576904","name":"Talos Rocke August 2018","description":"Liebenberg, D.. (2018, August 30). Rocke: The Champion of Monero Miners. Retrieved May 26, 2020.","url":"https://blog.talosintelligence.com/2018/08/rocke-champion-of-monero-miners.html","source":"MITRE, Tidal Cyber","title":"Rocke: The Champion of Monero Miners","authors":"Liebenberg, D.","date_accessed":"2020-05-26T00:00:00Z","date_published":"2018-08-30T00:00:00Z","owner_name":null,"tidal_id":"2335657c-6877-532f-83bf-86a9d7d15f30","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279512Z"},{"id":"71da7d4c-f1f8-4f5c-a609-78a414851baf","name":"Check Point Rocket Kitten","description":"Check Point Software Technologies. (2015). ROCKET KITTEN: A CAMPAIGN WITH 9 LIVES. Retrieved March 16, 2018.","url":"https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf","source":"MITRE","title":"ROCKET KITTEN: A CAMPAIGN WITH 9 LIVES","authors":"Check Point Software Technologies","date_accessed":"2018-03-16T00:00:00Z","date_published":"2015-01-01T00:00:00Z","owner_name":null,"tidal_id":"069c2109-56aa-5e06-ba2d-1e648a346c31","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438482Z"},{"id":"a07eaeca-f826-42da-aee3-86c96875c600","name":"Huntress December 31 2025","description":"None Identified. (2025, December 31). Rogue ScreenConnect: Common Social Engineering Tactics We Saw in 2025 | Huntress. Retrieved January 5, 2026.","url":"https://www.huntress.com/blog/rogue-screenconnect-social-engineering-tactics-2025","source":"Tidal Cyber","title":"Rogue ScreenConnect: Common Social Engineering Tactics We Saw in 2025 | Huntress","authors":"None Identified","date_accessed":"2026-01-05T12:00:00Z","date_published":"2025-12-31T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4b8b2078-6950-54d8-88f8-800980deb716","created":"2026-01-06T18:03:35.459854Z","modified":"2026-01-06T18:03:35.601781Z"},{"id":"bcad3b27-858f-4c1d-a24c-dbc4dcee3cdc","name":"NCCGroup RokRat Nov 2018","description":"Pantazopoulos, N.. (2018, November 8). RokRat Analysis. Retrieved May 21, 2020.","url":"https://research.nccgroup.com/2018/11/08/rokrat-analysis/","source":"MITRE","title":"RokRat Analysis","authors":"Pantazopoulos, N.","date_accessed":"2020-05-21T00:00:00Z","date_published":"2018-11-08T00:00:00Z","owner_name":null,"tidal_id":"3299942f-ed75-57a4-8a52-ef32e4614d5c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441642Z"},{"id":"116f6565-d36d-4d01-9a97-a40cf589afa9","name":"Talos ROKRAT 2","description":"Mercer, W., Rascagneres, P. (2017, November 28). ROKRAT Reloaded. Retrieved May 21, 2018.","url":"https://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html","source":"MITRE","title":"ROKRAT Reloaded","authors":"Mercer, W., Rascagneres, P","date_accessed":"2018-05-21T00:00:00Z","date_published":"2017-11-28T00:00:00Z","owner_name":null,"tidal_id":"f61ebe7b-4f82-5858-8462-5f1d8eff932e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419094Z"},{"id":"37c0e0e1-cc4d-5a93-b8a0-224f031b7324","name":"Kubernetes RBAC","description":"Kubernetes. (n.d.). Role Based Access Control Good Practices. Retrieved March 8, 2023.","url":"https://kubernetes.io/docs/concepts/security/rbac-good-practices/","source":"MITRE","title":"Role Based Access Control Good Practices","authors":"Kubernetes","date_accessed":"2023-03-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"758292bc-1391-5e84-8d55-43dac9cf65d4","created":"2023-05-26T01:21:19.313730Z","modified":"2025-12-17T15:08:36.427613Z"},{"id":"525a8afc-64e9-5cc3-9c56-95da9811da0d","name":"Google Cloud Service Account Authentication Roles","description":"Google Cloud. (n.d.). Roles for service account authentication. Retrieved July 10, 2023.","url":"https://cloud.google.com/iam/docs/service-account-permissions","source":"MITRE","title":"Roles for service account authentication","authors":"Google Cloud","date_accessed":"2023-07-10T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"79617842-9ee8-51f4-a2e1-b655cac572d5","created":"2023-11-07T00:36:04.355994Z","modified":"2025-12-17T15:08:36.431054Z"},{"id":"adb2d336-cc35-4ac5-b7ba-ab44e92533d9","name":"ESET RomCom November 26 2024","description":"Damien Schaeffer, Romain Dumont. (2024, November 26). RomCom exploits Firefox and Windows zero days in the wild. Retrieved January 31, 2025.","url":"https://www.welivesecurity.com/en/eset-research/romcom-exploits-firefox-and-windows-zero-days-in-the-wild/","source":"Tidal Cyber","title":"RomCom exploits Firefox and Windows zero days in the wild","authors":"Damien Schaeffer, Romain Dumont","date_accessed":"2025-01-31T00:00:00Z","date_published":"2024-11-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5da39ed0-dd01-53df-bf97-562b7a5e150b","created":"2025-02-03T21:08:22.500412Z","modified":"2025-02-03T21:08:22.821918Z"},{"id":"8516eaf7-0749-4dba-9d04-c112a13a87f4","name":"CybersecurityNews May 5 2025","description":"Tushar Subhra Dutta. (2025, May 5). RomCom RAT Attacking UK Organizations Via Customer Feedback Portals. Retrieved May 5, 2025.","url":"https://cybersecuritynews.com/romcom-rat-attacking-uk-organizations/","source":"Tidal Cyber","title":"RomCom RAT Attacking UK Organizations Via Customer Feedback Portals","authors":"Tushar Subhra Dutta","date_accessed":"2025-05-05T00:00:00Z","date_published":"2025-05-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"42798976-19da-5ae9-bc12-d10a74f5792f","created":"2025-05-06T16:28:41.626684Z","modified":"2025-05-06T16:28:41.797930Z"},{"id":"4c94a4d9-242c-4b15-8fa0-0d7f7273d43f","name":"Www.cloudsek.com December 29 2025","description":"Koushik Pal. (2025, December 29). RondoDoX Botnet Weaponizes React2Shell | CloudSEK. Retrieved January 5, 2026.","url":"https://www.cloudsek.com/blog/rondodox-botnet-weaponizes-react2shell","source":"Tidal Cyber","title":"RondoDoX Botnet Weaponizes React2Shell | CloudSEK","authors":"Koushik Pal","date_accessed":"2026-01-05T12:00:00Z","date_published":"2025-12-29T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"71b6fbfd-b86e-5e71-9fad-b0b859fc82c8","created":"2026-01-06T18:03:34.099500Z","modified":"2026-01-06T18:03:34.238860Z"},{"id":"c0e2d9ee-5352-4a87-be91-408dc7a4c806","name":"www.cloudsek.com December 29 2025","description":"Koushik Pal. (2025, December 29). RondoDoX Botnet Weaponizes React2Shell | CloudSEK. Retrieved January 5, 2026.","url":"https://www.cloudsek.com/blog/rondodox-botnet-weaponizes-react2shell","source":"Tidal Cyber","title":"RondoDoX Botnet Weaponizes React2Shell | CloudSEK","authors":"Koushik Pal","date_accessed":"2026-01-05T12:00:00Z","date_published":"2025-12-29T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1ba5089a-73c6-5f3f-b602-3a99181a70cb","created":"2026-01-23T20:29:33.273165Z","modified":"2026-01-23T20:29:33.415358Z"},{"id":"8e162e39-a58f-5ba0-9a8e-101d4cfa324c","name":"BBC-Ronin","description":"Joe Tidy. (2022, March 30). Ronin Network: What a $600m hack says about the state of crypto. Retrieved August 18, 2023.","url":"https://www.bbc.com/news/technology-60933174","source":"MITRE","title":"Ronin Network: What a $600m hack says about the state of crypto","authors":"Joe Tidy","date_accessed":"2023-08-18T00:00:00Z","date_published":"2022-03-30T00:00:00Z","owner_name":null,"tidal_id":"8cc749fd-0900-52a6-9df1-ab34cdacd8b9","created":"2023-11-07T00:36:05.527509Z","modified":"2025-12-17T15:08:36.432191Z"},{"id":"68b9ccbb-906e-4f06-b5bd-3969723c3616","name":"Wikipedia Root Certificate","description":"Wikipedia. (2016, December 6). Root certificate. Retrieved February 20, 2017.","url":"https://en.wikipedia.org/wiki/Root_certificate","source":"MITRE","title":"Root certificate","authors":"Wikipedia","date_accessed":"2017-02-20T00:00:00Z","date_published":"2016-12-06T00:00:00Z","owner_name":null,"tidal_id":"87a1fead-922b-56b2-91cc-91b59301027c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434487Z"},{"id":"e5d4b46f-796c-50bb-b6a2-bab40640b2f9","name":"lookout_abstractemu_1021","description":"P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February","url":"https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign","source":"Mobile","title":"Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign","authors":"P Shunk, K Balaam","date_accessed":"1978-02-01T00:00:00Z","date_published":"2021-10-28T00:00:00Z","owner_name":null,"tidal_id":"11d6afdf-0eee-55a1-b609-c250e9dcb269","created":"2026-01-28T13:08:10.039921Z","modified":"2026-01-28T13:08:10.039924Z"},{"id":"7e877b6b-9873-48e2-b138-e02dcb5268ca","name":"Wikipedia Rootkit","description":"Wikipedia. (2016, June 1). Rootkit. Retrieved June 2, 2016.","url":"https://en.wikipedia.org/wiki/Rootkit","source":"MITRE","title":"Rootkit","authors":"Wikipedia","date_accessed":"2016-06-02T00:00:00Z","date_published":"2016-06-01T00:00:00Z","owner_name":null,"tidal_id":"23315785-2348-5ef4-b85f-069ff7074f79","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424810Z"},{"id":"c383811d-c036-4fe7-add8-b4d4f73b3ce4","name":"Sekoia HideDRV Oct 2016","description":"Rascagnères, P.. (2016, October 27). Rootkit analysis: Use case on HideDRV. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20180202163754/http://www.sekoia.fr/blog/wp-content/uploads/2016/10/Rootkit-analysis-Use-case-on-HIDEDRV-v1.6.pdf","source":"MITRE","title":"Rootkit analysis: Use case on HideDRV","authors":"Rascagnères, P.","date_accessed":"2024-11-17T00:00:00Z","date_published":"2016-10-27T00:00:00Z","owner_name":null,"tidal_id":"a9adab46-8173-5907-98b8-90a75af2fedd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422108Z"},{"id":"b0e90df4-5c33-51ed-a21c-b29c07b6d419","name":"rootnik_rooting_tool","description":"Hu, W., et al. (2015, December 4). Rootnik Android Trojan Abuses Commercial Rooting Tool and Steals Private Information. Retrieved September","url":"https://unit42.paloaltonetworks.com/rootnik-android-trojan-abuses-commercial-rooting-tool-and-steals-private-information/","source":"Mobile","title":"Rootnik Android Trojan Abuses Commercial Rooting Tool and Steals Private Information","authors":"Hu, W., et al","date_accessed":"1978-09-01T00:00:00Z","date_published":"2015-12-04T00:00:00Z","owner_name":null,"tidal_id":"61a50559-dd25-5262-896e-13afad438571","created":"2026-01-28T13:08:10.045235Z","modified":"2026-01-28T13:08:10.045238Z"},{"id":"7a9c53dd-2c0e-5452-9ee2-01531fbf8ba8","name":"RotaJakiro 2021 netlab360 analysis","description":"Alex Turing, Hui Wang. (2021, April 28). RotaJakiro: A long live secret backdoor with 0 VT detection. Retrieved June 14, 2023.","url":"https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/","source":"MITRE","title":"RotaJakiro: A long live secret backdoor with 0 VT detection","authors":"Alex Turing, Hui Wang","date_accessed":"2023-06-14T00:00:00Z","date_published":"2021-04-28T00:00:00Z","owner_name":null,"tidal_id":"9b5ebb16-ea8c-56b2-85b0-687fe0cb2fb4","created":"2023-11-07T00:35:57.175393Z","modified":"2025-12-17T15:08:36.416796Z"},{"id":"20967c9b-5bb6-5cdd-9466-2c9efd9ab98c","name":"netlab360 rotajakiro vs oceanlotus","description":"Alex Turing. (2021, May 6). RotaJakiro, the Linux version of the OceanLotus. Retrieved June 14, 2023.","url":"https://blog.netlab.360.com/rotajakiro_linux_version_of_oceanlotus/","source":"MITRE","title":"RotaJakiro, the Linux version of the OceanLotus","authors":"Alex Turing","date_accessed":"2023-06-14T00:00:00Z","date_published":"2021-05-06T00:00:00Z","owner_name":null,"tidal_id":"607fa37d-368d-575a-b763-1889b320ab81","created":"2023-11-07T00:36:14.754011Z","modified":"2025-12-17T15:08:36.416802Z"},{"id":"0e483ec8-af40-4139-9711-53b999e069ee","name":"TechNet Route","description":"Microsoft. (n.d.). Route. Retrieved April 17, 2016.","url":"https://technet.microsoft.com/en-us/library/bb490991.aspx","source":"MITRE","title":"Route","authors":"Microsoft","date_accessed":"2016-04-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2e19f16f-4802-54bb-a508-83ddad1a8b1b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423339Z"},{"id":"81bbc4e1-e1e6-5c93-bf65-ffdc9c7ff71d","name":"Lumen KVBotnet 2023","description":"Black Lotus Labs. (2023, December 13). Routers Roasting On An Open Firewall: The KV-Botnet Investigation. Retrieved June 10, 2024.","url":"https://blog.lumen.com/routers-roasting-on-an-open-firewall-the-kv-botnet-investigation/","source":"MITRE","title":"Routers Roasting On An Open Firewall: The KV-Botnet Investigation","authors":"Black Lotus Labs","date_accessed":"2024-06-10T00:00:00Z","date_published":"2023-12-13T00:00:00Z","owner_name":null,"tidal_id":"aed3aba2-0911-5f75-8a7d-cae158de17d5","created":"2024-10-31T16:28:27.751233Z","modified":"2025-12-17T15:08:36.439541Z"},{"id":"d1d6b6fe-ef93-4417-844b-7cd8dc76934b","name":"U.S. HHS Royal & BlackCat Alert","description":"Health Sector Cybersecurity Coordination Center (HC3). (2023, January 12). Royal & BlackCat Ransomware: The Threat to the Health Sector. Retrieved March 7, 2024.","url":"https://www.cisa.gov/sites/default/files/srware/royal-blackcat-ransomware-tlpclear.pdf","source":"Tidal Cyber","title":"Royal & BlackCat Ransomware: The Threat to the Health Sector","authors":"Health Sector Cybersecurity Coordination Center (HC3)","date_accessed":"2024-03-07T00:00:00Z","date_published":"2023-01-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1e0dc6e2-5094-5ea0-9e7b-42b8a981bed2","created":"2024-03-07T21:00:44.015893Z","modified":"2024-03-07T21:00:44.209261Z"},{"id":"de385ede-f928-4a1e-934c-8ce7a6e7f33b","name":"Kroll Royal Ransomware February 13 2023","description":"Laurie Iacono, Keith Wojcieszek, George Glass. (2023, February 13). Royal Ransomware Deep Dive. Retrieved June 17, 2024.","url":"https://www.kroll.com/en/insights/publications/cyber/royal-ransomware-deep-dive","source":"Tidal Cyber","title":"Royal Ransomware Deep Dive","authors":"Laurie Iacono, Keith Wojcieszek, George Glass","date_accessed":"2024-06-17T00:00:00Z","date_published":"2023-02-13T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b3b785d8-6cc9-5548-be1b-d02dc44e1ecf","created":"2024-06-24T14:58:38.627146Z","modified":"2024-06-24T14:58:39.131664Z"},{"id":"dcdcc965-56d0-58e6-996b-d8bd40916745","name":"Kroll Royal Deep Dive February 2023","description":"Iacono, L. and Green, S. (2023, February 13). Royal Ransomware Deep Dive. Retrieved March 30, 2023.","url":"https://www.kroll.com/en/insights/publications/cyber/royal-ransomware-deep-dive","source":"MITRE","title":"Royal Ransomware Deep Dive","authors":"Iacono, L. and Green, S","date_accessed":"2023-03-30T00:00:00Z","date_published":"2023-02-13T00:00:00Z","owner_name":null,"tidal_id":"c6ffa61e-9751-5c67-8e07-5f2045804900","created":"2023-05-26T01:21:16.451137Z","modified":"2025-12-17T15:08:36.419868Z"},{"id":"e5bb846f-d11f-580c-b96a-9de4ba5eaed6","name":"Trend Micro Royal Linux ESXi February 2023","description":"Morales, N. et al. (2023, February 20). Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers. Retrieved March 30, 2023.","url":"https://www.trendmicro.com/en_us/research/23/b/royal-ransomware-expands-attacks-by-targeting-linux-esxi-servers.html","source":"MITRE","title":"Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers","authors":"Morales, N. et al","date_accessed":"2023-03-30T00:00:00Z","date_published":"2023-02-20T00:00:00Z","owner_name":null,"tidal_id":"0b4474cc-d8b9-5c66-86a6-1c7d0c319be4","created":"2023-05-26T01:21:16.456058Z","modified":"2025-12-17T15:08:36.419875Z"},{"id":"28aef64e-20d3-5227-a3c9-e657c6e2d07e","name":"Cybereason Royal December 2022","description":"Cybereason Global SOC and Cybereason Security Research Teams. (2022, December 14). Royal Rumble: Analysis of Royal Ransomware. Retrieved March 30, 2023.","url":"https://www.cybereason.com/blog/royal-ransomware-analysis","source":"MITRE","title":"Royal Rumble: Analysis of Royal Ransomware","authors":"Cybereason Global SOC and Cybereason Security Research Teams","date_accessed":"2023-03-30T00:00:00Z","date_published":"2022-12-14T00:00:00Z","owner_name":null,"tidal_id":"2231f677-8aad-55f8-a63d-267fef7d8fb5","created":"2023-05-26T01:21:16.446189Z","modified":"2025-12-17T15:08:36.419861Z"},{"id":"5afa7fd0-908e-4714-9ab3-2bbbc1fff976","name":"Royal Rumble: Analysis of Royal Ransomware","description":"Cybereason global soc & cybereason security research teams. (n.d.). Royal Rumble: Analysis of Royal Ransomware. Retrieved May 18, 2023.","url":"https://www.cybereason.com/blog/royal-ransomware-analysis","source":"Tidal Cyber","title":"Royal Rumble: Analysis of Royal Ransomware","authors":"Cybereason global soc & cybereason security research teams","date_accessed":"2023-05-18T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"710f6ede-32e0-5ec4-82e9-7b44f0a0706d","created":"2024-06-13T20:10:28.397375Z","modified":"2024-06-13T20:10:28.587123Z"},{"id":"dc15a187-4de7-422e-a507-223e89e317b1","name":"Rpcping.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Rpcping.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Rpcping/","source":"Tidal Cyber","title":"Rpcping.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f22b3c3d-ef33-5976-a0ab-1be04921f866","created":"2024-01-12T14:46:58.644926Z","modified":"2024-01-12T14:46:58.838543Z"},{"id":"2361b5b1-3a01-4d77-99c6-261f444a498e","name":"Threatpost New Op Sharpshooter Data March 2019","description":"L. O'Donnell. (2019, March 3). RSAC 2019: New Operation Sharpshooter Data Reveals Higher Complexity, Scope. Retrieved September 26, 2022.","url":"https://threatpost.com/sharpshooter-complexity-scope/142359/","source":"MITRE","title":"RSAC 2019: New Operation Sharpshooter Data Reveals Higher Complexity, Scope","authors":"L. O'Donnell","date_accessed":"2022-09-26T00:00:00Z","date_published":"2019-03-03T00:00:00Z","owner_name":null,"tidal_id":"e2ab0875-2566-50fd-ba17-ed41f968e36e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439387Z"},{"id":"40564d23-b9ae-4bb3-8dd1-d6b01163a32d","name":"GCN RSA June 2011","description":"Jackson, William. (2011, June 7). RSA confirms its tokens used in Lockheed hack. Retrieved November 17, 2024.","url":"https://www.route-fifty.com/cybersecurity/2011/06/rsa-confirms-its-tokens-used-in-lockheed-hack/282818/","source":"MITRE","title":"RSA confirms its tokens used in Lockheed hack","authors":"Jackson, William","date_accessed":"2024-11-17T00:00:00Z","date_published":"2011-06-07T00:00:00Z","owner_name":null,"tidal_id":"ae0f0133-e51f-55f3-a5e7-dc268d27b259","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435451Z"},{"id":"6872a6d3-c4ab-40cf-82b7-5c5c8e077189","name":"RSA Shell Crew","description":"RSA Incident Response. (2014, January). RSA Incident Response Emerging Threat Profile: Shell Crew. Retrieved January 14, 2016.","url":"https://www.rsa.com/content/dam/en/white-paper/rsa-incident-response-emerging-threat-profile-shell-crew.pdf","source":"MITRE","title":"RSA Incident Response Emerging Threat Profile: Shell Crew","authors":"RSA Incident Response","date_accessed":"2016-01-14T00:00:00Z","date_published":"2014-01-01T00:00:00Z","owner_name":null,"tidal_id":"5a3894d0-e2d2-572c-9796-a1af1089f71a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439521Z"},{"id":"4bde7ce6-7fc6-5660-a8aa-745f19350ee1","name":"GitHub Rubeus March 2023","description":"Harmj0y. (n.d.). Rubeus. Retrieved March 29, 2023.","url":"https://github.com/GhostPack/Rubeus","source":"MITRE","title":"Rubeus","authors":"Harmj0y","date_accessed":"2023-03-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8fd096ea-1832-546c-b0f4-dcc3b8e93750","created":"2023-05-26T01:21:18.154495Z","modified":"2025-12-17T15:08:36.423457Z"},{"id":"14a99228-de84-4551-a6b5-9c6f1173f292","name":"SOCPrime DoubleExtension","description":"Eugene Tkachenko. (2020, May 1). Rule of the Week: Possible Malicious File Double Extension. Retrieved July 27, 2021.","url":"https://socprime.com/blog/rule-of-the-week-possible-malicious-file-double-extension/","source":"MITRE","title":"Rule of the Week: Possible Malicious File Double Extension","authors":"Eugene Tkachenko","date_accessed":"2021-07-27T00:00:00Z","date_published":"2020-05-01T00:00:00Z","owner_name":null,"tidal_id":"6f5152f7-2dbb-5133-a518-3928f9bc8ab0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425200Z"},{"id":"aa0a1508-a872-4e69-bf20-d3c8202f18c1","name":"SensePost Ruler GitHub","description":"SensePost. (2016, August 18). Ruler: A tool to abuse Exchange services. Retrieved February 4, 2019.","url":"https://github.com/sensepost/ruler","source":"MITRE","title":"Ruler: A tool to abuse Exchange services","authors":"SensePost","date_accessed":"2019-02-04T00:00:00Z","date_published":"2016-08-18T00:00:00Z","owner_name":null,"tidal_id":"c0b01ef5-f903-576c-a8dd-7d46943fe1ba","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423124Z"},{"id":"be0a1168-fa84-4742-a658-41a078b7f5fa","name":"Microsoft Cloud App Security","description":"Niv Goldenberg. (2018, December 12). Rule your inbox with Microsoft Cloud App Security. Retrieved June 7, 2021.","url":"https://techcommunity.microsoft.com/t5/security-compliance-and-identity/rule-your-inbox-with-microsoft-cloud-app-security/ba-p/299154","source":"MITRE","title":"Rule your inbox with Microsoft Cloud App Security","authors":"Niv Goldenberg","date_accessed":"2021-06-07T00:00:00Z","date_published":"2018-12-12T00:00:00Z","owner_name":null,"tidal_id":"5951175f-5d62-5d87-a708-e14baf7ee7e4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424662Z"},{"id":"fbbc0f5e-60a2-5423-ad0f-d6c8d428018c","name":"FireEye-RuMMS","description":"Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February","url":"https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html","source":"Mobile","title":"RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING","authors":"Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang","date_accessed":"1978-02-01T00:00:00Z","date_published":"2016-04-26T00:00:00Z","owner_name":null,"tidal_id":"3f4c595c-38ff-5567-88c2-70723dbd5fb5","created":"2026-01-28T13:08:10.041063Z","modified":"2026-01-28T13:08:10.041066Z"},{"id":"0d633a50-4afd-4479-898e-1a785f5637da","name":"Microsoft Run Key","description":"Microsoft. (n.d.). Run and RunOnce Registry Keys. Retrieved September 12, 2024.","url":"https://learn.microsoft.com/en-us/windows/win32/setupapi/run-and-runonce-registry-keys","source":"MITRE","title":"Run and RunOnce Registry Keys","authors":"Microsoft","date_accessed":"2024-09-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"40cc52a1-8273-5ade-b5c5-85bceac093b9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425995Z"},{"id":"8b4bdce9-da19-443f-88d2-11466e126c09","name":"Microsoft runas","description":"Microsoft TechNet. (n.d.). Runas. Retrieved April 21, 2017.","url":"https://technet.microsoft.com/en-us/library/bb490994.aspx","source":"MITRE","title":"Runas","authors":"Microsoft TechNet","date_accessed":"2017-04-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"68c0c4b6-b7ff-50ad-9882-65e35f6240bf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441575Z"},{"id":"af05c12e-f9c6-421a-9a5d-0797c01ab2dc","name":"Microsoft RunAs","description":"Microsoft. (2016, August 31). Runas. Retrieved October 1, 2021.","url":"https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc771525(v=ws.11)","source":"MITRE","title":"Runas","authors":"Microsoft","date_accessed":"2021-10-01T00:00:00Z","date_published":"2016-08-31T00:00:00Z","owner_name":null,"tidal_id":"c65ba7e9-7601-5b76-8136-805267827d6a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430676Z"},{"id":"2fd66037-95dd-4819-afc7-00b7fd6f54fe","name":"Wikipedia Run Command","description":"Wikipedia. (2018, August 3). Run Command. Retrieved October 12, 2018.","url":"https://en.wikipedia.org/wiki/Run_command","source":"MITRE","title":"Run Command","authors":"Wikipedia","date_accessed":"2018-10-12T00:00:00Z","date_published":"2018-08-03T00:00:00Z","owner_name":null,"tidal_id":"0aebad00-660c-5dfe-9acc-729edfbbfd80","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433274Z"},{"id":"ca8ea354-44d4-4606-8b3e-1102b27f251c","name":"Secpod Winexe June 2017","description":"Prakash, T. (2017, June 21). Run commands on Windows system remotely using Winexe. Retrieved September 12, 2024.","url":"https://web.archive.org/web/20211019012628/https://www.secpod.com/blog/winexe/","source":"MITRE","title":"Run commands on Windows system remotely using Winexe","authors":"Prakash, T","date_accessed":"2024-09-12T00:00:00Z","date_published":"2017-06-21T00:00:00Z","owner_name":null,"tidal_id":"5137cc62-865c-5f4a-b8a2-458c4256b251","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441805Z"},{"id":"90aff246-ce27-4f21-96f9-38543718ab07","name":"Rundll32.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Rundll32.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Rundll32/","source":"Tidal Cyber","title":"Rundll32.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4ba0cba7-e75b-593b-8809-f80709fb0ecd","created":"2024-01-12T14:46:59.019928Z","modified":"2024-01-12T14:46:59.203446Z"},{"id":"daa35853-eb46-4ef4-b543-a2c5157f96bf","name":"Attackify Rundll32.exe Obscurity","description":"Attackify. (n.d.). Rundll32.exe Obscurity. Retrieved August 23, 2021.","url":"https://www.attackify.com/blog/rundll32_execution_order/","source":"MITRE","title":"Rundll32.exe Obscurity","authors":"Attackify","date_accessed":"2021-08-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5616acc7-d242-5840-b33a-2f9667973be9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424048Z"},{"id":"86ff0379-2b73-4981-9f13-2b02b53bc90f","name":"Runexehelper.exe - LOLBAS Project","description":"LOLBAS. (2022, December 13). Runexehelper.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Runexehelper/","source":"Tidal Cyber","title":"Runexehelper.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-12-13T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"de215b5c-ac70-5202-ae30-4dade5e9a7ee","created":"2024-01-12T14:46:59.411530Z","modified":"2024-01-12T14:46:59.594404Z"},{"id":"11ee6303-5103-4063-a765-659ead217c6c","name":"ELC Running at startup","description":"hoakley. (2018, May 22). Running at startup: when to use a Login Item or a LaunchAgent/LaunchDaemon. Retrieved October 5, 2021.","url":"https://eclecticlight.co/2018/05/22/running-at-startup-when-to-use-a-login-item-or-a-launchagent-launchdaemon/","source":"MITRE","title":"Running at startup: when to use a Login Item or a LaunchAgent/LaunchDaemon","authors":"hoakley","date_accessed":"2021-10-05T00:00:00Z","date_published":"2018-05-22T00:00:00Z","owner_name":null,"tidal_id":"ecc41e9e-48ca-55a8-a685-cc924e028667","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432052Z"},{"id":"facf15d7-bdc8-5e08-907d-cc80659e6961","name":"Broadcom Running Guest OS Operations","description":"Broadcom. (n.d.). Running Guest OS Operations. Retrieved March 28, 2025.","url":"https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere-sdks-tools/8-0/web-services-sdk-programming-guide/virtual-machine-guest-operations/running-guest-os-operations.html","source":"MITRE","title":"Running Guest OS Operations","authors":"Broadcom","date_accessed":"2025-03-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1398207a-5062-56e3-b1d8-2745d274e6a0","created":"2025-04-22T20:47:11.962191Z","modified":"2025-12-17T15:08:36.427302Z"},{"id":"e0e46bcf-fb53-5fdd-ab68-890da0db35bb","name":"CitizenLab Circles","description":"Bill Marczak, John Scott-Railton, Siddharth Prakash Rao, Siena Anstis, and Ron Deibert. (2020, December 1). Running in Circles Uncovering the Clients of Cyberespionage Firm Circles. Retrieved December","url":"https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/","source":"Mobile","title":"Running in Circles Uncovering the Clients of Cyberespionage Firm Circles","authors":"Bill Marczak, John Scott-Railton, Siddharth Prakash Rao, Siena Anstis, and Ron Deibert","date_accessed":"1978-12-01T00:00:00Z","date_published":"2020-12-01T00:00:00Z","owner_name":null,"tidal_id":"807a26d1-5531-57fe-8062-6f8007d4f70b","created":"2026-01-28T13:08:10.041670Z","modified":"2026-01-28T13:08:10.041674Z"},{"id":"24c526e1-7199-45ca-99b4-75e75c7041cd","name":"Powershell Remote Commands","description":"Microsoft. (2020, August 21). Running Remote Commands. Retrieved July 26, 2021.","url":"https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/running-remote-commands?view=powershell-7.1","source":"MITRE","title":"Running Remote Commands","authors":"Microsoft","date_accessed":"2021-07-26T00:00:00Z","date_published":"2020-08-21T00:00:00Z","owner_name":null,"tidal_id":"1973f09c-09db-5e2c-8e15-9f3c1c4d8c21","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431258Z"},{"id":"97e76bc2-9312-5f39-8491-8b42ddeb2067","name":"AutoIT","description":"AutoIT. (n.d.). Running Scripts. Retrieved March 29, 2024.","url":"https://www.autoitscript.com/autoit3/docs/intro/running.htm","source":"MITRE","title":"Running Scripts","authors":"AutoIT","date_accessed":"2024-03-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c2809280-b0cc-5675-8d58-f3a4e2f482b8","created":"2024-04-25T13:28:33.029916Z","modified":"2025-12-17T15:08:36.428011Z"},{"id":"b97d4b16-ead2-4cc7-90e5-f8b05d84faf3","name":"Runonce.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Runonce.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Runonce/","source":"Tidal Cyber","title":"Runonce.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"61676d10-a94c-5b08-ad3e-1c13c05f8bdc","created":"2024-01-12T14:46:59.766017Z","modified":"2024-01-12T14:46:59.947521Z"},{"id":"e9e5cff5-836a-4b66-87d5-03a727c0f467","name":"Apple Developer Doco Archive Run-Path","description":"Apple Inc.. (2012, July 7). Run-Path Dependent Libraries. Retrieved March 31, 2021.","url":"https://developer.apple.com/library/archive/documentation/DeveloperTools/Conceptual/DynamicLibraries/100-Articles/RunpathDependentLibraries.html","source":"MITRE","title":"Run-Path Dependent Libraries","authors":"Apple Inc.","date_accessed":"2021-03-31T00:00:00Z","date_published":"2012-07-07T00:00:00Z","owner_name":null,"tidal_id":"7bc8cdd3-c916-5e87-9b57-96203256baa4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436766Z"},{"id":"6d7151e3-685a-4dc7-a44d-aefae4f3db6a","name":"Runscripthelper.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Runscripthelper.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Runscripthelper/","source":"Tidal Cyber","title":"Runscripthelper.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5b7f6e17-2bcd-5d92-b37c-96962a26e535","created":"2024-01-12T14:47:00.277929Z","modified":"2024-01-12T14:47:00.567399Z"},{"id":"4f2e6adb-6e3d-5f1f-b873-4b99797f2bfa","name":"Microsoft Run Command","description":"Microsoft. (2023, March 10). Run scripts in your VM by using Run Command. Retrieved March 13, 2023.","url":"https://learn.microsoft.com/en-us/azure/virtual-machines/run-command-overview","source":"MITRE","title":"Run scripts in your VM by using Run Command","authors":"Microsoft","date_accessed":"2023-03-13T00:00:00Z","date_published":"2023-03-10T00:00:00Z","owner_name":null,"tidal_id":"9b0f5d96-7c85-5642-86c0-8a519866ac07","created":"2023-05-26T01:21:10.234944Z","modified":"2025-12-17T15:08:36.435314Z"},{"id":"d5ab8075-334f-492c-8318-c691f210b984","name":"McAfee APT28 DDE2 Nov 2017","description":"Paganini, P. (2017, November 9). Russia-Linked APT28 group observed using DDE attack to deliver malware. Retrieved November 21, 2017.","url":"http://securityaffairs.co/wordpress/65318/hacking/dde-attack-apt28.html","source":"MITRE","title":"Russia-Linked APT28 group observed using DDE attack to deliver malware","authors":"Paganini, P","date_accessed":"2017-11-21T00:00:00Z","date_published":"2017-11-09T00:00:00Z","owner_name":null,"tidal_id":"8c7e4db7-d9fa-5458-a0ae-b9967a377016","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441979Z"},{"id":"0e6b019c-cf8e-40a7-9e7c-6a7dc5309dc6","name":"Security Affairs DustSquad Oct 2018","description":"Paganini, P. (2018, October 16). Russia-linked APT group DustSquad targets diplomatic entities in Central Asia. Retrieved August 24, 2021.","url":"https://securityaffairs.co/wordpress/77165/apt/russia-linked-apt-dustsquad.html","source":"MITRE","title":"Russia-linked APT group DustSquad targets diplomatic entities in Central Asia","authors":"Paganini, P","date_accessed":"2021-08-24T00:00:00Z","date_published":"2018-10-16T00:00:00Z","owner_name":null,"tidal_id":"acc6cf70-e5ae-5ca5-9048-efb6fea7b36d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421995Z"},{"id":"659f86ef-7e90-42ff-87b7-2e289f9f6cc2","name":"SecurityWeek Nomadic Octopus Oct 2018","description":"Kovacs, E. (2018, October 18). Russia-Linked Hackers Target Diplomatic Entities in Central Asia. Retrieved October 13, 2021.","url":"https://www.securityweek.com/russia-linked-hackers-target-diplomatic-entities-central-asia","source":"MITRE","title":"Russia-Linked Hackers Target Diplomatic Entities in Central Asia","authors":"Kovacs, E","date_accessed":"2021-10-13T00:00:00Z","date_published":"2018-10-18T00:00:00Z","owner_name":null,"tidal_id":"5bd27382-5cad-59d8-8339-5bd2ad71483f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439226Z"},{"id":"9870a6bd-7497-4e43-bd22-ea9e414e408c","name":"Unit 42 July 19 2022","description":"Peter Renals; Mike Harbison. (2022, July 19). Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive. Retrieved March 10, 2025.","url":"https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/","source":"Tidal Cyber","title":"Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive","authors":"Peter Renals; Mike Harbison","date_accessed":"2025-03-10T00:00:00Z","date_published":"2022-07-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"224e26d3-6e6e-556d-acad-6a6fb3a0fc2b","created":"2025-03-10T18:05:48.644584Z","modified":"2025-03-10T18:05:48.844822Z"},{"id":"962fb031-dfd1-43a7-8202-3a2231b0472b","name":"U.S. Federal Bureau of Investigation 2 27 2024","description":"U.S. Federal Bureau of Investigation. (2024, February 27). Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations. Retrieved February 28, 2024.","url":"https://www.ic3.gov/Media/News/2024/240227.pdf","source":"Tidal Cyber","title":"Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations","authors":"U.S. Federal Bureau of Investigation","date_accessed":"2024-02-28T00:00:00Z","date_published":"2024-02-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6713d83e-c851-52b6-a69f-b743e2f822dc","created":"2024-03-01T20:23:27.376510Z","modified":"2024-03-01T20:23:27.558056Z"},{"id":"5f66f864-58c2-4b41-8011-61f954e04b7e","name":"U.S. CISA SVR TeamCity Exploits December 2023","description":"Cybersecurity and Infrastructure Security Agency. (2023, December 13). Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally. Retrieved December 14, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a","source":"Tidal Cyber","title":"Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-12-14T00:00:00Z","date_published":"2023-12-13T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2040a73a-c466-59e6-a100-c662aeb9fe0b","created":"2023-12-14T19:26:18.406944Z","modified":"2023-12-14T19:26:18.932766Z"},{"id":"3d53c154-8ced-4dbe-ab4e-db3bc15bfe4b","name":"U.S. CISA Star Blizzard December 2023","description":"Cybersecurity and Infrastructure Security Agency. (2023, December 7). Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns. Retrieved December 14, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-341a","source":"Tidal Cyber","title":"Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-12-14T00:00:00Z","date_published":"2023-12-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ce7403c4-67cd-5e47-9407-b9dd94cc7a42","created":"2023-12-14T19:26:19.403200Z","modified":"2023-12-14T19:26:19.500743Z"},{"id":"96b26cfc-b31d-5226-879f-4888801ec268","name":"CISA Star Blizzard Advisory December 2023","description":"CISA, et al. (2023, December 7). Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns. Retrieved June 13, 2024.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-341a","source":"MITRE","title":"Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns","authors":"CISA, et al","date_accessed":"2024-06-13T00:00:00Z","date_published":"2023-12-07T00:00:00Z","owner_name":null,"tidal_id":"7e91d516-c0da-5af7-ac28-8ea5117f2e9e","created":"2024-10-31T16:28:30.855600Z","modified":"2025-12-17T15:08:36.439555Z"},{"id":"34b9648a-1548-5452-bac6-06b19e2cc995","name":"CISA Russian Gov Critical Infra 2018","description":"CISA. (2018, March 16). Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors. Retrieved March 24, 2025.","url":"https://www.cisa.gov/news-events/alerts/2018/03/15/russian-government-cyber-activity-targeting-energy-and-other-critical-infrastructure-sectors","source":"MITRE","title":"Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors","authors":"CISA","date_accessed":"2025-03-24T00:00:00Z","date_published":"2018-03-16T00:00:00Z","owner_name":null,"tidal_id":"0ae8794f-cbf0-5f3a-acbb-0155c84cadeb","created":"2025-04-22T20:47:14.500100Z","modified":"2025-12-17T15:08:36.429930Z"},{"id":"f9337ded-5379-451f-8bf7-84a5b23ba486","name":"FBI Alert Russian Government Network Device Targeting August 20 2025","description":"Federal Bureau of Investigation. (2025, August 20). Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure. Retrieved August 25, 2025.","url":"https://www.ic3.gov/PSA/2025/PSA250820","source":"Tidal Cyber","title":"Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure","authors":"Federal Bureau of Investigation","date_accessed":"2025-08-25T12:00:00Z","date_published":"2025-08-20T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2b8a426e-9de6-5063-b390-010cdf63191f","created":"2025-08-28T19:35:14.835685Z","modified":"2025-08-28T19:35:14.987810Z"},{"id":"d697a342-4100-4e6b-95b9-4ae3ba80924b","name":"NSA/FBI Drovorub August 2020","description":"NSA/FBI. (2020, August). Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware. Retrieved August 25, 2020.","url":"https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF","source":"MITRE","title":"Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware","authors":"NSA/FBI","date_accessed":"2020-08-25T00:00:00Z","date_published":"2020-08-01T00:00:00Z","owner_name":null,"tidal_id":"26dddb18-a305-5c9e-bc32-d664fd4134bd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420616Z"},{"id":"e70f0742-5f3e-4701-a46b-4a58c0281537","name":"Cybersecurity Advisory GRU Brute Force Campaign July 2021","description":"NSA, CISA, FBI, NCSC. (2021, July). Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments. Retrieved July 26, 2021.","url":"https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/1/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF","source":"MITRE, Tidal Cyber","title":"Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments","authors":"NSA, CISA, FBI, NCSC","date_accessed":"2021-07-26T00:00:00Z","date_published":"2021-07-01T00:00:00Z","owner_name":null,"tidal_id":"6eb7758a-add9-58ca-8b47-3c527bfe7218","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.278494Z"},{"id":"fb2f8efe-1e54-42c3-90eb-b1acba8f55b3","name":"U.S. CISA Russian GRU Targeting May 21 2025","description":"Cybersecurity and Infrastructure Security Agency. (2025, May 21). Russian GRU Targeting Western Logistics Entities and Technology Companies. Retrieved May 22, 2025.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141a","source":"Tidal Cyber","title":"Russian GRU Targeting Western Logistics Entities and Technology Companies","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2025-05-22T00:00:00Z","date_published":"2025-05-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e2052f75-c860-5004-acba-d9f4ffe3a4aa","created":"2025-05-23T14:41:29.965498Z","modified":"2025-05-23T14:41:30.534280Z"},{"id":"e5d69297-b0f3-4586-9eb7-d2922b3ee7bb","name":"BleepingComputer Ebury March 2017","description":"Cimpanu, C.. (2017, March 29). Russian Hacker Pleads Guilty for Role in Infamous Linux Ebury Malware. Retrieved April 23, 2019.","url":"https://www.bleepingcomputer.com/news/security/russian-hacker-pleads-guilty-for-role-in-infamous-linux-ebury-malware/","source":"MITRE","title":"Russian Hacker Pleads Guilty for Role in Infamous Linux Ebury Malware","authors":"Cimpanu, C.","date_accessed":"2019-04-23T00:00:00Z","date_published":"2017-03-29T00:00:00Z","owner_name":null,"tidal_id":"2dfdfacd-a89c-5d4b-a300-b4a5e48516c9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421766Z"},{"id":"ad2b0648-b657-4daa-9510-82375a252fc4","name":"Russian 2FA Push Annoyance - Cimpanu","description":"Catalin Cimpanu. (2021, December 9). Russian hackers bypass 2FA by annoying victims with repeated push notifications. Retrieved March 31, 2022.","url":"https://therecord.media/russian-hackers-bypass-2fa-by-annoying-victims-with-repeated-push-notifications/","source":"MITRE","title":"Russian hackers bypass 2FA by annoying victims with repeated push notifications","authors":"Catalin Cimpanu","date_accessed":"2022-03-31T00:00:00Z","date_published":"2021-12-09T00:00:00Z","owner_name":null,"tidal_id":"f237c17f-f59c-5d71-992a-c6816c23bede","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432770Z"},{"id":"15bac539-2561-4f97-a9fb-4e081417215f","name":"Reuters Cold River January 6 2023","description":"James Pearson, Christopher Bing. (2023, January 6). Russian hackers targeted U.S. nuclear scientists. Retrieved October 1, 2024.","url":"https://www.reuters.com/world/europe/russian-hackers-targeted-us-nuclear-scientists-2023-01-06/","source":"Tidal Cyber","title":"Russian hackers targeted U.S. nuclear scientists","authors":"James Pearson, Christopher Bing","date_accessed":"2024-10-01T00:00:00Z","date_published":"2023-01-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"cc4d9c7a-582f-525f-a7e9-999ff26e46aa","created":"2024-10-04T20:31:30.685556Z","modified":"2024-10-04T20:31:30.890885Z"},{"id":"8677d97f-6bca-48b8-9e0b-2bbcafae25e9","name":"TrendMicro Void Dokkaebi April 23 2025","description":"Feike Hacquebord, Stephen Hilt. (2025, April 23). Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations. Retrieved May 29, 2025.","url":"https://www.trendmicro.com/en_us/research/25/d/russian-infrastructure-north-korean-cybercrime.html","source":"Tidal Cyber","title":"Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations","authors":"Feike Hacquebord, Stephen Hilt","date_accessed":"2025-05-29T00:00:00Z","date_published":"2025-04-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"560c76d0-753c-545c-a61b-1efb6480074a","created":"2025-06-03T14:14:06.772234Z","modified":"2025-06-03T14:14:06.942245Z"},{"id":"433cd55a-f912-4d5a-aff6-92133d08267b","name":"Unit42 Redaman January 2019","description":"Duncan, B., Harbison, M. (2019, January 23). Russian Language Malspam Pushing Redaman Banking Malware. Retrieved June 16, 2020.","url":"https://unit42.paloaltonetworks.com/russian-language-malspam-pushing-redaman-banking-malware/","source":"MITRE","title":"Russian Language Malspam Pushing Redaman Banking Malware","authors":"Duncan, B., Harbison, M","date_accessed":"2020-06-16T00:00:00Z","date_published":"2019-01-23T00:00:00Z","owner_name":null,"tidal_id":"21daef9b-170c-5758-b6c6-7c4def67d6eb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420436Z"},{"id":"9631a46d-3e0a-4f25-962b-0b2501c47926","name":"U.S. CISA Unit 29155 September 5 2024","description":"Cybersecurity and Infrastructure Security Agency. (2024, September 5). Russian Military Cyber Actors Target US and Global Critical Infrastructure. Retrieved September 9, 2024.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a","source":"Tidal Cyber","title":"Russian Military Cyber Actors Target US and Global Critical Infrastructure","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2024-09-09T00:00:00Z","date_published":"2024-09-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"00a189fa-118d-5d0b-bc31-1984b465f417","created":"2024-09-09T19:57:46.576252Z","modified":"2024-09-09T19:57:47.374830Z"},{"id":"24a1832e-ffc5-4504-8e47-32ba0be97b0c","name":"Arctic Wolf November 25 2025","description":"Jacob Faires and the Arctic Wolf Labs team. (2025, November 25). Russian RomCom Utilizing SocGholish to Deliver Mythic Agent to U.S. Companies Supporting Ukraine - Arctic Wolf. Retrieved December 1, 2025.","url":"https://arcticwolf.com/resources/blog/romcom-utilizing-socgholish-to-deliver-mythic-agent-to-usa-companies-supporting-ukraine/","source":"Tidal Cyber","title":"Russian RomCom Utilizing SocGholish to Deliver Mythic Agent to U.S. Companies Supporting Ukraine - Arctic Wolf","authors":"Jacob Faires and the Arctic Wolf Labs team","date_accessed":"2025-12-01T12:00:00Z","date_published":"2025-11-25T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"51a9cd0e-902c-55de-8b71-841ff4255b5e","created":"2025-12-10T14:13:43.166485Z","modified":"2025-12-10T14:13:43.320387Z"},{"id":"fa03324e-c79c-422e-80f1-c270fd87d4e2","name":"CISA MFA PrintNightmare","description":"Cybersecurity and Infrastructure Security Agency. (2022, March 15). Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. Retrieved March 16, 2022.","url":"https://www.cisa.gov/uscert/ncas/alerts/aa22-074a","source":"MITRE","title":"Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2022-03-16T00:00:00Z","date_published":"2022-03-15T00:00:00Z","owner_name":null,"tidal_id":"226af27c-36f5-51ac-bb70-8d5a1f220fce","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431654Z"},{"id":"00c6ff88-6eeb-486d-ae69-dffd5aebafe6","name":"Russians Exploit Default MFA Protocol - CISA March 2022","description":"Cyber Security Infrastructure Agency. (2022, March 15). Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. Retrieved May 31, 2022.","url":"https://www.cisa.gov/uscert/ncas/alerts/aa22-074a","source":"MITRE","title":"Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability","authors":"Cyber Security Infrastructure Agency","date_accessed":"2022-05-31T00:00:00Z","date_published":"2022-03-15T00:00:00Z","owner_name":null,"tidal_id":"2bd4ea33-64b6-5a95-9244-682645f2e35c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433691Z"},{"id":"8fdf280d-680f-4b8f-8fb9-6b3118ec3983","name":"US-CERT TA18-106A Network Infrastructure Devices 2018","description":"US-CERT. (2018, April 20). Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices. Retrieved October 19, 2020.","url":"https://us-cert.cisa.gov/ncas/alerts/TA18-106A","source":"MITRE","title":"Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices","authors":"US-CERT","date_accessed":"2020-10-19T00:00:00Z","date_published":"2018-04-20T00:00:00Z","owner_name":null,"tidal_id":"14f66952-da5a-5452-b3e3-29c63e021cca","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423970Z"},{"id":"26b520dc-5c68-40f4-82fb-366d27fc0c2f","name":"alert_TA18_106A","description":"CISA. (2018, April 20). Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices. Retrieved February 14, 2022.","url":"https://www.cisa.gov/uscert/ncas/alerts/TA18-106A","source":"MITRE","title":"Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices","authors":"CISA","date_accessed":"2022-02-14T00:00:00Z","date_published":"2018-04-20T00:00:00Z","owner_name":null,"tidal_id":"ea54d37e-3977-5f2c-9246-65503800521c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436856Z"},{"id":"8b207fa6-039b-4ff8-9126-928f3f31f65c","name":"Cisco Talos Static Tundra August 20 2025","description":"Sara McBroom, Brandon White. (2025, August 20). Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices. Retrieved August 25, 2025.","url":"https://blog.talosintelligence.com/static-tundra/","source":"Tidal Cyber","title":"Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices","authors":"Sara McBroom, Brandon White","date_accessed":"2025-08-25T12:00:00Z","date_published":"2025-08-20T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"32d62c18-ed5d-530b-b9ab-8d4e98fbe7ed","created":"2025-08-28T19:35:15.160139Z","modified":"2025-08-28T19:35:15.300643Z"},{"id":"9bd79067-e92d-577c-a46b-6b9294ec6443","name":"Russian threat actors dig in, prepare to seize on war fatigue","description":"Microsoft Threat Intelligence. (2023, December 7). Russian threat actors dig in, prepare to seize on war fatigue. Retrieved June 18, 2025.","url":"https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/russian-threat-actors-dig-in-prepare-to-seize-on-war-fatigue","source":"MITRE","title":"Russian threat actors dig in, prepare to seize on war fatigue","authors":"Microsoft Threat Intelligence","date_accessed":"2025-06-18T00:00:00Z","date_published":"2023-12-07T00:00:00Z","owner_name":null,"tidal_id":"402af004-d899-5697-ab1f-9af42f77a7b4","created":"2025-10-29T21:08:48.165410Z","modified":"2025-12-17T15:08:36.425062Z"},{"id":"0b26c6f8-51ee-4419-9842-245c0e5e6f58","name":"Google TAG COLDRIVER January 18 2024","description":"Wesley Shields. (2024, January 18). Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware. Retrieved October 1, 2024.","url":"https://blog.google/threat-analysis-group/google-tag-coldriver-russian-phishing-malware/","source":"Tidal Cyber","title":"Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware","authors":"Wesley Shields","date_accessed":"2024-10-01T00:00:00Z","date_published":"2024-01-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a9415121-833f-5bd5-8ba7-c129fa818629","created":"2024-10-04T20:31:31.103185Z","modified":"2024-10-04T20:31:31.278010Z"},{"id":"cff26ad8-b8dc-557d-9751-530f7ebfaa02","name":"Google TAG COLDRIVER January 2024","description":"Shields, W. (2024, January 18). Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware. Retrieved June 13, 2024.","url":"https://blog.google/threat-analysis-group/google-tag-coldriver-russian-phishing-malware/","source":"MITRE","title":"Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware","authors":"Shields, W","date_accessed":"2024-06-13T00:00:00Z","date_published":"2024-01-18T00:00:00Z","owner_name":null,"tidal_id":"6b39694c-37d8-592d-85ba-5c309321edb5","created":"2024-10-31T16:28:30.869881Z","modified":"2025-12-17T15:08:36.419917Z"},{"id":"27e7d347-9d85-4897-9e04-33f58acc5687","name":"UK GOV FSB Factsheet April 2022","description":"UK Gov. (2022, April 5). Russia's FSB malign activity: factsheet. Retrieved April 5, 2022.","url":"https://www.gov.uk/government/publications/russias-fsb-malign-cyber-activity-factsheet/russias-fsb-malign-activity-factsheet","source":"MITRE","title":"Russia's FSB malign activity: factsheet","authors":"UK Gov","date_accessed":"2022-04-05T00:00:00Z","date_published":"2022-04-05T00:00:00Z","owner_name":null,"tidal_id":"462b31e3-db2f-59ab-bc2a-f7ab10e1e362","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437474Z"},{"id":"a5df39b2-77f8-4814-8198-8620655aa79b","name":"Unit 42 Gamaredon February 2022","description":"Unit 42. (2022, February 3). Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine. Retrieved February 21, 2022.","url":"https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/","source":"MITRE","title":"Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine","authors":"Unit 42","date_accessed":"2022-02-21T00:00:00Z","date_published":"2022-02-03T00:00:00Z","owner_name":null,"tidal_id":"3a67e260-d459-5553-ae06-0f1cdf65c825","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439138Z"},{"id":"28c53a97-5500-5bfb-8aac-3c0bf94c2dfe","name":"Wired Russia Cyberwar","description":"Greenberg, A. (2022, November 10). Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless. Retrieved March 22, 2023.","url":"https://www.wired.com/story/russia-ukraine-cyberattacks-mandiant/","source":"MITRE","title":"Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless","authors":"Greenberg, A","date_accessed":"2023-03-22T00:00:00Z","date_published":"2022-11-10T00:00:00Z","owner_name":null,"tidal_id":"1fc12c8e-0a1f-57d3-b597-ab310bd17af5","created":"2023-05-26T01:21:04.792261Z","modified":"2025-12-17T15:08:36.425327Z"},{"id":"a8a32597-2b52-5f99-850d-f38d3f891713","name":"unit42_gamaredon_dec2022","description":"Unit 42. (2022, December 20). Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine. Retrieved September 12, 2024.","url":"https://unit42.paloaltonetworks.com/trident-ursa/","source":"MITRE","title":"Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine","authors":"Unit 42","date_accessed":"2024-09-12T00:00:00Z","date_published":"2022-12-20T00:00:00Z","owner_name":null,"tidal_id":"ef235aba-502e-5e35-9348-b500eaf8501f","created":"2024-10-31T16:28:35.652340Z","modified":"2025-12-17T15:08:36.440164Z"},{"id":"cfd0ad64-54b2-446f-9624-9c90a9a94f52","name":"RyanW3stman Tweet October 10 2023","description":"RyanW3stman. (2023, October 10). RyanW3stman Tweet October 10 2023. Retrieved October 10, 2023.","url":"https://twitter.com/RyanW3stman/status/1711732225996165135","source":"Tidal Cyber","title":"RyanW3stman Tweet October 10 2023","authors":"RyanW3stman","date_accessed":"2023-10-10T00:00:00Z","date_published":"2023-10-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"207c1b32-0beb-5770-8af9-6ef719c1a55f","created":"2023-10-10T20:48:40.608030Z","modified":"2023-10-10T20:48:40.756111Z"},{"id":"51b4932e-f85a-5483-8bf8-48de9c85782d","name":"Ryte Wiki","description":"Ryte Wiki. (n.d.). Retrieved November 17, 2024.","url":"https://en.ryte.com/wiki/Tracking_Pixel/","source":"MITRE","title":"Ryte Wiki","authors":"","date_accessed":"2024-11-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"0ea6da07-6d5c-52ac-8737-ed9204788bca","created":"2024-04-25T13:28:31.995874Z","modified":"2025-12-17T15:08:36.426885Z"},{"id":"892150f4-769d-447d-b652-e5d85790ee37","name":"DFIR Ryuk in 5 Hours October 2020","description":"The DFIR Report. (2020, October 18). Ryuk in 5 Hours. Retrieved October 19, 2020.","url":"https://thedfirreport.com/2020/10/18/ryuk-in-5-hours/","source":"MITRE","title":"Ryuk in 5 Hours","authors":"The DFIR Report","date_accessed":"2020-10-19T00:00:00Z","date_published":"2020-10-18T00:00:00Z","owner_name":null,"tidal_id":"aa3c93c9-e4c0-59dd-80c7-8ffee9cd42e4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440617Z"},{"id":"0a23be83-3438-4437-9e51-0cfa16a00d57","name":"ANSSI RYUK RANSOMWARE","description":"ANSSI. (2021, February 25). RYUK RANSOMWARE. Retrieved March 29, 2021.","url":"https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-006.pdf","source":"MITRE","title":"RYUK RANSOMWARE","authors":"ANSSI","date_accessed":"2021-03-29T00:00:00Z","date_published":"2021-02-25T00:00:00Z","owner_name":null,"tidal_id":"b3b60de6-b7e5-5af4-8626-1affc7a20d74","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441761Z"},{"id":"f6670b73-4d57-4aad-8264-1d42d585e280","name":"Bleeping Computer - Ryuk WoL","description":"Abrams, L. (2021, January 14). Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices. Retrieved February 11, 2021.","url":"https://www.bleepingcomputer.com/news/security/ryuk-ransomware-uses-wake-on-lan-to-encrypt-offline-devices/","source":"MITRE","title":"Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices","authors":"Abrams, L","date_accessed":"2021-02-11T00:00:00Z","date_published":"2021-01-14T00:00:00Z","owner_name":null,"tidal_id":"09a79053-4338-568a-aa53-3ff6a6fe1419","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420749Z"},{"id":"3b904516-3b26-4caa-8814-6e69b76a7c8c","name":"DFIR Ryuk 2 Hour Speed Run November 2020","description":"The DFIR Report. (2020, November 5). Ryuk Speed Run, 2 Hours to Ransom. Retrieved November 6, 2020.","url":"https://thedfirreport.com/2020/11/05/ryuk-speed-run-2-hours-to-ransom/","source":"MITRE","title":"Ryuk Speed Run, 2 Hours to Ransom","authors":"The DFIR Report","date_accessed":"2020-11-06T00:00:00Z","date_published":"2020-11-05T00:00:00Z","owner_name":null,"tidal_id":"48eae229-143d-5a17-88cc-7421a293b212","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423463Z"},{"id":"eba1dafb-ff62-4d34-b268-3b9ba6a7a822","name":"DFIR Ryuk's Return October 2020","description":"The DFIR Report. (2020, October 8). Ryuk’s Return. Retrieved October 9, 2020.","url":"https://thedfirreport.com/2020/10/08/ryuks-return/","source":"MITRE","title":"Ryuk’s Return","authors":"The DFIR Report","date_accessed":"2020-10-09T00:00:00Z","date_published":"2020-10-08T00:00:00Z","owner_name":null,"tidal_id":"709eb38c-5d44-56a1-bd41-0614d56970d5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423470Z"},{"id":"bb28711f-186d-4101-b153-6340ce826343","name":"Rhino S3 Ransomware Part 1","description":"Gietzen, S. (n.d.). S3 Ransomware Part 1: Attack Vector. Retrieved April 14, 2021.","url":"https://rhinosecuritylabs.com/aws/s3-ransomware-part-1-attack-vector/","source":"MITRE","title":"S3 Ransomware Part 1: Attack Vector","authors":"Gietzen, S","date_accessed":"2021-04-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c0a6a47e-00a4-5347-97d7-92ad6bf6b28e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433981Z"},{"id":"a2b3e738-257c-4078-9fde-d55b08c8003b","name":"Rhino S3 Ransomware Part 2","description":"Gietzen, S. (n.d.). S3 Ransomware Part 2: Prevention and Defense. Retrieved April 14, 2021.","url":"https://rhinosecuritylabs.com/aws/s3-ransomware-part-2-prevention-and-defense/","source":"MITRE","title":"S3 Ransomware Part 2: Prevention and Defense","authors":"Gietzen, S","date_accessed":"2021-04-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"813e8dcf-23cb-51fb-9005-92db6ca396f5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442918Z"},{"id":"803c51be-a54e-4fab-8ea0-c6bef18e84d3","name":"S3Recon GitHub","description":"Travis Clarke. (2020, March 21). S3Recon GitHub. Retrieved March 4, 2022.","url":"https://github.com/clarketm/s3recon","source":"MITRE","title":"S3Recon GitHub","authors":"Travis Clarke","date_accessed":"2022-03-04T00:00:00Z","date_published":"2020-03-21T00:00:00Z","owner_name":null,"tidal_id":"d94bc0b9-8cbe-5abb-a7f2-1accbca78936","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434120Z"},{"id":"3837949e-790e-5c77-9c15-94d9306138c2","name":"Alexander Bolshev March 2014","description":"Alexander Bolshev. (2014, March 11). S4x14: HART As An Attack Vector. Retrieved November","url":"https://www.slideshare.net/slideshow/17-bolshev-1-13/32178888","source":"ICS","title":"S4x14: HART As An Attack Vector","authors":"Alexander Bolshev","date_accessed":"1978-11-01T00:00:00Z","date_published":"2014-03-11T00:00:00Z","owner_name":null,"tidal_id":"76b0b032-54c4-509e-8d82-aca729aedbd9","created":"2026-01-28T13:08:18.176732Z","modified":"2026-01-28T13:08:18.176735Z"},{"id":"3cf87660-48a5-5a95-adcc-a8d68e492c81","name":"Obsidian Security SaaS Ransomware June 2023","description":"Obsidian Threat Research Team. (2023, June 6). SaaS Ransomware Observed in the Wild for Sharepoint in Microsoft 365. Retrieved October 5, 2025.","url":"https://web.archive.org/web/20230608061141/https://www.obsidiansecurity.com/blog/saas-ransomware-observed-sharepoint-microsoft-365/","source":"MITRE","title":"SaaS Ransomware Observed in the Wild for Sharepoint in Microsoft 365","authors":"Obsidian Threat Research Team","date_accessed":"2025-10-05T00:00:00Z","date_published":"2023-06-06T00:00:00Z","owner_name":null,"tidal_id":"b48cbb0e-34ea-55cb-aa23-ff42159f4a62","created":"2025-10-29T21:08:48.166239Z","modified":"2025-12-17T15:08:36.433623Z"},{"id":"e9a2ffd8-7aed-4343-8678-66fc3e758d19","name":"Dell Sakula","description":"Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, July 30). Sakula Malware Family. Retrieved January 26, 2016.","url":"http://www.secureworks.com/cyber-threat-intelligence/threats/sakula-malware-family/","source":"MITRE","title":"Sakula Malware Family","authors":"Dell SecureWorks Counter Threat Unit Threat Intelligence","date_accessed":"2016-01-26T00:00:00Z","date_published":"2015-07-30T00:00:00Z","owner_name":null,"tidal_id":"2e75f836-9574-5046-bfaa-803f4467cdc0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420552Z"},{"id":"3e6ce21a-d3d3-494e-9c2e-1a00bc5653d8","name":"Bleeping Computer Salesforce Gainsight November 20 2025","description":"Sergiu Gatlan. (2025, November 20). Salesforce investigates customer data theft via Gainsight breach. Retrieved November 24, 2025.","url":"https://www.bleepingcomputer.com/news/security/salesforce-investigates-customer-data-theft-via-gainsight-breach/","source":"Tidal Cyber","title":"Salesforce investigates customer data theft via Gainsight breach","authors":"Sergiu Gatlan","date_accessed":"2025-11-24T12:00:00Z","date_published":"2025-11-20T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ee40f45f-a4ae-543c-8523-93b47b18039d","created":"2025-11-26T19:37:29.322107Z","modified":"2025-11-26T19:37:29.457367Z"},{"id":"3b191107-b5b7-4e38-84a3-0661a262df49","name":"CyberScoop August 28 2025","description":"Matt Kapko. (2025, August 28). Salesloft Drift compromised en masse, impacting all third-party integrations. Retrieved August 28, 2025.","url":"https://cyberscoop.com/salesloft-drift-compromise-scope-expands/","source":"Tidal Cyber","title":"Salesloft Drift compromised en masse, impacting all third-party integrations","authors":"Matt Kapko","date_accessed":"2025-08-28T12:00:00Z","date_published":"2025-08-28T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3b290541-e777-5dd2-952d-ce6fd31229b1","created":"2025-09-04T13:57:50.524166Z","modified":"2025-09-04T13:57:50.675582Z"},{"id":"10b7ccf8-9d41-489a-ad8e-e5bb61c95f4a","name":"Darktrace Salt Typhoon October 20 2025","description":"Ofek Lahiani, Itay Cohen. (2025, October 20). Salty Much: Darktrace’s view on a recent Salt Typhoon intrusion. Retrieved October 22, 2025.","url":"https://www.darktrace.com/blog/salty-much-darktraces-view-on-a-recent-salt-typhoon-intrusion","source":"Tidal Cyber","title":"Salty Much: Darktrace’s view on a recent Salt Typhoon intrusion","authors":"Ofek Lahiani, Itay Cohen","date_accessed":"2025-10-22T12:00:00Z","date_published":"2025-10-20T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ed0cafef-a454-538e-9de4-aaa4bb6ed641","created":"2025-10-24T16:13:06.968458Z","modified":"2025-10-24T16:13:07.106623Z"},{"id":"d0fdc669-959c-42ed-be5d-386a4e90a897","name":"Wine API samlib.dll","description":"Wine API. (n.d.). samlib.dll. Retrieved November 17, 2024.","url":"https://strontic.github.io/xcyclopedia/library/samlib.dll-0BDF6351009F6EBA5BA7E886F23263B1.html","source":"MITRE","title":"samlib.dll","authors":"Wine API","date_accessed":"2024-11-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3690545b-cd5a-5eb9-82dc-f307c5f27095","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436456Z"},{"id":"4da5e9c3-7205-4a6e-b147-be7c971380f0","name":"Sophos SamSam Apr 2018","description":"Palotay, D. and Mackenzie, P. (2018, April). SamSam Ransomware Chooses Its Targets Carefully. Retrieved April 15, 2019.","url":"https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-ransomware-chooses-Its-targets-carefully-wpna.pdf","source":"MITRE","title":"SamSam Ransomware Chooses Its Targets Carefully","authors":"Palotay, D. and Mackenzie, P","date_accessed":"2019-04-15T00:00:00Z","date_published":"2018-04-01T00:00:00Z","owner_name":null,"tidal_id":"253520b2-cf9d-5031-8797-4fcf6b595ff4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418357Z"},{"id":"c5022a91-bdf4-4187-9967-dfe6362219ea","name":"Symantec SamSam Oct 2018","description":"Symantec Security Response Attack Investigation Team. (2018, October 30). SamSam: Targeted Ransomware Attacks Continue. Retrieved April 16, 2019.","url":"https://www.symantec.com/blogs/threat-intelligence/samsam-targeted-ransomware-attacks","source":"MITRE","title":"SamSam: Targeted Ransomware Attacks Continue","authors":"Symantec Security Response Attack Investigation Team","date_accessed":"2019-04-16T00:00:00Z","date_published":"2018-10-30T00:00:00Z","owner_name":null,"tidal_id":"a2d51d7e-58b3-5681-997c-6b8de1269971","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418364Z"},{"id":"0965bb64-be96-46b9-b60f-6829c43a661f","name":"Talos SamSam Jan 2018","description":"Ventura, V. (2018, January 22). SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks. Retrieved April 16, 2019.","url":"https://blog.talosintelligence.com/2018/01/samsam-evolution-continues-netting-over.html","source":"MITRE","title":"SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks","authors":"Ventura, V","date_accessed":"2019-04-16T00:00:00Z","date_published":"2018-01-22T00:00:00Z","owner_name":null,"tidal_id":"6ae1cb0b-33c4-5dbc-8405-7d0685654836","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418378Z"},{"id":"18885a10-ac0f-5b8c-a129-cd11bd4216d1","name":"Register-BaseStation","description":"D. Pauli. (2015, November 12). Samsung S6 calls open to man-in-the-middle base station snooping. Retrieved December","url":"http://www.theregister.co.uk/2015/11/12/mobile_pwn2own1/","source":"Mobile","title":"Samsung S6 calls open to man-in-the-middle base station snooping","authors":"D. Pauli","date_accessed":"1978-12-01T00:00:00Z","date_published":"2015-11-12T00:00:00Z","owner_name":null,"tidal_id":"514b3ebb-9538-5b8d-ace0-5292181751a7","created":"2026-01-28T13:08:10.043319Z","modified":"2026-01-28T13:08:10.043322Z"},{"id":"5135c600-b2a6-59e7-9023-8e293736f8de","name":"NSA Sandworm 2020","description":"National Security Agency. (2020, March 28). Sandworm Actors Exploiting Vulnerability In EXIM Mail Transfer Agent. Retrieved March 1, 2024.","url":"https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf","source":"MITRE","title":"Sandworm Actors Exploiting Vulnerability In EXIM Mail Transfer Agent","authors":"National Security Agency","date_accessed":"2024-03-01T00:00:00Z","date_published":"2020-03-28T00:00:00Z","owner_name":null,"tidal_id":"8ee261d5-210e-5c96-bf70-eda47875f366","created":"2024-04-25T13:28:51.803013Z","modified":"2025-12-17T15:08:36.441221Z"},{"id":"e35f005d-a3cd-4733-88ac-92bbf46e2c8a","name":"Mandiant Sandworm November 9 2023","description":"Ken Proska, John Wolfram, Jared Wilson, Dan Black, Keith Lunden, Daniel Kapellmann Zafra, Nathan Brubaker, Tyler McLellan, Chris Sistrunk. (2023, November 9). Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology. Retrieved April 17, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/sandworm-disrupts-power-ukraine-operational-technology","source":"Tidal Cyber","title":"Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology","authors":"Ken Proska, John Wolfram, Jared Wilson, Dan Black, Keith Lunden, Daniel Kapellmann Zafra, Nathan Brubaker, Tyler McLellan, Chris Sistrunk","date_accessed":"2024-04-17T00:00:00Z","date_published":"2023-11-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ca50abc0-521b-5dab-8494-a462d1091149","created":"2024-04-19T16:48:14.691916Z","modified":"2024-04-19T16:48:15.070579Z"},{"id":"7ad64744-2790-54e4-97cd-e412423f6ada","name":"Mandiant-Sandworm-Ukraine-2022","description":"Ken Proska, John Wolfram, Jared Wilson, Dan Black, Keith Lunden, Daniel Kapellmann Zafra, Nathan Brubaker, Tyler Mclellan, Chris Sistrunk. (2023, November 9). Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology. Retrieved March 28, 2024.","url":"https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology","source":"MITRE","title":"Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology","authors":"Ken Proska, John Wolfram, Jared Wilson, Dan Black, Keith Lunden, Daniel Kapellmann Zafra, Nathan Brubaker, Tyler Mclellan, Chris Sistrunk","date_accessed":"2024-03-28T00:00:00Z","date_published":"2023-11-09T00:00:00Z","owner_name":null,"tidal_id":"89f929bc-0ab8-5637-a438-cbd4809b6c29","created":"2024-04-25T13:28:42.527184Z","modified":"2025-12-17T15:08:36.439449Z"},{"id":"5e619fef-180a-46d4-8bf5-998860b5ad7e","name":"ANSSI Sandworm January 2021","description":"ANSSI. (2021, January 27). SANDWORM INTRUSION SET CAMPAIGN TARGETING CENTREON SYSTEMS. Retrieved March 30, 2021.","url":"https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf","source":"MITRE","title":"SANDWORM INTRUSION SET CAMPAIGN TARGETING CENTREON SYSTEMS","authors":"ANSSI","date_accessed":"2021-03-30T00:00:00Z","date_published":"2021-01-27T00:00:00Z","owner_name":null,"tidal_id":"b79ce98c-254d-5ff9-9a4f-cb734ebe99cd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418178Z"},{"id":"63622990-5467-42b2-8f45-b675dfc4dc8f","name":"iSIGHT Sandworm 2014","description":"Hultquist, J.. (2016, January 7). Sandworm Team and the Ukrainian Power Authority Attacks. Retrieved October 6, 2017.","url":"https://www.fireeye.com/blog/threat-research/2016/01/ukraine-and-sandworm-team.html","source":"MITRE","title":"Sandworm Team and the Ukrainian Power Authority Attacks","authors":"Hultquist, J.","date_accessed":"2017-10-06T00:00:00Z","date_published":"2016-01-07T00:00:00Z","owner_name":null,"tidal_id":"bd82ada9-46d8-5508-ba9c-6c370830faae","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437786Z"},{"id":"b8d9006d-7466-49cf-a70e-384edee530ce","name":"DOJ - Cisco Insider","description":"DOJ. (2020, August 26). San Jose Man Pleads Guilty To Damaging Cisco’s Network. Retrieved December 15, 2020.","url":"https://www.justice.gov/usao-ndca/pr/san-jose-man-pleads-guilty-damaging-cisco-s-network","source":"MITRE","title":"San Jose Man Pleads Guilty To Damaging Cisco’s Network","authors":"DOJ","date_accessed":"2020-12-15T00:00:00Z","date_published":"2020-08-26T00:00:00Z","owner_name":null,"tidal_id":"1acdfae6-5267-5f23-ae93-ffa5bb27ddae","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435124Z"},{"id":"6fb8f825-5f77-501a-8277-22a5f551d13a","name":"SANS 1","description":"Joshua Wright. (2020, October 13). Retrieved March 22, 2024.","url":"https://www.sans.org/blog/red-team-tactics-hiding-windows-services/","source":"MITRE","title":"SANS 1","authors":"","date_accessed":"2024-03-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c8909b97-6064-57bf-9d88-24562a4506c8","created":"2024-04-25T13:28:31.752777Z","modified":"2025-12-17T15:08:36.426653Z"},{"id":"2a4c41f3-473f-516f-8c68-b771f7c3dfcb","name":"SANS 2","description":"Joshua Wright. (2020, October 14). Retrieved March 22, 2024.","url":"https://www.sans.org/blog/defense-spotlight-finding-hidden-windows-services/","source":"MITRE","title":"SANS 2","authors":"","date_accessed":"2024-03-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"375af602-77a5-5567-b1c8-a0360db15db8","created":"2024-04-25T13:28:31.759013Z","modified":"2025-12-17T15:08:36.426659Z"},{"id":"e2678f2c-14e8-4d05-8186-17c84882d2b8","name":"BBC Santander Hack June 2 2024","description":"Joe Tidy. (2024, June 2). Santander staff and '30 million' customers hacked. Retrieved September 19, 2025.","url":"https://www.bbc.com/news/articles/c6ppv06e3n8o","source":"Tidal Cyber","title":"Santander staff and '30 million' customers hacked","authors":"Joe Tidy","date_accessed":"2025-09-19T12:00:00Z","date_published":"2024-06-02T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c74871c7-fb6e-5c07-b4cd-94b2f75516bb","created":"2025-10-07T14:06:53.572692Z","modified":"2025-10-07T14:06:53.706399Z"},{"id":"a7c6e9ec-f830-517e-8632-61d2bb47eb03","name":"NowSecure Android Overlay","description":"Ramirez, T. (2017, May 25). ‘SAW’-ing through the UI: Android overlay malware and the System Alert Window permission explained. Retrieved September","url":"https://www.nowsecure.com/blog/2017/05/25/android-overlay-malware-system-alert-window-permission/","source":"Mobile","title":"‘SAW’-ing through the UI: Android overlay malware and the System Alert Window permission explained","authors":"Ramirez, T","date_accessed":"1978-09-01T00:00:00Z","date_published":"2017-05-25T00:00:00Z","owner_name":null,"tidal_id":"e80306b2-b136-5ed9-8917-3d109793173f","created":"2026-01-28T13:08:10.043772Z","modified":"2026-01-28T13:08:10.043775Z"},{"id":"3432e39c-343d-5a87-9260-00560ed27e86","name":"push notification -mcafee","description":"Craig Schmugar. (2021, May 17). Scammers Impersonating Windows Defender to Push Malicious Windows Apps. Retrieved March 14, 2025.","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/scammers-impersonating-windows-defender-to-push-malicious-windows-apps/","source":"MITRE","title":"Scammers Impersonating Windows Defender to Push Malicious Windows Apps","authors":"Craig Schmugar","date_accessed":"2025-03-14T00:00:00Z","date_published":"2021-05-17T00:00:00Z","owner_name":null,"tidal_id":"dcc4e0db-dacb-51d7-b7ce-29fa307ae470","created":"2025-04-22T20:47:19.822358Z","modified":"2025-12-17T15:08:36.435290Z"},{"id":"48753fc9-b7b7-465f-92a7-fb3f51b032cb","name":"ATT ScanBox","description":"Blasco, J. (2014, August 28). Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks. Retrieved October 19, 2020.","url":"https://cybersecurity.att.com/blogs/labs-research/scanbox-a-reconnaissance-framework-used-on-watering-hole-attacks","source":"MITRE","title":"Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks","authors":"Blasco, J","date_accessed":"2020-10-19T00:00:00Z","date_published":"2014-08-28T00:00:00Z","owner_name":null,"tidal_id":"f89b75fb-18c6-5b43-b6bf-b95f9fc5126f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424257Z"},{"id":"3a60f7de-9ead-444e-9d08-689c655b26c7","name":"Mandiant SCANdalous Jul 2020","description":"Stephens, A. (2020, July 13). SCANdalous! (External Detection Using Network Scan Data and Automation). Retrieved November 17, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/scandalous-external-detection-using-network-scan-data-and-automation/","source":"MITRE","title":"SCANdalous! (External Detection Using Network Scan Data and Automation)","authors":"Stephens, A","date_accessed":"2024-11-17T00:00:00Z","date_published":"2020-07-13T00:00:00Z","owner_name":null,"tidal_id":"991d869f-e64c-515b-b149-23e390f05180","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424026Z"},{"id":"7cbf97fe-1809-4089-b386-a8bfd083df39","name":"WeLiveSecurity Scarab August 22 2023","description":"Jakub Souček. (2023, August 22). Scarabs colon-izing vulnerable servers. Retrieved September 13, 2024.","url":"https://www.welivesecurity.com/en/eset-research/scarabs-colon-izing-vulnerable-servers/","source":"Tidal Cyber","title":"Scarabs colon-izing vulnerable servers","authors":"Jakub Souček","date_accessed":"2024-09-13T00:00:00Z","date_published":"2023-08-22T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"615e2cb2-3818-528c-8d85-3f67de074755","created":"2024-09-13T19:19:53.115935Z","modified":"2024-09-13T19:19:53.405810Z"},{"id":"2dd5b872-a4ab-4b77-8457-a3d947298fc0","name":"Securelist ScarCruft May 2019","description":"GReAT. (2019, May 13). ScarCruft continues to evolve, introduces Bluetooth harvester. Retrieved June 4, 2019.","url":"https://securelist.com/scarcruft-continues-to-evolve-introduces-bluetooth-harvester/90729/","source":"MITRE","title":"ScarCruft continues to evolve, introduces Bluetooth harvester","authors":"GReAT","date_accessed":"2019-06-04T00:00:00Z","date_published":"2019-05-13T00:00:00Z","owner_name":null,"tidal_id":"c5780312-01de-5807-b84c-ac9e127b5a5f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438820Z"},{"id":"285266e7-7a62-5f98-9b0f-fefde4b21c88","name":"Sysdig ScarletEel 2.0 2023","description":"Alessandro Brucato. (2023, July 11). SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto. Retrieved September 25, 2023.","url":"https://sysdig.com/blog/scarleteel-2-0/","source":"MITRE","title":"SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto","authors":"Alessandro Brucato","date_accessed":"2023-09-25T00:00:00Z","date_published":"2023-07-11T00:00:00Z","owner_name":null,"tidal_id":"c0f67687-17af-5779-ad53-8038f43c11c3","created":"2023-11-07T00:36:07.895528Z","modified":"2025-12-17T15:08:36.434859Z"},{"id":"695f3c75-1606-4c15-a9a6-20041ef2d040","name":"Sysdig Scarleteel July 11 2023","description":"Alessandro Brucato. (2023, July 11). SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto. Retrieved April 12, 2024.","url":"https://sysdig.com/blog/scarleteel-2-0/","source":"Tidal Cyber","title":"SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto","authors":"Alessandro Brucato","date_accessed":"2024-04-12T12:00:00Z","date_published":"2023-07-11T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d30c7e5e-1c1c-5928-9ef0-1288f9cbdec9","created":"2026-01-14T13:29:34.857294Z","modified":"2026-01-14T13:29:35.144332Z"},{"id":"90e60242-82d8-5648-b7e4-def6fd508e16","name":"Sysdig ScarletEel 2.0","description":"SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto. (2023, July 11). SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto. Retrieved July 12, 2023.","url":"https://sysdig.com/blog/scarleteel-2-0/","source":"MITRE","title":"SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto","authors":"SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto","date_accessed":"2023-07-12T00:00:00Z","date_published":"2023-07-11T00:00:00Z","owner_name":null,"tidal_id":"325b9a9f-4935-540c-81a1-babc3e28f2ed","created":"2023-11-07T00:36:05.713658Z","modified":"2025-12-17T15:08:36.432445Z"},{"id":"18931f81-51bf-44af-9573-512ccb66c238","name":"Sysdig Scarleteel February 28 2023","description":"Alberto Pellitteri. (2023, February 28). SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft. Retrieved February 2, 2023.","url":"https://sysdig.com/blog/cloud-breach-terraform-data-theft/","source":"Tidal Cyber","title":"SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft","authors":"Alberto Pellitteri","date_accessed":"2023-02-02T00:00:00Z","date_published":"2023-02-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e4dacc64-7d34-5767-aa7b-4de792280608","created":"2024-06-13T20:10:49.376750Z","modified":"2024-06-13T20:10:49.569397Z"},{"id":"e0d62504-6fec-4d95-9f4a-e0dda7e7b6d9","name":"Red Canary June 26 2024","description":"Laura Brosnan. (2024, June 26). Scarlet Goldfinch Taking flight with NetSupport Manager - Red Canary. Retrieved June 26, 2024.","url":"https://redcanary.com/blog/threat-intelligence/scarlet-goldfinch/","source":"Tidal Cyber","title":"Scarlet Goldfinch Taking flight with NetSupport Manager - Red Canary","authors":"Laura Brosnan","date_accessed":"2024-06-26T00:00:00Z","date_published":"2024-06-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"03de039c-b43e-5898-b020-64091a40af6a","created":"2024-09-27T16:59:21.231450Z","modified":"2024-09-27T16:59:21.386548Z"},{"id":"f84a5b6d-3af1-45b1-ac55-69ceced8735f","name":"Scarlet Mimic Jan 2016","description":"Falcone, R. and Miller-Osborn, J.. (2016, January 24). Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists. Retrieved February 10, 2016.","url":"http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/","source":"MITRE, Tidal Cyber","title":"Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists","authors":"Falcone, R. and Miller-Osborn, J.","date_accessed":"2016-02-10T00:00:00Z","date_published":"2016-01-24T00:00:00Z","owner_name":null,"tidal_id":"8ff425e0-edce-5f7e-bab7-8bd4de90ae4f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.258383Z"},{"id":"9c242265-c28c-4580-8e6a-478d8700b092","name":"U.S. CISA Scattered Spider November 16 2023","description":"Cybersecurity and Infrastructure Security Agency. (2023, November 16). Scattered Spider. Retrieved November 16, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a","source":"Tidal Cyber","title":"Scattered Spider","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-11-16T00:00:00Z","date_published":"2023-11-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"26676bd7-a004-5679-8f2f-0082a6c91ad6","created":"2023-11-17T17:09:16.857655Z","modified":"2023-11-17T17:09:16.951632Z"},{"id":"a865a984-7f7b-5f82-ac4a-6fac79a2a753","name":"CrowdStrike Scattered Spider Profile","description":"CrowdStrike. (n.d.). Scattered Spider. Retrieved July 5, 2023.","url":"https://www.crowdstrike.com/adversaries/scattered-spider/","source":"MITRE","title":"Scattered Spider","authors":"CrowdStrike","date_accessed":"2023-07-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8b68a360-c193-52ce-8511-b4a8707567af","created":"2023-11-07T00:36:12.288336Z","modified":"2025-12-17T15:08:36.438908Z"},{"id":"91fa5967-9779-53bf-936f-18136f97e761","name":"Mphasis SS_SIM_Swap Apr2024","description":"Mphasis. (2024, April 17). Scattered Spider conducts SIM swapping attacks. Retrieved February","url":"https://www.mphasis.com/content/dam/mphasis-com/global/en/home/services/cybersecurity/scattered-spider-conducts-sim-swapping-attacks-12.pdf","source":"Mobile","title":"Scattered Spider conducts SIM swapping attacks","authors":"Mphasis","date_accessed":"1978-02-01T00:00:00Z","date_published":"2024-04-17T00:00:00Z","owner_name":null,"tidal_id":"04fd1d0e-5c68-5e64-b6f1-3b352ae278ca","created":"2026-01-28T13:08:10.047196Z","modified":"2026-01-28T13:08:10.047199Z"},{"id":"d7d86f5d-1f02-54b0-b6f4-879878563245","name":"CrowdStrike Scattered Spider BYOVD January 2023","description":"CrowdStrike. (2023, January 10). SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security. Retrieved July 5, 2023.","url":"https://www.crowdstrike.com/blog/scattered-spider-attempts-to-avoid-detection-with-bring-your-own-vulnerable-driver-tactic/","source":"MITRE","title":"SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security","authors":"CrowdStrike","date_accessed":"2023-07-05T00:00:00Z","date_published":"2023-01-10T00:00:00Z","owner_name":null,"tidal_id":"7a871020-4426-5905-a8d0-1bbc39a0952e","created":"2023-11-07T00:36:12.282995Z","modified":"2025-12-17T15:08:36.438901Z"},{"id":"9a051c1d-94f3-49e7-a226-acbd749407b6","name":"ReliaQuest Scattered Spider June 27 2025","description":"ReliaQuest Threat Research Team. (2025, June 27). Scattered Spider's Calculated Path from CFO to Compromise. Retrieved July 9, 2025.","url":"https://reliaquest.com/blog/scattered-spiders-calculated-path-from-cfo-to-compromise/","source":"Tidal Cyber","title":"Scattered Spider's Calculated Path from CFO to Compromise","authors":"ReliaQuest Threat Research Team","date_accessed":"2025-07-09T12:00:00Z","date_published":"2025-06-27T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6f2a5ba6-4ab4-5f79-b59c-58937b7d9fab","created":"2025-07-21T18:42:48.236925Z","modified":"2025-07-21T18:42:48.551089Z"},{"id":"0041bf10-e26f-59e8-a212-6b1687aafb79","name":"Trellix Scattered Spider MO August 2023","description":"Trellix et. al.. (2023, August 17). Scattered Spider: The Modus Operandi. Retrieved March 18, 2024.","url":"https://www.trellix.com/blogs/research/scattered-spider-the-modus-operandi/","source":"MITRE","title":"Scattered Spider: The Modus Operandi","authors":"Trellix et. al.","date_accessed":"2024-03-18T00:00:00Z","date_published":"2023-08-17T00:00:00Z","owner_name":null,"tidal_id":"975d571c-6447-5ab2-b310-a5f7756444b5","created":"2024-04-25T13:28:52.889388Z","modified":"2025-12-17T15:08:36.442270Z"},{"id":"5ce3ef73-f789-4939-a60e-e0a373048bda","name":"Sc.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Sc.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Sc/","source":"Tidal Cyber","title":"Sc.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bb92f6c9-caa8-5662-9418-8f2d138097a1","created":"2024-01-12T14:47:00.744794Z","modified":"2024-01-12T14:47:00.930584Z"},{"id":"63e53238-30b5-46ef-8083-7d2888b01561","name":"TechNet Forum Scheduled Task Operational Setting","description":"Satyajit321. (2015, November 3). Scheduled Tasks History Retention settings. Retrieved December 12, 2017.","url":"https://social.technet.microsoft.com/Forums/en-US/e5bca729-52e7-4fcb-ba12-3225c564674c/scheduled-tasks-history-retention-settings?forum=winserver8gen","source":"MITRE","title":"Scheduled Tasks History Retention settings","authors":"Satyajit321","date_accessed":"2017-12-12T00:00:00Z","date_published":"2015-11-03T00:00:00Z","owner_name":null,"tidal_id":"2318e747-fd1c-5c42-9a2d-257ae5b18161","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423618Z"},{"id":"71988b18-2560-50b7-86e4-d374fbf26af8","name":"Android WorkManager","description":"Google. (n.d.). Schedule tasks with WorkManager. Retrieved November","url":"https://developer.android.com/topic/libraries/architecture/workmanager","source":"Mobile","title":"Schedule tasks with WorkManager","authors":"Google","date_accessed":"1978-11-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c6dbb4af-5f90-5414-ae5d-a94a53c6dfb2","created":"2026-01-28T13:08:10.042641Z","modified":"2026-01-28T13:08:10.042644Z"},{"id":"dbab6766-ab87-4528-97e5-cc3121aa77b9","name":"Kifarunix - Task Scheduling in Linux","description":"Koromicha. (2019, September 7). Scheduling tasks using at command in Linux. Retrieved December 3, 2019.","url":"https://kifarunix.com/scheduling-tasks-using-at-command-in-linux/","source":"MITRE","title":"Scheduling tasks using at command in Linux","authors":"Koromicha","date_accessed":"2019-12-03T00:00:00Z","date_published":"2019-09-07T00:00:00Z","owner_name":null,"tidal_id":"83f41709-162a-5c5a-a419-05f8179b2e85","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430523Z"},{"id":"5ebf4992-1363-50e6-828e-d9b8b3908dff","name":"Schneider December 2018","description":"Schneider 2018, December 14 Security Notification EcoStruxure Triconex Tricon V3. Retrieved 2019/03/08","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2017-347-01+Triconex+V3.pdf&p_Doc_Ref=SEVD-2017-347-01","source":"ICS","title":"Schneider December 2018","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4fb26baa-55c1-5857-bc08-b913897a8d3f","created":"2026-01-28T13:08:18.175844Z","modified":"2026-01-28T13:08:18.175847Z"},{"id":"2e2cd8ca-2ffd-5935-b082-56685287c5d8","name":"Schneider Electric January 2018","description":"Schneider Electric 2018, January 23 TRITON - Schneider Electric Analysis and Disclosure. Retrieved 2019/03/14","url":"https://www.youtube.com/watch?v=f09E75bWvkk&index=3&list=PL8OWO1qWXF4qYG19p7An4Vw3N2YZ86aRS&t=0s","source":"ICS","title":"Schneider Electric January 2018","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4f1cf29a-e7f6-566f-88d3-0694cc481089","created":"2026-01-28T13:08:18.175868Z","modified":"2026-01-28T13:08:18.175871Z"},{"id":"a4245f98-ca2e-5aa7-a21a-45c500500189","name":"Schneider-Incontroller","description":"Schneider Electric. (2022, April 14). Schneider Electric Security Bulletin: “APT Cyber Tools Targeting ICS/SCADA Devices” . Retrieved September","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2022-01","source":"ICS","title":"Schneider Electric Security Bulletin: “APT Cyber Tools Targeting ICS/SCADA Devices”","authors":"Schneider Electric","date_accessed":"1978-09-01T00:00:00Z","date_published":"2022-04-14T00:00:00Z","owner_name":null,"tidal_id":"0f45e02b-05d9-500f-ac26-1b01374a5d15","created":"2026-01-28T13:08:18.176197Z","modified":"2026-01-28T13:08:18.176200Z"},{"id":"17c03e27-222d-41b5-9fa2-34f0939e5371","name":"TechNet Schtasks","description":"Microsoft. (n.d.). Schtasks. Retrieved April 28, 2016.","url":"https://technet.microsoft.com/en-us/library/bb490996.aspx","source":"MITRE","title":"Schtasks","authors":"Microsoft","date_accessed":"2016-04-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"effea3fa-066a-5956-8655-3687bc3e2c5a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423367Z"},{"id":"2ef31677-b7ec-4200-a342-7c9196e1aa58","name":"Schtasks.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Schtasks.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Schtasks/","source":"Tidal Cyber","title":"Schtasks.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ce0815e1-51a6-5c96-9081-655b7c367db6","created":"2024-01-12T14:47:01.101811Z","modified":"2024-01-12T14:47:01.305231Z"},{"id":"a9626d53-118d-507d-8dac-f585d66db629","name":"Schweitzer Engineering Laboratories August 2015","description":"Schweitzer Engineering Laboratories 2015, August Understanding When to Use LDAP or RADIUS for Centralized Authentication. Retrieved 2020/09/25","url":"https://cdn.selinc.com/assets/Literature/Publications/Application%20Notes/AN2015-08_20150817.pdf?","source":"ICS","title":"Schweitzer Engineering Laboratories August 2015","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"db2e8e86-b3e2-5fd3-82ee-d24c9fc76699","created":"2026-01-28T13:08:18.180566Z","modified":"2026-01-28T13:08:18.180569Z"},{"id":"1b73bfb6-376e-4252-b3a1-9b6cf5ccaaf3","name":"Secplicity Rhysida May 23 2023","description":"Ryan Estes. (2023, May 23). Scratching the Surface of Rhysida Ransomware. Retrieved August 11, 2023.","url":"https://www.secplicity.org/2023/05/23/scratching-the-surface-of-rhysida-ransomware/","source":"Tidal Cyber","title":"Scratching the Surface of Rhysida Ransomware","authors":"Ryan Estes","date_accessed":"2023-08-11T00:00:00Z","date_published":"2023-05-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2ac6dd08-510e-5c56-9792-521ed514fb5f","created":"2024-06-13T20:10:39.142482Z","modified":"2024-06-13T20:10:39.326814Z"},{"id":"b5d69465-27df-4acc-b6cc-f51be8780b7b","name":"Wikipedia Screensaver","description":"Wikipedia. (2017, November 22). Screensaver. Retrieved December 5, 2017.","url":"https://en.wikipedia.org/wiki/Screensaver","source":"MITRE","title":"Screensaver","authors":"Wikipedia","date_accessed":"2017-12-05T00:00:00Z","date_published":"2017-11-22T00:00:00Z","owner_name":null,"tidal_id":"04a81463-0650-5eaf-83ed-b78d92c41a7d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426607Z"},{"id":"89ed4c93-b69d-4eed-8212-cd2ebee08bcb","name":"CobaltStrike Scripted Web Delivery","description":"Strategic Cyber, LLC. (n.d.). Scripted Web Delivery. Retrieved January 23, 2018.","url":"https://www.cobaltstrike.com/help-scripted-web-delivery","source":"MITRE","title":"Scripted Web Delivery","authors":"Strategic Cyber, LLC","date_accessed":"2018-01-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d6984eb2-2cc7-554f-9297-3ef522f025cc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441178Z"},{"id":"ccafe7af-fbb3-4478-9035-f588e5e3c8b8","name":"Cobalt Strike DCOM Jan 2017","description":"Mudge, R. (2017, January 24). Scripting Matt Nelson’s MMC20.Application Lateral Movement Technique. Retrieved November 21, 2017.","url":"https://blog.cobaltstrike.com/2017/01/24/scripting-matt-nelsons-mmc20-application-lateral-movement-technique/","source":"MITRE","title":"Scripting Matt Nelson’s MMC20.Application Lateral Movement Technique","authors":"Mudge, R","date_accessed":"2017-11-21T00:00:00Z","date_published":"2017-01-24T00:00:00Z","owner_name":null,"tidal_id":"985bad69-09ae-5db7-9ec2-20a5654f4580","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442825Z"},{"id":"805d16cc-8bd0-4f80-b0ac-c5b5df51427c","name":"Scriptrunner.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Scriptrunner.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Scriptrunner/","source":"Tidal Cyber","title":"Scriptrunner.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4e8790e6-bd89-5ac9-9aa1-1cb7a13701a5","created":"2024-01-12T14:47:01.518171Z","modified":"2024-01-12T14:47:01.750309Z"},{"id":"e96e1486-ae8a-5fb3-bb8b-a9f0bf22b488","name":"SS64","description":"SS64. (n.d.). ScriptRunner.exe. Retrieved July 8, 2024.","url":"https://ss64.com/nt/scriptrunner.html","source":"MITRE","title":"ScriptRunner.exe","authors":"SS64","date_accessed":"2024-07-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c55615a0-20f2-5200-96c3-4469349ebb32","created":"2024-10-31T16:28:19.504465Z","modified":"2025-12-17T15:08:36.428090Z"},{"id":"c50ff71f-c742-4d63-a18e-e1ce41d55193","name":"Scrobj.dll - LOLBAS Project","description":"LOLBAS. (2021, January 7). Scrobj.dll. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Libraries/Scrobj/","source":"Tidal Cyber","title":"Scrobj.dll","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-01-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d1372e08-2e00-5578-b37d-510cfd3e3f81","created":"2024-01-12T14:47:13.213521Z","modified":"2024-01-12T14:47:13.386893Z"},{"id":"53242ee8-1572-45f3-bc5e-23ed1e7fcdc1","name":"U.S. HHS HC3 SDBBot Analyst Note November 17 2020","description":"U.S. HHS IC3. (2020, November 17). SDBBot Malware threat to US Healthcare Organizations. Retrieved October 7, 2025.","url":"https://www.hhs.gov/sites/default/files/sdbbot-analyst-note.pdf","source":"Tidal Cyber","title":"SDBBot Malware threat to US Healthcare Organizations","authors":"U.S. HHS IC3","date_accessed":"2025-10-07T12:00:00Z","date_published":"2020-11-17T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4dc68449-8055-501a-8fc0-90aa79681a25","created":"2025-10-07T14:06:59.114516Z","modified":"2025-10-07T14:06:59.252982Z"},{"id":"356c7d49-5abc-4566-9657-5ce58cf7be67","name":"Microsoft SDelete July 2016","description":"Russinovich, M. (2016, July 4). SDelete v2.0. Retrieved February 8, 2018.","url":"https://docs.microsoft.com/en-us/sysinternals/downloads/sdelete","source":"MITRE","title":"SDelete v2.0","authors":"Russinovich, M","date_accessed":"2018-02-08T00:00:00Z","date_published":"2016-07-04T00:00:00Z","owner_name":null,"tidal_id":"b102c3bf-0d5c-5128-bfdd-d0f610e3e221","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423436Z"},{"id":"da40497b-751d-4219-b9b2-a1a5914349a0","name":"Security Alliance | SEAL April 14 2025","description":"Security Alliance | SEAL. (2025, April 14). SEAL Releases Advisory on ELUSIVE COMET. Retrieved May 5, 2025.","url":"https://www.securityalliance.org/news/2025-03-elusive-comet","source":"Tidal Cyber","title":"SEAL Releases Advisory on ELUSIVE COMET","authors":"Security Alliance | SEAL","date_accessed":"2025-05-05T00:00:00Z","date_published":"2025-04-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5cace4dd-1984-5826-9e54-c020c8b31019","created":"2025-05-06T16:28:39.090552Z","modified":"2025-05-06T16:28:39.274364Z"},{"id":"52d84a1e-fd51-5872-9233-df88e26d742b","name":"Sean Gallagher April 2016","description":"Sean Gallagher 2016, April 27 German nuclear plants fuel rod system swarming with old malware. Retrieved 2019/10/14","url":"https://arstechnica.com/information-technology/2016/04/german-nuclear-plants-fuel-rod-system-swarming-with-old-malware/","source":"ICS","title":"Sean Gallagher April 2016","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"72d90177-c4ba-5d8f-8c96-8f16f273e756","created":"2026-01-28T13:08:18.178090Z","modified":"2026-01-28T13:08:18.178093Z"},{"id":"c7482430-58f9-4365-a7c6-d17067b257e4","name":"Sean Metcalf Twitter DNS Records","description":"Sean Metcalf. (2019, May 9). Sean Metcalf Twitter. Retrieved September 12, 2024.","url":"https://x.com/PyroTek3/status/1126487227712921600","source":"MITRE","title":"Sean Metcalf Twitter","authors":"Sean Metcalf","date_accessed":"2024-09-12T00:00:00Z","date_published":"2019-05-09T00:00:00Z","owner_name":null,"tidal_id":"9a71ee6e-adcc-5090-94f7-25450e06026c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424919Z"},{"id":"636b933d-8953-4579-980d-227527dfcc94","name":"AWS CloudTrail Search","description":"Amazon. (n.d.). Search CloudTrail logs for API calls to EC2 Instances. Retrieved June 17, 2020.","url":"https://aws.amazon.com/premiumsupport/knowledge-center/cloudtrail-search-api-calls/","source":"MITRE","title":"Search CloudTrail logs for API calls to EC2 Instances","authors":"Amazon","date_accessed":"2020-06-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5b90a33f-dffd-59b3-b7b3-624e17db9023","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431162Z"},{"id":"5288024c-6d3e-5f4c-943a-ed668277af2c","name":"Talos Sea Turtle 2019","description":"Cisco Talos. (2019, April 17). Sea Turtle: DNS Hijacking Abuses Trust In Core Internet Service. Retrieved November 20, 2024.","url":"https://blog.talosintelligence.com/seaturtle/","source":"MITRE","title":"Sea Turtle: DNS Hijacking Abuses Trust In Core Internet Service","authors":"Cisco Talos","date_accessed":"2024-11-20T00:00:00Z","date_published":"2019-04-17T00:00:00Z","owner_name":null,"tidal_id":"fd0998ff-6d05-5a6f-9674-379de22f0005","created":"2025-04-22T20:47:24.058308Z","modified":"2025-12-17T15:08:36.439150Z"},{"id":"8fb20f4a-d749-5a6b-b3a1-b6228911bef3","name":"Talos Sea Turtle 2019_2","description":"Paul Rascagneres. (2019, July 9). Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques. Retrieved November 20, 2024.","url":"https://blog.talosintelligence.com/sea-turtle-keeps-on-swimming/","source":"MITRE","title":"Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques","authors":"Paul Rascagneres","date_accessed":"2024-11-20T00:00:00Z","date_published":"2019-07-09T00:00:00Z","owner_name":null,"tidal_id":"3326df63-7d37-59d9-80fc-af1e1a59fa6e","created":"2025-04-22T20:47:24.082944Z","modified":"2025-12-17T15:08:36.439180Z"},{"id":"2d9ef1de-2ee6-4500-a87d-b55f83e65900","name":"Group IB Cobalt Aug 2017","description":"Matveeva, V. (2017, August 15). Secrets of Cobalt. Retrieved October 10, 2018.","url":"https://www.group-ib.com/blog/cobalt","source":"MITRE","title":"Secrets of Cobalt","authors":"Matveeva, V","date_accessed":"2018-10-10T00:00:00Z","date_published":"2017-08-15T00:00:00Z","owner_name":null,"tidal_id":"6e10cdba-670b-5653-a3a1-fb918517b31e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438192Z"},{"id":"11bb1f9b-53c1-4738-ab66-56522f228743","name":"GitHub SHB Credential Guard","description":"NSA IAD. (2017, April 20). Secure Host Baseline - Credential Guard. Retrieved April 25, 2017.","url":"https://github.com/iadgov/Secure-Host-Baseline/tree/master/Credential%20Guard","source":"MITRE","title":"Secure Host Baseline - Credential Guard","authors":"NSA IAD","date_accessed":"2017-04-25T00:00:00Z","date_published":"2017-04-20T00:00:00Z","owner_name":null,"tidal_id":"f4a02125-570e-5a55-8b0f-5c6aef6c537f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416148Z"},{"id":"00953d3e-5fe7-454a-8d01-6405f74cca80","name":"Secure Host Baseline EMET","description":"National Security Agency. (2016, May 4). Secure Host Baseline EMET. Retrieved June 22, 2016.","url":"https://github.com/iadgov/Secure-Host-Baseline/tree/master/EMET","source":"MITRE","title":"Secure Host Baseline EMET","authors":"National Security Agency","date_accessed":"2016-06-22T00:00:00Z","date_published":"2016-05-04T00:00:00Z","owner_name":null,"tidal_id":"eeecbbf5-e6ac-514a-bad9-e0227261cf90","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415529Z"},{"id":"9c569892-2b3f-54a5-afd2-446daf63c368","name":"PLCTop20 Mar 2023","description":"PLC Security, Top 20 Community. (2021, June 15). Secure PLC Coding Practices: Top 20 version 1.0. Retrieved March","url":"https://plc-security.com/content/Top_20_Secure_PLC_Coding_Practices_V1.0.pdf","source":"ICS","title":"Secure PLC Coding Practices: Top 20 version 1.0","authors":"PLC Security, Top 20 Community","date_accessed":"1978-03-01T00:00:00Z","date_published":"2021-06-15T00:00:00Z","owner_name":null,"tidal_id":"cc6e6df9-25ca-5766-8959-b50e6ed9b2df","created":"2026-01-28T13:08:18.174911Z","modified":"2026-01-28T13:08:18.174915Z"},{"id":"3f0ff65d-56a0-4c29-b561-e6342b0b6b65","name":"TechNet Secure Boot Process","description":"Microsoft. (n.d.). Secure the Windows 10 boot process. Retrieved April 23, 2020.","url":"https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process","source":"MITRE","title":"Secure the Windows 10 boot process","authors":"Microsoft","date_accessed":"2020-04-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9b1446b5-1a36-5dd2-9128-54bc12241cd9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416021Z"},{"id":"573edbb6-687b-4bc2-bc4a-764a548633b5","name":"SecureWorks August 2019","description":"SecureWorks. (2019, August 27) LYCEUM Takes Center Stage in Middle East Campaign. Retrieved November 19, 2019","url":"https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign","source":"MITRE","title":"SecureWorks August 2019","authors":"SecureWorks","date_accessed":"2019-11-19T00:00:00Z","date_published":"2019-08-27T00:00:00Z","owner_name":null,"tidal_id":"34b90be8-3c22-5d87-a314-bdd58d249ff2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421341Z"},{"id":"dc3387b0-c845-5b5a-afef-bc518ecbfb1f","name":"SecureWorks September 2019","description":"SecureWorks. (2019, September 24) REvil/Sodinokibi Ransomware. Retrieved April 12, 2021","url":"https://www.secureworks.com/research/revil-sodinokibi-ransomware","source":"MITRE","title":"SecureWorks September 2019","authors":"","date_accessed":"2021-04-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"0c22a753-4647-5d3a-8a79-037fdc79194a","created":"2024-10-31T16:28:37.579488Z","modified":"2025-12-17T15:08:36.442059Z"},{"id":"15280399-e9c8-432c-8ee2-47ced9377378","name":"Securing bash history","description":"Mathew Branwell. (2012, March 21). Securing .bash_history file. Retrieved July 8, 2017.","url":"http://www.akyl.net/securing-bashhistory-file-make-sure-your-linux-system-users-won%E2%80%99t-hide-or-delete-their-bashhistory","source":"MITRE","title":"Securing .bash_history file","authors":"Mathew Branwell","date_accessed":"2017-07-08T00:00:00Z","date_published":"2012-03-21T00:00:00Z","owner_name":null,"tidal_id":"4d172d45-0ec2-515e-8ede-0496219a4221","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415392Z"},{"id":"716844d6-a6ed-41d4-9067-3822ed32828f","name":"Microsoft Securing Privileged Access","description":"Plett, C., Poggemeyer, L. (2012, October 26). Securing Privileged Access Reference Material. Retrieved April 25, 2017.","url":"https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#a-nameesaebmaesae-administrative-forest-design-approach","source":"MITRE","title":"Securing Privileged Access Reference Material","authors":"Plett, C., Poggemeyer, L","date_accessed":"2017-04-25T00:00:00Z","date_published":"2012-10-26T00:00:00Z","owner_name":null,"tidal_id":"fa4f14ec-8670-5c9a-b3c5-698b4707ea51","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416127Z"},{"id":"98bdf25b-fbad-497f-abd2-8286d9e0479c","name":"Berkley Secure","description":"Berkeley Security, University of California. (n.d.). Securing Remote Desktop for System Administrators. Retrieved November 4, 2014.","url":"https://security.berkeley.edu/node/94","source":"MITRE","title":"Securing Remote Desktop for System Administrators","authors":"Berkeley Security, University of California","date_accessed":"2014-11-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"fca006f6-4dad-5801-a9be-c8491f120a30","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415720Z"},{"id":"31de3a32-ae7a-42bf-9153-5d891651a7d1","name":"Cisco Securing SNMP","description":"Cisco. (2006, May 10). Securing Simple Network Management Protocol. Retrieved October 19, 2020.","url":"https://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/20370-snmpsecurity-20370.html","source":"MITRE","title":"Securing Simple Network Management Protocol","authors":"Cisco","date_accessed":"2020-10-19T00:00:00Z","date_published":"2006-05-10T00:00:00Z","owner_name":null,"tidal_id":"97e6f6a7-47f6-5f09-ae51-9c44180c21af","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440873Z"},{"id":"078b9848-8e5f-4750-bb90-3e110876a6a4","name":"ADSecurity Windows Secure Baseline","description":"Metcalf, S. (2016, October 21). Securing Windows Workstations: Developing a Secure Baseline. Retrieved November 17, 2017.","url":"https://adsecurity.org/?p=3299","source":"MITRE","title":"Securing Windows Workstations: Developing a Secure Baseline","authors":"Metcalf, S","date_accessed":"2017-11-17T00:00:00Z","date_published":"2016-10-21T00:00:00Z","owner_name":null,"tidal_id":"cd3ba819-d51d-5beb-8a93-e89121791ba1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415736Z"},{"id":"dda44228-4820-414c-90c9-9865ac887249","name":"Salesforce November 22 2025","description":"None Identified. (2025, November 22). Security Advisory: Unusual Activity related to the Gainsight application. Retrieved November 24, 2025.","url":"https://help.salesforce.com/s/articleView?id=005229029&type=1","source":"Tidal Cyber","title":"Security Advisory: Unusual Activity related to the Gainsight application","authors":"None Identified","date_accessed":"2025-11-24T12:00:00Z","date_published":"2025-11-22T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f8811149-96a5-5c92-951d-d313010d71ba","created":"2025-11-26T19:37:29.058594Z","modified":"2025-11-26T19:37:29.192887Z"},{"id":"1b6ce918-651a-480d-8305-82bccbf42e96","name":"Morphisec ShellTea June 2019","description":"Gorelik, M.. (2019, June 10). SECURITY ALERT: FIN8 IS BACK IN BUSINESS, TARGETING THE HOSPITALITY INDUSTRY. Retrieved June 13, 2019.","url":"http://blog.morphisec.com/security-alert-fin8-is-back","source":"MITRE","title":"SECURITY ALERT: FIN8 IS BACK IN BUSINESS, TARGETING THE HOSPITALITY INDUSTRY","authors":"Gorelik, M.","date_accessed":"2019-06-13T00:00:00Z","date_published":"2019-06-10T00:00:00Z","owner_name":null,"tidal_id":"319b03bb-ff2d-5570-85c3-7dd710a7eb2e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418940Z"},{"id":"bed8ae68-9738-46fb-abc9-0004fa35636a","name":"Carbon Black Obfuscation Sept 2016","description":"Tedesco, B. (2016, September 23). Security Alert Summary. Retrieved February 12, 2018.","url":"https://www.carbonblack.com/2016/09/23/security-advisory-variants-well-known-adware-families-discovered-include-sophisticated-obfuscation-techniques-previously-associated-nation-state-attacks/","source":"MITRE","title":"Security Alert Summary","authors":"Tedesco, B","date_accessed":"2018-02-12T00:00:00Z","date_published":"2016-09-23T00:00:00Z","owner_name":null,"tidal_id":"193f6d21-4e5b-5c18-9d88-d2830d93cb05","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428163Z"},{"id":"c07bed36-e1a4-598c-9361-6fb5402947ff","name":"NIST Special Publication 800-53 Revision 5","description":"National Institute of Standards and Technology. (2020, September). Security and Privacy Controlsfor Information Systems and Organizations. Retrieved August 30, 2024.","url":"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf","source":"MITRE","title":"Security and Privacy Controlsfor Information Systems and Organizations","authors":"National Institute of Standards and Technology","date_accessed":"2024-08-30T00:00:00Z","date_published":"2020-09-01T00:00:00Z","owner_name":null,"tidal_id":"c9880fd4-e267-56a1-8b3f-ede226a7d5f7","created":"2024-10-31T16:28:28.326164Z","modified":"2025-12-17T15:08:36.415883Z"},{"id":"255181c2-b1c5-4531-bc16-853f21bc6435","name":"Havana authentication bug","description":"Jay Pipes. (2013, December 23). Security Breach! Tenant A is seeing the VNC Consoles of Tenant B!. Retrieved September 12, 2024.","url":"https://lists.openstack.org/pipermail/openstack/2013-December/004138.html","source":"MITRE","title":"Security Breach! Tenant A is seeing the VNC Consoles of Tenant B!","authors":"Jay Pipes","date_accessed":"2024-09-12T00:00:00Z","date_published":"2013-12-23T00:00:00Z","owner_name":null,"tidal_id":"c42bbb13-91a8-58f8-ac09-5f9dd8727ab8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423709Z"},{"id":"9988f6e5-f81d-46f6-a492-10eb39f142f0","name":"Proofpoint November 18 2024","description":"Tommy Madjar; Selena Larson; The Proofpoint Threat Research Team. (2024, November 18). Security Brief ClickFix Social Engineering Technique Floods Threat Landscape . Retrieved February 7, 2025.","url":"https://www.proofpoint.com/uk/blog/threat-insight/security-brief-clickfix-social-engineering-technique-floods-threat-landscape?ref=blog.reveng.ai","source":"Tidal Cyber","title":"Security Brief ClickFix Social Engineering Technique Floods Threat Landscape","authors":"Tommy Madjar; Selena Larson; The Proofpoint Threat Research Team","date_accessed":"2025-02-07T00:00:00Z","date_published":"2024-11-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3bdea372-435e-5846-9d43-e1522323190d","created":"2025-02-11T18:20:02.110510Z","modified":"2025-02-11T18:20:02.445660Z"},{"id":"e9163f84-4e88-5da9-92ed-8e3e835f67d7","name":"Proofpoint ClickFix 2024","description":"Tommy Madjar, Selena Larson and The Proofpoint Threat Research Team. (2024, November 18). Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape. Retrieved March 18, 2025.","url":"https://www.proofpoint.com/us/blog/threat-insight/security-brief-clickfix-social-engineering-technique-floods-threat-landscape","source":"MITRE","title":"Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape","authors":"Tommy Madjar, Selena Larson and The Proofpoint Threat Research Team","date_accessed":"2025-03-18T00:00:00Z","date_published":"2024-11-18T00:00:00Z","owner_name":null,"tidal_id":"8242400c-f736-522d-981d-9070cd97d4c3","created":"2025-04-22T20:47:20.288391Z","modified":"2025-12-17T15:08:36.435702Z"},{"id":"263be6fe-d9ed-5216-a0be-e8391dbd83e6","name":"Proofpoint TA450 Phishing March 2024","description":"Miller, J. et al. (2024, March 21). Security Brief: TA450 Uses Embedded Links in PDF Attachments in Latest Campaign. Retrieved March 27, 2024.","url":"https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta450-uses-embedded-links-pdf-attachments-latest-campaign","source":"MITRE","title":"Security Brief: TA450 Uses Embedded Links in PDF Attachments in Latest Campaign","authors":"Miller, J. et al","date_accessed":"2024-03-27T00:00:00Z","date_published":"2024-03-21T00:00:00Z","owner_name":null,"tidal_id":"0f4ef660-6659-567a-a000-c9d798d695d9","created":"2024-04-25T13:28:43.718851Z","modified":"2025-12-17T15:08:36.438268Z"},{"id":"4680b786-a49a-5275-963e-9c8cf29d7747","name":"mHealth","description":"D. He et al. (2014). Security Concerns in Android mHealth Apps. Retrieved December","url":"https://experts.illinois.edu/en/publications/security-concerns-in-android-mhealth-apps","source":"Mobile","title":"Security Concerns in Android mHealth Apps","authors":"D. He et al","date_accessed":"1978-12-01T00:00:00Z","date_published":"2014-01-01T00:00:00Z","owner_name":null,"tidal_id":"88a354b0-1472-5381-b839-cf80738e4497","created":"2026-01-28T13:08:10.043493Z","modified":"2026-01-28T13:08:10.043498Z"},{"id":"01ddd53c-1f02-466d-abf2-43bf1ab2d3fc","name":"Microsoft Trust Considerations Nov 2014","description":"Microsoft. (2014, November 19). Security Considerations for Trusts. Retrieved November 30, 2017.","url":"https://technet.microsoft.com/library/cc755321.aspx","source":"MITRE","title":"Security Considerations for Trusts","authors":"Microsoft","date_accessed":"2017-11-30T00:00:00Z","date_published":"2014-11-19T00:00:00Z","owner_name":null,"tidal_id":"07156551-c85b-5caf-b587-9c9d353b85dc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416198Z"},{"id":"18bf46eb-a005-443a-917d-c53a7b231fe9","name":"Dark Reading July 17 2024","description":"Nate Nelson; Contributing Writer. (2024, July 17). Security End-Run 'AuKill' Shuts Down Windows-Reliant EDR Processes. Retrieved April 8, 2025.","url":"https://www.darkreading.com/endpoint-security/security-end-run-aukill-shuts-down-windows-reliant-edr-processes","source":"Tidal Cyber","title":"Security End-Run 'AuKill' Shuts Down Windows-Reliant EDR Processes","authors":"Nate Nelson; Contributing Writer","date_accessed":"2025-04-08T00:00:00Z","date_published":"2024-07-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f786b6c8-04c8-571d-894c-44f7d68adacd","created":"2025-04-08T16:38:27.952991Z","modified":"2025-04-08T16:38:28.137464Z"},{"id":"a5dd078b-10c7-433d-b7b5-929cf8437413","name":"AWS Sec Groups VPC","description":"Amazon. (n.d.). Security groups for your VPC. Retrieved October 13, 2021.","url":"https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html","source":"MITRE","title":"Security groups for your VPC","authors":"Amazon","date_accessed":"2021-10-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"08db0b6e-ee58-5a81-938b-f91ef6925946","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437270Z"},{"id":"c921c476-741e-4b49-8f94-752984adbba5","name":"Microsoft SID","description":"Microsoft. (n.d.). Security Identifiers. Retrieved November 30, 2017.","url":"https://msdn.microsoft.com/library/windows/desktop/aa379571.aspx","source":"MITRE","title":"Security Identifiers","authors":"Microsoft","date_accessed":"2017-11-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"68e68ac2-d353-5707-81cb-d95f75db9372","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425903Z"},{"id":"e4d8ce63-8626-4c8f-a437-b6a120ff61c7","name":"Schneider Electric USB Malware","description":"Schneider Electric. (2018, August 24). Security Notification – USB Removable Media Provided With Conext Combox and Conext Battery Monitor. Retrieved May 28, 2019.","url":"https://www.se.com/us/en/download/document/SESN-2018-236-01/","source":"MITRE","title":"Security Notification – USB Removable Media Provided With Conext Combox and Conext Battery Monitor","authors":"Schneider Electric","date_accessed":"2019-05-28T00:00:00Z","date_published":"2018-08-24T00:00:00Z","owner_name":null,"tidal_id":"a159c31a-0d65-5950-8484-7a9d3c46d817","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428310Z"},{"id":"e3e9d747-d5d7-5d36-b5fc-9f58b1d330f3","name":"Electron 3","description":"Alanna Titterington. (2023, September 14). Security of Electron-based desktop applications. Retrieved March 7, 2024.","url":"https://www.kaspersky.com/blog/electron-framework-security-issues/49035/","source":"MITRE","title":"Security of Electron-based desktop applications","authors":"Alanna Titterington","date_accessed":"2024-03-07T00:00:00Z","date_published":"2023-09-14T00:00:00Z","owner_name":null,"tidal_id":"1c15f473-28f7-57a1-828b-a4ee2fe45ecf","created":"2024-04-25T13:28:34.820323Z","modified":"2025-12-17T15:08:36.429757Z"},{"id":"40967072-353c-576b-935f-1ddb26158b97","name":"Zeltser-Keyboard","description":"Lenny Zeltser. (2016, July 30). Security of Third-Party Keyboard Apps on Mobile Devices. Retrieved December","url":"https://zeltser.com/third-party-keyboards-security/","source":"Mobile","title":"Security of Third-Party Keyboard Apps on Mobile Devices","authors":"Lenny Zeltser","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-07-30T00:00:00Z","owner_name":null,"tidal_id":"730cbabe-8ccb-5399-872b-7845fec3e8d9","created":"2026-01-28T13:08:10.045572Z","modified":"2026-01-28T13:08:10.045575Z"},{"id":"2b63d6c7-138b-5a9b-83e0-58f3d34723da","name":"Apple Dev SecurityD","description":"Apple. (n.d.). Security Server and Security Agent. Retrieved March 29, 2024.","url":"https://developer.apple.com/library/archive/documentation/Security/Conceptual/Security_Overview/Architecture/Architecture.html","source":"MITRE","title":"Security Server and Security Agent","authors":"Apple","date_accessed":"2024-03-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"870ee47e-68f1-58d8-9a69-c318f3296b0f","created":"2024-04-25T13:28:30.902217Z","modified":"2025-12-17T15:08:36.425771Z"},{"id":"27dae010-e3b3-4080-8039-9f89a29607e6","name":"Microsoft Security Subsystem","description":"Microsoft. (n.d.). Security Subsystem Architecture. Retrieved November 27, 2017.","url":"https://technet.microsoft.com/library/cc961760.aspx","source":"MITRE","title":"Security Subsystem Architecture","authors":"Microsoft","date_accessed":"2017-11-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b783a05d-2e10-519d-8d7c-e506fa52e569","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431032Z"},{"id":"3cc2c996-10e9-4e25-999c-21dc2c69e4af","name":"CISA IDN ST05-016","description":"CISA. (2019, September 27). Security Tip (ST05-016): Understanding Internationalized Domain Names. Retrieved October 20, 2020.","url":"https://us-cert.cisa.gov/ncas/tips/ST05-016","source":"MITRE","title":"Security Tip (ST05-016): Understanding Internationalized Domain Names","authors":"CISA","date_accessed":"2020-10-20T00:00:00Z","date_published":"2019-09-27T00:00:00Z","owner_name":null,"tidal_id":"f7b7467d-53db-5e67-a18e-14e59d510997","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426737Z"},{"id":"7775e295-c3b4-54da-9e60-d34fc8dbf7b8","name":"3cx official statement 2023","description":"Agathocles Prodromou. (2023, April 20). Security Update Thursday 20 April 2023 – Initial Intrusion Vector Found. Retrieved August 25, 2025.","url":"https://www.3cx.com/blog/news/mandiant-security-update2/","source":"MITRE","title":"Security Update Thursday 20 April 2023 – Initial Intrusion Vector Found","authors":"Agathocles Prodromou","date_accessed":"2025-08-25T00:00:00Z","date_published":"2023-04-20T00:00:00Z","owner_name":null,"tidal_id":"792b7349-50ce-5334-a2aa-b6c4e9370155","created":"2025-10-29T21:08:48.167283Z","modified":"2025-12-17T15:08:36.439456Z"},{"id":"d2005eb6-4da4-4938-97fb-caa0e2381f4e","name":"AADInternals zure AD Federated Domain","description":"Dr. Nestori Syynimaa. (2017, November 16). Security vulnerability in Azure AD & Office 365 identity federation. Retrieved September 28, 2022.","url":"https://o365blog.com/post/federation-vulnerability/","source":"MITRE","title":"Security vulnerability in Azure AD & Office 365 identity federation","authors":"Dr. Nestori Syynimaa","date_accessed":"2022-09-28T00:00:00Z","date_published":"2017-11-16T00:00:00Z","owner_name":null,"tidal_id":"db9043b1-7543-529f-bdda-4054a4cbace8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426365Z"},{"id":"123995be-36f5-4cd6-b80a-d601c2d0971e","name":"Azure AD Federation Vulnerability","description":"Dr. Nestori Syynimaa.. (2017, November 16). Security vulnerability in Azure AD & Office 365 identity federation. Retrieved February 1, 2022.","url":"https://o365blog.com/post/federation-vulnerability/","source":"MITRE","title":"Security vulnerability in Azure AD & Office 365 identity federation","authors":"Dr. Nestori Syynimaa.","date_accessed":"2022-02-01T00:00:00Z","date_published":"2017-11-16T00:00:00Z","owner_name":null,"tidal_id":"811653c7-6847-55fe-8533-d4ced24ead9d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442039Z"},{"id":"e21c39ad-85e5-49b4-8df7-e8890b09c7c1","name":"ESET Sednit July 2015","description":"ESET Research. (2015, July 10). Sednit APT Group Meets Hacking Team. Retrieved March 1, 2017.","url":"http://www.welivesecurity.com/2015/07/10/sednit-apt-group-meets-hacking-team/","source":"MITRE","title":"Sednit APT Group Meets Hacking Team","authors":"ESET Research","date_accessed":"2017-03-01T00:00:00Z","date_published":"2015-07-10T00:00:00Z","owner_name":null,"tidal_id":"8fb32d9a-fbb6-5b29-ae6d-84fcba049aa2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440818Z"},{"id":"8673f7fc-5b23-432a-a2d8-700ece46bd0f","name":"ESET Sednit USBStealer 2014","description":"Calvet, J. (2014, November 11). Sednit Espionage Group Attacking Air-Gapped Networks. Retrieved January 4, 2017.","url":"http://www.welivesecurity.com/2014/11/11/sednit-espionage-group-attacking-air-gapped-networks/","source":"MITRE","title":"Sednit Espionage Group Attacking Air-Gapped Networks","authors":"Calvet, J","date_accessed":"2017-01-04T00:00:00Z","date_published":"2014-11-11T00:00:00Z","owner_name":null,"tidal_id":"bc4d497f-29a3-579c-ae42-bcb8c12cdfda","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421110Z"},{"id":"406e434e-0602-4a08-bbf6-6d72311a720e","name":"ESET Sednit 2017 Activity","description":"ESET. (2017, December 21). Sednit update: How Fancy Bear Spent the Year. Retrieved February 18, 2019.","url":"https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/","source":"MITRE","title":"Sednit update: How Fancy Bear Spent the Year","authors":"ESET","date_accessed":"2019-02-18T00:00:00Z","date_published":"2017-12-21T00:00:00Z","owner_name":null,"tidal_id":"d9576b3f-ffa8-5892-97a0-80c315930f33","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425174Z"},{"id":"1e503e32-75aa-482b-81d3-ac61e806fa5c","name":"ESET Zebrocy Nov 2018","description":"ESET. (2018, November 20). Sednit: What’s going on with Zebrocy?. Retrieved February 12, 2019.","url":"https://www.welivesecurity.com/2018/11/20/sednit-whats-going-zebrocy/","source":"MITRE","title":"Sednit: What’s going on with Zebrocy?","authors":"ESET","date_accessed":"2019-02-12T00:00:00Z","date_published":"2018-11-20T00:00:00Z","owner_name":null,"tidal_id":"8e45ff10-119f-5569-9d36-c6f6ec1ef775","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440042Z"},{"id":"a8e58ef1-91e1-4f93-b2ff-faa7a6365f5d","name":"Symantec MuddyWater Dec 2018","description":"Symantec DeepSight Adversary Intelligence Team. (2018, December 10). Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms. Retrieved December 14, 2018.","url":"https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group","source":"MITRE, Tidal Cyber","title":"Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms","authors":"Symantec DeepSight Adversary Intelligence Team","date_accessed":"2018-12-14T00:00:00Z","date_published":"2018-12-10T00:00:00Z","owner_name":null,"tidal_id":"b37282ab-cd89-5a0a-a2a1-91739e620544","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.262689Z"},{"id":"382386e2-139e-5982-8934-1903a13f9e02","name":"Selena Larson, Camille Singleton December 2020","description":"Selena Larson, Camille Singleton 2020, December RANSOMWARE IN ICS ENVIRONMENTS. Retrieved 2021/04/12","url":"https://f.hubspotusercontent10.net/hubfs/5943619/Whitepaper-Downloads/Ransomware_in_ICS_Environments_Whitepaper_10_12_20.pdf?utm_referrer=https%3A%2F%2Fwww.dragos.com%2Fresource%2Fransomware-in-ics-environments%2F","source":"ICS","title":"Selena Larson, Camille Singleton December 2020","authors":"","date_accessed":"2021-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"037f89e6-182e-5de6-986d-8ff88eb09028","created":"2026-01-28T13:08:18.180307Z","modified":"2026-01-28T13:08:18.180310Z"},{"id":"578464ff-79d4-4358-9aa6-df8d7063fee1","name":"SanDisk SMART","description":"SanDisk. (n.d.). Self-Monitoring, Analysis and Reporting Technology (S.M.A.R.T.). Retrieved October 2, 2018.","url":"","source":"MITRE","title":"Self-Monitoring, Analysis and Reporting Technology (S.M.A.R.T.)","authors":"SanDisk","date_accessed":"2018-10-02T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"222ee63e-5491-56f3-a990-c0223907c333","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425082Z"},{"id":"3b64ce9e-6eec-42ee-bec1-1a8b5420f01d","name":"SELinux official","description":"SELinux Project. (2017, November 30). SELinux Project Wiki. Retrieved December 20, 2017.","url":"https://selinuxproject.org/page/Main_Page","source":"MITRE","title":"SELinux Project Wiki","authors":"SELinux Project","date_accessed":"2017-12-20T00:00:00Z","date_published":"2017-11-30T00:00:00Z","owner_name":null,"tidal_id":"35089e68-0df2-5450-a874-9e5e1dbe8a61","created":"2022-12-14T20:06:32.013016Z","modified":"2025-04-22T20:47:33.328844Z"},{"id":"c65b3dc8-4129-4c14-b3d1-7fdd1d39ebd5","name":"Microsoft SendNotifyMessage function","description":"Microsoft. (n.d.). SendNotifyMessage function. Retrieved December 16, 2017.","url":"https://msdn.microsoft.com/library/windows/desktop/ms644953.aspx","source":"MITRE","title":"SendNotifyMessage function","authors":"Microsoft","date_accessed":"2017-12-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9ee6501c-8098-55da-b29b-918ff766dd1c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423562Z"},{"id":"a23fed43-ddb7-504e-af12-faa410aa7279","name":"Android-SensorsOverview","description":"Google. (n.d.). Sensors Overview. Retrieved November","url":"https://developer.android.com/guide/topics/sensors/sensors_overview#sensors-practices","source":"Mobile","title":"Sensors Overview","authors":"Google","date_accessed":"1978-11-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8bcf50cd-bf51-5c59-8bc1-5286d8775b47","created":"2026-01-28T13:08:10.044150Z","modified":"2026-01-28T13:08:10.044153Z"},{"id":"aa12dc30-ba81-46c5-b412-ca4a01e72d7f","name":"DFIR Report Gootloader","description":"The DFIR Report. (2022, May 9). SEO Poisoning – A Gootloader Story. Retrieved September 30, 2022.","url":"https://thedfirreport.com/2022/05/09/seo-poisoning-a-gootloader-story/","source":"MITRE","title":"SEO Poisoning – A Gootloader Story","authors":"The DFIR Report","date_accessed":"2022-09-30T00:00:00Z","date_published":"2022-05-09T00:00:00Z","owner_name":null,"tidal_id":"32d08b57-4ce3-562f-9f05-570bb4a6f46d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435807Z"},{"id":"250b09a2-dd97-4fbf-af2f-618d1f126957","name":"MalwareBytes SEO","description":"Arntz, P. (2018, May 29). SEO poisoning: Is it worth it?. Retrieved September 30, 2022.","url":"https://www.malwarebytes.com/blog/news/2018/05/seo-poisoning-is-it-worth-it","source":"MITRE","title":"SEO poisoning: Is it worth it?","authors":"Arntz, P","date_accessed":"2022-09-30T00:00:00Z","date_published":"2018-05-29T00:00:00Z","owner_name":null,"tidal_id":"5098120e-4650-56ef-9c81-0f09533afb4e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435794Z"},{"id":"b4aa5bf9-31db-42ee-93e8-a576ecc00b57","name":"Sophos Attachment","description":"Ducklin, P. (2020, October 2). Serious Security: Phishing without links – when phishers bring along their own web pages. Retrieved October 20, 2020.","url":"https://nakedsecurity.sophos.com/2020/10/02/serious-security-phishing-without-links-when-phishers-bring-along-their-own-web-pages/","source":"MITRE","title":"Serious Security: Phishing without links – when phishers bring along their own web pages","authors":"Ducklin, P","date_accessed":"2020-10-20T00:00:00Z","date_published":"2020-10-02T00:00:00Z","owner_name":null,"tidal_id":"9009af51-1e44-5b56-90f5-46930a3aa0d0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432355Z"},{"id":"c2f7958b-f521-4133-9aeb-c5c8fae23e78","name":"ProofPoint Serpent","description":"Campbell, B. et al. (2022, March 21). Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain. Retrieved April 11, 2022.","url":"https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain","source":"MITRE","title":"Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain","authors":"Campbell, B. et al","date_accessed":"2022-04-11T00:00:00Z","date_published":"2022-03-21T00:00:00Z","owner_name":null,"tidal_id":"7bd0b7b6-0f4f-52b6-b87d-ef615ecba3cd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423569Z"},{"id":"3ea03c65-12e0-4e28-bbdc-17bb8c1e1831","name":"Wikipedia Server Message Block","description":"Wikipedia. (2017, December 16). Server Message Block. Retrieved December 21, 2017.","url":"https://en.wikipedia.org/wiki/Server_Message_Block","source":"MITRE","title":"Server Message Block","authors":"Wikipedia","date_accessed":"2017-12-21T00:00:00Z","date_published":"2017-12-16T00:00:00Z","owner_name":null,"tidal_id":"71cfa122-9f99-5ad3-ab58-9ec4b71b4aa6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429355Z"},{"id":"087b4779-22d5-4872-adb7-583904a92285","name":"Wikipedia SMB","description":"Wikipedia. (2016, June 12). Server Message Block. Retrieved June 12, 2016.","url":"https://en.wikipedia.org/wiki/Server_Message_Block","source":"MITRE","title":"Server Message Block","authors":"Wikipedia","date_accessed":"2016-06-12T00:00:00Z","date_published":"2016-06-12T00:00:00Z","owner_name":null,"tidal_id":"a7a1f663-0b5d-55ef-8b1b-4cb162e1f12a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436962Z"},{"id":"b744f739-8810-4fb9-96e3-6488f9ed6305","name":"Proofpoint TA505 Jan 2019","description":"Schwarz, D. and Proofpoint Staff. (2019, January 9). ServHelper and FlawedGrace - New malware introduced by TA505. Retrieved May 28, 2019.","url":"https://www.proofpoint.com/us/threat-insight/post/servhelper-and-flawedgrace-new-malware-introduced-ta505","source":"MITRE","title":"ServHelper and FlawedGrace - New malware introduced by TA505","authors":"Schwarz, D. and Proofpoint Staff","date_accessed":"2019-05-28T00:00:00Z","date_published":"2019-01-09T00:00:00Z","owner_name":null,"tidal_id":"89d440cd-a850-58e4-94d8-707c646e7840","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418038Z"},{"id":"522eaa6b-0075-5346-bf3c-db1e7820aba2","name":"Kubernetes Service Accounts Security","description":"Kubernetes. (n.d.). Service Accounts. Retrieved July 14, 2023.","url":"https://kubernetes.io/docs/concepts/security/service-accounts/","source":"MITRE","title":"Service Accounts","authors":"Kubernetes","date_accessed":"2023-07-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"983786be-a639-5d9f-893a-2099b633c3f8","created":"2023-11-07T00:36:03.643097Z","modified":"2025-12-17T15:08:36.430396Z"},{"id":"7409c7d3-97a0-5f17-9061-cdaf41274647","name":"GCP Service Accounts","description":"Google. (n.d.). Service Accounts Overview. Retrieved February 28, 2024.","url":"https://cloud.google.com/iam/docs/service-account-overview","source":"MITRE","title":"Service Accounts Overview","authors":"Google","date_accessed":"2024-02-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"00e0080f-0c1c-51e3-ae11-b14835faa29b","created":"2024-04-25T13:28:38.211887Z","modified":"2025-12-17T15:08:36.433030Z"},{"id":"00d22c6d-a51a-4107-bf75-53ec3330db92","name":"Microsoft Service Control Manager","description":"Microsoft. (2018, May 31). Service Control Manager. Retrieved March 28, 2020.","url":"https://docs.microsoft.com/windows/win32/services/service-control-manager","source":"MITRE","title":"Service Control Manager","authors":"Microsoft","date_accessed":"2020-03-28T00:00:00Z","date_published":"2018-05-31T00:00:00Z","owner_name":null,"tidal_id":"bc1e68e7-1039-528a-80a3-0d07de73ad03","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436300Z"},{"id":"75441af3-2ff6-42c8-b7f1-c8dc2c27efe2","name":"Rapid7 Service Persistence 22JUNE2016","description":"Rapid7. (2016, June 22). Service Persistence. Retrieved April 23, 2019.","url":"https://www.rapid7.com/db/modules/exploit/linux/local/service_persistence","source":"MITRE","title":"Service Persistence","authors":"Rapid7","date_accessed":"2019-04-23T00:00:00Z","date_published":"2016-06-22T00:00:00Z","owner_name":null,"tidal_id":"14bcf68e-ede6-5fcb-b7ae-a391b03396b0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424965Z"},{"id":"985ad31b-c385-473d-978d-40b6cd85268a","name":"Microsoft SPN","description":"Microsoft. (n.d.). Service Principal Names. Retrieved March 22, 2018.","url":"https://msdn.microsoft.com/library/ms677949.aspx","source":"MITRE","title":"Service Principal Names","authors":"Microsoft","date_accessed":"2018-03-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"39d808e3-ae5f-5f00-9458-f90044716e41","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433629Z"},{"id":"dd5dc432-32de-4bf3-b2c7-0bbdda031dd0","name":"Microsoft SetSPN","description":"Microsoft. (2010, April 13). Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe). Retrieved March 22, 2018.","url":"https://social.technet.microsoft.com/wiki/contents/articles/717.service-principal-names-spns-setspn-syntax-setspn-exe.aspx","source":"MITRE","title":"Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe)","authors":"Microsoft","date_accessed":"2018-03-22T00:00:00Z","date_published":"2010-04-13T00:00:00Z","owner_name":null,"tidal_id":"835284f7-cebf-5a1f-8622-6290bfd46038","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433635Z"},{"id":"8875ff5d-65bc-402a-bfe0-32adc10fb008","name":"Twitter Service Recovery Nov 2017","description":"The Cyber (@r0wdy_). (2017, November 30). Service Recovery Parameters. Retrieved April 9, 2018.","url":"https://twitter.com/r0wdy_/status/936365549553991680","source":"MITRE","title":"Service Recovery Parameters","authors":"The Cyber (@r0wdy_)","date_accessed":"2018-04-09T00:00:00Z","date_published":"2017-11-30T00:00:00Z","owner_name":null,"tidal_id":"6cce9bff-89c0-5b54-b023-7e248dd779a1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427992Z"},{"id":"7757776d-b0e9-4a99-8a55-2cd1b248c4a0","name":"Tweet Registry Perms Weakness","description":"@r0wdy_. (2017, November 30). Service Recovery Parameters. Retrieved September 12, 2024.","url":"https://x.com/r0wdy_/status/936365549553991680","source":"MITRE","title":"Service Recovery Parameters","authors":"@r0wdy_","date_accessed":"2024-09-12T00:00:00Z","date_published":"2017-11-30T00:00:00Z","owner_name":null,"tidal_id":"84ffc2b7-e743-5c7e-bb40-297ed41e5193","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425527Z"},{"id":"b50a3c2e-e997-4af5-8be0-3a8b3a959827","name":"TechNet Services","description":"Microsoft. (n.d.). Services. Retrieved June 7, 2016.","url":"https://technet.microsoft.com/en-us/library/cc772408.aspx","source":"MITRE","title":"Services","authors":"Microsoft","date_accessed":"2016-06-07T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8b44c99b-24c8-5667-92e4-d4cb49ee06fa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425040Z"},{"id":"37d237ae-f0a8-5b30-8f97-d751c1560391","name":"Krebs Access Brokers Fortune 500","description":"Brian Krebs. (2012, October 22). Service Sells Access to Fortune 500 Firms. Retrieved March 10, 2023.","url":"https://krebsonsecurity.com/2012/10/service-sells-access-to-fortune-500-firms/","source":"MITRE","title":"Service Sells Access to Fortune 500 Firms","authors":"Brian Krebs","date_accessed":"2023-03-10T00:00:00Z","date_published":"2012-10-22T00:00:00Z","owner_name":null,"tidal_id":"76712c04-a307-51cb-8c2d-c6f4bd8051bd","created":"2023-05-26T01:21:09.913933Z","modified":"2025-12-17T15:08:36.434940Z"},{"id":"3448fde3-1eae-5ee5-83d9-7bdd187c7e58","name":"Android-ForegroundServices","description":"Google. (n.d.). Services overview. Retrieved November","url":"https://developer.android.com/guide/components/services.html#Foreground","source":"Mobile","title":"Services overview","authors":"Google","date_accessed":"1978-11-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7e8e8682-d1cb-53db-90df-1477951d5c8f","created":"2026-01-28T13:08:10.044174Z","modified":"2026-01-28T13:08:10.044177Z"},{"id":"4fc98ad2-fabe-46a7-8546-db22dd737177","name":"Microsoft Security Blog November 03 2025","description":"Microsoft Incident Response. (2025, November 3). SesameOp: Novel backdoor uses OpenAI Assistants API for command and control | Microsoft Security Blog. Retrieved November 13, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2025/11/03/sesameop-novel-backdoor-uses-openai-assistants-api-for-command-and-control/","source":"Tidal Cyber","title":"SesameOp: Novel backdoor uses OpenAI Assistants API for command and control | Microsoft Security Blog","authors":"Microsoft Incident Response","date_accessed":"2025-11-13T12:00:00Z","date_published":"2025-11-03T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7b06e573-a6bc-55b6-9842-997e284c77d6","created":"2025-11-19T17:44:50.560109Z","modified":"2025-11-19T17:44:50.694473Z"},{"id":"04541283-247a-5a8c-8017-4d74967e194c","name":"Permiso SES Abuse 2023","description":"Nathan Eades. (2023, January 12). SES-pionage. Retrieved September 25, 2024.","url":"https://permiso.io/blog/s/aws-ses-pionage-detecting-ses-abuse/","source":"MITRE","title":"SES-pionage","authors":"Nathan Eades","date_accessed":"2024-09-25T00:00:00Z","date_published":"2023-01-12T00:00:00Z","owner_name":null,"tidal_id":"b87c6578-164e-5951-b4db-a8b4ae90dacc","created":"2024-10-31T16:28:23.828744Z","modified":"2025-12-17T15:08:36.432662Z"},{"id":"8b979a57-8238-5a68-bb0f-0301fa1b6432","name":"Session Management Cheat Sheet","description":"OWASP CheatSheets Series Team. (n.d.). Session Management Cheat Sheet. Retrieved December 26, 2023.","url":"https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html","source":"MITRE","title":"Session Management Cheat Sheet","authors":"OWASP CheatSheets Series Team","date_accessed":"2023-12-26T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"504c4437-6b50-56cd-9cf5-1a8276c6b6e5","created":"2024-04-25T13:28:51.581620Z","modified":"2025-12-17T15:08:36.441056Z"},{"id":"08b5165c-1c98-4ebc-9f9f-778115e9e06d","name":"Medium Authentication Tokens","description":"Hsu, S. (2018, June 30). Session vs Token Based Authentication. Retrieved September 29, 2021.","url":"https://medium.com/@sherryhsu/session-vs-token-based-authentication-11a6c5ac45e4","source":"MITRE","title":"Session vs Token Based Authentication","authors":"Hsu, S","date_accessed":"2021-09-29T00:00:00Z","date_published":"2018-06-30T00:00:00Z","owner_name":null,"tidal_id":"071e26e6-ae73-510e-b4fe-5865f9b6ba41","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437062Z"},{"id":"28cc6142-cc4f-4e63-bcff-94347bc06b37","name":"Microsoft Set-InboxRule","description":"Microsoft. (n.d.). Set-InboxRule. Retrieved June 7, 2021.","url":"https://docs.microsoft.com/en-us/powershell/module/exchange/set-inboxrule?view=exchange-ps","source":"MITRE","title":"Set-InboxRule","authors":"Microsoft","date_accessed":"2021-06-07T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"328b0365-80ed-5f7d-94e4-bafcb8767275","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424655Z"},{"id":"631de0bd-d536-4183-bc5a-25af83bd795a","name":"Setres.exe - LOLBAS Project","description":"LOLBAS. (2022, October 21). Setres.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Setres/","source":"Tidal Cyber","title":"Setres.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-10-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fc82014b-afd8-5f11-a5ec-03020583f3fc","created":"2024-01-12T14:47:01.937363Z","modified":"2024-01-12T14:47:02.159282Z"},{"id":"749d83a9-3c9f-42f4-b5ed-fa775b079716","name":"Microsoft Process Wide Com Keys","description":"Microsoft. (n.d.). Setting Process-Wide Security Through the Registry. Retrieved November 21, 2017.","url":"https://msdn.microsoft.com/en-us/library/windows/desktop/ms687317(v=vs.85).aspx","source":"MITRE","title":"Setting Process-Wide Security Through the Registry","authors":"Microsoft","date_accessed":"2017-11-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"0d134239-6c13-5263-971a-91c4ea6290c2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415966Z"},{"id":"57f573f2-1c9b-4037-8f4d-9ae65d13af94","name":"SettingSyncHost.exe - LOLBAS Project","description":"LOLBAS. (2021, August 26). SettingSyncHost.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/SettingSyncHost/","source":"Tidal Cyber","title":"SettingSyncHost.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-08-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bca4aad3-09ac-5568-922c-36ef46d6c2b5","created":"2024-01-12T14:47:02.337851Z","modified":"2024-01-12T14:47:02.520637Z"},{"id":"1de42b0a-3dd6-4f75-bcf3-a2373e349a39","name":"Petri Logon Script AD","description":"Daniel Petri. (2009, January 8). Setting up a Logon Script through Active Directory Users and Computers in Windows Server 2008. Retrieved November 15, 2019.","url":"https://www.petri.com/setting-up-logon-script-through-active-directory-users-computers-windows-server-2008","source":"MITRE","title":"Setting up a Logon Script through Active Directory Users and Computers in Windows Server 2008","authors":"Daniel Petri","date_accessed":"2019-11-15T00:00:00Z","date_published":"2009-01-08T00:00:00Z","owner_name":null,"tidal_id":"4064af41-0bbe-5194-b1ec-4048b2add339","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434494Z"},{"id":"9d320336-5be4-5c20-8205-a139376fe648","name":"AWS Setting Up Run Command","description":"AWS. (n.d.). Setting up Run Command. Retrieved March 13, 2023.","url":"https://docs.aws.amazon.com/systems-manager/latest/userguide/run-command-setting-up.html","source":"MITRE","title":"Setting up Run Command","authors":"AWS","date_accessed":"2023-03-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"16f39614-68c8-5a20-9f28-00e56b8a26eb","created":"2023-05-26T01:21:21.009117Z","modified":"2023-11-07T00:36:21.735460Z"},{"id":"de6e1202-19aa-41af-8446-521abc20200d","name":"VNC Authentication","description":"Tegan. (2019, August 15). Setting up System Authentication. Retrieved September 20, 2021.","url":"https://help.realvnc.com/hc/en-us/articles/360002250097-Setting-up-System-Authentication","source":"MITRE","title":"Setting up System Authentication","authors":"Tegan","date_accessed":"2021-09-20T00:00:00Z","date_published":"2019-08-15T00:00:00Z","owner_name":null,"tidal_id":"ca1b763c-9631-545b-bd6d-9a741ec166d3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423762Z"},{"id":"c1f7fb59-6e61-4a7f-b14d-a3d1d3da45af","name":"MacOS VNC software for Remote Desktop","description":"Apple Support. (n.d.). Set up a computer running VNC software for Remote Desktop. Retrieved August 18, 2021.","url":"https://support.apple.com/guide/remote-desktop/set-up-a-computer-running-vnc-software-apdbed09830/mac","source":"MITRE","title":"Set up a computer running VNC software for Remote Desktop","authors":"Apple Support","date_accessed":"2021-08-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3f2f6114-0467-5531-b0b2-0a42129c22b8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423702Z"},{"id":"1a8a1434-fc4a-4c3e-9a9b-fb91692d7efd","name":"Setupapi.dll - LOLBAS Project","description":"LOLBAS. (2018, May 25). Setupapi.dll. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Libraries/Setupapi/","source":"Tidal Cyber","title":"Setupapi.dll","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ec658f16-97e6-5fd1-bcf8-88c32c9b4a6e","created":"2024-01-12T14:47:13.557475Z","modified":"2024-01-12T14:47:13.735255Z"},{"id":"6284d130-83e5-4961-a723-af4f9a01c24e","name":"Microsoft Service Recovery Feb 2013","description":"Microsoft. (2013, February 22). Set up Recovery Actions to Take Place When a Service Fails. Retrieved April 9, 2018.","url":"https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753662(v=ws.11)","source":"MITRE","title":"Set up Recovery Actions to Take Place When a Service Fails","authors":"Microsoft","date_accessed":"2018-04-09T00:00:00Z","date_published":"2013-02-22T00:00:00Z","owner_name":null,"tidal_id":"ebc40d38-e780-5320-a68d-d39e7a686ff8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430313Z"},{"id":"11755d06-a9df-4a19-a165-2995f25c4b12","name":"Microsoft SetWindowLong function","description":"Microsoft. (n.d.). SetWindowLong function. Retrieved December 16, 2017.","url":"https://msdn.microsoft.com/library/windows/desktop/ms633591.aspx","source":"MITRE","title":"SetWindowLong function","authors":"Microsoft","date_accessed":"2017-12-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"38998e42-f188-59b5-9daa-fc66fd7d29ab","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423548Z"},{"id":"862877d7-e18c-4613-bdad-0700bf3d45ae","name":"Securelist ShadowPad Aug 2017","description":"GReAT. (2017, August 15). ShadowPad in corporate networks. Retrieved March 22, 2021.","url":"https://securelist.com/shadowpad-in-corporate-networks/81432/","source":"MITRE","title":"ShadowPad in corporate networks","authors":"GReAT","date_accessed":"2021-03-22T00:00:00Z","date_published":"2017-08-15T00:00:00Z","owner_name":null,"tidal_id":"51508c51-80a3-5950-a4e7-7b676af6f778","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422182Z"},{"id":"95c9a28d-6056-4f87-9a46-9491318889e2","name":"Kaspersky ShadowPad Aug 2017","description":"Kaspersky Lab. (2017, August). ShadowPad: popular server management software hit in supply chain attack. Retrieved March 22, 2021.","url":"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2017/08/07172148/ShadowPad_technical_description_PDF.pdf","source":"MITRE","title":"ShadowPad: popular server management software hit in supply chain attack","authors":"Kaspersky Lab","date_accessed":"2021-03-22T00:00:00Z","date_published":"2017-08-01T00:00:00Z","owner_name":null,"tidal_id":"5a387528-c4cb-5e98-8b2f-91e930446bb8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422195Z"},{"id":"760d0a0d-620b-45a5-9e8d-06903555a118","name":"Oligo ShadowRay November 18 2025","description":"None Identified. (2025, November 18). ShadowRay 2.0: Active Global Campaign Hijacks Ray AI Infrastructure Into Self-Propagating Botnet | Oligo Security. Retrieved November 21, 2025.","url":"https://www.oligo.security/blog/shadowray-2-0-attackers-turn-ai-against-itself-in-global-campaign-that-hijacks-ai-into-self-propagating-botnet","source":"Tidal Cyber","title":"ShadowRay 2.0: Active Global Campaign Hijacks Ray AI Infrastructure Into Self-Propagating Botnet | Oligo Security","authors":"None Identified","date_accessed":"2025-11-21T12:00:00Z","date_published":"2025-11-18T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c0a1d41a-d1de-54ab-a00f-22a55ad4c452","created":"2025-12-10T14:13:41.347402Z","modified":"2025-12-10T14:13:41.506701Z"},{"id":"84201679-1855-588d-aee0-b2518f563c9f","name":"Oligo ShadowRay Campaign MAR 2024","description":"Lumelsly, A. et al. (2024, March 26). ShadowRay: First Known Attack Campaign Targeting AI Workloads Actively Exploited In The Wild. Retrieved December 2, 2024.","url":"https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild","source":"MITRE","title":"ShadowRay: First Known Attack Campaign Targeting AI Workloads Actively Exploited In The Wild","authors":"Lumelsly, A. et al","date_accessed":"2024-12-02T00:00:00Z","date_published":"2024-03-26T00:00:00Z","owner_name":null,"tidal_id":"c46a36b1-b1fd-5393-afdb-b37de8c35a45","created":"2025-04-22T20:47:21.805760Z","modified":"2025-12-17T15:08:36.439213Z"},{"id":"b75763ef-f03a-48a6-929d-231181be61ab","name":"Fortinet Blog November 26 2025","description":"None Identified. (2025, November 26). ShadowV2 Casts a Shadow Over IoT Devices | FortiGuard Lab. Retrieved December 1, 2025.","url":"https://www.fortinet.com/blog/threat-research/shadowv2-casts-a-shadow-over-iot-devices","source":"Tidal Cyber","title":"ShadowV2 Casts a Shadow Over IoT Devices | FortiGuard Lab","authors":"None Identified","date_accessed":"2025-12-01T12:00:00Z","date_published":"2025-11-26T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"70c0fcef-d637-5d85-939a-9297ba58eb19","created":"2025-12-10T14:13:43.773138Z","modified":"2025-12-10T14:13:43.948473Z"},{"id":"245f6529-20de-4849-8aa3-ba35b79f3a49","name":"Trend Micro December 11 2025","description":"None Identified. (2025, December 11). SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics | Trend Micro (US). Retrieved December 15, 2025.","url":"https://www.trendmicro.com/en_us/research/25/l/SHADOW-VOID-042.html","source":"Tidal Cyber","title":"SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics | Trend Micro (US)","authors":"None Identified","date_accessed":"2025-12-15T12:00:00Z","date_published":"2025-12-11T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b05219f2-3081-5fff-a936-387210adea43","created":"2025-12-17T14:17:43.531694Z","modified":"2025-12-17T14:17:43.674948Z"},{"id":"8ef2673c-0d9a-4b8d-b529-154ad16d7ce7","name":"Trend Micro Shai-hulud 2.0 November 27 2025","description":"None Identified. (2025, November 27). Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems | Trend Micro (US). Retrieved December 1, 2025.","url":"https://www.trendmicro.com/en_us/research/25/k/shai-hulud-2-0-targets-cloud-and-developer-systems.html","source":"Tidal Cyber","title":"Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems | Trend Micro (US)","authors":"None Identified","date_accessed":"2025-12-01T12:00:00Z","date_published":"2025-11-27T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5ae22e28-f005-5b91-a1c5-7c8d181985b0","created":"2025-12-10T14:13:44.100679Z","modified":"2025-12-10T14:13:44.251478Z"},{"id":"7a6dddcf-f746-4daa-8c22-2b26ec2d58d1","name":"Unit 42 September 17 2025","description":"Unit. (2025, September 17). Shai-Hulud Worm Compromises npm Ecosystem in Supply Chain Attack. Retrieved September 18, 2025.","url":"https://unit42.paloaltonetworks.com/npm-supply-chain-attack/","source":"Tidal Cyber","title":"Shai-Hulud Worm Compromises npm Ecosystem in Supply Chain Attack","authors":"Unit","date_accessed":"2025-09-18T12:00:00Z","date_published":"2025-09-17T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3213880b-a3d8-5f05-b62c-899ae83fbc27","created":"2025-09-19T19:47:43.285801Z","modified":"2025-09-19T19:47:43.412355Z"},{"id":"15007a87-a281-41ae-b203-fdafe02a885f","name":"Palo Alto Shamoon Nov 2016","description":"Falcone, R.. (2016, November 30). Shamoon 2: Return of the Disttrack Wiper. Retrieved January 11, 2017.","url":"http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/","source":"MITRE","title":"Shamoon 2: Return of the Disttrack Wiper","authors":"Falcone, R.","date_accessed":"2017-01-11T00:00:00Z","date_published":"2016-11-30T00:00:00Z","owner_name":null,"tidal_id":"3a2a787c-bd28-5813-9c34-3bb283ab0f8e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420080Z"},{"id":"c2148166-faf4-4ab7-a37e-deae0c88c08d","name":"Unit 42 Shamoon3 2018","description":"Falcone, R. (2018, December 13). Shamoon 3 Targets Oil and Gas Organization. Retrieved March 14, 2019.","url":"https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/","source":"MITRE","title":"Shamoon 3 Targets Oil and Gas Organization","authors":"Falcone, R","date_accessed":"2019-03-14T00:00:00Z","date_published":"2018-12-13T00:00:00Z","owner_name":null,"tidal_id":"9e39e016-2c87-5f59-8155-89a6d116439a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420073Z"},{"id":"11cb784e-0bfe-4e64-a1ed-56530798f358","name":"McAfee Shamoon December19 2018","description":"Roccia, T., Saavedra-Morales, J., Beek, C.. (2018, December 19). Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems. Retrieved May 29, 2020.","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/","source":"MITRE","title":"Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems","authors":"Roccia, T., Saavedra-Morales, J., Beek, C.","date_accessed":"2020-05-29T00:00:00Z","date_published":"2018-12-19T00:00:00Z","owner_name":null,"tidal_id":"dcc344b1-cba0-5807-bceb-7ad93e146f23","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442089Z"},{"id":"d731f5b4-77a1-4de1-a00a-e2ad918de670","name":"McAfee Shamoon December 2018","description":"Mundo, A., Roccia, T., Saavedra-Morales, J., Beek, C.. (2018, December 14). Shamoon Returns to Wipe Systems in Middle East, Europe . Retrieved May 29, 2020.","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shamoon-returns-to-wipe-systems-in-middle-east-europe/","source":"MITRE","title":"Shamoon Returns to Wipe Systems in Middle East, Europe","authors":"Mundo, A., Roccia, T., Saavedra-Morales, J., Beek, C.","date_accessed":"2020-05-29T00:00:00Z","date_published":"2018-12-14T00:00:00Z","owner_name":null,"tidal_id":"893fd046-e79e-5c19-a3e6-41122dec91c8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441387Z"},{"id":"80a9b92a-1404-4454-88f0-dd929a12e16f","name":"TechNet Shared Folder","description":"Microsoft. (n.d.). Share a Folder or Drive. Retrieved June 30, 2017.","url":"https://technet.microsoft.com/library/cc770880.aspx","source":"MITRE","title":"Share a Folder or Drive","authors":"Microsoft","date_accessed":"2017-06-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a526ce52-b5bf-58dd-8878-0696bad41b01","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427441Z"},{"id":"6f454218-91b7-4606-9467-c6d465c0fd1f","name":"AWS EBS Snapshot Sharing","description":"Amazon Web Services. (n.d.). Share an Amazon EBS snapshot. Retrieved March 2, 2022.","url":"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html","source":"MITRE","title":"Share an Amazon EBS snapshot","authors":"Amazon Web Services","date_accessed":"2022-03-02T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"28b6dc29-27fd-5781-b70c-399de0be57e6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435136Z"},{"id":"054d769a-f88e-55e9-971a-f169ee434cfe","name":"Linux Shared Libraries","description":"Wheeler, D. (2003, April 11). Shared Libraries. Retrieved September 7, 2023.","url":"https://tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html","source":"MITRE","title":"Shared Libraries","authors":"Wheeler, D","date_accessed":"2023-09-07T00:00:00Z","date_published":"2003-04-11T00:00:00Z","owner_name":null,"tidal_id":"ed95b217-5a69-5e5e-bbd0-9a322f803dce","created":"2023-11-07T00:35:57.205084Z","modified":"2025-12-17T15:08:36.424433Z"},{"id":"2862845b-72b3-41d8-aafb-b36e90c6c30a","name":"TLDP Shared Libraries","description":"The Linux Documentation Project. (n.d.). Shared Libraries. Retrieved January 31, 2020.","url":"https://www.tldp.org/HOWTO/Program-Library-HOWTO/shared-libraries.html","source":"MITRE","title":"Shared Libraries","authors":"The Linux Documentation Project","date_accessed":"2020-01-31T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2d500dfd-fa3a-55ba-8d05-234b34c46b41","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430376Z"},{"id":"dd591f33-8514-5a89-bb9e-6c874a88d53c","name":"Shunix Code Injection Mar 2016","description":"Shunix . (2016, March 22). Shared Library Injection in Android. Retrieved October","url":"https://shunix.com/shared-library-injection-in-android/","source":"Mobile","title":"Shared Library Injection in Android","authors":"Shunix","date_accessed":"1978-10-01T00:00:00Z","date_published":"2016-03-22T00:00:00Z","owner_name":null,"tidal_id":"be218eaa-1b99-5244-bd5e-fc9e69adefdd","created":"2026-01-28T13:08:10.042715Z","modified":"2026-01-28T13:08:10.042720Z"},{"id":"581b4ca6-44fc-53f3-aca1-aa25928d47f3","name":"Fadeev Code Injection Aug 2018","description":"Alexandr Fadeev. (2018, August 26). Shared Library Injection on Android 8.0. Retrieved October","url":"https://fadeevab.com/shared-library-injection-on-android-8/","source":"Mobile","title":"Shared Library Injection on Android 8.0","authors":"Alexandr Fadeev","date_accessed":"1978-10-01T00:00:00Z","date_published":"2018-08-26T00:00:00Z","owner_name":null,"tidal_id":"92d99298-507f-5738-acef-54f59776eeec","created":"2026-01-28T13:08:10.042664Z","modified":"2026-01-28T13:08:10.042667Z"},{"id":"9b3f0dc7-d830-43c5-8a5b-ad3c811920c5","name":"Phrack halfdead 1997","description":"halflife. (1997, September 1). Shared Library Redirection Techniques. Retrieved December 20, 2017.","url":"http://phrack.org/issues/51/8.html","source":"MITRE","title":"Shared Library Redirection Techniques","authors":"halflife","date_accessed":"2017-12-20T00:00:00Z","date_published":"1997-09-01T00:00:00Z","owner_name":null,"tidal_id":"b30fc459-0eb6-59af-9157-f5287ea1dd2e","created":"2022-12-14T20:06:32.013016Z","modified":"2024-10-31T16:28:21.812613Z"},{"id":"6cc6164e-84b3-4413-9895-6719248808fb","name":"Wikipedia Shared Resource","description":"Wikipedia. (2017, April 15). Shared resource. Retrieved June 30, 2017.","url":"https://en.wikipedia.org/wiki/Shared_resource","source":"MITRE","title":"Shared resource","authors":"Wikipedia","date_accessed":"2017-06-30T00:00:00Z","date_published":"2017-04-15T00:00:00Z","owner_name":null,"tidal_id":"148471ec-03ec-5452-a55d-68c2d0a268a1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427448Z"},{"id":"b3080101-3946-4dfd-9438-30f7d7346c13","name":"research.eye.security July 19 2025","description":"Wp-Block-Co-Authors-Plus-Coauthors Is-Layout-Flow. (2025, July 19). SharePoint 0-day uncovered (CVE-2025-53770). Retrieved July 21, 2025.","url":"https://research.eye.security/sharepoint-under-siege/","source":"Tidal Cyber","title":"SharePoint 0-day uncovered (CVE-2025-53770)","authors":"Wp-Block-Co-Authors-Plus-Coauthors Is-Layout-Flow","date_accessed":"2025-07-21T12:00:00Z","date_published":"2025-07-19T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"beaefec5-30eb-518a-9150-0cf5e01afa4a","created":"2025-07-21T18:42:48.850599Z","modified":"2025-07-21T18:42:49.322181Z"},{"id":"2086d37a-05a8-4604-9c69-75a178406b4a","name":"Sharepoint Sharing Events","description":"Microsoft. (n.d.). Sharepoint Sharing Events. Retrieved October 8, 2021.","url":"https://docs.microsoft.com/en-us/microsoft-365/compliance/use-sharing-auditing?view=o365-worldwide#sharepoint-sharing-events","source":"MITRE","title":"Sharepoint Sharing Events","authors":"Microsoft","date_accessed":"2021-10-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8cc17b93-7bfa-5f3e-aa6f-a7660889b815","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435010Z"},{"id":"87f37ba0-a5e6-55d9-b0ad-447099098795","name":"SentinelOne ToolShell JUL 2025","description":"Kenin, S. et al. (2025, July 21). SharePoint ToolShell | Zero-Day Exploited in-the-Wild Targets Enterprise Servers. Retrieved October 15, 2025.","url":"https://www.sentinelone.com/blog/sharepoint-toolshell-zero-day-exploited-in-the-wild-targets-enterprise-servers/","source":"MITRE","title":"SharePoint ToolShell | Zero-Day Exploited in-the-Wild Targets Enterprise Servers","authors":"Kenin, S. et al","date_accessed":"2025-10-15T00:00:00Z","date_published":"2025-07-21T00:00:00Z","owner_name":null,"tidal_id":"3f860171-c081-5ca2-af7b-5ed29d820726","created":"2025-10-29T21:08:48.167464Z","modified":"2025-12-17T15:08:36.440556Z"},{"id":"9db6a350-e61e-51d0-b94c-e2fa8bcb5c3a","name":"Eye Research ToolShell JUL 2025","description":"Eye Security. (2025, July 19). SharePoint Under Siege: ToolShell Exploit (CVE-2025-49706 & CVE-2025-49704). Retrieved October 15, 2025.","url":"https://research.eye.security/sharepoint-under-siege/","source":"MITRE","title":"SharePoint Under Siege: ToolShell Exploit (CVE-2025-49706 & CVE-2025-49704)","authors":"Eye Security","date_accessed":"2025-10-15T00:00:00Z","date_published":"2025-07-19T00:00:00Z","owner_name":null,"tidal_id":"d99e525b-15de-5f65-9fa7-527f38fc8993","created":"2025-10-29T21:08:48.167239Z","modified":"2025-12-17T15:08:36.439310Z"},{"id":"e352e036-2465-5377-b632-e45c1f10d950","name":"nccgroup_sharkbot_0322","description":"RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January","url":"https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/","source":"Mobile","title":"SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store","authors":"RIFT: Research and Intelligence Fusion Team","date_accessed":"1978-01-01T00:00:00Z","date_published":"2022-03-03T00:00:00Z","owner_name":null,"tidal_id":"fe229995-6de7-5d73-be1a-5938d12aa568","created":"2026-01-28T13:08:10.041192Z","modified":"2026-01-28T13:08:10.041195Z"},{"id":"941e214d-4188-4ca0-9ef8-b26aa96373a2","name":"GitHub GhostPack Certificates","description":"HarmJ0y. (2018, August 22). SharpDPAPI - Certificates. Retrieved August 2, 2022.","url":"https://github.com/GhostPack/SharpDPAPI#certificates","source":"MITRE","title":"SharpDPAPI - Certificates","authors":"HarmJ0y","date_accessed":"2022-08-02T00:00:00Z","date_published":"2018-08-22T00:00:00Z","owner_name":null,"tidal_id":"a9c0deac-e4c5-5766-b8e8-3387d78346d3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431602Z"},{"id":"30f373ed-0d2e-474a-b17f-29de7beec0c8","name":"Sophos News December 05 2025","description":"None Identified. (2025, December 5). Sharpening the knife: GOLD BLADE’s strategic evolution – Sophos News. Retrieved December 15, 2025.","url":"https://news.sophos.com/en-us/2025/12/05/sharpening-the-knife-gold-blades-strategic-evolution/","source":"Tidal Cyber","title":"Sharpening the knife: GOLD BLADE’s strategic evolution – Sophos News","authors":"None Identified","date_accessed":"2025-12-15T12:00:00Z","date_published":"2025-12-05T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"625d3c91-7517-50a8-8c14-3e5a3ad2223e","created":"2025-12-17T14:17:42.712225Z","modified":"2025-12-17T14:17:42.846659Z"},{"id":"0739d5fe-b460-4ed4-be75-cff422643a32","name":"Shdocvw.dll - LOLBAS Project","description":"LOLBAS. (2018, May 25). Shdocvw.dll. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Libraries/Shdocvw/","source":"Tidal Cyber","title":"Shdocvw.dll","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"35a53a20-35dd-568a-9f6b-f9bebc84758a","created":"2024-01-12T14:47:13.910275Z","modified":"2024-01-12T14:47:14.095009Z"},{"id":"5b08ea46-e25d-4df9-9b91-f8e7a1d5f7ee","name":"Securelist Turla Oct 2018","description":"Kaspersky Lab's Global Research & Analysis Team. (2018, October 04). Shedding Skin – Turla’s Fresh Faces. Retrieved November 7, 2018.","url":"https://securelist.com/shedding-skin-turlas-fresh-faces/88069/","source":"MITRE","title":"Shedding Skin – Turla’s Fresh Faces","authors":"Kaspersky Lab's Global Research & Analysis Team","date_accessed":"2018-11-07T00:00:00Z","date_published":"2018-10-04T00:00:00Z","owner_name":null,"tidal_id":"13708f97-ca32-5c24-9a7b-38c1ecce7b27","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421322Z"},{"id":"9465358f-e0cc-41f0-a7f9-01d5faca8157","name":"Shell32.dll - LOLBAS Project","description":"LOLBAS. (2018, May 25). Shell32.dll. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Libraries/Shell32/","source":"Tidal Cyber","title":"Shell32.dll","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bf70e712-7674-5d9f-92f2-d5e406f78ea4","created":"2024-01-12T14:47:14.311047Z","modified":"2024-01-12T14:47:14.499303Z"},{"id":"c0fe5d29-838b-4e91-bd33-59ab3dbcfbc3","name":"Cylance Shell Crew Feb 2017","description":"Cylance SPEAR Team. (2017, February 9). Shell Crew Variants Continue to Fly Under Big AV’s Radar. Retrieved February 15, 2017.","url":"https://www.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar","source":"MITRE","title":"Shell Crew Variants Continue to Fly Under Big AV’s Radar","authors":"Cylance SPEAR Team","date_accessed":"2017-02-15T00:00:00Z","date_published":"2017-02-09T00:00:00Z","owner_name":null,"tidal_id":"e7e0d0dc-d2d4-5fac-a335-c6c1b1193c6a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420407Z"},{"id":"ef565c89-03e6-5fc7-8ee5-c91fbaa33905","name":"Shelley Smith February 2008","description":"Shelley Smith 2008, February 12 Teen Hacker in Poland Plays Trains and Derails City Tram System. Retrieved 2019/10/17","url":"https://inhomelandsecurity.com/teen_hacker_in_poland_plays_tr/","source":"ICS","title":"Shelley Smith February 2008","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9368991c-9b03-56f7-a254-8ddf42d68a39","created":"2026-01-28T13:08:18.176510Z","modified":"2026-01-28T13:08:18.176513Z"},{"id":"b8b3f360-e14c-49ea-a4e5-8d6d9727e731","name":"Magento","description":"Cesar Anjos. (2018, May 31). Shell Logins as a Magento Reinfection Vector. Retrieved December 17, 2020.","url":"https://blog.sucuri.net/2018/05/shell-logins-as-a-magento-reinfection-vector.html","source":"MITRE","title":"Shell Logins as a Magento Reinfection Vector","authors":"Cesar Anjos","date_accessed":"2020-12-17T00:00:00Z","date_published":"2018-05-31T00:00:00Z","owner_name":null,"tidal_id":"a7e19854-4503-5df2-a830-0167d1eb20fd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433909Z"},{"id":"e664a0c7-154f-449e-904d-335be1b72b29","name":"Trend Micro TA505 June 2019","description":"Hiroaki, H. and Lu, L. (2019, June 12). Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns. Retrieved May 29, 2020.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/shifting-tactics-breaking-down-ta505-groups-use-of-html-rats-and-other-techniques-in-latest-campaigns/","source":"MITRE","title":"Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns","authors":"Hiroaki, H. and Lu, L","date_accessed":"2020-05-29T00:00:00Z","date_published":"2019-06-12T00:00:00Z","owner_name":null,"tidal_id":"6553d184-1918-54b2-a5bb-12ec2e127d10","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439777Z"},{"id":"aba1cc57-ac30-400f-8b02-db7bf279dfb6","name":"Shimgvw.dll - LOLBAS Project","description":"LOLBAS. (2021, January 6). Shimgvw.dll. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Libraries/Shimgvw/","source":"Tidal Cyber","title":"Shimgvw.dll","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-01-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bb1ee370-cbfd-504b-8273-0722ffb374c5","created":"2024-01-12T14:47:14.688959Z","modified":"2024-01-12T14:47:14.874503Z"},{"id":"588d7272-a3c4-561e-883e-49e8effa4e78","name":"Binary Defense Kerberos Linux","description":"ARC Labs, Dwyer, John. Gonzalez, Eric. Hudak, Tyler. (2024, October 1). Shining a Light in the Dark – How Binary Defense Uncovered an APT Lurking in Shadows of IT. Retrieved October 7, 2024.","url":"https://www.binarydefense.com/resources/blog/shining-a-light-in-the-dark-how-binary-defense-uncovered-an-apt-lurking-in-shadows-of-it/","source":"MITRE","title":"Shining a Light in the Dark – How Binary Defense Uncovered an APT Lurking in Shadows of IT","authors":"ARC Labs, Dwyer, John. Gonzalez, Eric. Hudak, Tyler","date_accessed":"2024-10-07T00:00:00Z","date_published":"2024-10-01T00:00:00Z","owner_name":null,"tidal_id":"e3c1b083-33e2-59fd-bce0-3188840df92b","created":"2024-10-31T16:28:19.321494Z","modified":"2025-12-17T15:08:36.427879Z"},{"id":"6ac6acc2-9fea-4887-99b2-9988991b47b6","name":"FireEye Shining A Light on DARKSIDE May 2021","description":"FireEye. (2021, May 11). Shining a Light on DARKSIDE Ransomware Operations. Retrieved September 22, 2021.","url":"https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html","source":"MITRE","title":"Shining a Light on DARKSIDE Ransomware Operations","authors":"FireEye","date_accessed":"2021-09-22T00:00:00Z","date_published":"2021-05-11T00:00:00Z","owner_name":null,"tidal_id":"27f0bc62-6dc5-511b-a575-d448c152c341","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419812Z"},{"id":"1cb60362-f73e-49e6-b0ee-e8f67a25c058","name":"Telekom Security DarkGate August 25 2023","description":"Fabian Marquardt. (2023, August 25). Shining some light on the DarkGate loader. Retrieved October 20, 2023.","url":"https://github.security.telekom.com/2023/08/darkgate-loader.html","source":"Tidal Cyber","title":"Shining some light on the DarkGate loader","authors":"Fabian Marquardt","date_accessed":"2023-10-20T00:00:00Z","date_published":"2023-08-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"da805bae-06fe-5b28-9d04-65d8e2665a4e","created":"2024-01-26T18:00:33.901580Z","modified":"2024-01-26T18:00:34.122972Z"},{"id":"b5f91f77-b102-5812-a79f-69b254487da8","name":"NCC Group Black Basta June 2022","description":"Inman, R. and Gurney, P. (2022, June 6). Shining the Light on Black Basta. Retrieved March 8, 2023.","url":"https://research.nccgroup.com/2022/06/06/shining-the-light-on-black-basta/","source":"MITRE","title":"Shining the Light on Black Basta","authors":"Inman, R. and Gurney, P","date_accessed":"2023-03-08T00:00:00Z","date_published":"2022-06-06T00:00:00Z","owner_name":null,"tidal_id":"a3060bea-254d-55ca-8f7b-e671b2af77ec","created":"2023-05-26T01:21:16.617847Z","modified":"2025-12-17T15:08:36.420289Z"},{"id":"e09f639e-bdd3-4e88-8032-f665e347272b","name":"Trustwave Cherry Picker","description":"Merritt, E.. (2015, November 16). Shining the Spotlight on Cherry Picker PoS Malware. Retrieved April 20, 2016.","url":"https://www.trustwave.com/Resources/SpiderLabs-Blog/Shining-the-Spotlight-on-Cherry-Picker-PoS-Malware/","source":"MITRE","title":"Shining the Spotlight on Cherry Picker PoS Malware","authors":"Merritt, E.","date_accessed":"2016-04-20T00:00:00Z","date_published":"2015-11-16T00:00:00Z","owner_name":null,"tidal_id":"b62d99cd-5f08-54ea-8467-454059b070cc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421164Z"},{"id":"28b4fa6f-7a53-4fb4-918c-febc20174a6a","name":"Resecurity ShinyHunters September 13 2025","description":"Resecurity. (2025, September 13). ShinyHunters Attacked Vietnam's Financial System - CIC Data Leak. Retrieved September 19, 2025.","url":"https://www.resecurity.com/blog/article/shinyhunters-attacked-vietnams-financial-system-cic-data-leak","source":"Tidal Cyber","title":"ShinyHunters Attacked Vietnam's Financial System - CIC Data Leak","authors":"Resecurity","date_accessed":"2025-09-19T12:00:00Z","date_published":"2025-09-13T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f1119d97-8b01-519d-9704-016f95f3a079","created":"2025-10-07T14:06:53.288838Z","modified":"2025-10-07T14:06:53.444144Z"},{"id":"28728b44-585b-4ae6-9d92-01d5c1c2d494","name":"Hackread Salesforce Gainsight November 21 2025","description":"Deeba Ahmed. (2025, November 21). ShinyHunters Breach Gainsight Apps on Salesforce, Claim Data from 1000 Firms. Retrieved November 24, 2025.","url":"https://hackread.com/shinyhunters-breach-gainsight-salesforce-1000-firms/","source":"Tidal Cyber","title":"ShinyHunters Breach Gainsight Apps on Salesforce, Claim Data from 1000 Firms","authors":"Deeba Ahmed","date_accessed":"2025-11-24T12:00:00Z","date_published":"2025-11-21T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3e680281-9261-5663-a4bc-d437eb1c2538","created":"2025-11-26T19:37:29.579733Z","modified":"2025-11-26T19:37:29.716651Z"},{"id":"cb0d3cb0-4a3c-4948-b58f-d3d745ef92a2","name":"EclecticIQ May 14 2025","description":"EclecticIQ. (2025, May 14). ShinyHunters Calling Financially Motivated Data Extortion Group Targeting Enterprise Cloud Applications. Retrieved September 18, 2025.","url":"https://blog.eclecticiq.com/shinyhunters-calling-financially-motivated-data-extortion-group-targeting-enterprise-cloud-applications","source":"Tidal Cyber","title":"ShinyHunters Calling Financially Motivated Data Extortion Group Targeting Enterprise Cloud Applications","authors":"EclecticIQ","date_accessed":"2025-09-18T12:00:00Z","date_published":"2025-05-14T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"59e20135-e01b-58cb-8569-55b5c6dfcb56","created":"2025-09-19T19:47:42.783644Z","modified":"2025-09-19T19:47:42.911583Z"},{"id":"8693bfa8-2b15-4697-b519-24833e2e8822","name":"ReliaQuest September 15 2025","description":"ReliaQuest Threat Research Team. (2025, September 15). ShinyHunters Targets Salesforce Amid Clues of Scattered Spider Collaboration. Retrieved September 18, 2025.","url":"https://reliaquest.com/blog/threat-spotlight-shinyhunters-data-breach-targets-salesforce-amid-scattered-spider-collaboration/","source":"Tidal Cyber","title":"ShinyHunters Targets Salesforce Amid Clues of Scattered Spider Collaboration","authors":"ReliaQuest Threat Research Team","date_accessed":"2025-09-18T12:00:00Z","date_published":"2025-09-15T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0c4c89b4-f706-5ba6-8399-dea738d5b02a","created":"2025-09-19T19:47:42.524688Z","modified":"2025-09-19T19:47:42.663556Z"},{"id":"1fb860e8-47e4-5b6e-85ef-afe8de81a3b9","name":"File obfuscation","description":"Aspen Lindblom, Joseph Goodwin, and Chris Sheldon. (2021, July 19). Shlayer Malvertising Campaigns Still Using Flash Update Disguise. Retrieved March 29, 2024.","url":"https://www.crowdstrike.com/blog/shlayer-malvertising-campaigns-still-using-flash-update-disguise/","source":"MITRE","title":"Shlayer Malvertising Campaigns Still Using Flash Update Disguise","authors":"Aspen Lindblom, Joseph Goodwin, and Chris Sheldon","date_accessed":"2024-03-29T00:00:00Z","date_published":"2021-07-19T00:00:00Z","owner_name":null,"tidal_id":"604b87f8-662b-5c4a-8df7-a407fc567816","created":"2024-04-25T13:28:29.827047Z","modified":"2025-12-17T15:08:36.424694Z"},{"id":"9ece29ee-c4e9-4a30-9958-88b114a417ce","name":"Shlayer jamf gatekeeper bypass 2021","description":"Jaron Bradley. (2021, April 26). Shlayer malware abusing Gatekeeper bypass on macOS. Retrieved September 22, 2021.","url":"https://www.jamf.com/blog/shlayer-malware-abusing-gatekeeper-bypass-on-macos/","source":"MITRE","title":"Shlayer malware abusing Gatekeeper bypass on macOS","authors":"Jaron Bradley","date_accessed":"2021-09-22T00:00:00Z","date_published":"2021-04-26T00:00:00Z","owner_name":null,"tidal_id":"e4105de2-36b7-5da4-9ffe-469e29d50da7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440097Z"},{"id":"a142aceb-3ef5-4231-8771-bb3b2dae9acd","name":"Shodan","description":"Shodan. (n.d.). Shodan. Retrieved October 20, 2020.","url":"https://shodan.io","source":"MITRE","title":"Shodan","authors":"Shodan","date_accessed":"2020-10-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"639f520d-5229-50ff-9c61-fbd477a00e4b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429744Z"},{"id":"4276f783-ee62-592b-8188-d7154796dd85","name":"DCSO StrelaStealer 2022","description":"DCSO CyTec Blog. (2022, November 8). #ShortAndMalicious: StrelaStealer aims for mail credentials. Retrieved December 31, 2024.","url":"https://medium.com/@DCSO_CyTec/shortandmalicious-strelastealer-aims-for-mail-credentials-a4c3e78c8abc","source":"MITRE","title":"#ShortAndMalicious: StrelaStealer aims for mail credentials","authors":"DCSO CyTec Blog","date_accessed":"2024-12-31T00:00:00Z","date_published":"2022-11-08T00:00:00Z","owner_name":null,"tidal_id":"a81bd827-8d4a-5c0c-b8e4-f0ea762c462c","created":"2025-04-22T20:47:27.956984Z","modified":"2025-12-17T15:08:36.420518Z"},{"id":"4a12e927-0511-40b1-85f3-869ffc452c2e","name":"Shortcut for Persistence","description":"Elastic. (n.d.). Shortcut File Written or Modified for Persistence. Retrieved June 1, 2022.","url":"https://www.elastic.co/guide/en/security/7.17/shortcut-file-written-or-modified-for-persistence.html#shortcut-file-written-or-modified-for-persistence","source":"MITRE","title":"Shortcut File Written or Modified for Persistence","authors":"Elastic","date_accessed":"2022-06-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3414ec4d-0f40-55a1-b349-43dc704743c6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429101Z"},{"id":"b62d40bc-2782-538a-8913-429908c6a2ee","name":"Unprotect Shortcut","description":"Unprotect Project. (2019, March 18). Shortcut Hiding. Retrieved October 3, 2023.","url":"https://unprotect.it/technique/shortcut-hiding/","source":"MITRE","title":"Shortcut Hiding","authors":"Unprotect Project","date_accessed":"2023-10-03T00:00:00Z","date_published":"2019-03-18T00:00:00Z","owner_name":null,"tidal_id":"e397a51d-df31-593b-808e-f913786ab691","created":"2023-11-07T00:36:05.580855Z","modified":"2025-12-17T15:08:36.432269Z"},{"id":"e9064801-0297-51d0-9089-db58f4811a9f","name":"Sleep, shut down, hibernate","description":"AVG. (n.d.). Should You Shut Down, Sleep or Hibernate Your PC or Mac Laptop?. Retrieved June 8, 2023.","url":"https://www.avg.com/en/signal/should-you-shut-down-sleep-or-hibernate-your-pc-or-mac-laptop","source":"MITRE","title":"Should You Shut Down, Sleep or Hibernate Your PC or Mac Laptop?","authors":"AVG","date_accessed":"2023-06-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"66710245-5ce0-595d-9361-53da62033fa0","created":"2023-11-07T00:36:08.933916Z","modified":"2025-12-17T15:08:36.436008Z"},{"id":"a2215813-31b0-5624-92d8-479e7bd1a30b","name":"show_clock_detail_cisco_cmd","description":"Cisco. (2023, March 6). show clock detail - Cisco IOS Security Command Reference: Commands S to Z . Retrieved July 13, 2022.","url":"https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-cr-book/sec-cr-s2.html#wp1896741674","source":"MITRE","title":"show clock detail - Cisco IOS Security Command Reference: Commands S to Z","authors":"Cisco","date_accessed":"2022-07-13T00:00:00Z","date_published":"2023-03-06T00:00:00Z","owner_name":null,"tidal_id":"2dff68cc-3c93-5aef-aa60-22c05dfa0a9a","created":"2023-05-26T01:21:11.023452Z","modified":"2025-12-17T15:08:36.436481Z"},{"id":"944e529b-5e8a-54a1-b205-71dcb7dd304f","name":"show_processes_cisco_cmd","description":"Cisco. (2022, August 16). show processes - . Retrieved July 13, 2022.","url":"https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/show_monitor_permit_list_through_show_process_memory.html#wp3599497760","source":"MITRE","title":"show processes -","authors":"Cisco","date_accessed":"2022-07-13T00:00:00Z","date_published":"2022-08-16T00:00:00Z","owner_name":null,"tidal_id":"ee0b18c0-ea2e-5d16-b59e-de44244a17b9","created":"2023-05-26T01:21:08.143785Z","modified":"2025-12-17T15:08:36.432534Z"},{"id":"5a68a45a-a53e-5d73-a82a-0cc951071aef","name":"show_run_config_cmd_cisco","description":"Cisco. (2022, August 16). show running-config - Cisco IOS Configuration Fundamentals Command Reference . Retrieved July 13, 2022.","url":"https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/command/cf_command_ref/show_protocols_through_showmon.html#wp2760878733","source":"MITRE","title":"show running-config - Cisco IOS Configuration Fundamentals Command Reference","authors":"Cisco","date_accessed":"2022-07-13T00:00:00Z","date_published":"2022-08-16T00:00:00Z","owner_name":null,"tidal_id":"20ea029f-7211-537d-b963-c0368f6a734b","created":"2023-05-26T01:21:04.674579Z","modified":"2025-12-17T15:08:36.428137Z"},{"id":"126737d7-7a9f-59b6-a96e-e7098cddb9c8","name":"Splunk ShrinkLocker 2024","description":"Splunk Threat Research Team , Teoderick Contreras. (2024, September 5). ShrinkLocker Malware: Abusing BitLocker to Lock Your Data. Retrieved December 7, 2024.","url":"https://www.splunk.com/en_us/blog/security/shrinklocker-malware-abusing-bitlocker-to-lock-your-data.html","source":"MITRE","title":"ShrinkLocker Malware: Abusing BitLocker to Lock Your Data","authors":"Splunk Threat Research Team , Teoderick Contreras","date_accessed":"2024-12-07T00:00:00Z","date_published":"2024-09-05T00:00:00Z","owner_name":null,"tidal_id":"54e5172e-28d8-5824-89a6-7b2aa4e4eb19","created":"2025-04-22T20:47:26.644575Z","modified":"2025-12-17T15:08:36.417986Z"},{"id":"87fc8249-9b42-5843-9100-03c4077a5eb0","name":"Kaspersky ShrinkLocker 2024","description":"Cristian Souza, Eduardo Ovalle, Ashley Muñoz, & Christopher Zachor. (2024, May 23). ShrinkLocker: Turning BitLocker into ransomware. Retrieved December 7, 2024.","url":"https://securelist.com/ransomware-abuses-bitlocker/112643/","source":"MITRE","title":"ShrinkLocker: Turning BitLocker into ransomware","authors":"Cristian Souza, Eduardo Ovalle, Ashley Muñoz, & Christopher Zachor","date_accessed":"2024-12-07T00:00:00Z","date_published":"2024-05-23T00:00:00Z","owner_name":null,"tidal_id":"246fa07f-2113-5577-9878-220d84259e4e","created":"2025-04-22T20:47:26.636869Z","modified":"2025-12-17T15:08:36.417979Z"},{"id":"3abb9cfb-8927-4447-b904-6ed071787bef","name":"Symantec Shuckworm January 2022","description":"Symantec. (2022, January 31). Shuckworm Continues Cyber-Espionage Attacks Against Ukraine. Retrieved February 17, 2022.","url":"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine","source":"MITRE, Tidal Cyber","title":"Shuckworm Continues Cyber-Espionage Attacks Against Ukraine","authors":"Symantec","date_accessed":"2022-02-17T00:00:00Z","date_published":"2022-01-31T00:00:00Z","owner_name":null,"tidal_id":"2e7e2a98-7746-555d-b2d3-b6bb63993762","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.259382Z"},{"id":"73d4c327-061f-5e2c-91d2-02edebfe6277","name":"SymantecCarbonBlack_ShuckwormUSB_Apr2025","description":"Threat Hunter Team, Symantec and Carbon Black. (2025, April 10). Shuckworm Targets Foreign Military Mission Based in Ukraine. Retrieved July 23, 2025.","url":"https://www.security.com/threat-intelligence/shuckworm-ukraine-gammasteel","source":"MITRE","title":"Shuckworm Targets Foreign Military Mission Based in Ukraine","authors":"Threat Hunter Team, Symantec and Carbon Black","date_accessed":"2025-07-23T00:00:00Z","date_published":"2025-04-10T00:00:00Z","owner_name":null,"tidal_id":"b625b935-f9ef-59ec-beff-0cbb7de810c8","created":"2025-10-29T21:08:48.167449Z","modified":"2025-12-17T15:08:36.440550Z"},{"id":"c587f021-596a-4e63-ac51-afa2793a859d","name":"Microsoft Shutdown Oct 2017","description":"Microsoft. (2017, October 15). Shutdown. Retrieved October 4, 2019.","url":"https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/shutdown","source":"MITRE","title":"Shutdown","authors":"Microsoft","date_accessed":"2019-10-04T00:00:00Z","date_published":"2017-10-15T00:00:00Z","owner_name":null,"tidal_id":"37cbc8a3-5e6b-55c8-8918-a2bb7a63aeaf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436868Z"},{"id":"466569a7-1ef8-4824-bd9c-d25301184ea4","name":"MalwareBytes SideCopy Dec 2021","description":"Threat Intelligence Team. (2021, December 2). SideCopy APT: Connecting lures victims, payloads to infrastructure. Retrieved June 13, 2022.","url":"https://www.malwarebytes.com/blog/news/2021/12/sidecopy-apt-connecting-lures-to-victims-payloads-to-infrastructure","source":"MITRE","title":"SideCopy APT: Connecting lures victims, payloads to infrastructure","authors":"Threat Intelligence Team","date_accessed":"2022-06-13T00:00:00Z","date_published":"2021-12-02T00:00:00Z","owner_name":null,"tidal_id":"f0831249-2cc0-5538-b9c9-6696ab2b9eb0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417820Z"},{"id":"38d1081c-35d3-4fb9-b9b7-a26a84a5c765","name":"Group-IB SideWinder June 1 2022","description":"Nikita Rostovcev, Alexander Badaev. (2022, June 1). SideWinder.AntiBot.Script. Retrieved January 20, 2026.","url":"https://www.group-ib.com/blog/sidewinder-antibot/","source":"Tidal Cyber","title":"SideWinder.AntiBot.Script","authors":"Nikita Rostovcev, Alexander Badaev","date_accessed":"2026-01-20T12:00:00Z","date_published":"2022-06-01T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ffbad217-1877-51f6-923e-07eded578ff7","created":"2026-01-23T20:29:36.527540Z","modified":"2026-01-23T20:29:36.669937Z"},{"id":"e1cecdab-d6d1-47c6-a942-3f3329e5d98d","name":"Rewterz Sidewinder APT April 2020","description":"Rewterz. (2020, April 20). Sidewinder APT Group Campaign Analysis. Retrieved January 29, 2021.","url":"https://www.rewterz.com/threats/sidewinder-apt-group-campaign-analysis","source":"MITRE","title":"Sidewinder APT Group Campaign Analysis","authors":"Rewterz","date_accessed":"2021-01-29T00:00:00Z","date_published":"2020-04-20T00:00:00Z","owner_name":null,"tidal_id":"74b2cb0b-8057-587f-a7eb-264ec3f5a390","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440285Z"},{"id":"25d8d6df-d3b9-4f57-bce0-d5285660e746","name":"Cyble Sidewinder September 2020","description":"Cyble. (2020, September 26). SideWinder APT Targets with futuristic Tactics and Techniques. Retrieved January 29, 2021.","url":"https://cybleinc.com/2020/09/26/sidewinder-apt-targets-with-futuristic-tactics-and-techniques/","source":"MITRE","title":"SideWinder APT Targets with futuristic Tactics and Techniques","authors":"Cyble","date_accessed":"2021-01-29T00:00:00Z","date_published":"2020-09-26T00:00:00Z","owner_name":null,"tidal_id":"e4883935-94b5-5966-8f18-eabc1efb729a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439041Z"},{"id":"a14fa007-b9de-4bc5-9431-d416bdc7b24d","name":"www.trellix.com October 22 2025","description":"None Identified. (2025, October 22). SideWinder's Shifting Sands: Click Once for Espionage. Retrieved January 20, 2026.","url":"https://www.trellix.com/blogs/research/sidewinders-shifting-sands-click-once-for-espionage/","source":"Tidal Cyber","title":"SideWinder's Shifting Sands: Click Once for Espionage","authors":"None Identified","date_accessed":"2026-01-20T12:00:00Z","date_published":"2025-10-22T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"eee62b6b-182c-5e2c-807d-af4ad8e70148","created":"2026-01-23T20:29:37.076480Z","modified":"2026-01-23T20:29:37.222543Z"},{"id":"7f3a0f44-03d4-4b02-9d9d-74e8ee9eede8","name":"Microsoft Sigcheck May 2017","description":"Russinovich, M. et al.. (2017, May 22). Sigcheck. Retrieved April 3, 2018.","url":"https://docs.microsoft.com/sysinternals/downloads/sigcheck","source":"MITRE","title":"Sigcheck","authors":"Russinovich, M. et al.","date_accessed":"2018-04-03T00:00:00Z","date_published":"2017-05-22T00:00:00Z","owner_name":null,"tidal_id":"442d9e88-7bb3-559d-9578-50d2f999d911","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434475Z"},{"id":"63483956-fa3e-52da-a834-b3b762c4e84e","name":"Linux Signal Man","description":"Linux man-pages. (2023, April 3). signal(7). Retrieved August 30, 2023.","url":"https://man7.org/linux/man-pages/man7/signal.7.html","source":"MITRE","title":"signal(7)","authors":"Linux man-pages","date_accessed":"2023-08-30T00:00:00Z","date_published":"2023-04-03T00:00:00Z","owner_name":null,"tidal_id":"55340dd1-ec75-50e1-b310-138023f0ac07","created":"2023-11-07T00:36:01.922620Z","modified":"2025-12-17T15:08:36.429021Z"},{"id":"8a084229-f182-5e2d-8f7c-6365b682993c","name":"GTIG_SignalAbuse_Feb2025","description":"Black, D. (2025, February 19). Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger. Retrieved April","url":"https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger","source":"Mobile","title":"Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger","authors":"Black, D","date_accessed":"1978-04-01T00:00:00Z","date_published":"2025-02-19T00:00:00Z","owner_name":null,"tidal_id":"e927d675-1e2e-5b96-9c1f-12bcfdf74c9b","created":"2026-01-28T13:08:10.047436Z","modified":"2026-01-28T13:08:10.047439Z"},{"id":"07e484cb-7e72-4938-a029-f9904d751777","name":"f-secure janicab","description":"Brod. (2013, July 15). Signed Mac Malware Using Right-to-Left Override Trick. Retrieved July 17, 2017.","url":"https://www.f-secure.com/weblog/archives/00002576.html","source":"MITRE","title":"Signed Mac Malware Using Right-to-Left Override Trick","authors":"Brod","date_accessed":"2017-07-17T00:00:00Z","date_published":"2013-07-15T00:00:00Z","owner_name":null,"tidal_id":"25b9a00b-ee16-54b8-bdb2-a5460626ad50","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442287Z"},{"id":"5aa2fad0-bfb1-496f-8d33-cc05fd6a0076","name":"Drive.google.com December 10 2024","description":"Drive.google.com. (2024, December 10). Sign in. Retrieved December 19, 2024.","url":"https://drive.google.com/drive/my-drive","source":"Tidal Cyber","title":"Sign in","authors":"Drive.google.com","date_accessed":"2024-12-19T00:00:00Z","date_published":"2024-12-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"41600734-bf1a-5eda-9528-9acc15570c83","created":"2025-04-11T15:06:06.267829Z","modified":"2025-04-11T15:06:06.433532Z"},{"id":"2c314eb6-767f-45b9-8a60-dba11e06afd8","name":"Group IB Silence Aug 2019","description":"Group-IB. (2019, August). Silence 2.0: Going Global. Retrieved May 5, 2020.","url":"https://www.group-ib.com/resources/threat-research/silence_2.0.going_global.pdf","source":"MITRE","title":"Silence 2.0: Going Global","authors":"Group-IB","date_accessed":"2020-05-05T00:00:00Z","date_published":"2019-08-01T00:00:00Z","owner_name":null,"tidal_id":"8871613d-dbad-5f46-bb03-b1a184e3f072","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440629Z"},{"id":"004a8877-7e57-48ad-a6ce-b9ad8577cc68","name":"SecureList Silence Nov 2017","description":"GReAT. (2017, November 1). Silence – a new Trojan attacking financial organizations. Retrieved May 24, 2019.","url":"https://securelist.com/the-silence/83009/","source":"MITRE","title":"Silence – a new Trojan attacking financial organizations","authors":"GReAT","date_accessed":"2019-05-24T00:00:00Z","date_published":"2017-11-01T00:00:00Z","owner_name":null,"tidal_id":"319ca5fc-5b3f-5c3d-b727-4b9fa4ec69b0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437892Z"},{"id":"c328d6d3-5e8b-45a6-8487-eecd7e8cbf7e","name":"Cyber Forensicator Silence Jan 2019","description":"Skulkin, O.. (2019, January 20). Silence: Dissecting Malicious CHM Files and Performing Forensic Analysis. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20220119133748/https://cyberforensicator.com/2019/01/20/silence-dissecting-malicious-chm-files-and-performing-forensic-analysis/","source":"MITRE","title":"Silence: Dissecting Malicious CHM Files and Performing Forensic Analysis","authors":"Skulkin, O.","date_accessed":"2024-11-17T00:00:00Z","date_published":"2019-01-20T00:00:00Z","owner_name":null,"tidal_id":"b85ab602-987c-5c33-b0ef-4319bc282aed","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437898Z"},{"id":"10d41d2e-44be-41a7-84c1-b8f39689cb93","name":"Group IB Silence Sept 2018","description":"Group-IB. (2018, September). Silence: Moving Into the Darkside. Retrieved May 5, 2020.","url":"https://go.group-ib.com/report-silence-en?_gl=1*d1bh3a*_ga*MTIwMzM5Mzc5MS4xNjk4OTI5NzY4*_ga_QMES53K3Y2*MTcwNDcyMjU2OS40LjEuMTcwNDcyMzU1Mi41My4wLjA.","source":"MITRE","title":"Silence: Moving Into the Darkside","authors":"Group-IB","date_accessed":"2020-05-05T00:00:00Z","date_published":"2018-09-01T00:00:00Z","owner_name":null,"tidal_id":"6f6d7a3e-8b0e-5bd6-a4c6-1a5d096f3258","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439702Z"},{"id":"835283b5-af3b-4baf-805e-da8ebbe8b5d2","name":"CrowdStrike Silent Chollima Adversary September 2021","description":"CrowdStrike. (2021, September 29). Silent Chollima Adversary Profile. Retrieved September 29, 2021.","url":"https://adversary.crowdstrike.com/en-US/adversary/silent-chollima/","source":"MITRE, Tidal Cyber","title":"Silent Chollima Adversary Profile","authors":"CrowdStrike","date_accessed":"2021-09-29T00:00:00Z","date_published":"2021-09-29T00:00:00Z","owner_name":null,"tidal_id":"6536cb5b-d70e-5e72-a454-baa0ccf4a8b4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.278835Z"},{"id":"9bb8ddd0-a8ec-459b-9983-79ccf46297ca","name":"Malwarebytes Silent Librarian October 2020","description":"Malwarebytes Threat Intelligence Team. (2020, October 14). Silent Librarian APT right on schedule for 20/21 academic year. Retrieved February 3, 2021.","url":"https://blog.malwarebytes.com/malwarebytes-news/2020/10/silent-librarian-apt-phishing-attack/","source":"MITRE","title":"Silent Librarian APT right on schedule for 20/21 academic year","authors":"Malwarebytes Threat Intelligence Team","date_accessed":"2021-02-03T00:00:00Z","date_published":"2020-10-14T00:00:00Z","owner_name":null,"tidal_id":"c361e7ea-e425-5ad7-9842-f88c24ccbf64","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432109Z"},{"id":"d79d0510-4d49-464d-8074-daedd186f1c1","name":"Phish Labs Silent Librarian","description":"Hassold, Crane. (2018, March 26). Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment. Retrieved February 3, 2021.","url":"https://info.phishlabs.com/blog/silent-librarian-more-to-the-story-of-the-iranian-mabna-institute-indictment","source":"MITRE, Tidal Cyber","title":"Silent Librarian: More to the Story of the Iranian Mabna Institute Indictment","authors":"Hassold, Crane","date_accessed":"2021-02-03T00:00:00Z","date_published":"2018-03-26T00:00:00Z","owner_name":null,"tidal_id":"48305566-121a-5969-93a3-7cdc229e8432","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.280092Z"},{"id":"9112728f-e507-4752-b4c7-3b03a719a983","name":"FBI Silent Ransom Group PIN May 23 2025","description":"FBI Cyber Division. (2025, May 23). Silent Ransom Group Targeting Law Firms. Retrieved May 30, 2025.","url":"https://www.ic3.gov/CSA/2025/250523.pdf","source":"Tidal Cyber","title":"Silent Ransom Group Targeting Law Firms","authors":"FBI Cyber Division","date_accessed":"2025-05-30T00:00:00Z","date_published":"2025-05-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9f44372c-9880-551a-a088-696f066ada61","created":"2025-06-03T14:14:10.922422Z","modified":"2025-06-03T14:14:11.089424Z"},{"id":"7c49c1fd-0a02-457d-97d2-13e72f489f1f","name":"Trend Micro October 15 2024","description":"Jacob Santos; Cj Arsley Mateo; Sarah Pearl Camiling Read time. (2024, October 15). Silent Threat Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions. Retrieved October 17, 2024.","url":"https://www.trendmicro.com/fr_fr/research/24/j/edrsilencer-disrupting-endpoint-security-solutions.html","source":"Tidal Cyber","title":"Silent Threat Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions","authors":"Jacob Santos; Cj Arsley Mateo; Sarah Pearl Camiling Read time","date_accessed":"2024-10-17T00:00:00Z","date_published":"2024-10-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"88451aca-3afe-58f6-b643-48aa7a5d2b16","created":"2024-10-18T13:25:16.211609Z","modified":"2024-10-18T13:25:16.484652Z"},{"id":"b71c198b-0570-500c-b0dc-05e76dd383bb","name":"Github_SILENTTRINITY","description":"byt3bl33d3r. (n.d.). SILENTTRINITY. Retrieved September 12, 2024.","url":"https://github.com/byt3bl33d3r/SILENTTRINITY","source":"MITRE","title":"SILENTTRINITY","authors":"byt3bl33d3r","date_accessed":"2024-09-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"95c36597-56ec-5a56-9722-44adf448443b","created":"2024-10-31T16:28:36.065811Z","modified":"2025-12-17T15:08:36.440575Z"},{"id":"df9252e6-2727-4b39-a5f8-9f01c85aae9d","name":"GitHub SILENTTRINITY Modules July 2019","description":"Salvati, M. (2019, August 6). SILENTTRINITY Modules. Retrieved March 24, 2022.","url":"https://github.com/byt3bl33d3r/SILENTTRINITY/tree/master/silenttrinity/core/teamserver/modules/boo","source":"MITRE","title":"SILENTTRINITY Modules","authors":"Salvati, M","date_accessed":"2022-03-24T00:00:00Z","date_published":"2019-08-06T00:00:00Z","owner_name":null,"tidal_id":"ebd422c4-c48b-56d4-abc8-1b45222494e2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440372Z"},{"id":"08dd388f-5c10-57bc-8263-7214fe667b4a","name":"Microsoft Silk Typhoon MAR 2025","description":"Microsoft Threat Intelligence . (2025, March 5). Silk Typhoon targeting IT supply chain. Retrieved March 20, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2025/03/05/silk-typhoon-targeting-it-supply-chain/","source":"MITRE","title":"Silk Typhoon targeting IT supply chain","authors":"Microsoft Threat Intelligence","date_accessed":"2025-03-20T00:00:00Z","date_published":"2025-03-05T00:00:00Z","owner_name":null,"tidal_id":"fd3b9519-2687-51f8-8206-ee25ae3a5ef6","created":"2025-04-22T20:47:23.152321Z","modified":"2025-12-17T15:08:36.438224Z"},{"id":"4be128a7-97b8-48fa-8a52-a53c1e56f086","name":"Unit 42 Siloscape Jun 2021","description":"Prizmant, D. (2021, June 7). Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments. Retrieved June 9, 2021.","url":"https://unit42.paloaltonetworks.com/siloscape/","source":"MITRE","title":"Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments","authors":"Prizmant, D","date_accessed":"2021-06-09T00:00:00Z","date_published":"2021-06-07T00:00:00Z","owner_name":null,"tidal_id":"9fe0da0e-abba-5489-a432-07100a1ee997","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418532Z"},{"id":"3eea040e-75fb-4e52-b9b6-9e1476f0ddcb","name":"ReliaQuest December 04 2025","description":"None Identified. (2025, December 4). Silver Fox’s Russian Ruse: ValleyRAT Hits China via Fake Microsoft Teams Attack. Retrieved December 28, 2025.","url":"https://reliaquest.com/blog/threat-spotlight-silver-foxs-russian-ruse-fake-microsoft-teams-attack/","source":"Tidal Cyber","title":"Silver Fox’s Russian Ruse: ValleyRAT Hits China via Fake Microsoft Teams Attack","authors":"None Identified","date_accessed":"2025-12-28T12:00:00Z","date_published":"2025-12-04T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"cc4af455-0e1e-5df0-a363-53daf65e5c0d","created":"2025-12-29T17:39:50.512598Z","modified":"2025-12-29T17:39:50.640774Z"},{"id":"300e5edf-ad65-41ff-908f-c2af49b3cec3","name":"www.cloudsek.com December 26 2025","description":"Prajwal Awasthi. (2025, December 26). Silver Fox Targeting India Using Tax Themed Phishing Lures | CloudSEK. Retrieved January 12, 2026.","url":"https://www.cloudsek.com/blog/silver-fox-targeting-india-using-tax-themed-phishing-lures","source":"Tidal Cyber","title":"Silver Fox Targeting India Using Tax Themed Phishing Lures | CloudSEK","authors":"Prajwal Awasthi","date_accessed":"2026-01-12T12:00:00Z","date_published":"2025-12-26T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fedbf24a-97cf-5e55-973b-f76f78c7f58d","created":"2026-01-23T20:29:34.369702Z","modified":"2026-01-23T20:29:34.501518Z"},{"id":"0d6e9bfe-9c6c-40ba-9d12-30273b559d13","name":"Www.cloudsek.com December 26 2025","description":"Prajwal Awasthi. (2025, December 26). Silver Fox Targeting India Using Tax Themed Phishing Lures | CloudSEK. Retrieved January 12, 2026.","url":"https://www.cloudsek.com/blog/silver-fox-targeting-india-using-tax-themed-phishing-lures","source":"Tidal Cyber","title":"Silver Fox Targeting India Using Tax Themed Phishing Lures | CloudSEK","authors":"Prajwal Awasthi","date_accessed":"2026-01-12T12:00:00Z","date_published":"2025-12-26T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c34959a4-5fb6-58ac-844f-10d698872ae6","created":"2026-01-14T13:29:41.369299Z","modified":"2026-01-14T13:29:41.528683Z"},{"id":"a6ba79ca-7d4a-48d3-aae3-ee766770f83b","name":"Unit42 SilverTerrier 2016","description":"Renals, P., Conant, S. (2016). SILVERTERRIER: The Next Evolution in Nigerian Cybercrime. Retrieved November 13, 2018.","url":"https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/silverterrier-next-evolution-in-nigerian-cybercrime.pdf","source":"MITRE, Tidal Cyber","title":"SILVERTERRIER: The Next Evolution in Nigerian Cybercrime","authors":"Renals, P., Conant, S","date_accessed":"2018-11-13T00:00:00Z","date_published":"2016-01-01T00:00:00Z","owner_name":null,"tidal_id":"5bb48075-8326-5123-a907-48ca82873383","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.280238Z"},{"id":"59630d6e-d034-4788-b418-a72bafefe54e","name":"Unit42 SilverTerrier 2018","description":"Unit42. (2016). SILVERTERRIER: THE RISE OF NIGERIAN BUSINESS EMAIL COMPROMISE. Retrieved November 13, 2018.","url":"https://www.paloaltonetworks.com/apps/pan/public/downloadResource?pagePath=/content/pan/en_US/resources/whitepapers/unit42-silverterrier-rise-of-nigerian-business-email-compromise","source":"MITRE, Tidal Cyber","title":"SILVERTERRIER: THE RISE OF NIGERIAN BUSINESS EMAIL COMPROMISE","authors":"Unit42","date_accessed":"2018-11-13T00:00:00Z","date_published":"2016-01-01T00:00:00Z","owner_name":null,"tidal_id":"a116bf60-3a2b-51c6-badd-02a61668c455","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.280244Z"},{"id":"03e7a015-aa3f-57c7-af14-73798833ef32","name":"CheckPoint SimBad 2019","description":"Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November","url":"https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/","source":"Mobile","title":"SimBad: A Rogue Adware Campaign On Google Play","authors":"Elena Root, Andrey Polkovnichenko","date_accessed":"1978-11-01T00:00:00Z","date_published":"2019-03-13T00:00:00Z","owner_name":null,"tidal_id":"d43e87c0-5d89-5b39-8280-b84f0bda51d4","created":"2026-01-28T13:08:10.042364Z","modified":"2026-01-28T13:08:10.042367Z"},{"id":"0edd94fb-aaca-5b35-83e1-424cc0c81b03","name":"SRLabs-SIMCard","description":"SRLabs. (n.d.). SIM cards are prone to remote hacking. Retrieved December","url":"https://srlabs.de/bites/rooting-sim-cards/","source":"Mobile","title":"SIM cards are prone to remote hacking","authors":"SRLabs","date_accessed":"1978-12-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2a0dcf14-679a-5f4f-b179-530e6517a354","created":"2026-01-28T13:08:10.043394Z","modified":"2026-01-28T13:08:10.043397Z"},{"id":"54fcbc49-f4e3-48a4-9d67-52ca08b322b2","name":"Timac DYLD_INSERT_LIBRARIES","description":"Timac. (2012, December 18). Simple code injection using DYLD_INSERT_LIBRARIES. Retrieved March 26, 2020.","url":"https://blog.timac.org/2012/1218-simple-code-injection-using-dyld_insert_libraries/","source":"MITRE","title":"Simple code injection using DYLD_INSERT_LIBRARIES","authors":"Timac","date_accessed":"2020-03-26T00:00:00Z","date_published":"2012-12-18T00:00:00Z","owner_name":null,"tidal_id":"8541c3bd-397a-58a8-a878-4b4ad56d1e26","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430383Z"},{"id":"793d05a5-5b32-5bf7-9ffc-6ffa13b4c7a4","name":"group-ib_muddywater_infra","description":"Rostovcev, N. (2023, April 18). SimpleHarm: Tracking MuddyWater’s infrastructure. Retrieved July 11, 2024.","url":"https://www.group-ib.com/blog/muddywater-infrastructure/","source":"MITRE","title":"SimpleHarm: Tracking MuddyWater’s infrastructure","authors":"Rostovcev, N","date_accessed":"2024-07-11T00:00:00Z","date_published":"2023-04-18T00:00:00Z","owner_name":null,"tidal_id":"5b6d51ab-95ee-56b3-93a5-08f76d283c1c","created":"2024-10-31T16:28:36.204298Z","modified":"2025-12-17T15:08:36.440714Z"},{"id":"d40377b2-4d73-5350-b6c7-479c2ac16f58","name":"BlackHat Sutter Android Foreground 2019","description":"Thomas Sutter. (2019, December). Simple Spyware Androids Invisible Foreground Services and How to (Ab)use Them. Retrieved December","url":"https://i.blackhat.com/eu-19/Thursday/eu-19-Sutter-Simple-Spyware-Androids-Invisible-Foreground-Services-And-How-To-Abuse-Them.pdf","source":"Mobile","title":"Simple Spyware Androids Invisible Foreground Services and How to (Ab)use Them","authors":"Thomas Sutter","date_accessed":"1978-12-01T00:00:00Z","date_published":"2019-12-01T00:00:00Z","owner_name":null,"tidal_id":"92699e2d-2f4c-5d86-a997-b98eb4fcfff9","created":"2026-01-28T13:08:10.044222Z","modified":"2026-01-28T13:08:10.044225Z"},{"id":"c2f51f1f-3a34-5db0-8672-f91648d78ffc","name":"Symantec Conficker Jun 2015","description":"Symantec. (2015, June 30). Simple steps to protect yourself from the Conficker Worm. Retrieved December","url":"https://support.symantec.com/us/en/article.tech93179.html","source":"ICS","title":"Simple steps to protect yourself from the Conficker Worm","authors":"Symantec","date_accessed":"1978-12-01T00:00:00Z","date_published":"2015-06-30T00:00:00Z","owner_name":null,"tidal_id":"f8941c19-84c9-5079-bacc-1bb6df6c12f4","created":"2026-01-28T13:08:18.175644Z","modified":"2026-01-28T13:08:18.175647Z"},{"id":"09b1fb86-68e2-555d-8be1-7e49c536f65b","name":"Verizon SIM Swapping","description":"Verizon. (n.d.). SIM Swapping. Retrieved January","url":"https://www.verizon.com/about/account-security/sim-swapping","source":"Mobile","title":"SIM Swapping","authors":"Verizon","date_accessed":"1978-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"905b8e33-d7ae-5502-8874-9586fcdb7196","created":"2026-01-28T13:08:10.045434Z","modified":"2026-01-28T13:08:10.045437Z"},{"id":"c596a0e0-6e9c-52e4-b1bb-9c0542f960f2","name":"SIM Swapping and Abuse of the Microsoft Azure Serial Console","description":"Mandiant Intelligence. (2023, May 16). SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack. Retrieved June 2, 2023.","url":"https://www.mandiant.com/resources/blog/sim-swapping-abuse-azure-serial","source":"MITRE","title":"SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack","authors":"Mandiant Intelligence","date_accessed":"2023-06-02T00:00:00Z","date_published":"2023-05-16T00:00:00Z","owner_name":null,"tidal_id":"35fcd758-b18c-5d39-9091-ff186978c4a5","created":"2023-11-07T00:36:01.709588Z","modified":"2025-12-17T15:08:36.428749Z"},{"id":"efc5c26d-41f1-43c7-aae2-b93de7cf0844","name":"Broadcom Sinobi Ransomware","description":"Broadcom. (2025, August 25). Sinobi Ransomware. Retrieved September 11, 2025.","url":"https://www.broadcom.com/support/security-center/protection-bulletin/sinobi-ransomware","source":"Tidal Cyber","title":"Sinobi Ransomware","authors":"Broadcom","date_accessed":"2025-09-11T12:00:00Z","date_published":"2025-08-25T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0491a7d9-38ba-5b4a-8101-c0ef0a19ae25","created":"2025-09-15T19:13:21.354487Z","modified":"2025-09-15T19:13:21.514219Z"},{"id":"ac37f167-3ae9-437b-9215-c30c1ab4e249","name":"EduardosBlog SIPs July 2008","description":"Navarro, E. (2008, July 11). SIP’s (Subject Interface Package) and Authenticode. Retrieved January 31, 2018.","url":"https://blogs.technet.microsoft.com/eduardonavarro/2008/07/11/sips-subject-interface-package-and-authenticode/","source":"MITRE","title":"SIP’s (Subject Interface Package) and Authenticode","authors":"Navarro, E","date_accessed":"2018-01-31T00:00:00Z","date_published":"2008-07-11T00:00:00Z","owner_name":null,"tidal_id":"846f584c-e9a2-5d25-8e31-a30e2f215d37","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429641Z"},{"id":"03063a8d-4b58-5305-91c0-74baeb2abf51","name":"Python Site Configuration Hook","description":"Python. (n.d.). site — Site-specific configuration hook. Retrieved May 22, 2025.","url":"https://docs.python.org/3/library/site.html","source":"MITRE","title":"site — Site-specific configuration hook","authors":"Python","date_accessed":"2025-05-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4f19dae1-19cb-5f9b-8cfe-986734165884","created":"2025-10-29T21:08:48.166438Z","modified":"2025-12-17T15:08:36.434435Z"},{"id":"ca63ccd4-8c81-4de6-8eb4-06a6c68ce4d3","name":"Anonymous Hackers Deface Russian Govt Site","description":"Andy. (2018, May 12). ‘Anonymous’ Hackers Deface Russian Govt. Site to Protest Web-Blocking (NSFW). Retrieved April 19, 2019.","url":"https://torrentfreak.com/anonymous-hackers-deface-russian-govt-site-to-protest-web-blocking-nsfw-180512/","source":"MITRE","title":"Site to Protest Web-Blocking (NSFW)","authors":"Andy. (2018, May 12)","date_accessed":"2019-04-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3d4f18c7-3681-5591-963f-317d8fe5b82a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424668Z"},{"id":"f4ab81d8-ff3d-5204-b2a5-49524aaf5a46","name":"Elcomsoft Decrypt Keychain","description":"V. Katalov. (2018, December 18). Six Ways to Decrypt iPhone Passwords from the Keychain. Retrieved June","url":"https://blog.elcomsoft.com/2018/12/six-ways-to-decrypt-iphone-passwords-from-the-keychain/","source":"Mobile","title":"Six Ways to Decrypt iPhone Passwords from the Keychain","authors":"V. Katalov","date_accessed":"1978-06-01T00:00:00Z","date_published":"2018-12-18T00:00:00Z","owner_name":null,"tidal_id":"8e802e8a-715e-50f0-bc0b-0f4e44902644","created":"2026-01-28T13:08:10.043241Z","modified":"2026-01-28T13:08:10.043244Z"},{"id":"cea9ce77-7641-4086-b92f-a4c3ad94a49c","name":"Dell Skeleton","description":"Dell SecureWorks. (2015, January 12). Skeleton Key Malware Analysis. Retrieved April 8, 2019.","url":"https://www.secureworks.com/research/skeleton-key-malware-analysis","source":"MITRE","title":"Skeleton Key Malware Analysis","authors":"Dell SecureWorks","date_accessed":"2019-04-08T00:00:00Z","date_published":"2015-01-12T00:00:00Z","owner_name":null,"tidal_id":"166c47da-8f82-5231-84a1-4da5e2274c49","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420109Z"},{"id":"ccca927e-fa03-4eba-b631-9989804a1f3c","name":"Command Five SK 2011","description":"Command Five Pty Ltd. (2011, September). SK Hack by an Advanced Persistent Threat. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20160309235002/https://www.commandfive.com/papers/C5_APT_SKHack.pdf","source":"MITRE","title":"SK Hack by an Advanced Persistent Threat","authors":"Command Five Pty Ltd","date_accessed":"2024-11-17T00:00:00Z","date_published":"2011-09-01T00:00:00Z","owner_name":null,"tidal_id":"2cc2be33-326d-53d0-bf39-5927f507c47d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428298Z"},{"id":"53291621-f0ad-4cb7-af08-78b96eb67168","name":"Trend Micro Skidmap","description":"Remillano, A., Urbanec, J. (2019, September 19). Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload. Retrieved June 4, 2020.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/skidmap-linux-malware-uses-rootkit-capabilities-to-hide-cryptocurrency-mining-payload/","source":"MITRE","title":"Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload","authors":"Remillano, A., Urbanec, J","date_accessed":"2020-06-04T00:00:00Z","date_published":"2019-09-19T00:00:00Z","owner_name":null,"tidal_id":"70677d47-cca1-50ac-8173-bcdb612d2af3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418305Z"},{"id":"db52722c-74b8-50e1-8951-6df808d9bc40","name":"Kaspersky-Skygofree","description":"Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September","url":"https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/","source":"Mobile","title":"Skygofree: Following in the footsteps of HackingTeam","authors":"Nikita Buchka and Alexey Firsh","date_accessed":"1978-09-01T00:00:00Z","date_published":"2018-01-16T00:00:00Z","owner_name":null,"tidal_id":"03e73092-3b09-5ece-9d05-eaac260794ba","created":"2026-01-28T13:08:10.040273Z","modified":"2026-01-28T13:08:10.040277Z"},{"id":"135c23b4-7795-5855-9910-98c8d6de2627","name":"Push Security Slack Persistence 2023","description":"Luke Jennings. (2023, October 24). Slack Attack: A phisher's guide to persistence and lateral movement. Retrieved March 20, 2025.","url":"https://pushsecurity.com/blog/phishing-slack-persistence/","source":"MITRE","title":"Slack Attack: A phisher's guide to persistence and lateral movement","authors":"Luke Jennings","date_accessed":"2025-03-20T00:00:00Z","date_published":"2023-10-24T00:00:00Z","owner_name":null,"tidal_id":"283d1a57-462d-5309-be8e-59da79c2c3a6","created":"2025-04-22T20:47:18.904850Z","modified":"2025-12-17T15:08:36.434336Z"},{"id":"46c40ed4-5a15-4b38-b625-bebc569dbf69","name":"Detectify Slack Tokens","description":"Detectify. (2016, April 28). Slack bot token leakage exposing business critical information. Retrieved November 17, 2024.","url":"https://labs.detectify.com/writeups/slack-bot-token-leakage-exposing-business-critical-information/","source":"MITRE","title":"Slack bot token leakage exposing business critical information","authors":"Detectify","date_accessed":"2024-11-17T00:00:00Z","date_published":"2016-04-28T00:00:00Z","owner_name":null,"tidal_id":"50d701df-9f6e-5aad-852f-50d9a95d30b2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429514Z"},{"id":"203e002f-09b0-436d-b9c2-a8988ee0b7aa","name":"Huntress ScreenConnect 2 23 2024","description":"Team Huntress. (2024, February 23). SlashAndGrab ScreenConnect Post-Exploitation in the Wild (CVE-2024-1709 & CVE-2024-1708). Retrieved February 23, 2024.","url":"https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708","source":"Tidal Cyber","title":"SlashAndGrab ScreenConnect Post-Exploitation in the Wild (CVE-2024-1709 & CVE-2024-1708)","authors":"Team Huntress","date_accessed":"2024-02-23T00:00:00Z","date_published":"2024-02-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3fafb8db-205a-5feb-b0e3-7033137afac6","created":"2024-06-13T20:10:49.001477Z","modified":"2024-06-13T20:10:49.190137Z"},{"id":"f706839a-c6e7-469b-a0c0-02c0d55eb4f6","name":"GitHub Sliver C2","description":"BishopFox. (n.d.). Sliver. Retrieved September 15, 2021.","url":"https://github.com/BishopFox/sliver/","source":"MITRE","title":"Sliver","authors":"BishopFox","date_accessed":"2021-09-15T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d5c1c0c1-045e-5164-ab95-a15431b6002f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440971Z"},{"id":"72744c10-c500-5691-9f28-6a66ee7f5ef2","name":"Cybereason Sliver Undated","description":"Cybereason Global SOC and Incident Response Team. (n.d.). Sliver C2 Leveraged by Many Threat Actors. Retrieved March 24, 2025.","url":"https://www.cybereason.com/blog/sliver-c2-leveraged-by-many-threat-actors","source":"MITRE","title":"Sliver C2 Leveraged by Many Threat Actors","authors":"Cybereason Global SOC and Incident Response Team","date_accessed":"2025-03-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d383822a-9ce4-5f36-a133-d9bef87a9f7f","created":"2025-04-22T20:47:30.649748Z","modified":"2025-12-17T15:08:36.422746Z"},{"id":"41c1ac3e-d03a-4e09-aebe-a8c191236e7e","name":"GitHub Sliver C2 DNS","description":"BishopFox. (n.d.). Sliver DNS C2 . Retrieved September 15, 2021.","url":"https://github.com/BishopFox/sliver/wiki/DNS-C2","source":"MITRE","title":"Sliver DNS C2","authors":"BishopFox","date_accessed":"2021-09-15T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f086266b-a2ea-5265-8d36-306cf72ea3db","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442095Z"},{"id":"f9f6468f-6115-4753-a1ff-3658e410f964","name":"GitHub Sliver Download","description":"BishopFox. (n.d.). Sliver Download. Retrieved September 16, 2021.","url":"https://github.com/BishopFox/sliver/blob/7489c69962b52b09ed377d73d142266564845297/client/command/filesystem/download.go","source":"MITRE","title":"Sliver Download","authors":"BishopFox","date_accessed":"2021-09-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ce22b7b4-a704-51c9-b461-9d6b84d4797a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442678Z"},{"id":"820beaff-a0d5-4017-9a9c-6fbd7874b585","name":"GitHub Sliver File System August 2021","description":"BishopFox. (2021, August 18). Sliver Filesystem. Retrieved September 22, 2021.","url":"https://github.com/BishopFox/sliver/tree/master/client/command/filesystem","source":"MITRE","title":"Sliver Filesystem","authors":"BishopFox","date_accessed":"2021-09-22T00:00:00Z","date_published":"2021-08-18T00:00:00Z","owner_name":null,"tidal_id":"8756f835-f40b-588f-8524-a0e4c09478a0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441019Z"},{"id":"0194a86d-c7bf-4115-ab45-4c67fcfdb2a1","name":"GitHub Sliver HTTP","description":"BishopFox. (n.d.). Sliver HTTP(S) C2. Retrieved September 16, 2021.","url":"https://github.com/BishopFox/sliver/wiki/HTTP(S)-C2","source":"MITRE","title":"Sliver HTTP(S) C2","authors":"BishopFox","date_accessed":"2021-09-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f0955ba6-32f9-50d7-98d6-fa5b5ce23200","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441473Z"},{"id":"e9783116-144f-49e9-a3c5-28bf3ff9c654","name":"GitHub Sliver Ifconfig","description":"BishopFox. (n.d.). Sliver Ifconfig. Retrieved September 16, 2021.","url":"https://github.com/BishopFox/sliver/blob/ea329226636ab8e470086a17f13aa8d330baad22/client/command/network/ifconfig.go","source":"MITRE","title":"Sliver Ifconfig","authors":"BishopFox","date_accessed":"2021-09-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8f22bb85-39c4-50ac-829d-569f3fb0e3f1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442294Z"},{"id":"9123bfd7-2f09-4490-82fa-c45d4a6ce4ef","name":"Cyble Sliver Germany January 17 2025","description":"Cyble. (2025, January 17). Sliver Implant Targets German Entities with DLL Sideloading and Proxying Techniques. Retrieved March 24, 2025.","url":"https://cyble.com/blog/sliver-implant-targets-german-entities-with-dll-sideloading-and-proxying-techniques/","source":"Tidal Cyber","title":"Sliver Implant Targets German Entities with DLL Sideloading and Proxying Techniques","authors":"Cyble","date_accessed":"2025-03-24T00:00:00Z","date_published":"2025-01-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c9404210-811e-59fa-92e6-fc8e82a6f8b1","created":"2025-03-25T13:16:01.983037Z","modified":"2025-03-25T13:16:02.138662Z"},{"id":"37ef7619-8157-4522-aea7-779d75464029","name":"GitHub Sliver Netstat","description":"BishopFox. (n.d.). Sliver Netstat. Retrieved September 16, 2021.","url":"https://github.com/BishopFox/sliver/tree/58a56a077f0813bb312f9fa4df7453b510c3a73b/implant/sliver/netstat","source":"MITRE","title":"Sliver Netstat","authors":"BishopFox","date_accessed":"2021-09-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4a0c220d-8e8c-5cc2-b902-e015049ca545","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442950Z"},{"id":"0417572e-d1c7-4db5-8644-5b94c79cc14d","name":"GitHub Sliver Screen","description":"BishopFox. (n.d.). Sliver Screenshot. Retrieved September 16, 2021.","url":"https://github.com/BishopFox/sliver/blob/master/implant/sliver/screen/screenshot_windows.go","source":"MITRE","title":"Sliver Screenshot","authors":"BishopFox","date_accessed":"2021-09-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ec751c37-9886-5358-8e49-8de5ff65c9e5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442299Z"},{"id":"b33a9d44-1468-4b3e-8d27-9c48c81bec74","name":"GitHub Sliver Encryption","description":"BishopFox. (n.d.). Sliver Transport Encryption. Retrieved September 16, 2021.","url":"https://github.com/BishopFox/sliver/wiki/Transport-Encryption","source":"MITRE","title":"Sliver Transport Encryption","authors":"BishopFox","date_accessed":"2021-09-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"01425594-7ed6-5df5-b824-975f19b438e4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442159Z"},{"id":"96e6e207-bf8b-4a3e-9a92-779e8bb6bb67","name":"GitHub Sliver Upload","description":"BishopFox. (n.d.). Sliver Upload. Retrieved September 16, 2021.","url":"https://github.com/BishopFox/sliver/blob/ea329226636ab8e470086a17f13aa8d330baad22/client/command/filesystem/upload.go","source":"MITRE","title":"Sliver Upload","authors":"BishopFox","date_accessed":"2021-09-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9a75a9c1-c573-5673-b938-2ddab2c0c2ac","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442370Z"},{"id":"f140f23b-7a46-418b-a4ae-a36e79b6a7e1","name":"SLT Mobitel REvil May 26 2020","description":"SLT Mobitel. (2020, May 26). SLT clarifies situation regarding recent cyber attack. Retrieved January 16, 2026.","url":"https://www.slt.lk/en/content/slt-clarifies-situation-regarding-recent-cyber-attack","source":"Tidal Cyber","title":"SLT clarifies situation regarding recent cyber attack","authors":"SLT Mobitel","date_accessed":"2026-01-16T12:00:00Z","date_published":"2020-05-26T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5d83b40c-d38b-58bf-80fd-90c02749de99","created":"2026-01-23T20:29:35.679775Z","modified":"2026-01-23T20:29:35.811920Z"},{"id":"3edb88be-2ca6-4925-ba2e-a5a4ac5f9ab0","name":"Zdnet Ngrok September 2018","description":"Cimpanu, C. (2018, September 13). Sly malware author hides cryptomining botnet behind ever-shifting proxy service. Retrieved September 15, 2020.","url":"https://www.zdnet.com/article/sly-malware-author-hides-cryptomining-botnet-behind-ever-shifting-proxy-service/","source":"MITRE","title":"Sly malware author hides cryptomining botnet behind ever-shifting proxy service","authors":"Cimpanu, C","date_accessed":"2020-09-15T00:00:00Z","date_published":"2018-09-13T00:00:00Z","owner_name":null,"tidal_id":"d390a0e6-fb00-5bd3-aad5-d9539ceebebe","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422849Z"},{"id":"0edb8946-be38-45f5-a27c-bdbebc383d72","name":"NCSC GCHQ Small Sieve Jan 2022","description":"NCSC GCHQ. (2022, January 27). Small Sieve Malware Analysis Report. Retrieved August 22, 2022.","url":"https://www.ncsc.gov.uk/files/NCSC-Malware-Analysis-Report-Small-Sieve.pdf","source":"MITRE","title":"Small Sieve Malware Analysis Report","authors":"NCSC GCHQ","date_accessed":"2022-08-22T00:00:00Z","date_published":"2022-01-27T00:00:00Z","owner_name":null,"tidal_id":"d6cdbf99-88ca-510f-bd0c-d35e4c36e721","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422629Z"},{"id":"7a6ca2e0-a16d-5c75-bb8b-4b72a838c193","name":"Microsoft Smart App Control","description":"Microsoft. (n.d.). Smart App Control Frequently Asked Questions. Retrieved April 4, 2025.","url":"https://support.microsoft.com/en-us/windows/smart-app-control-frequently-asked-questions-285ea03d-fa88-4d56-882e-6698afdb7003","source":"MITRE","title":"Smart App Control Frequently Asked Questions","authors":"Microsoft","date_accessed":"2025-04-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d5a9b0cd-2cb9-5ca1-a146-8620ad9ea148","created":"2025-04-22T20:47:21.450900Z","modified":"2025-12-17T15:08:36.436837Z"},{"id":"efae8de6-1b8d-47c0-b7a0-e3d0c227a14c","name":"SmartMontools","description":"smartmontools. (n.d.). smartmontools. Retrieved October 2, 2018.","url":"https://www.smartmontools.org/","source":"MITRE","title":"smartmontools","authors":"smartmontools","date_accessed":"2018-10-02T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"518839f5-4a73-500e-aae4-bae506a0daf8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425088Z"},{"id":"a6e1e3b4-1b69-43b7-afbe-aedb812c5778","name":"CME Github September 2018","description":"byt3bl33d3r. (2018, September 8). SMB: Command Reference. Retrieved July 17, 2020.","url":"https://github.com/byt3bl33d3r/CrackMapExec/wiki/SMB-Command-Reference","source":"MITRE","title":"SMB: Command Reference","authors":"byt3bl33d3r","date_accessed":"2020-07-17T00:00:00Z","date_published":"2018-09-08T00:00:00Z","owner_name":null,"tidal_id":"7b59e488-59d7-54e0-93ea-378e5cc25e5b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423353Z"},{"id":"710d2292-c693-4857-9196-397449061e76","name":"US-CERT SMB Security","description":"US-CERT. (2017, March 16). SMB Security Best Practices. Retrieved December 21, 2017.","url":"https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices","source":"MITRE","title":"SMB Security Best Practices","authors":"US-CERT","date_accessed":"2017-12-21T00:00:00Z","date_published":"2017-03-16T00:00:00Z","owner_name":null,"tidal_id":"aa27f8d1-40c6-5a34-ac64-7ae4cf241bb3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415827Z"},{"id":"ad14bad2-95c8-49b0-9777-e464fc8359a0","name":"SMLoginItemSetEnabled Schroeder 2013","description":"Tim Schroeder. (2013, April 21). SMLoginItemSetEnabled Demystified. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20160216034946/https://blog.timschroeder.net/2013/04/21/smloginitemsetenabled-demystified/","source":"MITRE","title":"SMLoginItemSetEnabled Demystified","authors":"Tim Schroeder","date_accessed":"2024-11-17T00:00:00Z","date_published":"2013-04-21T00:00:00Z","owner_name":null,"tidal_id":"a20da609-d20d-5a96-aaed-29222b24fd07","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432083Z"},{"id":"b619e338-16aa-478c-b227-b22f78d572a3","name":"Malwarebytes SmokeLoader 2016","description":"Hasherezade. (2016, September 12). Smoke Loader – downloader with a smokescreen still alive. Retrieved March 20, 2018.","url":"https://blog.malwarebytes.com/threat-analysis/2016/08/smoke-loader-downloader-with-a-smokescreen-still-alive/","source":"MITRE","title":"Smoke Loader – downloader with a smokescreen still alive","authors":"Hasherezade","date_accessed":"2018-03-20T00:00:00Z","date_published":"2016-09-12T00:00:00Z","owner_name":null,"tidal_id":"08f5e4d2-f25a-5d2f-ae2e-25ba1a29f768","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416959Z"},{"id":"072ac051-7564-4dd3-a279-7f75c91b55f1","name":"Talos Smoke Loader July 2018","description":"Baker, B., Unterbrink H. (2018, July 03). Smoking Guns - Smoke Loader learned new tricks. Retrieved July 5, 2018.","url":"https://blog.talosintelligence.com/2018/07/smoking-guns-smoke-loader-learned-new.html#more","source":"MITRE","title":"Smoking Guns - Smoke Loader learned new tricks","authors":"Baker, B., Unterbrink H","date_accessed":"2018-07-05T00:00:00Z","date_published":"2018-07-03T00:00:00Z","owner_name":null,"tidal_id":"aa19a240-8495-58c2-9e8a-8492e0a39593","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440255Z"},{"id":"a81ad3ef-fd96-432c-a7c8-ccc86d127a1b","name":"FireEye SMOKEDHAM June 2021","description":"FireEye. (2021, June 16). Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise. Retrieved September 22, 2021.","url":"https://www.fireeye.com/blog/threat-research/2021/06/darkside-affiliate-supply-chain-software-compromise.html","source":"MITRE","title":"Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise","authors":"FireEye","date_accessed":"2021-09-22T00:00:00Z","date_published":"2021-06-16T00:00:00Z","owner_name":null,"tidal_id":"c256402b-d043-5c23-9900-2f8cd28fe8bf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419805Z"},{"id":"07880e49-4746-58f2-aa79-72cdced844f3","name":"Android SmsProvider","description":"Google. (n.d.). SmsProvider.java. Retrieved September","url":"https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/7e7c274/src/com/android/providers/telephony/SmsProvider.java","source":"Mobile","title":"SmsProvider.java","authors":"Google","date_accessed":"1978-09-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3623bdaa-64d1-599d-8957-0a2499959ac1","created":"2026-01-28T13:08:10.045597Z","modified":"2026-01-28T13:08:10.045600Z"},{"id":"27912a10-d329-5bd0-b4cb-8567aad4de4e","name":"Huntress HTML Smuggling 2024","description":"Matt Kiely. (2024, July 5). Smuggler’s Gambit: Uncovering HTML Smuggling Adversary in the Middle Tradecraft. Retrieved March 18, 2025.","url":"https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft","source":"MITRE","title":"Smuggler’s Gambit: Uncovering HTML Smuggling Adversary in the Middle Tradecraft","authors":"Matt Kiely","date_accessed":"2025-03-18T00:00:00Z","date_published":"2024-07-05T00:00:00Z","owner_name":null,"tidal_id":"8dde605d-fdb2-52a9-9050-bda9013accc9","created":"2025-04-22T20:47:17.049828Z","modified":"2025-12-17T15:08:36.432362Z"},{"id":"b16bae1a-75aa-478b-b8c7-458ee5a3f7e5","name":"Environmental Keyed HTA","description":"Warren, R. (2017, August 8). Smuggling HTA files in Internet Explorer/Edge. Retrieved November 17, 2024.","url":"http://web.archive.org/web/20200608093807/https://www.nccgroup.com/uk/about-us/newsroom-and-events/blogs/2017/august/smuggling-hta-files-in-internet-exploreredge/","source":"MITRE","title":"Smuggling HTA files in Internet Explorer/Edge","authors":"Warren, R","date_accessed":"2024-11-17T00:00:00Z","date_published":"2017-08-08T00:00:00Z","owner_name":null,"tidal_id":"7851a5d1-fb66-5140-96a6-20940cc6fa44","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436364Z"},{"id":"f5615cdc-bc56-415b-8e38-6f3fd1c33c88","name":"nccgroup Smuggling HTA 2017","description":"Warren, R. (2017, August 8). Smuggling HTA files in Internet Explorer/Edge. Retrieved September 12, 2024.","url":"https://www.nccgroup.com/us/research-blog/smuggling-hta-files-in-internet-exploreredge/","source":"MITRE","title":"Smuggling HTA files in Internet Explorer/Edge","authors":"Warren, R","date_accessed":"2024-09-12T00:00:00Z","date_published":"2017-08-08T00:00:00Z","owner_name":null,"tidal_id":"9e8a5306-90b5-5df4-ba50-9c8b588e0db3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435195Z"},{"id":"c38d021c-d84c-4aa7-b7a5-be47e18df1d8","name":"Accenture SNAKEMACKEREL Nov 2018","description":"Accenture Security. (2018, November 29). SNAKEMACKEREL. Retrieved April 15, 2019.","url":"https://www.accenture.com/t20181129T203820Z__w__/us-en/_acnmedia/PDF-90/Accenture-snakemackerel-delivers-zekapab-malware.pdf#zoom=50","source":"MITRE","title":"SNAKEMACKEREL","authors":"Accenture Security","date_accessed":"2019-04-15T00:00:00Z","date_published":"2018-11-29T00:00:00Z","owner_name":null,"tidal_id":"d1217b33-7fa1-5f16-ad72-49dfdbd53496","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420887Z"},{"id":"f3d0aa27-399c-5f82-b983-ecaef12b89d1","name":"Huntress Python Malware 2025","description":"Matthew Brennan. (2024, July 5). Snakes on a Domain: An Analysis of a Python Malware Loader. Retrieved April 3, 2025.","url":"https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader","source":"MITRE","title":"Snakes on a Domain: An Analysis of a Python Malware Loader","authors":"Matthew Brennan","date_accessed":"2025-04-03T00:00:00Z","date_published":"2024-07-05T00:00:00Z","owner_name":null,"tidal_id":"9d7c5081-db73-5ddc-8cb5-495c9e60ce8d","created":"2025-04-22T20:47:18.669100Z","modified":"2025-12-17T15:08:36.434095Z"},{"id":"63019d16-07ec-4e53-98b7-529cc09b8429","name":"Sophos Snatch Ransomware 2019","description":"Sophos. (2019, December 9). Snatch ransomware reboots PCs into Safe Mode to bypass protection. Retrieved June 23, 2021.","url":"https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/","source":"MITRE","title":"Snatch ransomware reboots PCs into Safe Mode to bypass protection","authors":"Sophos","date_accessed":"2021-06-23T00:00:00Z","date_published":"2019-12-09T00:00:00Z","owner_name":null,"tidal_id":"b275efc6-5ae5-592b-8a73-e79c1b4571ce","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426599Z"},{"id":"26961107-c48e-46d5-8d80-cda543b3be3b","name":"AdSecurity SID History Sept 2015","description":"Metcalf, S. (2015, September 19). Sneaky Active Directory Persistence #14: SID History. Retrieved November 30, 2017.","url":"https://adsecurity.org/?p=1772","source":"MITRE","title":"Sneaky Active Directory Persistence #14: SID History","authors":"Metcalf, S","date_accessed":"2017-11-30T00:00:00Z","date_published":"2015-09-19T00:00:00Z","owner_name":null,"tidal_id":"7400ed9d-4298-5f83-84eb-ff78995d3cbf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425930Z"},{"id":"e304715f-7da1-4342-ba5b-d0387d93aeb2","name":"ADSecurity GPO Persistence 2016","description":"Metcalf, S. (2016, March 14). Sneaky Active Directory Persistence #17: Group Policy. Retrieved March 5, 2019.","url":"https://adsecurity.org/?p=2716","source":"MITRE","title":"Sneaky Active Directory Persistence #17: Group Policy","authors":"Metcalf, S","date_accessed":"2019-03-05T00:00:00Z","date_published":"2016-03-14T00:00:00Z","owner_name":null,"tidal_id":"930ef7fd-726e-5966-b9fc-80f6a37b89dc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425784Z"},{"id":"78eec913-0d1b-595c-8862-5768baec7de5","name":"Cyberscoop Evade Analysis January 2019","description":"Jeff Stone. (2019, January 18). Sneaky motion-detection feature found on Android malware. Retrieved October","url":"https://www.cyberscoop.com/android-malware-motion-detection-trend-micro/","source":"Mobile","title":"Sneaky motion-detection feature found on Android malware","authors":"Jeff Stone","date_accessed":"1978-10-01T00:00:00Z","date_published":"2019-01-18T00:00:00Z","owner_name":null,"tidal_id":"7033fa33-506a-531d-93e8-12f92f649026","created":"2026-01-28T13:08:10.044791Z","modified":"2026-01-28T13:08:10.044794Z"},{"id":"f026dd44-1491-505b-8a8a-e4f28c6cd6a7","name":"Telefonica Snip3 December 2021","description":"Jornet, A. (2021, December 23). Snip3, an investigation into malware. Retrieved September 19, 2023.","url":"https://telefonicatech.com/blog/snip3-investigacion-malware","source":"MITRE","title":"Snip3, an investigation into malware","authors":"Jornet, A","date_accessed":"2023-09-19T00:00:00Z","date_published":"2021-12-23T00:00:00Z","owner_name":null,"tidal_id":"e88d82ff-f679-5a48-b8cf-161344afd8b2","created":"2023-11-07T00:36:15.397783Z","modified":"2025-12-17T15:08:36.418052Z"},{"id":"73102615-cf40-5606-a203-6c7f061c14ec","name":"SentinelLabs SNS Sender 2024","description":"Alex Delamotte. (2024, February 15). SNS Sender | Active Campaigns Unleash Messaging Spam Through the Cloud. Retrieved September 25, 2024.","url":"https://www.sentinelone.com/labs/sns-sender-active-campaigns-unleash-messaging-spam-through-the-cloud/","source":"MITRE","title":"SNS Sender | Active Campaigns Unleash Messaging Spam Through the Cloud","authors":"Alex Delamotte","date_accessed":"2024-09-25T00:00:00Z","date_published":"2024-02-15T00:00:00Z","owner_name":null,"tidal_id":"70725624-da6f-51cd-bc3d-fcc1f0f763cd","created":"2024-10-31T16:28:23.799807Z","modified":"2025-12-17T15:08:36.432643Z"},{"id":"c28b2fbf-f309-4fb3-9743-1c11651e03ee","name":"Cybereason SocGholish Zloader April 2022","description":"Cybereason Global SOC Team. (2022, April 25). SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems. Retrieved May 7, 2023.","url":"https://www.cybereason.com/blog/threat-analysis-report-socgholish-and-zloader-from-fake-updates-and-installers-to-owning-your-systems","source":"Tidal Cyber","title":"SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems","authors":"Cybereason Global SOC Team","date_accessed":"2023-05-07T00:00:00Z","date_published":"2022-04-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4d5fcb16-8061-50a1-a208-876ff26bde52","created":"2024-06-13T20:10:13.842619Z","modified":"2024-06-13T20:10:14.034065Z"},{"id":"de4c13b5-1707-4d8f-a562-6e5fd5504dda","name":"ReliaQuest SocGholish","description":"Dean Murphy, Brandon Tirado, Joseph Morales. (2023, January 30). SocGholish: A Tale of FakeUpdates. Retrieved May 7, 2023.","url":"https://www.reliaquest.com/blog/socgholish-fakeupdates/","source":"Tidal Cyber","title":"SocGholish: A Tale of FakeUpdates","authors":"Dean Murphy, Brandon Tirado, Joseph Morales","date_accessed":"2023-05-07T00:00:00Z","date_published":"2023-01-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"aa488a19-c8f4-505f-8bc3-d10b454897f8","created":"2024-06-13T20:10:15.482643Z","modified":"2024-06-13T20:10:15.677519Z"},{"id":"01d9c3ba-29e2-5090-b399-0e7adf50a6b9","name":"SocGholish-update","description":"Andrew Northern. (2022, November 22). SocGholish, a very real threat from a very fake update. Retrieved February 13, 2024.","url":"https://www.proofpoint.com/us/blog/threat-insight/part-1-socgholish-very-real-threat-very-fake-update","source":"MITRE","title":"SocGholish, a very real threat from a very fake update","authors":"Andrew Northern","date_accessed":"2024-02-13T00:00:00Z","date_published":"2022-11-22T00:00:00Z","owner_name":null,"tidal_id":"4bbb7eff-3693-5e10-bc58-a41bba932a2d","created":"2024-04-25T13:28:41.078958Z","modified":"2025-12-17T15:08:36.418799Z"},{"id":"8a26eeb6-6f80-58f1-b773-b38835c6781d","name":"SentinelOne SocGholish Infrastructure November 2022","description":"Milenkoski, A. (2022, November 7). SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders. Retrieved March 22, 2024.","url":"https://www.sentinelone.com/labs/socgholish-diversifies-and-expands-its-malware-staging-infrastructure-to-counter-defenders/","source":"MITRE","title":"SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders","authors":"Milenkoski, A","date_accessed":"2024-03-22T00:00:00Z","date_published":"2022-11-07T00:00:00Z","owner_name":null,"tidal_id":"7d37ec38-3ecc-53fc-ae1b-5002a04f276c","created":"2024-04-25T13:28:47.795476Z","modified":"2025-12-17T15:08:36.418805Z"},{"id":"c2dd119c-25d8-4e48-8eeb-89552a5a096c","name":"SentinelLabs SocGholish November 2022","description":"Aleksandar Milenkoski. (2022, November 7). SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders. Retrieved May 7, 2023.","url":"https://www.sentinelone.com/labs/socgholish-diversifies-and-expands-its-malware-staging-infrastructure-to-counter-defenders/","source":"Tidal Cyber","title":"SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders","authors":"Aleksandar Milenkoski","date_accessed":"2023-05-07T00:00:00Z","date_published":"2022-11-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9f228fce-4ba9-5ad8-9203-32e2143851fa","created":"2024-06-13T20:10:14.221318Z","modified":"2024-06-13T20:10:14.416977Z"},{"id":"dc4117ea-be69-47db-ab75-03100fee230c","name":"Proofpoint November 21 2022","description":"Proofpoint. (2022, November 21). SocGholish Malware: A Real Threat from a Fake Update | Proofpoint US. Retrieved May 7, 2023.","url":"https://www.proofpoint.com/us/blog/threat-insight/part-1-socgholish-very-real-threat-very-fake-update","source":"Tidal Cyber","title":"SocGholish Malware: A Real Threat from a Fake Update | Proofpoint US","authors":"Proofpoint","date_accessed":"2023-05-07T00:00:00Z","date_published":"2022-11-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bc799771-db21-5404-ad39-909ab1807505","created":"2024-04-25T14:10:43.676278Z","modified":"2024-04-25T14:10:43.907732Z"},{"id":"ba749fe0-1ac7-4767-85df-97e6351c37f9","name":"Rapid7 Blog 5 10 2024","description":"Rapid7. (2024, May 10). Social Engineering Campaign Linked to Black Basta Ransomware Operators . Retrieved May 21, 2024.","url":"https://www.rapid7.com/blog/post/2024/05/10/ongoing-social-engineering-campaign-linked-to-black-basta-ransomware-operators/","source":"Tidal Cyber","title":"Social Engineering Campaign Linked to Black Basta Ransomware Operators","authors":"Rapid7","date_accessed":"2024-05-21T00:00:00Z","date_published":"2024-05-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8d89b8ea-fe9a-56e8-b85d-23390e78ed5b","created":"2024-06-13T20:11:02.311230Z","modified":"2024-06-13T20:11:02.494186Z"},{"id":"527ac41a-a65e-4cf9-a9c9-194443b37c5b","name":"FBI Social Engineering Attacks June 24 2024","description":"Federal Bureau of Investigation. (2024, June 24). Social Engineering Tactics Targeting Healthcare & Public Health Entities and Providers. Retrieved June 28, 2024.","url":"https://www.ic3.gov/Media/News/2024/240624.pdf","source":"Tidal Cyber","title":"Social Engineering Tactics Targeting Healthcare & Public Health Entities and Providers","authors":"Federal Bureau of Investigation","date_accessed":"2024-06-28T00:00:00Z","date_published":"2024-06-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3b55b7b4-0abe-5ad8-bca6-08bcb57de1d8","created":"2024-06-28T17:22:17.022575Z","modified":"2024-06-28T17:22:17.604443Z"},{"id":"bca2b5c2-bc3b-4504-806e-5c5b6fee96e6","name":"Security Joes Sockbot March 09 2022","description":"Felipe Duarte, Ido Naor. (2022, March 9). Sockbot in GoLand. Retrieved September 22, 2023.","url":"https://secjoes-reports.s3.eu-central-1.amazonaws.com/Sockbot%2Bin%2BGoLand.pdf","source":"Tidal Cyber","title":"Sockbot in GoLand","authors":"Felipe Duarte, Ido Naor","date_accessed":"2023-09-22T00:00:00Z","date_published":"2022-03-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8ecfeae9-daa2-5333-b9f1-e9194dfc7246","created":"2023-09-22T15:01:26.181625Z","modified":"2023-09-22T15:01:26.315884Z"},{"id":"bb685e6c-e42c-57e5-9fc4-6966bde38f71","name":"DFIR_Sodinokibi_Ransomware","description":"DFIR. (2021, March 29). Sodinokibi (aka REvil) Ransomware. Retrieved July 22, 2024.","url":"https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/","source":"MITRE","title":"Sodinokibi (aka REvil) Ransomware","authors":"DFIR","date_accessed":"2024-07-22T00:00:00Z","date_published":"2021-03-29T00:00:00Z","owner_name":null,"tidal_id":"30407669-745b-528f-8698-02011fbcd9f5","created":"2024-10-31T16:28:36.396464Z","modified":"2025-12-17T15:08:36.440946Z"},{"id":"ea46271d-3251-4bd7-afa8-f1bd7baf9570","name":"Kaspersky Sodin July 2019","description":"Mamedov, O, et al. (2019, July 3). Sodin ransomware exploits Windows vulnerability and processor architecture. Retrieved August 4, 2020.","url":"https://securelist.com/sodin-ransomware/91473/","source":"MITRE","title":"Sodin ransomware exploits Windows vulnerability and processor architecture","authors":"Mamedov, O, et al","date_accessed":"2020-08-04T00:00:00Z","date_published":"2019-07-03T00:00:00Z","owner_name":null,"tidal_id":"1c4bde7b-cc76-5e1a-acea-971d7cf59982","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421047Z"},{"id":"46226f98-c762-48e3-9bcd-19ff14184bb5","name":"Kaspersky Sofacy","description":"Kaspersky Lab's Global Research and Analysis Team. (2015, December 4). Sofacy APT hits high profile targets with updated toolset. Retrieved December 10, 2015.","url":"https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/","source":"MITRE","title":"Sofacy APT hits high profile targets with updated toolset","authors":"Kaspersky Lab's Global Research and Analysis Team","date_accessed":"2015-12-10T00:00:00Z","date_published":"2015-12-04T00:00:00Z","owner_name":null,"tidal_id":"f26dfa59-6a91-5bcf-821b-eb99eaa1a876","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420135Z"},{"id":"0bcc2d76-987c-4a9b-9e00-1400eec4e606","name":"Unit 42 Sofacy Feb 2018","description":"Lee, B, et al. (2018, February 28). Sofacy Attacks Multiple Government Entities. Retrieved March 15, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/02/unit42-sofacy-attacks-multiple-government-entities/","source":"MITRE","title":"Sofacy Attacks Multiple Government Entities","authors":"Lee, B, et al","date_accessed":"2018-03-15T00:00:00Z","date_published":"2018-02-28T00:00:00Z","owner_name":null,"tidal_id":"a7ae01c2-e2c0-5f35-8ea2-3ceabfb81219","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420141Z"},{"id":"8c634bbc-4878-4b27-aa18-5996ec968809","name":"Unit42 Cannon Nov 2018","description":"Falcone, R., Lee, B. (2018, November 20). Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan. Retrieved November 26, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/11/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/","source":"MITRE","title":"Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan","authors":"Falcone, R., Lee, B","date_accessed":"2018-11-26T00:00:00Z","date_published":"2018-11-20T00:00:00Z","owner_name":null,"tidal_id":"4d195cef-6fc9-52de-aa9d-546940aae3f7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420900Z"},{"id":"1523c6de-8879-4652-ac51-1a5085324370","name":"Unit 42 Sofacy Nov 2018","description":"Falcone, R., Lee, B.. (2018, November 20). Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan. Retrieved April 23, 2019.","url":"https://unit42.paloaltonetworks.com/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/","source":"MITRE","title":"Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan","authors":"Falcone, R., Lee, B.","date_accessed":"2019-04-23T00:00:00Z","date_published":"2018-11-20T00:00:00Z","owner_name":null,"tidal_id":"5410046c-c79c-5429-ba8e-3ffb5cdd86f0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432611Z"},{"id":"a32357eb-3226-4bee-aeed-d2fbcfa52da0","name":"Palo Alto Sofacy 06-2018","description":"Lee, B., Falcone, R. (2018, June 06). Sofacy Group’s Parallel Attacks. Retrieved June 18, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/","source":"MITRE","title":"Sofacy Group’s Parallel Attacks","authors":"Lee, B., Falcone, R","date_accessed":"2018-06-18T00:00:00Z","date_published":"2018-06-06T00:00:00Z","owner_name":null,"tidal_id":"af1ba1b2-7729-5b7d-ae8d-6afff1e0ce0a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420913Z"},{"id":"56a95d3c-5268-4e69-b669-7055fb38d570","name":"F-Secure Sofacy 2015","description":"F-Secure. (2015, September 8). Sofacy Recycles Carberp and Metasploit Code. Retrieved August 3, 2016.","url":"https://labsblog.f-secure.com/2015/09/08/sofacy-recycles-carberp-and-metasploit-code/","source":"MITRE","title":"Sofacy Recycles Carberp and Metasploit Code","authors":"F-Secure","date_accessed":"2016-08-03T00:00:00Z","date_published":"2015-09-08T00:00:00Z","owner_name":null,"tidal_id":"e2c2b41a-a445-531e-bc19-795fb9106196","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420128Z"},{"id":"a21be45e-26c3-446d-b336-b58d08df5749","name":"Sofacy Komplex Trojan","description":"Dani Creus, Tyler Halfpop, Robert Falcone. (2016, September 26). Sofacy's 'Komplex' OS X Trojan. Retrieved July 8, 2017.","url":"https://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/","source":"MITRE","title":"Sofacy's 'Komplex' OS X Trojan","authors":"Dani Creus, Tyler Halfpop, Robert Falcone","date_accessed":"2017-07-08T00:00:00Z","date_published":"2016-09-26T00:00:00Z","owner_name":null,"tidal_id":"a6d991e8-6a5b-53dd-860c-fecb5cc85910","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422321Z"},{"id":"ec157d0c-4091-43f5-85f1-a271c4aac1fc","name":"Sofacy DealersChoice","description":"Falcone, R. (2018, March 15). Sofacy Uses DealersChoice to Target European Government Agency. Retrieved June 4, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/03/unit42-sofacy-uses-dealerschoice-target-european-government-agency/","source":"MITRE","title":"Sofacy Uses DealersChoice to Target European Government Agency","authors":"Falcone, R","date_accessed":"2018-06-04T00:00:00Z","date_published":"2018-03-15T00:00:00Z","owner_name":null,"tidal_id":"8497fb02-fdfe-51e0-b6cf-420e122ecbe1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420370Z"},{"id":"c9c3251d-1852-4b33-80f9-6e321a05cc30","name":"SoftPerfect Network Scanner Product Page","description":"SoftPerfect. (2024, July 4). SoftPerfect Network Scanner Product Page. Retrieved October 6, 2024.","url":"https://www.softperfect.com/products/networkscanner/","source":"Tidal Cyber","title":"SoftPerfect Network Scanner Product Page","authors":"SoftPerfect","date_accessed":"2024-10-06T00:00:00Z","date_published":"2024-07-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bd76fdb0-997a-5f3c-a6ce-b8a068e4936c","created":"2024-10-07T13:12:50.393877Z","modified":"2024-10-07T13:12:50.794055Z"},{"id":"61b478d2-315c-4b94-8be2-4614003ece9f","name":"Sogeti Global February 28 2024","description":"Sogeti. (n.d.). Sogeti CERT ESEC Babuk March 2021. Retrieved December 12, 2024.","url":"https://www.sogeti.com/globalassets/common/other/cert-sogeti-esec/cybersec-chronicles/tlp-white-cybersecchronicles---babuk.pdf","source":"Tidal Cyber","title":"Sogeti CERT ESEC Babuk March 2021","authors":"Sogeti","date_accessed":"2024-12-12T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"1d285b5c-a09b-5b05-8745-af05a36f8c81","created":"2025-04-11T15:05:54.371066Z","modified":"2025-04-11T15:05:54.770385Z"},{"id":"ecbb602a-2427-5eba-8c2b-25d90c95f166","name":"Unit 42 SolarStorm December 2020","description":"Unit 42. (2020, December 23). SolarStorm Supply Chain Attack Timeline. Retrieved March 24, 2023.","url":"https://unit42.paloaltonetworks.com/solarstorm-supply-chain-attack-timeline/","source":"MITRE","title":"SolarStorm Supply Chain Attack Timeline","authors":"Unit 42","date_accessed":"2023-03-24T00:00:00Z","date_published":"2020-12-23T00:00:00Z","owner_name":null,"tidal_id":"44f4a59d-7d2e-5bc9-864d-b13c979d75fc","created":"2023-05-26T01:21:11.545464Z","modified":"2025-12-17T15:08:36.437575Z"},{"id":"50be20ca-48d1-4eb9-a25f-76935a0770b3","name":"Symantec Sunburst Sending Data January 2021","description":"Symantec Threat Hunter Team. (2021, January 22). SolarWinds: How Sunburst Sends Data Back to the Attackers. Retrieved January 22, 2021.","url":"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-sunburst-sending-data","source":"MITRE","title":"SolarWinds: How Sunburst Sends Data Back to the Attackers","authors":"Symantec Threat Hunter Team","date_accessed":"2021-01-22T00:00:00Z","date_published":"2021-01-22T00:00:00Z","owner_name":null,"tidal_id":"1776e9ae-02f9-55ed-8ea8-de640fd8da93","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442641Z"},{"id":"ad43df0c-bdac-43e2-bd86-640036367b6c","name":"Carnegie Mellon University Supernova Dec 2020","description":"Carnegie Mellon University. (2020, December 26). SolarWinds Orion API authentication bypass allows remote command execution. Retrieved February 22, 2021.","url":"https://www.kb.cert.org/vuls/id/843464","source":"MITRE","title":"SolarWinds Orion API authentication bypass allows remote command execution","authors":"Carnegie Mellon University","date_accessed":"2021-02-22T00:00:00Z","date_published":"2020-12-26T00:00:00Z","owner_name":null,"tidal_id":"09e48f60-2858-5ada-806e-8ff6dbc8e0f0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442004Z"},{"id":"4e8b908a-bdc5-441b-bc51-98dfa87f6b7a","name":"SolarWinds Advisory Dec 2020","description":"SolarWinds. (2020, December 24). SolarWinds Security Advisory. Retrieved February 22, 2021.","url":"https://www.solarwinds.com/sa-overview/securityadvisory","source":"MITRE","title":"SolarWinds Security Advisory","authors":"SolarWinds","date_accessed":"2021-02-22T00:00:00Z","date_published":"2020-12-24T00:00:00Z","owner_name":null,"tidal_id":"1b65695e-05c2-5c38-8dbc-3585f299f205","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421191Z"},{"id":"6fce30c3-17d6-42a0-8470-319e2930e573","name":"solution_monitor_dhcp_scopes","description":"Shoemaker, E. (2015, December 31). Solution: Monitor DHCP Scopes and Detect Man-in-the-Middle Attacks with PRTG and PowerShell. Retrieved September 12, 2024.","url":"https://web.archive.org/web/20231202025258/https://lockstepgroup.com/blog/monitor-dhcp-scopes-and-detect-man-in-the-middle-attacks/","source":"MITRE","title":"Solution: Monitor DHCP Scopes and Detect Man-in-the-Middle Attacks with PRTG and PowerShell","authors":"Shoemaker, E","date_accessed":"2024-09-12T00:00:00Z","date_published":"2015-12-31T00:00:00Z","owner_name":null,"tidal_id":"8cbfd8f5-6f43-5edc-a9b3-753aa162ed65","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430108Z"},{"id":"ae84e72a-56b3-4dc4-b053-d3766764ac0d","name":"Sekoia.io Blog July 23 2024","description":"Sekoia TDR; Felix Aimé; Pierre-Antoine D; Charles M; Grégoire Clermont; Jeremy Scion. (2024, July 23). Solving the 7777 Botnet enigma A cybersecurity quest. Retrieved July 24, 2024.","url":"https://blog.sekoia.io/solving-the-7777-botnet-enigma-a-cybersecurity-quest/","source":"Tidal Cyber","title":"Solving the 7777 Botnet enigma A cybersecurity quest","authors":"Sekoia TDR; Felix Aimé; Pierre-Antoine D; Charles M; Grégoire Clermont; Jeremy Scion","date_accessed":"2024-07-24T00:00:00Z","date_published":"2024-07-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"78d8fadb-f67d-5d02-876a-e4d8dc531a14","created":"2024-09-13T19:19:48.565677Z","modified":"2024-09-13T19:19:49.081665Z"},{"id":"07272bce-4354-50e7-98d8-b511777e877d","name":"Sekoia 7777 Botnet JUL 2024","description":"Aime, F. et al. (n.d.). Solving the 7777 Botnet enigma: A cybersecurity quest. Retrieved July 23, 2024.","url":"https://blog.sekoia.io/solving-the-7777-botnet-enigma-a-cybersecurity-quest/","source":"MITRE","title":"Solving the 7777 Botnet enigma: A cybersecurity quest","authors":"Aime, F. et al","date_accessed":"2024-07-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9dc2334b-1c83-53a4-877c-9fa841dccb0f","created":"2025-10-29T21:08:48.167654Z","modified":"2025-12-17T15:08:36.441111Z"},{"id":"2d0b780c-f8b4-53b1-9301-c135a292ae1f","name":"proofpoint_flubot_0421","description":"Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February","url":"https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon","source":"Mobile","title":"Soon","authors":"Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27)","date_accessed":"1978-02-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"27eac4da-fad8-55ba-8810-7ce1ad9e9815","created":"2026-01-28T13:08:10.042211Z","modified":"2026-01-28T13:08:10.042214Z"},{"id":"339ddf2f-1bef-5ecc-9531-0b671e016482","name":"Microsoft MalLockerB","description":"D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October","url":"https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/","source":"Mobile","title":"Sophisticated new Android malware marks the latest evolution of mobile ransomware","authors":"D. Venkatesan","date_accessed":"1978-10-01T00:00:00Z","date_published":"2020-10-08T00:00:00Z","owner_name":null,"tidal_id":"abc807fb-ccf2-57c8-a7bc-83f081930211","created":"2026-01-28T13:08:10.041166Z","modified":"2026-01-28T13:08:10.041169Z"},{"id":"5c4a933d-1e68-562e-a826-4df500732573","name":"sophos-bombing","description":"Mark Parsons, Colin Cowie, Daniel Souter, Hunter Neal, Anthony Bradshaw, Sean Gallagher. (2025, January 21). Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”. Retrieved January 31, 2025.","url":"https://news.sophos.com/en-us/2025/01/21/sophos-mdr-tracks-two-ransomware-campaigns-using-email-bombing-microsoft-teams-vishing/","source":"MITRE","title":"Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”","authors":"Mark Parsons, Colin Cowie, Daniel Souter, Hunter Neal, Anthony Bradshaw, Sean Gallagher","date_accessed":"2025-01-31T00:00:00Z","date_published":"2025-01-21T00:00:00Z","owner_name":null,"tidal_id":"f9dcb9a8-a13e-5949-84ce-d443790da85c","created":"2025-04-22T20:47:18.720433Z","modified":"2025-12-17T15:08:36.434134Z"},{"id":"98af96a6-98bb-4d81-bb0c-a550e765e6ac","name":"Sophos X-Ops Tweet September 13 2023","description":"SophosXOps. (2023, September 13). Sophos X-Ops Tweet September 13 2023. Retrieved September 22, 2023.","url":"https://twitter.com/SophosXOps/status/1702051374287007923","source":"Tidal Cyber","title":"Sophos X-Ops Tweet September 13 2023","authors":"SophosXOps","date_accessed":"2023-09-22T00:00:00Z","date_published":"2023-09-13T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"dc4159dc-114d-520a-8468-1bf00768aa2e","created":"2023-09-22T15:01:26.913157Z","modified":"2023-09-22T15:01:27.069179Z"},{"id":"a39354fc-334f-4f65-ba8a-56550f91710f","name":"Source Manual","description":"ss64. (n.d.). Source or Dot Operator. Retrieved May 21, 2019.","url":"https://ss64.com/bash/source.html","source":"MITRE","title":"Source or Dot Operator","authors":"ss64","date_accessed":"2019-05-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2cfed54e-eade-5759-a8be-198054408703","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428808Z"},{"id":"59658f8b-af24-5df5-8f7d-cb6b9cf7579e","name":"FireEye Southeast Asia Threat Landscape March 2015","description":"FireEye. (2015, March). SOUTHEAST ASIA: AN EVOLVING CYBER THREAT LANDSCAPE. Retrieved February 5, 2024.","url":"https://web.archive.org/web/20220122121143/https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/rpt-southeast-asia-threat-landscape.pdf","source":"MITRE","title":"SOUTHEAST ASIA: AN EVOLVING CYBER THREAT LANDSCAPE","authors":"FireEye","date_accessed":"2024-02-05T00:00:00Z","date_published":"2015-03-01T00:00:00Z","owner_name":null,"tidal_id":"e312f7cb-c769-5c48-b902-2cf8967c9a90","created":"2024-04-25T13:28:45.787513Z","modified":"2025-12-17T15:08:36.438349Z"},{"id":"d3aeb495-dcca-5768-9367-4169d749115d","name":"cleafy_sova_1122","description":"Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March","url":"https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly","source":"Mobile","title":"SOVA malware is back and is evolving rapidly","authors":"Francesco Lubatti, Federico Valentini","date_accessed":"1978-03-01T00:00:00Z","date_published":"2022-11-08T00:00:00Z","owner_name":null,"tidal_id":"8f7f8976-2678-5c41-909b-0b59c3ded67e","created":"2026-01-28T13:08:10.040418Z","modified":"2026-01-28T13:08:10.040422Z"},{"id":"14f49074-fc46-45d3-bf7e-30c896c39c07","name":"Symantec Sowbug Nov 2017","description":"Symantec Security Response. (2017, November 7). Sowbug: Cyber espionage group targets South American and Southeast Asian governments. Retrieved November 16, 2017.","url":"https://www.symantec.com/connect/blogs/sowbug-cyber-espionage-group-targets-south-american-and-southeast-asian-governments","source":"MITRE, Tidal Cyber","title":"Sowbug: Cyber espionage group targets South American and Southeast Asian governments","authors":"Symantec Security Response","date_accessed":"2017-11-16T00:00:00Z","date_published":"2017-11-07T00:00:00Z","owner_name":null,"tidal_id":"00b2109b-2858-5d8b-aaec-c7fa14845377","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.257485Z"},{"id":"143599bf-167b-4041-82c5-8612c3e81095","name":"NIST 800-63-3","description":"Grassi, P., et al. (2017, December 1). SP 800-63-3, Digital Identity Guidelines. Retrieved January 16, 2019.","url":"https://pages.nist.gov/800-63-3/sp800-63b.html","source":"MITRE","title":"SP 800-63-3, Digital Identity Guidelines","authors":"Grassi, P., et al","date_accessed":"2019-01-16T00:00:00Z","date_published":"2017-12-01T00:00:00Z","owner_name":null,"tidal_id":"47f2512d-4237-509a-8237-2875545a7065","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415712Z"},{"id":"70ad77af-88aa-4f06-a9cb-df9608157841","name":"Threatpost Hancitor","description":"Tom Spring. (2017, January 11). Spammers Revive Hancitor Downloader Campaigns. Retrieved August 13, 2020.","url":"https://threatpost.com/spammers-revive-hancitor-downloader-campaigns/123011/","source":"MITRE","title":"Spammers Revive Hancitor Downloader Campaigns","authors":"Tom Spring","date_accessed":"2020-08-13T00:00:00Z","date_published":"2017-01-11T00:00:00Z","owner_name":null,"tidal_id":"da36960b-f328-5a7c-968c-4245112fe576","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422258Z"},{"id":"8f0d6a8d-6bd4-4df5-aa28-70e1ec4b0b12","name":"CheckPoint SpeakUp Feb 2019","description":"Check Point Research. (2019, February 4). SpeakUp: A New Undetected Backdoor Linux Trojan. Retrieved April 17, 2019.","url":"https://research.checkpoint.com/speakup-a-new-undetected-backdoor-linux-trojan/","source":"MITRE","title":"SpeakUp: A New Undetected Backdoor Linux Trojan","authors":"Check Point Research","date_accessed":"2019-04-17T00:00:00Z","date_published":"2019-02-04T00:00:00Z","owner_name":null,"tidal_id":"e798d8e3-e59e-5e94-93aa-7eec8ecd2a39","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420948Z"},{"id":"de9817bc-1ac0-4f19-b5af-c402c874f431","name":"Cyfirma Kimsuky Spear Phishing","description":"Cyfirma. (2020, December 16). Spear Phishing Attack by N. Korean Hacking Group, Kimsuky. Retrieved October 30, 2023.","url":"https://www.cyfirma.com/outofband/n-korean-hacking-group-kimsuky-escalates-attacks/","source":"Tidal Cyber","title":"Spear Phishing Attack by N. Korean Hacking Group, Kimsuky","authors":"Cyfirma","date_accessed":"2023-10-30T00:00:00Z","date_published":"2020-12-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2a54b06a-4769-58db-b675-5499f7bcba9a","created":"2023-11-10T19:02:31.045059Z","modified":"2023-11-10T19:02:31.152411Z"},{"id":"b0632490-76be-4018-982d-4b73b3d13881","name":"Palo Alto Unit 42 OutSteel SaintBot February 2022","description":"Unit 42. (2022, February 25). Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot. Retrieved June 9, 2022.","url":"https://unit42.paloaltonetworks.com/ukraine-targeted-outsteel-saintbot/","source":"MITRE","title":"Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot","authors":"Unit 42","date_accessed":"2022-06-09T00:00:00Z","date_published":"2022-02-25T00:00:00Z","owner_name":null,"tidal_id":"b85d45cf-1283-55cc-97c5-fe178d79064d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419744Z"},{"id":"fc46f152-9ed7-4850-8127-7b1f486ef2fe","name":"Zscaler Bazar September 2020","description":"Sadique, M. and Singh, A. (2020, September 29). Spear Phishing Campaign Delivers Buer and Bazar Malware. Retrieved November 19, 2020.","url":"https://www.zscaler.com/blogs/research/spear-phishing-campaign-delivers-buer-and-bazar-malware","source":"MITRE","title":"Spear Phishing Campaign Delivers Buer and Bazar Malware","authors":"Sadique, M. and Singh, A","date_accessed":"2020-11-19T00:00:00Z","date_published":"2020-09-29T00:00:00Z","owner_name":null,"tidal_id":"941ed578-75ff-525c-be62-ebd2318af2b3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440611Z"},{"id":"927737c9-63a3-49a6-85dc-620e055aaf0a","name":"Reaqta MSXSL Spearphishing MAR 2018","description":"Admin. (2018, March 2). Spear-phishing campaign leveraging on MSXSL. Retrieved July 3, 2018.","url":"https://reaqta.com/2018/03/spear-phishing-campaign-leveraging-msxsl/","source":"MITRE","title":"Spear-phishing campaign leveraging on MSXSL","authors":"Admin","date_accessed":"2018-07-03T00:00:00Z","date_published":"2018-03-02T00:00:00Z","owner_name":null,"tidal_id":"e45be521-4819-5bfc-83ee-08e4dc08c604","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436184Z"},{"id":"d1509d15-04af-46bd-a6b1-30fbd179b257","name":"FireEye Regsvr32 Targeting Mongolian Gov","description":"Anubhav, A., Kizhakkinan, D. (2017, February 22). Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government. Retrieved February 24, 2017.","url":"https://www.fireeye.com/blog/threat-research/2017/02/spear_phishing_techn.html","source":"MITRE","title":"Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government","authors":"Anubhav, A., Kizhakkinan, D","date_accessed":"2017-02-24T00:00:00Z","date_published":"2017-02-22T00:00:00Z","owner_name":null,"tidal_id":"8db0bd67-e67b-552a-846c-6f52be92a1d1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430761Z"},{"id":"6a37e6eb-b767-4b10-9c39-660a42b19ddd","name":"FireEye admin@338 March 2014","description":"Moran, N. and Lanstein, A.. (2014, March 25). Spear Phishing the News Cycle: APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370. Retrieved April 15, 2016.","url":"https://www.fireeye.com/blog/threat-research/2014/03/spear-phishing-the-news-cycle-apt-actors-leverage-interest-in-the-disappearance-of-malaysian-flight-mh-370.html","source":"MITRE","title":"Spear Phishing the News Cycle: APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370","authors":"Moran, N. and Lanstein, A.","date_accessed":"2016-04-15T00:00:00Z","date_published":"2014-03-25T00:00:00Z","owner_name":null,"tidal_id":"aac03b4f-46ad-5712-9ce9-6f8bee17743c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420024Z"},{"id":"16bfc78d-3c16-4eb9-997d-1ada2e9d9aee","name":"National-Digital-Agency November 14 2025","description":"None Identified. (2025, November 14). SpearSpecter. Retrieved November 19, 2025.","url":"https://govextra.gov.il/national-digital-agency/cyber/research/spearspecter/","source":"Tidal Cyber","title":"SpearSpecter","authors":"None Identified","date_accessed":"2025-11-19T12:00:00Z","date_published":"2025-11-14T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d174fd6f-1a73-52be-81af-9dcb27dba8a5","created":"2025-11-26T19:37:28.503979Z","modified":"2025-11-26T19:37:28.650914Z"},{"id":"cc12cd2c-4f41-4d7b-902d-53c35eb41210","name":"Microsoft File Handlers","description":"Microsoft. (n.d.). Specifying File Handlers for File Name Extensions. Retrieved November 13, 2014.","url":"http://msdn.microsoft.com/en-us/library/bb166549.aspx","source":"MITRE","title":"Specifying File Handlers for File Name Extensions","authors":"Microsoft","date_accessed":"2014-11-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"03cfaa0e-5735-5497-a395-430491bf6902","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430722Z"},{"id":"894d7820-621c-50d0-84c1-dc6f625a75cf","name":"Spenneberg, Ralf, Maik Brggemann, and Hendrik Schwartke March 2016","description":"Spenneberg, Ralf, Maik Brggemann, and Hendrik Schwartke 2016, March 31 Plc-blaster: A worm living solely in the plc.. Retrieved 2017/09/19","url":"https://www.blackhat.com/docs/asia-16/materials/asia-16-Spenneberg-PLC-Blaster-A-Worm-Living-Solely-In-The-PLC-wp.pdf","source":"ICS","title":"Spenneberg, Ralf, Maik Brggemann, and Hendrik Schwartke March 2016","authors":"","date_accessed":"2017-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6e9dc62b-8874-55bb-8396-f83c07c7ecf2","created":"2026-01-28T13:08:18.175696Z","modified":"2026-01-28T13:08:18.175699Z"},{"id":"4b86c8c3-57b0-4558-be21-f928acb23f49","name":"GTFO split","description":"GTFOBins. (2020, November 13). split. Retrieved April 18, 2022.","url":"https://gtfobins.github.io/gtfobins/split/","source":"MITRE","title":"split","authors":"GTFOBins","date_accessed":"2022-04-18T00:00:00Z","date_published":"2020-11-13T00:00:00Z","owner_name":null,"tidal_id":"cd124ecf-83b2-5ef0-a5b5-fd16f20e5611","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428787Z"},{"id":"3a4dc770-8bfa-44e9-bb0e-f0af0ae92994","name":"split man page","description":"Torbjorn Granlund, Richard M. Stallman. (2020, March null). split(1) — Linux manual page. Retrieved March 25, 2022.","url":"https://man7.org/linux/man-pages/man1/split.1.html","source":"MITRE","title":"split(1) — Linux manual page","authors":"Torbjorn Granlund, Richard M. Stallman","date_accessed":"2022-03-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4ccdfc8c-5fc8-5eb4-903f-6dd9f3e04714","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428801Z"},{"id":"4f8abaae-1483-4bf6-a79c-6a801ae5a640","name":"Spoofing credential dialogs","description":"Johann Rehberger. (2021, April 18). Spoofing credential dialogs on macOS Linux and Windows. Retrieved August 19, 2021.","url":"https://embracethered.com/blog/posts/2021/spoofing-credential-dialogs/","source":"MITRE","title":"Spoofing credential dialogs on macOS Linux and Windows","authors":"Johann Rehberger","date_accessed":"2021-08-19T00:00:00Z","date_published":"2021-04-18T00:00:00Z","owner_name":null,"tidal_id":"6a6844da-b78b-56dd-9b4a-ccc36f81cf3c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433156Z"},{"id":"79d21506-07a8-444d-a2d7-c91de67c393e","name":"Infosecinstitute RTLO Technique","description":"Security Ninja. (2015, April 16). Spoof Using Right to Left Override (RTLO) Technique. Retrieved April 22, 2019.","url":"https://resources.infosecinstitute.com/spoof-using-right-to-left-override-rtlo-technique-2/","source":"MITRE","title":"Spoof Using Right to Left Override (RTLO) Technique","authors":"Security Ninja","date_accessed":"2019-04-22T00:00:00Z","date_published":"2015-04-16T00:00:00Z","owner_name":null,"tidal_id":"b26b83f0-344a-5987-968f-2e809ba30fa7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431391Z"},{"id":"425775e4-2948-5a73-a2d8-9a3edca74b1b","name":"BBC-malvertising","description":"BBC. (2011, March 29). Spotify ads hit by malware attack. Retrieved February 21, 2023.","url":"https://www.bbc.com/news/technology-12891182","source":"MITRE","title":"Spotify ads hit by malware attack","authors":"BBC","date_accessed":"2023-02-21T00:00:00Z","date_published":"2011-03-29T00:00:00Z","owner_name":null,"tidal_id":"845146b0-9c56-5ed5-9b28-5fcfc239931e","created":"2023-05-26T01:21:01.837506Z","modified":"2025-12-17T15:08:36.425341Z"},{"id":"c1fa6c1d-f11a-47d4-88fc-ec0a3dc44279","name":"NSA Spotting","description":"National Security Agency/Central Security Service Information Assurance Directorate. (2015, August 7). Spotting the Adversary with Windows Event Log Monitoring. Retrieved September 6, 2018.","url":"https://apps.nsa.gov/iaarchive/library/reports/spotting-the-adversary-with-windows-event-log-monitoring.cfm","source":"MITRE","title":"Spotting the Adversary with Windows Event Log Monitoring","authors":"National Security Agency/Central Security Service Information Assurance Directorate","date_accessed":"2018-09-06T00:00:00Z","date_published":"2015-08-07T00:00:00Z","owner_name":null,"tidal_id":"8d517c85-3ae6-5264-b1a5-44ebf9878390","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415650Z"},{"id":"98e3c7a6-d088-56e5-ae43-96c284cc6f94","name":"Elastic Latrodectus May 2024","description":"Stepanic, D. and Bousseaden, S. (2024, May 15). Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID. Retrieved September 13, 2024.","url":"https://www.elastic.co/security-labs/spring-cleaning-with-latrodectus","source":"MITRE","title":"Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID","authors":"Stepanic, D. and Bousseaden, S","date_accessed":"2024-09-13T00:00:00Z","date_published":"2024-05-15T00:00:00Z","owner_name":null,"tidal_id":"f0a9728b-26b8-57e5-b8d9-84e6570fa2c4","created":"2024-10-31T16:28:35.830679Z","modified":"2025-12-17T15:08:36.440366Z"},{"id":"ebb98b4b-062a-5b48-8318-e5f1244f907c","name":"Symantec Troll Stealer 2024","description":"Symantec Threat Hunter Team. (2024, May 16). Springtail: New Linux Backdoor Added to Toolkit. Retrieved January 17, 2025.","url":"https://www.security.com/threat-intelligence/springtail-kimsuky-backdoor-espionage","source":"MITRE","title":"Springtail: New Linux Backdoor Added to Toolkit","authors":"Symantec Threat Hunter Team","date_accessed":"2025-01-17T00:00:00Z","date_published":"2024-05-16T00:00:00Z","owner_name":null,"tidal_id":"db17399f-2027-5bd9-a231-91bb5d03cd8f","created":"2025-04-22T20:47:22.831601Z","modified":"2025-12-17T15:08:36.417644Z"},{"id":"23291efa-5a8b-5506-9929-971be63ac426","name":"PaloAlto-SpyDealer","description":"Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September","url":"https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/","source":"Mobile","title":"SpyDealer: Android Trojan Spying on More Than 40 Apps","authors":"Wenjun Hu, Cong Zheng and Zhi Xu","date_accessed":"1978-09-01T00:00:00Z","date_published":"2017-07-06T00:00:00Z","owner_name":null,"tidal_id":"36d02990-7b1c-520e-a78e-6895301bab0e","created":"2026-01-28T13:08:10.041038Z","modified":"2026-01-28T13:08:10.041041Z"},{"id":"942167c1-ed49-55c2-a145-e8af0b0ce20c","name":"Zscaler-SpyNote","description":"Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January","url":"https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app","source":"Mobile","title":"SpyNote RAT posing as Netflix app","authors":"Shivang Desai","date_accessed":"1978-01-01T00:00:00Z","date_published":"2017-01-23T00:00:00Z","owner_name":null,"tidal_id":"60d09871-3612-5672-85c4-ddb97261b652","created":"2026-01-28T13:08:10.039176Z","modified":"2026-01-28T13:08:10.039179Z"},{"id":"a156e24e-0da5-4ac7-b914-29f2f05e7d6f","name":"Villeneuve 2014","description":"Villeneuve, N., Homan, J. (2014, July 31). Spy of the Tiger. Retrieved September 29, 2015.","url":"https://www.fireeye.com/blog/threat-research/2014/07/spy-of-the-tiger.html","source":"MITRE, Tidal Cyber","title":"Spy of the Tiger","authors":"Villeneuve, N., Homan, J","date_accessed":"2015-09-29T00:00:00Z","date_published":"2014-07-31T00:00:00Z","owner_name":null,"tidal_id":"df50fdf6-631f-5615-861e-dbecaffbe5b7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.257650Z"},{"id":"793d6262-37af-46e1-a6b5-a5262f4a749d","name":"Sqldumper.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Sqldumper.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Sqldumper/","source":"Tidal Cyber","title":"Sqldumper.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bf1ed330-78d3-5842-b89e-4c6d7b69ae8f","created":"2024-01-12T14:47:29.403798Z","modified":"2024-01-12T14:47:29.580158Z"},{"id":"ac643245-d54f-470f-a393-26875c0877c8","name":"sqlmap Introduction","description":"Damele, B., Stampar, M. (n.d.). sqlmap. Retrieved March 19, 2018.","url":"http://sqlmap.org/","source":"MITRE","title":"sqlmap","authors":"Damele, B., Stampar, M","date_accessed":"2018-03-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1ee0eb9d-197d-5798-8be6-36c3a55cd98d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423191Z"},{"id":"31cc851a-c536-4cef-9391-d3c7d3eab64f","name":"Sqlps.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Sqlps.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Sqlps/","source":"Tidal Cyber","title":"Sqlps.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9c9e21e9-babe-5412-97d6-1bb051ebf602","created":"2024-01-12T14:47:29.774268Z","modified":"2024-01-12T14:47:29.960014Z"},{"id":"612c9569-80af-48d2-a853-0f6e3f55aa50","name":"SQLToolsPS.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). SQLToolsPS.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Sqltoolsps/","source":"Tidal Cyber","title":"SQLToolsPS.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e5863cbb-f1cd-5ce6-9838-694b494871d6","created":"2024-01-12T14:47:30.222253Z","modified":"2024-01-12T14:47:30.410960Z"},{"id":"952b5ca5-1251-4e27-bd30-5d55d7d2da5e","name":"Squirrel.exe - LOLBAS Project","description":"LOLBAS. (2019, June 26). Squirrel.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Squirrel/","source":"Tidal Cyber","title":"Squirrel.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2019-06-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fd4f92ab-faf4-52c7-a7d4-978c1e5a5654","created":"2024-01-12T14:47:30.593849Z","modified":"2024-01-12T14:47:30.778727Z"},{"id":"624a62db-f00f-45f9-89f6-2c3505b4979f","name":"ZScaler Squirrelwaffle Sep 2021","description":"Kumar, A., Stone-Gross, Brett. (2021, September 28). Squirrelwaffle: New Loader Delivering Cobalt Strike. Retrieved August 9, 2022.","url":"https://www.zscaler.com/blogs/security-research/squirrelwaffle-new-loader-delivering-cobalt-strike","source":"MITRE","title":"Squirrelwaffle: New Loader Delivering Cobalt Strike","authors":"Kumar, A., Stone-Gross, Brett","date_accessed":"2022-08-09T00:00:00Z","date_published":"2021-09-28T00:00:00Z","owner_name":null,"tidal_id":"66f1bf93-f1eb-583e-aec7-87cfd9c549d2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417932Z"},{"id":"5559895a-4647-438f-b3d5-6d6aa323a6f9","name":"Netskope Squirrelwaffle Oct 2021","description":"Palazolo, G. (2021, October 7). SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot. Retrieved August 9, 2022.","url":"https://www.netskope.com/blog/squirrelwaffle-new-malware-loader-delivering-cobalt-strike-and-qakbot","source":"MITRE","title":"SquirrelWaffle: New Malware Loader Delivering Cobalt Strike and QakBot","authors":"Palazolo, G","date_accessed":"2022-08-09T00:00:00Z","date_published":"2021-10-07T00:00:00Z","owner_name":null,"tidal_id":"cc4044b3-fcbb-52f4-87f1-020f18a1ae1c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417938Z"},{"id":"8019da01-3ec1-48e3-9f7f-27499e4ca35b","name":"hackread.com August 05 2015","description":"None Identified. (2015, August 5). Sri Lankan Prime Minister’s Office Website Hacked – Hackread – Cybersecurity News, Data Breaches, AI, and More. Retrieved January 20, 2026.","url":"https://hackread.com/sri-lankan-prime-ministers-office-website-hacked/","source":"Tidal Cyber","title":"Sri Lankan Prime Minister’s Office Website Hacked – Hackread – Cybersecurity News, Data Breaches, AI, and More","authors":"None Identified","date_accessed":"2026-01-20T12:00:00Z","date_published":"2015-08-05T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"18cd8079-5e83-5411-9075-c37f4973eeee","created":"2026-01-23T20:29:37.356617Z","modified":"2026-01-23T20:29:37.484638Z"},{"id":"ae30d67b-839e-48c9-ae6e-153a4b06575a","name":"SRWare Iron","description":"SRWare. (n.d.). SRWare Iron. Retrieved December 19, 2024.","url":"https://www.srware.net/iron/","source":"Tidal Cyber","title":"SRWare Iron","authors":"SRWare","date_accessed":"2024-12-19T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"4cf91c18-3820-5736-bf54-1b344c41d866","created":"2025-04-11T15:06:26.648993Z","modified":"2025-04-11T15:06:26.802851Z"},{"id":"cca40e87-1dde-58a3-8692-66d8a948d684","name":"Positive-SS7","description":"Positive Technologies. (n.d.). SS7 Attack Discovery. Retrieved December","url":"https://www.ptsecurity.com/upload/ptcom/PT-SS7-AD-Data-Sheet-eng.pdf","source":"Mobile","title":"SS7 Attack Discovery","authors":"Positive Technologies","date_accessed":"1978-12-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4876281d-3c82-52fe-9ebb-0fb55237f047","created":"2026-01-28T13:08:10.042994Z","modified":"2026-01-28T13:08:10.042997Z"},{"id":"4a4026e3-977a-4f25-aeee-794947f384b2","name":"Clockwork SSH Agent Hijacking","description":"Beuchler, B. (2012, September 28). SSH Agent Hijacking. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20210311184303/https://www.clockwork.com/news/2012/09/28/602/ssh_agent_hijacking/","source":"MITRE","title":"SSH Agent Hijacking","authors":"Beuchler, B","date_accessed":"2024-11-17T00:00:00Z","date_published":"2012-09-28T00:00:00Z","owner_name":null,"tidal_id":"b6488a09-d827-580f-9357-3e7443e696fa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429222Z"},{"id":"0d576bca-511d-40a2-9916-26832eb28861","name":"Symantec SSH and ssh-agent","description":"Hatch, B. (2004, November 22). SSH and ssh-agent. Retrieved January 8, 2018.","url":"https://www.symantec.com/connect/articles/ssh-and-ssh-agent","source":"MITRE","title":"SSH and ssh-agent","authors":"Hatch, B","date_accessed":"2018-01-08T00:00:00Z","date_published":"2004-11-22T00:00:00Z","owner_name":null,"tidal_id":"9ef79a61-c24d-574f-b660-a199c962d308","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415658Z"},{"id":"b1a9af1c-0cfc-4e8a-88ac-7d33cddc26a1","name":"ssh.exe - LOLBAS Project","description":"LOLBAS. (2021, November 8). ssh.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Ssh/","source":"Tidal Cyber","title":"ssh.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-11-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1cd3fc50-a694-5284-8128-52941bbb38c5","created":"2024-01-12T14:47:02.718806Z","modified":"2024-01-12T14:47:02.903711Z"},{"id":"ac5fc103-1946-488b-8af5-eda0636cbdd0","name":"SSH Secure Shell","description":"SSH.COM. (n.d.). SSH (Secure Shell). Retrieved March 23, 2020.","url":"https://www.ssh.com/ssh","source":"MITRE","title":"SSH (Secure Shell)","authors":"SSH.COM","date_accessed":"2020-03-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"aa2e5b00-d327-5666-bdc1-14142bacbdbd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429691Z"},{"id":"13280f38-0f17-42d3-9f92-693f1da60ffa","name":"SSH Tunneling","description":"SSH.COM. (n.d.). SSH tunnel. Retrieved March 15, 2020.","url":"https://www.ssh.com/ssh/tunneling","source":"MITRE","title":"SSH tunnel","authors":"SSH.COM","date_accessed":"2020-03-15T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"92eea8d6-8732-5681-9d36-066738b8f681","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429381Z"},{"id":"a8dc493f-2021-48fa-8f28-afd13756b789","name":"SSLShopper Lookup","description":"SSL Shopper. (n.d.). SSL Checker. Retrieved October 20, 2020.","url":"https://www.sslshopper.com/ssl-checker.html","source":"MITRE","title":"SSL Checker","authors":"SSL Shopper","date_accessed":"2020-10-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"cbcc26cc-a8b5-5d65-ad8e-2e0df4cf0bd1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424278Z"},{"id":"ed2af9d2-d4d6-5d62-b3a8-d6464e759827","name":"FireEye-SSL","description":"Adrian Mettler, Yulong Zhang, Vishwanath Raman. (2014, August 20). SSL VULNERABILITIES: WHO LISTENS WHEN ANDROID APPLICATIONS TALK?. Retrieved December","url":"https://www.fireeye.com/blog/threat-research/2014/08/ssl-vulnerabilities-who-listens-when-android-applications-talk.html","source":"Mobile","title":"SSL VULNERABILITIES: WHO LISTENS WHEN ANDROID APPLICATIONS TALK?","authors":"Adrian Mettler, Yulong Zhang, Vishwanath Raman","date_accessed":"1978-12-01T00:00:00Z","date_published":"2014-08-20T00:00:00Z","owner_name":null,"tidal_id":"f80617cb-8a6b-5397-b260-581e62fe486b","created":"2026-01-28T13:08:10.046048Z","modified":"2026-01-28T13:08:10.046050Z"},{"id":"f2ed1c28-8cde-4279-a04c-217a4dc68121","name":"Ubuntu SSSD Docs","description":"Ubuntu. (n.d.). SSSD. Retrieved September 23, 2021.","url":"https://ubuntu.com/server/docs/service-sssd","source":"MITRE","title":"SSSD","authors":"Ubuntu","date_accessed":"2021-09-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6660a42c-340c-5c99-b407-09c0afadcd85","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434385Z"},{"id":"d81e0274-76f4-43ce-b829-69f761e280dc","name":"Stantinko Botnet","description":"Vachon, F., Faou, M. (2017, July 20). Stantinko: A massive adware campaign operating covertly since 2012. Retrieved November 16, 2017.","url":"https://www.welivesecurity.com/2017/07/20/stantinko-massive-adware-campaign-operating-covertly-since-2012/","source":"MITRE","title":"Stantinko: A massive adware campaign operating covertly since 2012","authors":"Vachon, F., Faou, M","date_accessed":"2017-11-16T00:00:00Z","date_published":"2017-07-20T00:00:00Z","owner_name":null,"tidal_id":"42432174-0052-5ba8-887b-5629075f7872","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426519Z"},{"id":"68b16960-1893-51a1-b46c-974a09d4a0c4","name":"StarBlizzard","description":"Microsoft Threat Intelligence. (2023, December 7). Star Blizzard increases sophistication and evasion in ongoing attacks. Retrieved February 13, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2023/12/07/star-blizzard-increases-sophistication-and-evasion-in-ongoing-attacks/","source":"MITRE","title":"Star Blizzard increases sophistication and evasion in ongoing attacks","authors":"Microsoft Threat Intelligence","date_accessed":"2024-02-13T00:00:00Z","date_published":"2023-12-07T00:00:00Z","owner_name":null,"tidal_id":"acf264ff-7a57-54cf-80f5-bfe782aa9f61","created":"2024-04-25T13:28:41.102344Z","modified":"2025-12-17T15:08:36.436134Z"},{"id":"b7d41cde-18c8-4e15-a0ac-ca0afc127e33","name":"Amazon AWS","description":"Amazon. (n.d.). Start Building on AWS Today. Retrieved October 13, 2021.","url":"https://aws.amazon.com","source":"MITRE","title":"Start Building on AWS Today","authors":"Amazon","date_accessed":"2021-10-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1eb362d4-c7bb-542c-9eaf-29fc0525ea99","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437202Z"},{"id":"5969a1d0-7645-5a58-a461-446d49b63b17","name":"Docker Systemd","description":"Docker. (n.d.). Start containers automatically. Retrieved February 15, 2024.","url":"https://docs.docker.com/config/containers/start-containers-automatically/","source":"MITRE","title":"Start containers automatically","authors":"Docker","date_accessed":"2024-02-15T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4e0a0c4c-d7b4-5937-9321-2ea81a351e5e","created":"2024-04-25T13:28:38.597421Z","modified":"2025-12-17T15:08:36.433517Z"},{"id":"e36dd211-22e4-4b23-befb-fbfe1a84b866","name":"Startup Items","description":"Apple. (2016, September 13). Startup Items. Retrieved July 11, 2017.","url":"https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/StartupItems.html","source":"MITRE","title":"Startup Items","authors":"Apple","date_accessed":"2017-07-11T00:00:00Z","date_published":"2016-09-13T00:00:00Z","owner_name":null,"tidal_id":"3c3592ee-a8df-5e7e-b247-104cf94f5905","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425595Z"},{"id":"fdddb25b-22ba-4433-b25f-bad340ffc849","name":"Microsoft Safe Mode","description":"Microsoft. (n.d.). Start your PC in safe mode in Windows 10. Retrieved June 23, 2021.","url":"https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-10-92c27cff-db89-8644-1ce4-b3e5e56fe234","source":"MITRE","title":"Start your PC in safe mode in Windows 10","authors":"Microsoft","date_accessed":"2021-06-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d71e9ec7-a1c1-5628-8ae8-0bb6e83b9b90","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426587Z"},{"id":"e54415fe-40c2-55ff-9e75-881bc8a912b8","name":"Mandiant APT41","description":"Rufus Brown, Van Ta, Douglas Bienstock, Geoff Ackerman, John Wolfram. (2022, March 8). Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments. Retrieved July 8, 2022.","url":"https://www.mandiant.com/resources/apt41-us-state-governments","source":"MITRE","title":"State Governments","authors":"Rufus Brown, Van Ta, Douglas Bienstock, Geoff Ackerman, John Wolfram. (2022, March 8)","date_accessed":"2022-07-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"10ed74bb-d574-5111-a807-39ef824bb7f9","created":"2023-05-26T01:21:11.603137Z","modified":"2025-12-17T15:08:36.419402Z"},{"id":"c65cfdde-bc7f-5cd2-b1ee-066b7cc2eb6a","name":"Google Cloud APT41 2022","description":"Rufus Brown, Van Ta, Douglas Bienstock, Geoff Ackerman & John Wolfram. (2022, March 8). Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments. Retrieved September 16, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/apt41-us-state-governments","source":"MITRE","title":"State Governments","authors":"Rufus Brown, Van Ta, Douglas Bienstock, Geoff Ackerman & John Wolfram. (2022, March 8)","date_accessed":"2024-09-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f38d641b-3fdc-5706-a111-d7bfda4870fa","created":"2024-10-31T16:28:32.605716Z","modified":"2025-12-17T15:08:36.417834Z"},{"id":"7428e855-a965-5c67-b6c5-4874e48f612f","name":"Palo Alto Networks, Unit 42","description":"Robert Falcone. (2025, February 20). Stately Taurus Activity in Southeast Asia Links to Bookworm Malware. Retrieved July 21, 2025.","url":"https://unit42.paloaltonetworks.com/stately-taurus-uses-bookworm-malware/","source":"MITRE","title":"Stately Taurus Activity in Southeast Asia Links to Bookworm Malware","authors":"Robert Falcone","date_accessed":"2025-07-21T00:00:00Z","date_published":"2025-02-20T00:00:00Z","owner_name":null,"tidal_id":"d378e491-ea64-5af3-a4e1-75e1c2ad239f","created":"2025-10-29T21:08:48.164991Z","modified":"2025-12-17T15:08:36.417565Z"},{"id":"28d9290f-de56-540e-9211-fa0a96f5d42d","name":"CSIRT CTI MUSTANG PANDA PUBLOAD TONESHELL JAN 2024","description":"CSIRT CTI. (2024, January 23). Stately Taurus Targets Myanmar Amidst Concerns over Military Junta’s Handling of Rebel Attacks. Retrieved August 4, 2025.","url":"https://csirt-cti.net/2024/01/23/stately-taurus-targets-myanmar/","source":"MITRE","title":"Stately Taurus Targets Myanmar Amidst Concerns over Military Junta’s Handling of Rebel Attacks","authors":"CSIRT CTI","date_accessed":"2025-08-04T00:00:00Z","date_published":"2024-01-23T00:00:00Z","owner_name":null,"tidal_id":"ed815f1c-00e9-5d90-b432-32c562415efc","created":"2025-10-29T21:08:48.166823Z","modified":"2025-12-17T15:08:36.438543Z"},{"id":"c1c35f93-8115-475a-a6ea-f4d3e98a4dd6","name":"Czech Republic Cyber Attack Statement May 28 2025","description":"Czech Foreign Ministry. (2025, May 28). Statement by the Government of the Czech Republic on the Cyber Attack from the People´s Republic of China. Retrieved June 2, 2025.","url":"https://mzv.gov.cz/jnp/en/issues_and_press/press_releases/statement_by_the_government_of_the_czech.html","source":"Tidal Cyber","title":"Statement by the Government of the Czech Republic on the Cyber Attack from the People´s Republic of China","authors":"Czech Foreign Ministry","date_accessed":"2025-06-02T00:00:00Z","date_published":"2025-05-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8f542f8a-4006-5d5b-bde1-b05433f37ff0","created":"2025-06-03T14:14:13.177804Z","modified":"2025-06-03T14:14:13.368315Z"},{"id":"3a9d3273-2eb7-5585-b33c-ffcdd7546be5","name":"Frank Bajak and Marc Levy December 2023","description":"Frank Bajak and Marc Levy. (2023, December 2). Breaches by Iran-affiliated hackers spanned multiple U.S. states, federal agencies say. Retrieved March","url":"https://apnews.com/article/hackers-iran-israel-water-utilities-critical-infrastructure-cisa-554b2aa969c8220016ab2ef94bd7635b","source":"ICS","title":"states, federal agencies say","authors":"Frank Bajak and Marc Levy. (2023, December 2)","date_accessed":"1978-03-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"28d65d84-7224-511c-abcd-d4b60208c0c0","created":"2026-01-28T13:08:18.178726Z","modified":"2026-01-28T13:08:18.178729Z"},{"id":"179968be-f378-5de5-a9f6-8680b62b3236","name":"Huntio_GamaredonFlux_Apr2025","description":"Hunt.io. (2025, April 8). State-Sponsored Tactics: How Gamaredon and ShadowPad Operate and Rotate Their Infrastructure. Retrieved July 23, 2025.","url":"https://hunt.io/blog/state-sponsored-activity-gamaredon-shadowpad","source":"MITRE","title":"State-Sponsored Tactics: How Gamaredon and ShadowPad Operate and Rotate Their Infrastructure","authors":"Hunt.io","date_accessed":"2025-07-23T00:00:00Z","date_published":"2025-04-08T00:00:00Z","owner_name":null,"tidal_id":"f9a3c2ea-f730-50d4-8d36-4bf1e6203dd7","created":"2025-10-29T21:08:48.167371Z","modified":"2025-12-17T15:08:36.440151Z"},{"id":"9cee0681-3ad2-4b1d-8eeb-5160134f3069","name":"Twitter SquiblyTwo Detection APR 2018","description":"Desimone, J. (2018, April 18). Status Update. Retrieved September 12, 2024.","url":"https://x.com/dez_/status/986614411711442944","source":"MITRE","title":"Status Update","authors":"Desimone, J","date_accessed":"2024-09-12T00:00:00Z","date_published":"2018-04-18T00:00:00Z","owner_name":null,"tidal_id":"46118783-97c5-5485-ad21-8616ff71d2da","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436190Z"},{"id":"4f08a1a3-3cc5-5dfb-9190-2e4991e43d94","name":"MSFT-AI","description":"Microsoft Threat Intelligence. (2024, February 14). Staying ahead of threat actors in the age of AI. Retrieved March 11, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/","source":"MITRE","title":"Staying ahead of threat actors in the age of AI","authors":"Microsoft Threat Intelligence","date_accessed":"2024-03-11T00:00:00Z","date_published":"2024-02-14T00:00:00Z","owner_name":null,"tidal_id":"f7da1995-af81-5915-aaa5-bbf58aa51dac","created":"2024-04-25T13:28:29.737088Z","modified":"2025-12-17T15:08:36.424576Z"},{"id":"d772cb81-9a0c-5824-8d5a-51613f23f15d","name":"Google Cloud Threat Intelligence DPRK IT Workers 2024","description":"Codi Starks, Michael Barnhart, Taylor Long, Mike Lombardi, Joseph Pisano, and Alice Revelli. (2024, September 23). Staying a Step Ahead: Mitigating the DPRK IT Worker Threat. Retrieved March 26, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/mitigating-dprk-it-worker-threat/","source":"MITRE","title":"Staying a Step Ahead: Mitigating the DPRK IT Worker Threat","authors":"Codi Starks, Michael Barnhart, Taylor Long, Mike Lombardi, Joseph Pisano, and Alice Revelli","date_accessed":"2025-03-26T00:00:00Z","date_published":"2024-09-23T00:00:00Z","owner_name":null,"tidal_id":"b45e598b-7ba5-5085-b3cc-4412f6fc7783","created":"2025-04-22T20:47:17.950306Z","modified":"2025-12-17T15:08:36.433370Z"},{"id":"5d43542f-aad5-4ac5-b5b6-1a2b03222fc8","name":"Mandiant Endpoint Evading 2019","description":"Pena, E., Erikson, C. (2019, October 10). Staying Hidden on the Endpoint: Evading Detection with Shellcode. Retrieved November 29, 2021.","url":"https://www.mandiant.com/resources/staying-hidden-on-the-endpoint-evading-detection-with-shellcode","source":"MITRE","title":"Staying Hidden on the Endpoint: Evading Detection with Shellcode","authors":"Pena, E., Erikson, C","date_accessed":"2021-11-29T00:00:00Z","date_published":"2019-10-10T00:00:00Z","owner_name":null,"tidal_id":"160f32c6-ad3e-55b0-b189-ac274862ce47","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433582Z"},{"id":"d4ee5a4b-9e68-5e77-ae5b-e45942a7fd26","name":"Double Timestomping","description":"Matthew Dunwoody. (2022, April 28). I have seen double-timestomping ITW, including by APT29. Stay sharp out there.. Retrieved June 20, 2024.","url":"https://x.com/matthewdunwoody/status/1519846657646604289","source":"MITRE","title":"Stay sharp out there.","authors":"Matthew Dunwoody. (2022, April 28)","date_accessed":"2024-06-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ebfc6a7b-8a79-5b04-840c-528f355e97ab","created":"2024-10-31T16:28:20.348763Z","modified":"2025-12-17T15:08:36.428874Z"},{"id":"ca5b727d-f35b-4009-b4d4-21a69d41162d","name":"Sekoia.io Stealc February 20 2023","description":"Quentin Bourgue, Pierre Le Bourhis, Threat & Detection Research Team. (2023, February 20). Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part 1. Retrieved July 28, 2023.","url":"https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/","source":"Tidal Cyber","title":"Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part 1","authors":"Quentin Bourgue, Pierre Le Bourhis, Threat & Detection Research Team","date_accessed":"2023-07-28T00:00:00Z","date_published":"2023-02-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bd94146d-72ae-5e76-b7c3-cb13eb7eacad","created":"2024-06-13T20:10:35.278845Z","modified":"2024-06-13T20:10:35.467367Z"},{"id":"edd0cab4-48f7-48d8-a318-ced118af6a63","name":"Sekoia.io Stealc February 27 2023","description":"Pierre Le Bourhis, Quentin Bourgue, Threat & Detection Research Team. (2023, February 27). Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part 2. Retrieved July 28, 2023.","url":"https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/","source":"Tidal Cyber","title":"Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity – Part 2","authors":"Pierre Le Bourhis, Quentin Bourgue, Threat & Detection Research Team","date_accessed":"2023-07-28T00:00:00Z","date_published":"2023-02-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"55c32866-710b-56d4-b878-dbf6f21764f6","created":"2024-06-13T20:10:35.657233Z","modified":"2024-06-13T20:10:35.851210Z"},{"id":"ec94c043-92ef-4691-b21a-7ea68f39e338","name":"O365 Blog Azure AD Device IDs","description":"Syynimaa, N. (2022, February 15). Stealing and faking Azure AD device identities. Retrieved August 3, 2022.","url":"https://o365blog.com/post/deviceidentity/","source":"MITRE","title":"Stealing and faking Azure AD device identities","authors":"Syynimaa, N","date_accessed":"2022-08-03T00:00:00Z","date_published":"2022-02-15T00:00:00Z","owner_name":null,"tidal_id":"8e2f731f-f48e-5271-9dac-c0b4eb8c44ef","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431627Z"},{"id":"b5ef16c4-1db0-51e9-93ab-54a8e480debc","name":"AADInternals Azure AD Device Identities","description":"Dr. Nestori Syynimaa. (2022, February 15). Stealing and faking Azure AD device identities. Retrieved February 21, 2023.","url":"https://aadinternals.com/post/deviceidentity/","source":"MITRE","title":"Stealing and faking Azure AD device identities","authors":"Dr. Nestori Syynimaa","date_accessed":"2023-02-21T00:00:00Z","date_published":"2022-02-15T00:00:00Z","owner_name":null,"tidal_id":"d5fd2a89-80b3-5993-8f45-9417e203d908","created":"2023-05-26T01:21:06.299803Z","modified":"2025-12-17T15:08:36.430186Z"},{"id":"78ed9074-a46c-4ce6-ab7d-a587bd585dc5","name":"Carnal Ownage Password Filters Sept 2013","description":"Fuller, R. (2013, September 11). Stealing passwords every time they change. Retrieved November 21, 2017.","url":"http://carnal0wnage.attackresearch.com/2013/09/stealing-passwords-every-time-they.html","source":"MITRE","title":"Stealing passwords every time they change","authors":"Fuller, R","date_accessed":"2017-11-21T00:00:00Z","date_published":"2013-09-11T00:00:00Z","owner_name":null,"tidal_id":"5cdebed0-8171-5552-91d7-4e7ec448b08f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427712Z"},{"id":"6b79006d-f6de-489c-82fa-8c3c28d652ef","name":"CSM Elderwood Sept 2012","description":"Clayton, M.. (2012, September 14). Stealing US business secrets: Experts ID two huge cyber 'gangs' in China. Retrieved February 15, 2018.","url":"https://www.csmonitor.com/USA/2012/0914/Stealing-US-business-secrets-Experts-ID-two-huge-cyber-gangs-in-China","source":"MITRE","title":"Stealing US business secrets: Experts ID two huge cyber 'gangs' in China","authors":"Clayton, M.","date_accessed":"2018-02-15T00:00:00Z","date_published":"2012-09-14T00:00:00Z","owner_name":null,"tidal_id":"4e284824-651c-5495-bb8a-d8f6dd45bb4d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437358Z"},{"id":"0632aa3b-2687-4ca8-9d3a-b109f624f21e","name":"Cyble December 19 2025","description":"rohansinhacyblecom. (2025, December 19). Stealth In Layers: Unmasking The Loader Used In Targeted Email Campaigns. Retrieved January 12, 2026.","url":"https://cyble.com/blog/stealth-in-layers-unmasking-loader-in-targeted-email-campaigns/","source":"Tidal Cyber","title":"Stealth In Layers: Unmasking The Loader Used In Targeted Email Campaigns","authors":"rohansinhacyblecom","date_accessed":"2026-01-12T12:00:00Z","date_published":"2025-12-19T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c02ab781-031a-5b74-84ba-8cc508482284","created":"2026-01-14T13:29:42.413801Z","modified":"2026-01-14T13:29:42.563843Z"},{"id":"4fc41016-330d-51b1-bfb7-37c570f37233","name":"Lookout-StealthMango","description":"Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September","url":"https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf","source":"Mobile","title":"Stealth Mango & Tangelo","authors":"Lookout","date_accessed":"1978-09-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1215e6d3-3375-5939-9e17-f0cb08930f03","created":"2026-01-28T13:08:10.038862Z","modified":"2026-01-28T13:08:10.038865Z"},{"id":"bcccdab5-4709-5333-9708-d8addea010a9","name":"Low GroupIB xattrs nov 2024","description":"Sharmine Low. (2024, November 13). Stealthy Attributes of Lazarus APT Group: Evading Detection with Extended Attributes. Retrieved March 27, 2025.","url":"https://www.group-ib.com/blog/stealthy-attributes-of-apt-lazarus/","source":"MITRE","title":"Stealthy Attributes of Lazarus APT Group: Evading Detection with Extended Attributes","authors":"Sharmine Low","date_accessed":"2025-03-27T00:00:00Z","date_published":"2024-11-13T00:00:00Z","owner_name":null,"tidal_id":"a6256a1e-a7b3-5943-841a-d534cfb8d1b1","created":"2025-04-22T20:47:15.928521Z","modified":"2025-12-17T15:08:36.431288Z"},{"id":"5d0f12e2-919c-5a7f-8340-83577508368d","name":"wailing crab sub/pub","description":"Hammond, Charlotte. Villadsen, Ole. Metrick, Kat.. (2023, November 21). Stealthy WailingCrab Malware misuses MQTT Messaging Protocol. Retrieved August 28, 2024.","url":"https://securityintelligence.com/x-force/wailingcrab-malware-misues-mqtt-messaging-protocol/","source":"MITRE","title":"Stealthy WailingCrab Malware misuses MQTT Messaging Protocol","authors":"Hammond, Charlotte. Villadsen, Ole. Metrick, Kat.","date_accessed":"2024-08-28T00:00:00Z","date_published":"2023-11-21T00:00:00Z","owner_name":null,"tidal_id":"099500fd-35b9-56a0-9413-caebddf4cf23","created":"2024-10-31T16:28:17.987814Z","modified":"2025-12-17T15:08:36.426343Z"},{"id":"20680f73-85ff-5caa-b06f-ba7623a84ef5","name":"Stephen Hilt, Federico Maggi, Charles Perine, Lord Remorin, Martin Rsler, and Rainer Vosseler","description":"Stephen Hilt, Federico Maggi, Charles Perine, Lord Remorin, Martin Rsler, and Rainer Vosseler Mark Thompson 2016, March 24 Iranian Cyber Attack on New York Dam Shows Future of War. Retrieved 2019/11/07","url":"https://documents.trendmicro.com/assets/white_papers/wp-caught-in-the-act-running-a-realistic-factory-honeypot-to-capture-real-threats.pdf","source":"ICS","title":"Stephen Hilt, Federico Maggi, Charles Perine, Lord Remorin, Martin Rsler, and Rainer Vosseler","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ca1c228c-5b00-5edf-8239-2c81b4d7193e","created":"2026-01-28T13:08:18.178426Z","modified":"2026-01-28T13:08:18.178429Z"},{"id":"f903146d-b63d-4771-8d53-28ef137c9349","name":"DEFCON2016 Sticky Keys","description":"Maldonado, D., McGuffin, T. (2016, August 6). Sticky Keys to the Kingdom. Retrieved July 5, 2017.","url":"https://www.slideshare.net/DennisMaldonado5/sticky-keys-to-the-kingdom","source":"MITRE","title":"Sticky Keys to the Kingdom","authors":"Maldonado, D., McGuffin, T","date_accessed":"2017-07-05T00:00:00Z","date_published":"2016-08-06T00:00:00Z","owner_name":null,"tidal_id":"61ffb21b-6dbb-50db-a4d8-ea2582d19ae2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431215Z"},{"id":"4a89916f-3919-41fd-bf93-27f25a2363f5","name":"The DFIR Report Stolen Images Conti","description":"The DFIR Report. (2023, April 4). Stolen Images Campaign Ends in Conti Ransomware. Retrieved June 23, 2023.","url":"https://thedfirreport.com/2022/04/04/stolen-images-campaign-ends-in-conti-ransomware/","source":"Tidal Cyber","title":"Stolen Images Campaign Ends in Conti Ransomware","authors":"The DFIR Report","date_accessed":"2023-06-23T00:00:00Z","date_published":"2023-04-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"086d02a8-cba1-520a-9902-53374fd19dc5","created":"2023-07-14T12:56:32.316464Z","modified":"2023-07-14T12:56:32.420993Z"},{"id":"6d3b31da-a784-4da0-91dd-b72c04fd520a","name":"Netscout Stolen Pencil Dec 2018","description":"ASERT team. (2018, December 5). STOLEN PENCIL Campaign Targets Academia. Retrieved February 5, 2019.","url":"https://asert.arbornetworks.com/stolen-pencil-campaign-targets-academia/","source":"MITRE","title":"STOLEN PENCIL Campaign Targets Academia","authors":"ASERT team","date_accessed":"2019-02-05T00:00:00Z","date_published":"2018-12-05T00:00:00Z","owner_name":null,"tidal_id":"c8c25445-6474-536f-9145-6ebbe13bab1b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438395Z"},{"id":"bd034cc8-29e2-4d58-a72a-161b831191b7","name":"FireEye VBA stomp Feb 2020","description":"Cole, R., Moore, A., Stark, G., Stancill, B. (2020, February 5). STOMP 2 DIS: Brilliance in the (Visual) Basics. Retrieved September 17, 2020.","url":"https://www.fireeye.com/blog/threat-research/2020/01/stomp-2-dis-brilliance-in-the-visual-basics.html","source":"MITRE","title":"STOMP 2 DIS: Brilliance in the (Visual) Basics","authors":"Cole, R., Moore, A., Stark, G., Stancill, B","date_accessed":"2020-09-17T00:00:00Z","date_published":"2020-02-05T00:00:00Z","owner_name":null,"tidal_id":"4a54b1dc-4e33-5912-905f-79c79dd59879","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434576Z"},{"id":"64d72689-0c7a-480a-a295-6321fc0d82fc","name":"Symantec Stonefly April 27 2022","description":"Threat Hunter Team. (2022, April 27). Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets. Retrieved July 26, 2024.","url":"https://symantec-enterprise-blogs.security.com/threat-intelligence/stonefly-north-korea-espionage","source":"Tidal Cyber","title":"Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets","authors":"Threat Hunter Team","date_accessed":"2024-07-26T00:00:00Z","date_published":"2022-04-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4995c0c7-3900-5898-bd6d-9ad830c13569","created":"2024-08-02T14:58:08.255852Z","modified":"2024-08-02T14:58:08.467958Z"},{"id":"affb4d4f-5c96-4c27-b702-b8ad9bc8e1b3","name":"Stopping CloudTrail from Sending Events to CloudWatch Logs","description":"Amazon Web Services. (n.d.). Stopping CloudTrail from Sending Events to CloudWatch Logs. Retrieved October 16, 2020.","url":"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/stop-cloudtrail-from-sending-events-to-cloudwatch-logs.html","source":"MITRE","title":"Stopping CloudTrail from Sending Events to CloudWatch Logs","authors":"Amazon Web Services","date_accessed":"2020-10-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c5bc322d-b825-5416-afd6-2bdd244d7a2d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434673Z"},{"id":"a541a027-733c-438f-a723-6f7e8e6f354c","name":"McAfee Virtual Jan 2017","description":"Roccia, T. (2017, January 19). Stopping Malware With a Fake Virtual Machine. Retrieved April 17, 2019.","url":"https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/stopping-malware-fake-virtual-machine/","source":"MITRE","title":"Stopping Malware With a Fake Virtual Machine","authors":"Roccia, T","date_accessed":"2019-04-17T00:00:00Z","date_published":"2017-01-19T00:00:00Z","owner_name":null,"tidal_id":"1d468db6-ac30-5c02-9724-33bc6b46f8fd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426704Z"},{"id":"a988084f-1a58-4e5b-a616-ed31d311cccf","name":"Checkpoint Dridex Jan 2021","description":"Check Point Research. (2021, January 4). Stopping Serial Killer: Catching the Next Strike. Retrieved September 7, 2021.","url":"https://research.checkpoint.com/2021/stopping-serial-killer-catching-the-next-strike/","source":"MITRE","title":"Stopping Serial Killer: Catching the Next Strike","authors":"Check Point Research","date_accessed":"2021-09-07T00:00:00Z","date_published":"2021-01-04T00:00:00Z","owner_name":null,"tidal_id":"69ccd7f8-5bae-58f5-8cef-dee040182b84","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422294Z"},{"id":"2e8cf25e-1c06-4f14-a6aa-cb7b876ad5be","name":"U.S. CISA Akira April 18 2024","description":"Cybersecurity and Infrastructure Security Agency. (2024, April 18). #StopRansomware: Akira Ransomware. Retrieved April 19, 2024.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-109a","source":"Tidal Cyber","title":"#StopRansomware: Akira Ransomware","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2024-04-19T00:00:00Z","date_published":"2024-04-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ef060b55-5941-5354-9222-8df22fb0ac55","created":"2024-04-19T16:48:15.289918Z","modified":"2024-04-19T16:48:15.471274Z"},{"id":"bfa99833-7ddf-576a-958c-adac87da09c8","name":"CISA Akira Ransomware APR 2024","description":"CISA et al. (2024, April 18). #StopRansomware: Akira Ransomware. Retrieved December 10, 2024.","url":"https://www.cisa.gov/sites/default/files/2024-04/aa24-109a-stopransomware-akira-ransomware_2.pdf","source":"MITRE","title":"#StopRansomware: Akira Ransomware","authors":"CISA et al","date_accessed":"2024-12-10T00:00:00Z","date_published":"2024-04-18T00:00:00Z","owner_name":null,"tidal_id":"0a04ec5b-18bd-5179-911c-7a18cb9c9cbb","created":"2025-04-22T20:47:23.772035Z","modified":"2025-12-17T15:08:36.418469Z"},{"id":"7d344877-cf01-4356-b806-8a1505054b15","name":"U.S. CISA Akira November 13 2025","description":"Cybersecurity and Infrastructure Security Agency. (2025, November 13). #StopRansomware: Akira Ransomware (November 2025 Update). Retrieved November 13, 2025.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-109a","source":"Tidal Cyber","title":"#StopRansomware: Akira Ransomware (November 2025 Update)","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2025-11-13T12:00:00Z","date_published":"2025-11-13T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d4d994cd-6ede-5d31-b7da-5076d8212d60","created":"2025-11-19T17:44:51.909528Z","modified":"2025-11-19T17:44:52.055030Z"},{"id":"d28d64cf-b5db-4438-8c5c-907ce5f55f69","name":"U.S. CISA ALPHV Blackcat December 2023","description":"Cybersecurity and Infrastructure Security Agency. (2023, December 19). #StopRansomware: ALPHV Blackcat. Retrieved December 19, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a","source":"Tidal Cyber","title":"#StopRansomware: ALPHV Blackcat","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-12-19T00:00:00Z","date_published":"2023-12-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"38c950b5-b39a-58f2-979f-6ca8cee95a0e","created":"2023-12-22T16:35:57.886446Z","modified":"2023-12-22T16:35:58.053854Z"},{"id":"d419a317-6599-4fc5-91d1-a4c2bc83bf6a","name":"U.S. CISA AvosLocker October 11 2023","description":"Cybersecurity and Infrastructure Security Agency. (2023, October 11). #StopRansomware: AvosLocker Ransomware (Update). Retrieved October 20, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-284a","source":"Tidal Cyber","title":"#StopRansomware: AvosLocker Ransomware (Update)","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-10-20T00:00:00Z","date_published":"2023-10-11T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e733981e-88ed-598a-9ad1-1ed45b645b42","created":"2023-10-20T15:14:17.143695Z","modified":"2023-10-20T15:14:17.496856Z"},{"id":"aa52e826-f292-41f6-985d-0282230c8948","name":"U.S. CISA BianLian Ransomware May 2023","description":"Cybersecurity and Infrastructure Security Agency. (2023, May 16). #StopRansomware: BianLian Ransomware Group. Retrieved May 18, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-136a","source":"Tidal Cyber","title":"#StopRansomware: BianLian Ransomware Group","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-05-18T00:00:00Z","date_published":"2023-05-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b658f8c6-7214-5547-a37a-7fc4635233cd","created":"2023-07-14T12:56:30.584593Z","modified":"2023-07-14T12:56:30.691153Z"},{"id":"10fed6c7-4d73-49cd-9170-3f67d06365ca","name":"U.S. CISA Black Basta May 10 2024","description":"Cybersecurity and Infrastructure Security Agency. (2024, May 10). #StopRansomware: Black Basta. Retrieved May 13, 2024.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a","source":"Tidal Cyber","title":"#StopRansomware: Black Basta","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2024-05-13T00:00:00Z","date_published":"2024-05-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a76b7395-ade5-5903-8ee7-47601eb5cae8","created":"2024-05-14T19:29:45.323354Z","modified":"2024-05-14T19:29:46.156599Z"},{"id":"07e48ca8-b965-4234-b04a-dfad45d58b22","name":"U.S. CISA CL0P CVE-2023-34362 Exploitation","description":"Cybersecurity and Infrastructure Security Agency. (2023, June 7). #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability. Retrieved July 27, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a","source":"Tidal Cyber","title":"#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-07-27T00:00:00Z","date_published":"2023-06-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"db510c3f-ee00-5882-96d3-b8607d5aa115","created":"2023-07-28T16:33:34.507560Z","modified":"2023-07-28T16:33:34.613999Z"},{"id":"d6ed5172-a319-45b0-b1cb-d270a2a48fa3","name":"U.S. CISA Cuba Ransomware October 2022","description":"Cybersecurity and Infrastructure Security Agency. (2023, January 5). #StopRansomware: Cuba Ransomware. Retrieved May 19, 2023.","url":"https://www.cisa.gov/uscert/ncas/alerts/aa22-335a","source":"Tidal Cyber","title":"#StopRansomware: Cuba Ransomware","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-05-19T00:00:00Z","date_published":"2023-01-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fdde506e-ddce-52a7-9dd8-06b33af3e5ea","created":"2024-06-13T20:10:29.506521Z","modified":"2024-06-13T20:10:29.685805Z"},{"id":"cbf5ecfb-de79-41cc-8250-01790ff6e89b","name":"U.S. CISA Daixin Team October 2022","description":"Cybersecurity and Infrastructure Security Agency. (2022, October 26). #StopRansomware: Daixin Team. Retrieved May 19, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-294a","source":"Tidal Cyber","title":"#StopRansomware: Daixin Team","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-05-19T00:00:00Z","date_published":"2022-10-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"876e8701-8377-50ff-8846-3b5f9bd35159","created":"2023-12-01T14:42:10.109221Z","modified":"2023-12-01T14:42:10.246134Z"},{"id":"d3b3cebd-3428-4d71-a81e-a7cb6248e3b7","name":"U.S. CISA Ghost Cring Ransomware February 19 2025","description":"Cybersecurity and Infrastructure Security Agency. (2025, February 19). #StopRansomware: Ghost (Cring) Ransomware. Retrieved February 23, 2025.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-050a","source":"Tidal Cyber","title":"#StopRansomware: Ghost (Cring) Ransomware","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2025-02-23T00:00:00Z","date_published":"2025-02-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1adcd6a5-d245-5dd4-b506-401bc08dd207","created":"2025-02-24T20:28:33.980878Z","modified":"2025-02-24T20:28:34.160680Z"},{"id":"fce322e6-5e23-404a-acf8-cd003f00c79d","name":"U.S. CISA Hive November 25 2022","description":"Cybersecurity and Infrastructure Security Agency. (2022, November 25). #StopRansomware: Hive Ransomware. Retrieved June 18, 2024.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-321a","source":"Tidal Cyber","title":"#StopRansomware: Hive Ransomware","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2024-06-18T00:00:00Z","date_published":"2022-11-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"de65251c-5c11-56f3-b9ec-ff61b4a80446","created":"2024-06-24T14:58:40.597631Z","modified":"2024-06-24T14:58:40.805831Z"},{"id":"4da07d81-4647-470b-9ee0-34e853bfe68e","name":"U.S. CISA Interlock Ransomware July 22 2025","description":"U.S. Cybersecurity and Infrastructure Security Agency. (2025, July 22). #StopRansomware: Interlock. Retrieved July 23, 2025.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-203a","source":"Tidal Cyber","title":"#StopRansomware: Interlock","authors":"U.S. Cybersecurity and Infrastructure Security Agency","date_accessed":"2025-07-23T12:00:00Z","date_published":"2025-07-22T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"94f6b0e6-8b22-5439-9002-74305d44f4fd","created":"2025-07-24T19:09:35.545687Z","modified":"2025-07-24T19:09:35.904499Z"},{"id":"4a62ae6b-0baf-56f0-8a2e-3b0761b5de91","name":"CISA LockBit 2023","description":"CISA. (2023, March 16). #StopRansomware: LockBit 3.0. Retrieved March 24, 2025.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a","source":"MITRE","title":"#StopRansomware: LockBit 3.0","authors":"CISA","date_accessed":"2025-03-24T00:00:00Z","date_published":"2023-03-16T00:00:00Z","owner_name":null,"tidal_id":"bd7cd8b3-251c-5c45-84ea-f36fe47e1d07","created":"2025-04-22T20:47:14.508243Z","modified":"2025-12-17T15:08:36.429936Z"},{"id":"06de9247-ce40-4709-a17a-a65b8853758b","name":"U.S. CISA LockBit 3.0 March 2023","description":"Cybersecurity and Infrastructure Security Agency. (2023, March 16). #StopRansomware: LockBit 3.0. Retrieved May 19, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a","source":"Tidal Cyber","title":"#StopRansomware: LockBit 3.0","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-05-19T00:00:00Z","date_published":"2023-03-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c82f998f-54e4-5d09-a9be-001eb3f8d73f","created":"2023-08-18T18:56:14.411578Z","modified":"2023-08-18T18:56:14.555099Z"},{"id":"b08902da-d993-51eb-acbf-8ac410bc6cb0","name":"Joint Cybersecurity Advisory LockBit 3.0 MAR 2023","description":"FBI et al. (2023, March 16). #StopRansomware: LockBit 3.0. Retrieved February 5, 2025.","url":"https://www.cisa.gov/sites/default/files/2023-03/aa23-075a-stop-ransomware-lockbit.pdf","source":"MITRE","title":"#StopRansomware: LockBit 3.0","authors":"FBI et al","date_accessed":"2025-02-05T00:00:00Z","date_published":"2023-03-16T00:00:00Z","owner_name":null,"tidal_id":"5db70c9e-bb4c-58db-ae0e-1f33608e5aa7","created":"2025-04-22T20:47:27.477430Z","modified":"2025-12-17T15:08:36.419457Z"},{"id":"21f56e0c-9605-4fbb-9cb1-f868ba6eb053","name":"U.S. CISA LockBit Citrix Bleed November 21 2023","description":"Cybersecurity and Infrastructure Security Agency. (2023, November 21). #StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability. Retrieved November 30, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a","source":"Tidal Cyber","title":"#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-11-30T00:00:00Z","date_published":"2023-11-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"060e4b4c-304c-5552-94fd-bd57780b1b5b","created":"2023-12-01T14:42:08.841994Z","modified":"2023-12-01T14:42:09.209965Z"},{"id":"48b34fb3-c346-4165-a4c6-caeaa9b02dba","name":"U.S. CISA MedusaLocker August 11 2022","description":"Cybersecurity and Infrastructure Security Agency. (2022, August 11). #StopRansomware: MedusaLocker. Retrieved August 4, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-181a","source":"Tidal Cyber","title":"#StopRansomware: MedusaLocker","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-08-04T00:00:00Z","date_published":"2022-08-11T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5326abae-e0d2-53e6-81e7-2724fc5a97c3","created":"2023-08-11T21:14:12.233474Z","modified":"2023-08-11T21:14:12.412348Z"},{"id":"16dc8fe1-73fa-4f8a-92a0-b1fac2908c47","name":"U.S. CISA Medusa Ransomware March 12 2025","description":"Cybersecurity and Infrastructure Security Agency. (2025, March 12). #StopRansomware: Medusa Ransomware. Retrieved March 13, 2025.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a","source":"Tidal Cyber","title":"#StopRansomware: Medusa Ransomware","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2025-03-13T00:00:00Z","date_published":"2025-03-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5dd6f846-a774-5e6c-9bba-0d929275e9a7","created":"2025-03-17T18:33:05.871229Z","modified":"2025-03-17T18:33:07.244932Z"},{"id":"bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a","name":"U.S. CISA Phobos February 29 2024","description":"Cybersecurity and Infrastructure Security Agency. (2024, February 29). #StopRansomware: Phobos Ransomware. Retrieved March 7, 2024.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a","source":"Tidal Cyber","title":"#StopRansomware: Phobos Ransomware","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2024-03-07T00:00:00Z","date_published":"2024-02-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7c8088e7-c672-5772-bfe7-a3addae33e5f","created":"2024-03-07T21:00:45.685660Z","modified":"2024-03-07T21:00:45.903829Z"},{"id":"ad96148c-8230-4923-86fd-4b1da211db1a","name":"U.S. CISA Play Ransomware December 2023","description":"Cybersecurity and Infrastructure Security Agency. (2023, December 18). #StopRansomware: Play Ransomware. Retrieved December 18, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a","source":"Tidal Cyber","title":"#StopRansomware: Play Ransomware","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-12-18T00:00:00Z","date_published":"2023-12-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e6720e1f-9124-50f1-90f1-4195a0aec421","created":"2023-12-22T16:35:58.625045Z","modified":"2023-12-22T16:35:58.796184Z"},{"id":"b47f5430-25d4-5502-9219-674daed4e2c5","name":"CISA Play Ransomware Advisory December 2023","description":"CISA. (2023, December 18). #StopRansomware: Play Ransomware AA23-352A. Retrieved September 24, 2024.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a","source":"MITRE","title":"#StopRansomware: Play Ransomware AA23-352A","authors":"CISA","date_accessed":"2024-09-24T00:00:00Z","date_published":"2023-12-18T00:00:00Z","owner_name":null,"tidal_id":"4c28a6e1-2f43-58a5-8601-b393dae66404","created":"2024-10-31T16:28:31.681828Z","modified":"2025-12-17T15:08:36.417427Z"},{"id":"af338cbd-6416-4dee-95c7-6915f78e2604","name":"U.S. CISA RansomHub Ransomware August 29 2024","description":"Cybersecurity and Infrastructure Security Agency. (2024, August 29). #StopRansomware: RansomHub Ransomware. Retrieved September 3, 2024.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a","source":"Tidal Cyber","title":"#StopRansomware: RansomHub Ransomware","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2024-09-03T00:00:00Z","date_published":"2024-08-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"dbcaadf3-fdf3-54eb-96a5-9c3b5c26bcd8","created":"2024-09-04T12:49:09.471105Z","modified":"2024-09-04T12:49:09.692806Z"},{"id":"c333b637-e2e7-5167-8871-ec612750f996","name":"CISA RansomHub AUG 2024","description":"CISA et al. (2024, August 29). #StopRansomware: RansomHub Ransomware. Retrieved March 17, 2025.","url":"https://www.cisa.gov/sites/default/files/2024-09/aa24-242a-stopransomware-ransomhub-ransomware_1.pdf","source":"MITRE","title":"#StopRansomware: RansomHub Ransomware","authors":"CISA et al","date_accessed":"2025-03-17T00:00:00Z","date_published":"2024-08-29T00:00:00Z","owner_name":null,"tidal_id":"8fed4661-5ef1-570b-a90b-9c9a8a6227a3","created":"2025-04-22T20:47:26.291229Z","modified":"2025-12-17T15:08:36.417117Z"},{"id":"6d902955-d9a9-4ec1-8dd4-264f7594605e","name":"U.S. CISA Rhysida Ransomware November 15 2023","description":"Cybersecurity and Infrastructure Security Agency. (2023, November 15). #StopRansomware: Rhysida Ransomware. Retrieved November 16, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a","source":"Tidal Cyber","title":"#StopRansomware: Rhysida Ransomware","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-11-16T00:00:00Z","date_published":"2023-11-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6c6dbf28-12d0-5afa-88ef-66c5f98921c4","created":"2023-11-17T17:09:17.224532Z","modified":"2023-11-17T17:09:17.324867Z"},{"id":"81baa61e-13c3-51e0-bf22-08383dbfb2a1","name":"CISA Royal AA23-061A March 2023","description":"CISA. (2023, March 2). #StopRansomware: Royal Ransomware. Retrieved March 31, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a","source":"MITRE","title":"#StopRansomware: Royal Ransomware","authors":"CISA","date_accessed":"2023-03-31T00:00:00Z","date_published":"2023-03-02T00:00:00Z","owner_name":null,"tidal_id":"125f5dab-3ad9-5e7f-abd1-c398737b84c5","created":"2023-05-26T01:21:16.441166Z","modified":"2025-12-17T15:08:36.419854Z"},{"id":"dd094572-da2e-4e54-9e54-b243dd4fcd2b","name":"#StopRansomware: Royal Ransomware | CISA","description":"Cybersecurity and Infrastructure Security Agency. (2023, March 2). #StopRansomware: Royal Ransomware | CISA. Retrieved May 10, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a","source":"Tidal Cyber","title":"#StopRansomware: Royal Ransomware | CISA","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-05-10T00:00:00Z","date_published":"2023-03-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"91db830a-8777-50d8-8025-3c9ef31ee0d9","created":"2024-03-07T21:00:45.276583Z","modified":"2024-03-07T21:00:45.513572Z"},{"id":"0a754513-5f20-44a0-8cea-c5d9519106c8","name":"U.S. CISA Vice Society September 2022","description":"Cybersecurity and Infrastructure Security Agency. (2022, September 8). #StopRansomware: Vice Society. Retrieved May 19, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-249a-0","source":"Tidal Cyber","title":"#StopRansomware: Vice Society","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-05-19T00:00:00Z","date_published":"2022-09-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0e6a8df3-6ed4-521d-985f-c5dfc1bb4e8f","created":"2023-11-17T17:09:16.034211Z","modified":"2023-11-17T17:09:16.361891Z"},{"id":"42d98de2-8c9a-4cc4-b5a1-9778c0da3286","name":"U.S. CISA Zeppelin Ransomware August 11 2022","description":"Cybersecurity and Infrastructure Security Agency. (2022, August 11). #StopRansomware: Zeppelin Ransomware. Retrieved September 19, 2024.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-223a","source":"Tidal Cyber","title":"#StopRansomware: Zeppelin Ransomware","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2024-09-19T00:00:00Z","date_published":"2022-08-11T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"89eaf10c-1fe7-5dc4-853e-af2186097477","created":"2024-09-20T15:08:28.952278Z","modified":"2024-09-20T15:08:29.391466Z"},{"id":"5e52a211-7ef6-42bd-93a1-5902f5e1c2ea","name":"Stordiag.exe - LOLBAS Project","description":"LOLBAS. (2021, October 21). Stordiag.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Stordiag/","source":"Tidal Cyber","title":"Stordiag.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-10-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c9b323e4-b549-5694-85e1-c5a4be209b15","created":"2024-01-12T14:47:03.100295Z","modified":"2024-01-12T14:47:03.331203Z"},{"id":"5be9afb8-749e-45a2-8e86-b5e6dc167b41","name":"Pentestlab Stored Credentials","description":"netbiosX. (2017, April 19). Stored Credentials. Retrieved April 6, 2018.","url":"https://pentestlab.blog/2017/04/19/stored-credentials/","source":"MITRE","title":"Stored Credentials","authors":"netbiosX","date_accessed":"2018-04-06T00:00:00Z","date_published":"2017-04-19T00:00:00Z","owner_name":null,"tidal_id":"a03e4f3a-f39a-56c3-8055-4b36a52bae3c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426986Z"},{"id":"d3b9df24-b776-4658-9bb4-f43a2fe0094c","name":"store_pwd_rev_enc","description":"Microsoft. (2021, October 28). Store passwords using reversible encryption. Retrieved January 3, 2022.","url":"https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption","source":"MITRE","title":"Store passwords using reversible encryption","authors":"Microsoft","date_accessed":"2022-01-03T00:00:00Z","date_published":"2021-10-28T00:00:00Z","owner_name":null,"tidal_id":"26068940-958b-5cd0-a1ca-16c3cf9ed6e8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435209Z"},{"id":"acee642f-25de-48d7-a566-5bdfe804b8b3","name":"Microsoft Security Blog August 27 2025","description":"Microsoft Threat Intelligence. (2025, August 27). Storm-0501’s evolving techniques lead to cloud-based ransomware . Retrieved August 28, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2025/08/27/storm-0501s-evolving-techniques-lead-to-cloud-based-ransomware/","source":"Tidal Cyber","title":"Storm-0501’s evolving techniques lead to cloud-based ransomware","authors":"Microsoft Threat Intelligence","date_accessed":"2025-08-28T12:00:00Z","date_published":"2025-08-27T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"982a242d-24b1-5e19-a004-2d5da74063a5","created":"2025-09-04T13:57:51.054964Z","modified":"2025-09-04T13:57:51.181041Z"},{"id":"bf05138b-f690-4b0f-ba10-9af71f7d9bfc","name":"Microsoft Security Blog September 26 2024","description":"Microsoft Threat Intelligence. (2024, September 26). Storm-0501 Ransomware attacks expanding to hybrid cloud environments . Retrieved September 27, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/","source":"Tidal Cyber","title":"Storm-0501 Ransomware attacks expanding to hybrid cloud environments","authors":"Microsoft Threat Intelligence","date_accessed":"2024-09-27T00:00:00Z","date_published":"2024-09-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a3a7598f-fd95-5d65-94fb-79c3ae77c133","created":"2024-10-04T20:31:31.789092Z","modified":"2024-10-04T20:31:32.149801Z"},{"id":"af1f0d36-3f0f-5f49-b5fa-8b6f8bf15020","name":"Microsoft Storm-501 Sabbath Ransomware Embargo September 2024","description":"Microsoft Threat Intelligence. (2024, September 26). Storm-0501: Ransomware attacks expanding to hybrid cloud environments. Retrieved October 19, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/","source":"MITRE","title":"Storm-0501: Ransomware attacks expanding to hybrid cloud environments","authors":"Microsoft Threat Intelligence","date_accessed":"2025-10-19T00:00:00Z","date_published":"2024-09-26T00:00:00Z","owner_name":null,"tidal_id":"d1d550fa-c3fa-56f5-871a-b96a84406e76","created":"2025-10-29T21:08:48.166987Z","modified":"2025-12-17T15:08:36.438712Z"},{"id":"a3b3ad77-6119-59da-899a-d9cfa840f18c","name":"Microsoft Storm-0501 Embargo Ransomware August 2025","description":"Microsoft Threat Intelligence. (2025, August 27). Storm-0501’s evolving techniques lead to cloud-based ransomware. Retrieved October 19, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2025/08/27/storm-0501s-evolving-techniques-lead-to-cloud-based-ransomware/","source":"MITRE","title":"Storm-0501’s evolving techniques lead to cloud-based ransomware","authors":"Microsoft Threat Intelligence","date_accessed":"2025-10-19T00:00:00Z","date_published":"2025-08-27T00:00:00Z","owner_name":null,"tidal_id":"7a605d0b-a187-538a-b3d5-ad488eebe6f1","created":"2025-10-29T21:08:48.167001Z","modified":"2025-12-17T15:08:36.438718Z"},{"id":"617633df-1d6d-57e9-afcb-1d8079bbb45a","name":"RedCanary Storm-1811 2024","description":"Red Canary Intelligence. (2024, December 2). Storm-1811 exploits RMM tools to drop Black Basta ransomware. Retrieved March 14, 2025.","url":"https://redcanary.com/blog/threat-intelligence/storm-1811-black-basta/","source":"MITRE","title":"Storm-1811 exploits RMM tools to drop Black Basta ransomware","authors":"Red Canary Intelligence","date_accessed":"2025-03-14T00:00:00Z","date_published":"2024-12-02T00:00:00Z","owner_name":null,"tidal_id":"ba3f0172-e7f2-5b33-84a1-7bb1ca982896","created":"2025-04-22T20:47:23.349145Z","modified":"2025-12-17T15:08:36.438464Z"},{"id":"321cf27a-327d-4824-84d0-56634d3b86f5","name":"IBM Storwize","description":"IBM Support. (2017, April 26). Storwize USB Initialization Tool may contain malicious code. Retrieved May 28, 2019.","url":"https://www-01.ibm.com/support/docview.wss?uid=ssg1S1010146&myns=s028&mynp=OCSTHGUJ&mynp=OCSTLM5A&mynp=OCSTLM6B&mynp=OCHW206&mync=E&cm_sp=s028-_-OCSTHGUJ-OCSTLM5A-OCSTLM6B-OCHW206-_-E","source":"MITRE","title":"Storwize USB Initialization Tool may contain malicious code","authors":"IBM Support","date_accessed":"2019-05-28T00:00:00Z","date_published":"2017-04-26T00:00:00Z","owner_name":null,"tidal_id":"bd192bf8-c3af-54a6-bf07-5d41d2546745","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428305Z"},{"id":"03b1ef5a-aa63-453a-affc-aa0caf174ce4","name":"G Data Sodinokibi June 2019","description":"Han, Karsten. (2019, June 4). Strange Bits: Sodinokibi Spam, CinaRAT, and Fake G DATA. Retrieved August 4, 2020.","url":"https://www.gdatasoftware.com/blog/2019/06/31724-strange-bits-sodinokibi-spam-cinarat-and-fake-g-data","source":"MITRE","title":"Strange Bits: Sodinokibi Spam, CinaRAT, and Fake G DATA","authors":"Han, Karsten","date_accessed":"2020-08-04T00:00:00Z","date_published":"2019-06-04T00:00:00Z","owner_name":null,"tidal_id":"4e810d6c-ac76-560b-ab9a-3387a28cdd04","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421034Z"},{"id":"13aaf904-9625-5f52-93c1-3d70ff48d304","name":"unit42_strat_aged_domain_det","description":"Chen, Z. et al. (2021, December 29). Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends. Retrieved July","url":"https://unit42.paloaltonetworks.com/strategically-aged-domain-detection/","source":"Mobile","title":"Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends","authors":"Chen, Z. et al","date_accessed":"1978-07-01T00:00:00Z","date_published":"2021-12-29T00:00:00Z","owner_name":null,"tidal_id":"529b4d1c-b474-5ce0-8163-93730966a045","created":"2026-01-28T13:08:10.046688Z","modified":"2026-01-28T13:08:10.046693Z"},{"id":"af2b24a5-e929-5654-be3d-cf49eefa0366","name":"Fortgale StrelaStealer 2023","description":"Fortgale. (2023, September 18). StrelaStealer Malware Analysis. Retrieved December 31, 2024.","url":"https://fortgale.com/blog/malware-analysis/strelastealer-malware-analysis-2/","source":"MITRE","title":"StrelaStealer Malware Analysis","authors":"Fortgale","date_accessed":"2024-12-31T00:00:00Z","date_published":"2023-09-18T00:00:00Z","owner_name":null,"tidal_id":"aa35d3d3-5dd4-548c-9418-026d399706a9","created":"2025-04-22T20:47:27.964597Z","modified":"2025-12-17T15:08:36.420524Z"},{"id":"91669435-fd83-5c21-9a64-9c7621d543f1","name":"IBM StrelaStealer 2024","description":"Golo Mühr, Joe Fasulo & Charlotte Hammond, IBM X-Force. (2024, November 12). Strela Stealer: Today’s invoice is tomorrow’s phish. Retrieved December 31, 2024.","url":"https://securityintelligence.com/x-force/strela-stealer-todays-invoice-tomorrows-phish/","source":"MITRE","title":"Strela Stealer: Today’s invoice is tomorrow’s phish","authors":"Golo Mühr, Joe Fasulo & Charlotte Hammond, IBM X-Force","date_accessed":"2024-12-31T00:00:00Z","date_published":"2024-11-12T00:00:00Z","owner_name":null,"tidal_id":"bc1d7986-52d9-5c2e-a31c-740ea856bc4d","created":"2025-04-22T20:47:27.972187Z","modified":"2025-12-17T15:08:36.420531Z"},{"id":"d7097b1e-507b-4626-9cef-39367c09f722","name":"Windows Blogs Microsoft Edge Sandbox","description":"Cowan, C. (2017, March 23). Strengthening the Microsoft Edge Sandbox. Retrieved March 12, 2018.","url":"https://blogs.windows.com/msedgedev/2017/03/23/strengthening-microsoft-edge-sandbox/","source":"MITRE","title":"Strengthening the Microsoft Edge Sandbox","authors":"Cowan, C","date_accessed":"2018-03-12T00:00:00Z","date_published":"2017-03-23T00:00:00Z","owner_name":null,"tidal_id":"05d7b103-dc99-5cbe-b53a-77e67bda5b21","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415842Z"},{"id":"dc9cfd06-54fb-553c-b538-1e93fed6c538","name":"ComputerWeekly Strider","description":"Warwick Ashford. (2016, August 8). Strider cyber attack group deploying malware for espionage. Retrieved January 10, 2024.","url":"https://www.computerweekly.com/news/450302128/Strider-cyber-attack-group-deploying-malware-for-espionage","source":"MITRE","title":"Strider cyber attack group deploying malware for espionage","authors":"Warwick Ashford","date_accessed":"2024-01-10T00:00:00Z","date_published":"2016-08-08T00:00:00Z","owner_name":null,"tidal_id":"f63d3546-7796-5322-80ff-45f3fba7f2e5","created":"2024-04-25T13:28:52.136239Z","modified":"2025-12-17T15:08:36.441569Z"},{"id":"664eac41-257f-4d4d-aba5-5d2e8e2117a7","name":"Symantec Strider Blog","description":"Symantec Security Response. (2016, August 7). Strider: Cyberespionage group turns eye of Sauron on targets. Retrieved August 17, 2016.","url":"http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets","source":"MITRE, Tidal Cyber","title":"Strider: Cyberespionage group turns eye of Sauron on targets","authors":"Symantec Security Response","date_accessed":"2016-08-17T00:00:00Z","date_published":"2016-08-07T00:00:00Z","owner_name":null,"tidal_id":"f797be2a-1ca2-5310-8f23-167ef28900d6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.259700Z"},{"id":"30c911b2-9a5e-4510-a78c-c65e84398c7e","name":"Cybereason StrifeWater Feb 2022","description":"Cybereason Nocturnus. (2022, February 1). StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations. Retrieved August 15, 2022.","url":"https://www.cybereason.com/blog/research/strifewater-rat-iranian-apt-moses-staff-adds-new-trojan-to-ransomware-operations","source":"MITRE","title":"StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations","authors":"Cybereason Nocturnus","date_accessed":"2022-08-15T00:00:00Z","date_published":"2022-02-01T00:00:00Z","owner_name":null,"tidal_id":"ddee8c7f-f2fe-5519-b7ad-5f4b66443906","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422537Z"},{"id":"55f6c2fe-9357-59a5-9e59-3bce399b4a84","name":"trendmicro_strongpity","description":"Dong, Z. et al. (2021, July 21). StrongPity APT Group Deploys Android Malware for the First Time. Retrieved March","url":"https://www.trendmicro.com/en_za/research/21/g/strongpity-apt-group-deploys-android-malware-for-the-first-time.html","source":"Mobile","title":"StrongPity APT Group Deploys Android Malware for the First Time","authors":"Dong, Z. et al","date_accessed":"1978-03-01T00:00:00Z","date_published":"2021-07-21T00:00:00Z","owner_name":null,"tidal_id":"d8e5ee45-086f-5c84-9ac4-dd6c0f58b363","created":"2026-01-28T13:08:10.046766Z","modified":"2026-01-28T13:08:10.046769Z"},{"id":"7d2e20f2-20ba-4d51-9495-034c07be41a8","name":"Bitdefender StrongPity June 2020","description":"Tudorica, R. et al. (2020, June 30). StrongPity APT - Revealing Trojanized Tools, Working Hours and Infrastructure. Retrieved July 20, 2020.","url":"https://www.bitdefender.com/files/News/CaseStudies/study/353/Bitdefender-Whitepaper-StrongPity-APT.pdf","source":"MITRE","title":"StrongPity APT - Revealing Trojanized Tools, Working Hours and Infrastructure","authors":"Tudorica, R. et al","date_accessed":"2020-07-20T00:00:00Z","date_published":"2020-06-30T00:00:00Z","owner_name":null,"tidal_id":"6aca782d-6e66-54e4-a9ed-42360e11bab4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417313Z"},{"id":"1b89df2c-e756-599a-9f7f-a5230db9de46","name":"welivesec_strongpity","description":"Stefanko, L. (2023, January 10). StrongPity espionage campaign targeting Android users. Retrieved January 31, 2023.","url":"https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users/","source":"MITRE","title":"StrongPity espionage campaign targeting Android users","authors":"Stefanko, L","date_accessed":"2023-01-31T00:00:00Z","date_published":"2023-01-10T00:00:00Z","owner_name":null,"tidal_id":"d639aec9-eb52-5829-be75-cfbf1eae4947","created":"2024-04-25T13:28:42.470927Z","modified":"2025-12-17T15:08:36.439594Z"},{"id":"0a65008c-acdd-40fa-af1a-3d9941af8eac","name":"Microsoft STRONTIUM New Patterns Cred Harvesting Sept 2020","description":"Microsoft Threat Intelligence Center (MSTIC). (2020, September 10). STRONTIUM: Detecting new patterns in credential harvesting. Retrieved September 11, 2020.","url":"https://www.microsoft.com/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harvesting/","source":"MITRE","title":"STRONTIUM: Detecting new patterns in credential harvesting","authors":"Microsoft Threat Intelligence Center (MSTIC)","date_accessed":"2020-09-11T00:00:00Z","date_published":"2020-09-10T00:00:00Z","owner_name":null,"tidal_id":"cb9b4f38-7966-5a27-85e9-3857d976d536","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437943Z"},{"id":"632aa5ee-ae5f-5edd-8c6e-b46bd0e6aa8f","name":"CISA ICS Advisory ICSA-10-238-01B Stuxnet January 2014","description":"CISA. (2014, January 08). Stuxnet Malware Mitigation (Update B). Retrieved October","url":"https://www.us-cert.gov/ics/advisories/ICSA-10-238-01B","source":"ICS","title":"Stuxnet Malware Mitigation (Update B)","authors":"CISA","date_accessed":"1978-10-01T00:00:00Z","date_published":"2014-01-08T00:00:00Z","owner_name":null,"tidal_id":"acf23829-5985-5e07-9ee5-c73d4882006d","created":"2026-01-28T13:08:18.175542Z","modified":"2026-01-28T13:08:18.175545Z"},{"id":"d75052ee-8faf-5eeb-a87b-50e3e5b0da42","name":"SCADAhacker Stuxnet Mitigation Jan 2014","description":"Joel Langill. (2014, January 21). Stuxnet Mitigation. Retrieved October","url":"https://scadahacker.com/resources/stuxnet-mitigation.html","source":"ICS","title":"Stuxnet Mitigation","authors":"Joel Langill","date_accessed":"1978-10-01T00:00:00Z","date_published":"2014-01-21T00:00:00Z","owner_name":null,"tidal_id":"82e6058e-42c8-5e8e-8ee0-fc2370f95a56","created":"2026-01-28T13:08:18.175567Z","modified":"2026-01-28T13:08:18.175571Z"},{"id":"4ec039a9-f843-42de-96ed-185c4e8c2d9f","name":"ESET Stuxnet Under the Microscope","description":"Matrosov, A., Rodionov, E., Harley, D., Malcho, J.. (n.d.). Stuxnet Under the Microscope. Retrieved December 7, 2020.","url":"https://web-assets.esetstatic.com/wls/2012/11/Stuxnet_Under_the_Microscope.pdf","source":"MITRE","title":"Stuxnet Under the Microscope","authors":"Matrosov, A., Rodionov, E., Harley, D., Malcho, J.","date_accessed":"2020-12-07T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5942afcc-039e-5d25-9503-9294fb1696cd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416767Z"},{"id":"6ef42019-5393-423e-811d-29b728c877e1","name":"subTee .NET Profilers May 2017","description":"Smith, C. (2017, May 18). Subvert CLR Process Listing With .NET Profilers. Retrieved June 24, 2020.","url":"https://web.archive.org/web/20170720041203/http://subt0x10.blogspot.com/2017/05/subvert-clr-process-listing-with-net.html","source":"MITRE","title":"Subvert CLR Process Listing With .NET Profilers","authors":"Smith, C","date_accessed":"2020-06-24T00:00:00Z","date_published":"2017-05-18T00:00:00Z","owner_name":null,"tidal_id":"3d1cfb83-ed03-57f0-97bb-55c79515a6aa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436999Z"},{"id":"0b6e7651-0e17-4101-ab2b-22cb09fe1691","name":"SpectorOps Subverting Trust Sept 2017","description":"Graeber, M. (2017, September). Subverting Trust in Windows. Retrieved January 31, 2018.","url":"https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf","source":"MITRE","title":"Subverting Trust in Windows","authors":"Graeber, M","date_accessed":"2018-01-31T00:00:00Z","date_published":"2017-09-01T00:00:00Z","owner_name":null,"tidal_id":"f286fbb0-a7c3-51c9-9886-2a7cd9c1e2a2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416377Z"},{"id":"8711c175-e405-4cb0-8c86-8aaa471e5573","name":"Symantec Suckfly March 2016","description":"DiMaggio, J. (2016, March 15). Suckfly: Revealing the secret life of your code signing certificates. Retrieved August 3, 2016.","url":"http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates","source":"MITRE, Tidal Cyber","title":"Suckfly: Revealing the secret life of your code signing certificates","authors":"DiMaggio, J","date_accessed":"2016-08-03T00:00:00Z","date_published":"2016-03-15T00:00:00Z","owner_name":null,"tidal_id":"18913c5f-497f-5614-a1c9-11d225848c48","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.261146Z"},{"id":"659d4302-d4cf-41af-8007-aa1da0208aa0","name":"sudo man page 2018","description":"Todd C. Miller. (2018). Sudo Man Page. Retrieved March 19, 2018.","url":"https://www.sudo.ws/","source":"MITRE","title":"Sudo Man Page","authors":"Todd C. Miller","date_accessed":"2018-03-19T00:00:00Z","date_published":"2018-01-01T00:00:00Z","owner_name":null,"tidal_id":"2f6fc555-1c3f-5839-9dbe-65f5fda9a3eb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425298Z"},{"id":"c5d94f7f-f796-4872-9a19-f030c825588e","name":"FireEye SUNBURST Additional Details Dec 2020","description":"Stephen Eckels, Jay Smith, William Ballenthin. (2020, December 24). SUNBURST Additional Technical Details. Retrieved January 6, 2021.","url":"https://www.fireeye.com/blog/threat-research/2020/12/sunburst-additional-technical-details.html","source":"MITRE","title":"SUNBURST Additional Technical Details","authors":"Stephen Eckels, Jay Smith, William Ballenthin","date_accessed":"2021-01-06T00:00:00Z","date_published":"2020-12-24T00:00:00Z","owner_name":null,"tidal_id":"eb4860df-6aa8-554a-b650-1185abddb6cd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440023Z"},{"id":"a6b75979-af51-42ed-9bb9-01d5fb9ceac9","name":"Check Point Sunburst Teardrop December 2020","description":"Check Point Research. (2020, December 22). SUNBURST, TEARDROP and the NetSec New Normal. Retrieved January 6, 2021.","url":"https://research.checkpoint.com/2020/sunburst-teardrop-and-the-netsec-new-normal/","source":"MITRE","title":"SUNBURST, TEARDROP and the NetSec New Normal","authors":"Check Point Research","date_accessed":"2021-01-06T00:00:00Z","date_published":"2020-12-22T00:00:00Z","owner_name":null,"tidal_id":"e306c494-2d32-5c76-a4ef-1c21fbe6597c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441780Z"},{"id":"4e3d9201-83d4-5375-b3b7-e00dfb16342d","name":"CheckPoint Sunburst & Teardrop December 2020","description":"Check Point Research. (2020, December 22). SUNBURST, TEARDROP and the NetSec New Normal. Retrieved January 6, 2021.","url":"https://research.checkpoint.com/2020/sunburst-teardrop-and-the-netsec-new-normal/","source":"MITRE","title":"SUNBURST, TEARDROP and the NetSec New Normal","authors":"Check Point Research","date_accessed":"2021-01-06T00:00:00Z","date_published":"2020-12-22T00:00:00Z","owner_name":null,"tidal_id":"c6e137b3-3b23-5f79-be0e-c30516390fc5","created":"2023-05-26T01:21:19.556137Z","modified":"2025-12-17T15:08:36.441328Z"},{"id":"055d23b6-8ca0-560a-a6a5-1a2c6f2cfc7f","name":"sunny-stolen-credentials","description":"Lukáš Štefanko. (2017, February 22). Sunny with a chance of stolen credentials: Malicious weather app found on Google Play. Retrieved July","url":"https://www.welivesecurity.com/2017/02/22/sunny-chance-stolen-credentials-malicious-weather-app-found-google-play/","source":"Mobile","title":"Sunny with a chance of stolen credentials: Malicious weather app found on Google Play","authors":"Lukáš Štefanko","date_accessed":"1978-07-01T00:00:00Z","date_published":"2017-02-22T00:00:00Z","owner_name":null,"tidal_id":"4af42095-8e8a-5d82-aa83-b7f3456b510e","created":"2026-01-28T13:08:10.046588Z","modified":"2026-01-28T13:08:10.046591Z"},{"id":"3a7b71cf-961a-4f63-84a8-31b43b18fb95","name":"CrowdStrike SUNSPOT Implant January 2021","description":"CrowdStrike Intelligence Team. (2021, January 11). SUNSPOT: An Implant in the Build Process. Retrieved January 11, 2021.","url":"https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/","source":"MITRE","title":"SUNSPOT: An Implant in the Build Process","authors":"CrowdStrike Intelligence Team","date_accessed":"2021-01-11T00:00:00Z","date_published":"2021-01-11T00:00:00Z","owner_name":null,"tidal_id":"4ed68689-80b5-53fb-9e71-d067eb2296bb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421478Z"},{"id":"cda75ff4-6f09-53d8-9bed-32d0e88cb8c6","name":"Cyber Security News","description":"Kaaviya. (n.d.). SuperBlack Actors Exploiting Two Fortinet Vulnerabilities to Deploy Ransomware. Retrieved September 22, 2025.","url":"https://cybersecuritynews.com/superblack-actors-exploiting-two-fortinet-vulnerabilities/","source":"MITRE","title":"SuperBlack Actors Exploiting Two Fortinet Vulnerabilities to Deploy Ransomware","authors":"Kaaviya","date_accessed":"2025-09-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"08f723a3-5386-5e15-9e41-e5327e4947f3","created":"2025-10-29T21:08:48.165866Z","modified":"2025-12-17T15:08:36.428216Z"},{"id":"3d554c05-992c-41f3-99f4-6b0baac56b3a","name":"Kaspersky Superfish","description":"Onuma. (2015, February 24). Superfish: Adware Preinstalled on Lenovo Laptops. Retrieved February 20, 2017.","url":"https://www.kaspersky.com/blog/lenovo-pc-with-adware-superfish-preinstalled/7712/","source":"MITRE","title":"Superfish: Adware Preinstalled on Lenovo Laptops","authors":"Onuma","date_accessed":"2017-02-20T00:00:00Z","date_published":"2015-02-24T00:00:00Z","owner_name":null,"tidal_id":"44aefd01-c42a-5a82-81bb-708740da0981","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434462Z"},{"id":"7ca6ca12-dcae-5a3b-ac8b-00523a4ec5d7","name":"Zscaler-SuperMarioRun","description":"Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January","url":"https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat","source":"Mobile","title":"Super Mario Run Malware #2 – DroidJack RAT","authors":"Viral Gandhi","date_accessed":"1978-01-01T00:00:00Z","date_published":"2017-01-12T00:00:00Z","owner_name":null,"tidal_id":"f9e5ecce-d334-5b91-9b54-62270ca1b484","created":"2026-01-28T13:08:10.038810Z","modified":"2026-01-28T13:08:10.038813Z"},{"id":"e884d0b5-f2a2-47cb-bb77-3acdac6b1790","name":"Unit42 SUPERNOVA Dec 2020","description":"Tennis, M. (2020, December 17). SUPERNOVA: A Novel .NET Webshell. Retrieved February 22, 2021.","url":"https://unit42.paloaltonetworks.com/solarstorm-supernova/","source":"MITRE","title":"SUPERNOVA: A Novel .NET Webshell","authors":"Tennis, M","date_accessed":"2021-02-22T00:00:00Z","date_published":"2020-12-17T00:00:00Z","owner_name":null,"tidal_id":"8d51806b-4aee-5dcf-8d17-1e3252d60261","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421198Z"},{"id":"78fee365-ab2b-4823-8358-46c362be1ac0","name":"Guidepoint SUPERNOVA Dec 2020","description":"Riley, W. (2020, December 1). SUPERNOVA SolarWinds .NET Webshell Analysis. Retrieved February 18, 2021.","url":"https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/","source":"MITRE","title":"SUPERNOVA SolarWinds .NET Webshell Analysis","authors":"Riley, W","date_accessed":"2021-02-18T00:00:00Z","date_published":"2020-12-01T00:00:00Z","owner_name":null,"tidal_id":"acd8c3a2-93e9-5b1f-a75c-a1e5297eedd7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421184Z"},{"id":"7569e79b-5a80-4f42-b467-8548cc9fc319","name":"00sec Droppers","description":"0x00pico. (2017, September 25). Super-Stealthy Droppers. Retrieved October 4, 2021.","url":"https://0x00sec.org/t/super-stealthy-droppers/3715","source":"MITRE","title":"Super-Stealthy Droppers","authors":"0x00pico","date_accessed":"2021-10-04T00:00:00Z","date_published":"2017-09-25T00:00:00Z","owner_name":null,"tidal_id":"3569e269-a380-5142-8ad2-934c927b4ea0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428907Z"},{"id":"0647b285-963b-4427-bc96-a17b5f8839a9","name":"FireEyeSupplyChain","description":"FireEye. (2014). SUPPLY CHAIN ANALYSIS: From Quartermaster to SunshopFireEye. Retrieved March 6, 2017.","url":"https://www.mandiant.com/resources/supply-chain-analysis-from-quartermaster-to-sunshop","source":"MITRE","title":"SUPPLY CHAIN ANALYSIS: From Quartermaster to SunshopFireEye","authors":"FireEye","date_accessed":"2017-03-06T00:00:00Z","date_published":"2014-01-01T00:00:00Z","owner_name":null,"tidal_id":"336e0e84-1613-5d48-86bb-917f2a458014","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431397Z"},{"id":"6611e0c1-dd36-56f6-8138-a1381fe86a43","name":"Unit42 ComboJack 2018","description":"Levene, B., Grunzweig, J. (2018, March 5). Sure, I’ll take that! New ComboJack Malware Alters Clipboards to Steal Cryptocurrency. Retrieved November 25, 2024.","url":"https://unit42.paloaltonetworks.com/unit42-sure-ill-take-new-combojack-malware-alters-clipboards-steal-cryptocurrency/","source":"MITRE","title":"Sure, I’ll take that! New ComboJack Malware Alters Clipboards to Steal Cryptocurrency","authors":"Levene, B., Grunzweig, J","date_accessed":"2024-11-25T00:00:00Z","date_published":"2018-03-05T00:00:00Z","owner_name":null,"tidal_id":"cbf264c1-4577-5a84-a8d7-34b2da41914a","created":"2025-04-22T20:47:32.637908Z","modified":"2025-12-17T15:08:36.442727Z"},{"id":"d38bdb47-1a8d-43f8-b7ed-dfa5e430ac2f","name":"Moran 2013","description":"Moran, N., & Villeneuve, N. (2013, August 12). Survival of the Fittest: New York Times Attackers Evolve Quickly [Blog]. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20191224162418/https://www.fireeye.com/blog/threat-research/2013/08/survival-of-the-fittest-new-york-times-attackers-evolve-quickly.html","source":"MITRE","title":"Survival of the Fittest: New York Times Attackers Evolve Quickly [Blog]","authors":"Moran, N., & Villeneuve, N","date_accessed":"2024-11-17T00:00:00Z","date_published":"2013-08-12T00:00:00Z","owner_name":null,"tidal_id":"15c94584-84be-598b-8eca-2cd30075a38c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:10:01.237352Z"},{"id":"dc66d26a-e5e1-5b49-907c-ad5c456f21ae","name":"Google Cloud BOLDMOVE 2023","description":"Scott Henderson, Cristiana Kittner, Sarah Hawley & Mark Lechtik, Google Cloud. (2023, January 19). Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475). Retrieved December 31, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/chinese-actors-exploit-fortios-flaw/","source":"MITRE","title":"Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)","authors":"Scott Henderson, Cristiana Kittner, Sarah Hawley & Mark Lechtik, Google Cloud","date_accessed":"2024-12-31T00:00:00Z","date_published":"2023-01-19T00:00:00Z","owner_name":null,"tidal_id":"f601fac2-2ccd-531f-b29a-8781a2471b58","created":"2025-04-22T20:47:26.542302Z","modified":"2025-12-17T15:08:36.417768Z"},{"id":"2b64284f-bc2c-5ca5-bf16-f862345cef80","name":"4 - appv","description":"John Fokker. (2022, March 17). Suspected DarkHotel APT activity update. Retrieved February 6, 2024.","url":"https://www.trellix.com/en-ca/about/newsroom/stories/research/suspected-darkhotel-apt-activity-update/","source":"MITRE","title":"Suspected DarkHotel APT activity update","authors":"John Fokker","date_accessed":"2024-02-06T00:00:00Z","date_published":"2022-03-17T00:00:00Z","owner_name":null,"tidal_id":"b6707d62-c33c-5878-9310-5ac34705c045","created":"2024-04-25T13:28:40.838624Z","modified":"2025-12-17T15:08:36.435855Z"},{"id":"de7003cb-5127-4fd7-9475-d69e0d7f5cc8","name":"Dell Threat Group 2889","description":"Dell SecureWorks. (2015, October 7). Suspected Iran-Based Hacker Group Creates Network of Fake LinkedIn Profiles. Retrieved January 14, 2016.","url":"http://www.secureworks.com/cyber-threat-intelligence/threats/suspected-iran-based-hacker-group-creates-network-of-fake-linkedin-profiles/","source":"MITRE","title":"Suspected Iran-Based Hacker Group Creates Network of Fake LinkedIn Profiles","authors":"Dell SecureWorks","date_accessed":"2016-01-14T00:00:00Z","date_published":"2015-10-07T00:00:00Z","owner_name":null,"tidal_id":"20dbd032-cd6b-5653-b17d-27bec4de0baa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439417Z"},{"id":"7b3fda0b-d327-4f02-bebe-2b8974f9959d","name":"Mandiant UNC3890 Aug 2022","description":"Mandiant Israel Research Team. (2022, August 17). Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors. Retrieved September 21, 2022.","url":"https://www.mandiant.com/resources/blog/suspected-iranian-actor-targeting-israeli-shipping","source":"MITRE","title":"Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors","authors":"Mandiant Israel Research Team","date_accessed":"2022-09-21T00:00:00Z","date_published":"2022-08-17T00:00:00Z","owner_name":null,"tidal_id":"23fcc602-ce3f-5ed9-afbc-ac3f8491fd80","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418073Z"},{"id":"f45a0551-8d49-4d40-989f-659416dc25ec","name":"Suspected Russian Activity Targeting Government and Business Entities Around the Globe","description":"Luke Jenkins, Sarah Hawley, Parnian Najafi, Doug Bienstock. (2021, December 6). Suspected Russian Activity Targeting Government and Business Entities Around the Globe. Retrieved April 15, 2022.","url":"https://www.mandiant.com/resources/russian-targeting-gov-business","source":"MITRE","title":"Suspected Russian Activity Targeting Government and Business Entities Around the Globe","authors":"Luke Jenkins, Sarah Hawley, Parnian Najafi, Doug Bienstock","date_accessed":"2022-04-15T00:00:00Z","date_published":"2021-12-06T00:00:00Z","owner_name":null,"tidal_id":"ff348e96-2d46-5474-a993-f5b9e260d969","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432783Z"},{"id":"d4444779-79c8-4798-bcbc-3b814309b617","name":"Unit42 ShinySp1der Ransomware Samples November 21 2025","description":"Matt Brady. (2025, November 21). SUSPECTED SHINYSP1DER RANSOMWARE SAMPLES. Retrieved November 26, 2025.","url":"https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-11-21-IOCs-for-ShinySp1d3r-ransomware.txt","source":"Tidal Cyber","title":"SUSPECTED SHINYSP1DER RANSOMWARE SAMPLES","authors":"Matt Brady","date_accessed":"2025-11-26T12:00:00Z","date_published":"2025-11-21T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e5b5d97e-7f99-5609-a020-b0b8f24dc9a7","created":"2026-01-14T13:29:35.411252Z","modified":"2026-01-14T13:29:35.684025Z"},{"id":"43559d26-f2a3-5967-9bce-59f18ca2540e","name":"Elastic Suspicious Termination of ESXI Process","description":"Elastic. (n.d.). Suspicious Termination of ESXI Process. Retrieved March 27, 2025.","url":"https://www.elastic.co/guide/en/security/current/suspicious-termination-of-esxi-process.html","source":"MITRE","title":"Suspicious Termination of ESXI Process","authors":"Elastic","date_accessed":"2025-03-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e4e1b5f1-605d-5858-a3f4-2ab6c1843bc7","created":"2025-04-22T20:47:29.988130Z","modified":"2025-04-22T20:47:29.988138Z"},{"id":"2873d056-a56c-5f0a-8fbd-b93d2ae3d5af","name":"Cofense SVG Smuggling 2024","description":"Max Gannon. (2024, March 13). SVG Files Abused in Emerging Campaigns. Retrieved March 25, 2025.","url":"https://cofense.com/blog/svg-files-abused-in-emerging-campaigns/","source":"MITRE","title":"SVG Files Abused in Emerging Campaigns","authors":"Max Gannon","date_accessed":"2025-03-25T00:00:00Z","date_published":"2024-03-13T00:00:00Z","owner_name":null,"tidal_id":"ad26f336-ddc6-5a3d-9bf8-f2508c7d169a","created":"2025-04-22T20:47:16.060245Z","modified":"2025-12-17T15:08:36.431424Z"},{"id":"e04e6419-a086-598d-a794-925e42f3f237","name":"NCSC et al APT29 2024","description":"UK National Cyber Security Center et al. (2024, February). SVR cyber actors adapt tactics for initial cloud access. Retrieved March 1, 2024.","url":"https://www.ic3.gov/Media/News/2024/240226.pdf","source":"MITRE","title":"SVR cyber actors adapt tactics for initial cloud access","authors":"UK National Cyber Security Center et al","date_accessed":"2024-03-01T00:00:00Z","date_published":"2024-02-01T00:00:00Z","owner_name":null,"tidal_id":"8aa1b8f1-4d4d-55a4-940c-f2da8b36c0dd","created":"2024-04-25T13:28:50.850111Z","modified":"2025-12-17T15:08:36.440272Z"},{"id":"e9e08eca-1e01-4ff0-a8ef-49ecf66aaf3d","name":"U.S. CISA APT29 Cloud Access","description":"Cybersecurity and Infrastructure Security Agency. (2024, February 26). SVR Cyber Actors Adapt Tactics for Initial Cloud Access. Retrieved March 1, 2024.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-057a","source":"Tidal Cyber","title":"SVR Cyber Actors Adapt Tactics for Initial Cloud Access","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2024-03-01T00:00:00Z","date_published":"2024-02-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"135cba24-afe1-5b74-9437-5bb451749bfb","created":"2024-03-01T20:23:27.723423Z","modified":"2024-03-01T20:23:27.900448Z"},{"id":"73aaff33-5a0e-40b7-a089-77ac57da8dca","name":"Recorded Future Turla Infra 2020","description":"Insikt Group. (2020, March 12). Swallowing the Snake’s Tail: Tracking Turla Infrastructure. Retrieved September 16, 2024.","url":"https://www.recordedfuture.com/research/turla-apt-infrastructure","source":"MITRE","title":"Swallowing the Snake’s Tail: Tracking Turla Infrastructure","authors":"Insikt Group","date_accessed":"2024-09-16T00:00:00Z","date_published":"2020-03-12T00:00:00Z","owner_name":null,"tidal_id":"fd9019b9-4753-5607-97ac-6441695b9825","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433454Z"},{"id":"a0a753c6-7d8c-4ad9-91a9-a2c385178054","name":"Microsoft Sxstrace","description":"Gerend, J. et al.. (2017, October 16). sxstrace. Retrieved April 26, 2021.","url":"https://docs.microsoft.com/windows-server/administration/windows-commands/sxstrace","source":"MITRE","title":"sxstrace","authors":"Gerend, J. et al.","date_accessed":"2021-04-26T00:00:00Z","date_published":"2017-10-16T00:00:00Z","owner_name":null,"tidal_id":"368fb4d7-42f7-5b00-8743-cf38ac47b41e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442601Z"},{"id":"1a96544f-5b4e-4e1a-8db0-a989df9e4aaa","name":"Alienvault Sykipot DOD Smart Cards","description":"Blasco, J. (2012, January 12). Sykipot variant hijacks DOD and Windows smart cards. Retrieved January 10, 2016.","url":"https://www.alienvault.com/open-threat-exchange/blog/sykipot-variant-hijacks-dod-and-windows-smart-cards","source":"MITRE","title":"Sykipot variant hijacks DOD and Windows smart cards","authors":"Blasco, J","date_accessed":"2016-01-10T00:00:00Z","date_published":"2012-01-12T00:00:00Z","owner_name":null,"tidal_id":"21e26047-b553-5553-a6f2-ba0c2476f017","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419360Z"},{"id":"7b4b8225-5d2a-5d71-ae78-3e1cc274bd0e","name":"Symantec June 2015","description":"Symantec 2015, June 30 Simple steps to protect yourself from the Conficker Worm. Retrieved 2019/12/05","url":"https://support.symantec.com/us/en/article.tech93179.html","source":"ICS","title":"Symantec June 2015","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e9b9c99d-f5e5-50f0-b785-d1d77c490689","created":"2026-01-28T13:08:18.179971Z","modified":"2026-01-28T13:08:18.179974Z"},{"id":"2c40efdc-1dca-56dc-b622-ab9b48dface0","name":"Symantec March 2019","description":"Symantec 2019, March 27 Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.. Retrieved 2019/12/02","url":"https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage","source":"ICS","title":"Symantec March 2019","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"dd576b72-397d-56a4-a149-70455feb449f","created":"2026-01-28T13:08:18.180018Z","modified":"2026-01-28T13:08:18.180021Z"},{"id":"99fa403e-0995-5ac1-a65f-22e175510653","name":"Symantec Security Response July 2014","description":"Symantec Security Response 2014, July 7 Dragonfly: Cyberespionage Attacks Against Energy Suppliers. Retrieved 2016/04/08","url":"https://docs.broadcom.com/doc/dragonfly_threat_against_western_energy_suppliers#:~:text=The%20attackers%2C%20known%20to%20Symantec,supply%20in%20the%20affected%20countries.","source":"ICS","title":"Symantec Security Response July 2014","authors":"","date_accessed":"2016-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"14201a34-0e2d-5b53-ba49-6dddb4a1717b","created":"2026-01-28T13:08:18.178887Z","modified":"2026-01-28T13:08:18.178892Z"},{"id":"9a854741-8b73-5213-b8d0-702420d8874a","name":"Intezer Symbiote 2022","description":"Joakim Kennedy and The BlackBerry Threat Research & Intelligence Team. (2022, June 9). Symbiote Deep-Dive: Analysis of a New, Nearly-Impossible-to-Detect Linux Threat. Retrieved March 24, 2025.","url":"https://intezer.com/blog/research/new-linux-threat-symbiote/","source":"MITRE","title":"Symbiote Deep-Dive: Analysis of a New, Nearly-Impossible-to-Detect Linux Threat","authors":"Joakim Kennedy and The BlackBerry Threat Research & Intelligence Team","date_accessed":"2025-03-24T00:00:00Z","date_published":"2022-06-09T00:00:00Z","owner_name":null,"tidal_id":"b1b108a5-4b2b-508d-b451-d4132d58b98f","created":"2025-04-22T20:47:14.940627Z","modified":"2025-12-17T15:08:36.430350Z"},{"id":"d9f0af0f-8a65-406b-9d7e-4051086ef301","name":"SecureList SynAck Doppelgänging May 2018","description":"Ivanov, A. et al. (2018, May 7). SynAck targeted ransomware uses the Doppelgänging technique. Retrieved May 22, 2018.","url":"https://securelist.com/synack-targeted-ransomware-uses-the-doppelganging-technique/85431/","source":"MITRE","title":"SynAck targeted ransomware uses the Doppelgänging technique","authors":"Ivanov, A. et al","date_accessed":"2018-05-22T00:00:00Z","date_published":"2018-05-07T00:00:00Z","owner_name":null,"tidal_id":"b0e3f3d8-5f07-50da-b31b-aabd86e0781b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416580Z"},{"id":"bc5d8a1a-5cf9-5974-bf13-245fa53721da","name":"6 - appv","description":"Strontic. (n.d.). SyncAppvPublishingServer.exe. Retrieved February 6, 2024.","url":"https://strontic.github.io/xcyclopedia/library/SyncAppvPublishingServer.exe-3C291419F60CDF9C2E4E19AD89944FA3.html","source":"MITRE","title":"SyncAppvPublishingServer.exe","authors":"Strontic","date_accessed":"2024-02-06T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"da10724d-7d56-5e15-b984-a7d32f566d3d","created":"2024-04-25T13:28:40.871550Z","modified":"2025-12-17T15:08:36.435892Z"},{"id":"ce371df7-aab6-4338-9491-656481cb5601","name":"SyncAppvPublishingServer.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). SyncAppvPublishingServer.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Syncappvpublishingserver/","source":"Tidal Cyber","title":"SyncAppvPublishingServer.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"16c465e6-f795-5558-ad66-22c2a6d8a125","created":"2024-01-12T14:47:03.529985Z","modified":"2024-01-12T14:47:03.719964Z"},{"id":"926c9e06-cc6a-55ea-8436-1211b4cc4d92","name":"5 - appv","description":"Nick Landers, Casey Smith. (n.d.). /Syncappvpublishingserver.vbs. Retrieved February 6, 2024.","url":"https://lolbas-project.github.io/lolbas/Scripts/Syncappvpublishingserver/","source":"MITRE","title":"/Syncappvpublishingserver.vbs","authors":"Nick Landers, Casey Smith","date_accessed":"2024-02-06T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"99bd8751-8cd3-5102-a745-33e93a880080","created":"2024-04-25T13:28:40.848941Z","modified":"2025-12-17T15:08:36.435867Z"},{"id":"adb09226-894c-4874-a2e3-fb2c6de30173","name":"Syncappvpublishingserver.vbs - LOLBAS Project","description":"LOLBAS. (2018, May 25). Syncappvpublishingserver.vbs. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Scripts/Syncappvpublishingserver/","source":"Tidal Cyber","title":"Syncappvpublishingserver.vbs","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c644c0cf-a2ff-5eff-a6df-c4e5afab04d6","created":"2024-01-12T14:47:38.805927Z","modified":"2024-01-12T14:47:38.980014Z"},{"id":"b36dd8af-045d-57b0-b0a9-45d831fe6373","name":"Mac Time Sync","description":"Cone, Matt. (2021, January 14). Synchronize your Mac's Clock with a Time Server. Retrieved March 27, 2024.","url":"https://www.macinstruct.com/tutorials/synchronize-your-macs-clock-with-a-time-server/","source":"MITRE","title":"Synchronize your Mac's Clock with a Time Server","authors":"Cone, Matt","date_accessed":"2024-03-27T00:00:00Z","date_published":"2021-01-14T00:00:00Z","owner_name":null,"tidal_id":"356d4a6a-46a5-5051-a3cd-e0346f669040","created":"2024-04-25T13:28:41.472333Z","modified":"2025-12-17T15:08:36.436487Z"},{"id":"1f6eaa98-9184-4341-8634-5512a9c632dd","name":"Mandiant - Synful Knock","description":"Bill Hau, Tony Lee, Josh Homan. (2015, September 15). SYNful Knock - A Cisco router implant - Part I. Retrieved November 17, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/synful-knock-acis/","source":"MITRE","title":"SYNful Knock - A Cisco router implant - Part I","authors":"Bill Hau, Tony Lee, Josh Homan","date_accessed":"2024-11-17T00:00:00Z","date_published":"2015-09-15T00:00:00Z","owner_name":null,"tidal_id":"f12cf30e-13b7-53cc-9b9a-610774f76d99","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419972Z"},{"id":"80cb54c2-2c44-5e19-bbc5-da9f4aaf976a","name":"sysdig","description":"Sysdig. (2023). Sysdig Global Cloud Threat Report. Retrieved March 1, 2024.","url":"https://sysdig.com/content/c/pf-2023-global-cloud-threat-report?x=u_WFRi&xs=524303#page=1","source":"MITRE","title":"Sysdig Global Cloud Threat Report","authors":"Sysdig","date_accessed":"2024-03-01T00:00:00Z","date_published":"2023-01-01T00:00:00Z","owner_name":null,"tidal_id":"90b13c17-629d-55e7-aa27-d87b7435ae2c","created":"2024-04-25T13:28:41.130378Z","modified":"2025-12-17T15:08:36.436165Z"},{"id":"177272f8-2701-4803-ab61-f64afa046127","name":"Sysdig October 25 2022","description":"Crystal Morin. (2022, October 25). Sysdig TRT uncovers massive cryptomining operation leveraging GitHub Actions. Retrieved December 12, 2024.","url":"https://sysdig.com/blog/massive-cryptomining-operation-github-actions/","source":"Tidal Cyber","title":"Sysdig TRT uncovers massive cryptomining operation leveraging GitHub Actions","authors":"Crystal Morin","date_accessed":"2024-12-12T00:00:00Z","date_published":"2022-10-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"27ac0c91-afc6-5965-afce-5437d3707ecb","created":"2025-04-11T15:05:55.905511Z","modified":"2025-04-11T15:05:56.219116Z"},{"id":"b24440b2-43c3-46f2-be4c-1147f6acfe57","name":"Sysmon EID 9","description":"Russinovich, R. & Garnier, T. (2021, August 18). Sysmon Event ID 9. Retrieved September 24, 2021.","url":"https://docs.microsoft.com/sysinternals/downloads/sysmon#event-id-9-rawaccessread","source":"MITRE","title":"Sysmon Event ID 9","authors":"Russinovich, R. & Garnier, T","date_accessed":"2021-09-24T00:00:00Z","date_published":"2021-08-18T00:00:00Z","owner_name":null,"tidal_id":"ef902a22-574e-5dbd-b720-2701bf89c733","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437146Z"},{"id":"41cd9e06-a56c-4b68-948c-efc497a8d0dc","name":"Microsoft Sysmon v6 May 2017","description":"Russinovich, M. & Garnier, T. (2017, May 22). Sysmon v6.20. Retrieved December 13, 2017.","url":"https://docs.microsoft.com/sysinternals/downloads/sysmon","source":"MITRE","title":"Sysmon v6.20","authors":"Russinovich, M. & Garnier, T","date_accessed":"2017-12-13T00:00:00Z","date_published":"2017-05-22T00:00:00Z","owner_name":null,"tidal_id":"a5bc9a15-e36c-5ae6-9f26-cc37eb95d633","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424467Z"},{"id":"3bb7027f-7cbb-47e7-8cbb-cf45604669af","name":"Syssetup.dll - LOLBAS Project","description":"LOLBAS. (2018, May 25). Syssetup.dll. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Libraries/Syssetup/","source":"Tidal Cyber","title":"Syssetup.dll","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e867f112-9d5e-55d6-be4e-c71be3650bf4","created":"2024-01-12T14:47:15.148887Z","modified":"2024-01-12T14:47:15.513943Z"},{"id":"e5c4974d-dfd4-4c1c-ba4c-b6fb276effac","name":"System and kernel extensions in macOS","description":"Apple. (n.d.). System and kernel extensions in macOS. Retrieved March 31, 2022.","url":"https://support.apple.com/guide/deployment/system-and-kernel-extensions-in-macos-depa5fb8376f/web","source":"MITRE","title":"System and kernel extensions in macOS","authors":"Apple","date_accessed":"2022-03-31T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d223076f-b9e7-55d7-a080-b723a641611a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433111Z"},{"id":"e9a58efd-8de6-40c9-9638-c642311d6a07","name":"Linux man-pages: systemd January 2014","description":"Linux man-pages. (2014, January). systemd(1) - Linux manual page. Retrieved April 23, 2019.","url":"http://man7.org/linux/man-pages/man1/systemd.1.html","source":"MITRE","title":"systemd(1) - Linux manual page","authors":"Linux man-pages","date_accessed":"2019-04-23T00:00:00Z","date_published":"2014-01-01T00:00:00Z","owner_name":null,"tidal_id":"1d383ef2-b263-52ba-8300-d659957f0d67","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424932Z"},{"id":"5ded9060-9a23-42dc-b13b-15e4e3ccabf9","name":"FreeDesktop Journal","description":"freedesktop.org. (n.d.). systemd-journald.service. Retrieved June 15, 2022.","url":"https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html","source":"MITRE","title":"systemd-journald.service","authors":"freedesktop.org","date_accessed":"2022-06-15T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"55710178-98ef-56bf-9ebd-750b8bf8cb18","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427914Z"},{"id":"6be16aba-a37f-49c4-9a36-51d2676f64e6","name":"Ubuntu Manpage systemd rc","description":"Canonical Ltd.. (n.d.). systemd-rc-local-generator - Compatibility generator for starting /etc/rc.local and /usr/sbin/halt.local during boot and shutdown. Retrieved February 23, 2021.","url":"http://manpages.ubuntu.com/manpages/bionic/man8/systemd-rc-local-generator.8.html","source":"MITRE","title":"systemd-rc-local-generator - Compatibility generator for starting /etc/rc.local and /usr/sbin/halt.local during boot and shutdown","authors":"Canonical Ltd.","date_accessed":"2021-02-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8295c5ce-53e4-5352-b84b-672473e772e4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435408Z"},{"id":"43bae447-d2e3-4b53-b17b-12a0b54ac604","name":"Systemd Service Units","description":"Freedesktop.org. (n.d.). systemd.service — Service unit configuration. Retrieved March 16, 2020.","url":"https://www.freedesktop.org/software/systemd/man/systemd.service.html","source":"MITRE","title":"systemd.service — Service unit configuration","authors":"Freedesktop.org","date_accessed":"2020-03-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"66a16a88-d591-5647-b1a6-acbf836d23df","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431518Z"},{"id":"cae49a7a-db3b-5202-ba45-fbfa98b073c9","name":"freedesktop systemd.service","description":"Free Desktop. (n.d.). systemd.service — Service unit configuration. Retrieved March 20, 2023.","url":"https://www.freedesktop.org/software/systemd/man/systemd.service.html","source":"MITRE","title":"systemd.service — Service unit configuration","authors":"Free Desktop","date_accessed":"2023-03-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3154738e-2ff8-504f-a7ec-7a20e80a9ac7","created":"2023-05-26T01:21:10.452577Z","modified":"2025-12-17T15:08:36.435521Z"},{"id":"9537f6f9-1521-5c21-b14f-ac459a2d1b70","name":"systemdsleep Linux","description":"Man7. (n.d.). systemd-sleep.conf(5) — Linux manual page. Retrieved June 7, 2023.","url":"https://man7.org/linux/man-pages/man5/systemd-sleep.conf.5.html","source":"MITRE","title":"systemd-sleep.conf(5) — Linux manual page","authors":"Man7","date_accessed":"2023-06-07T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3570b15e-a124-589f-a923-24fa19a9a5c7","created":"2023-11-07T00:36:08.961976Z","modified":"2025-12-17T15:08:36.436046Z"},{"id":"940dcbbe-45d3-4f36-8d48-d606d41a679e","name":"Freedesktop.org Linux systemd 29SEP2018","description":"Freedesktop.org. (2018, September 29). systemd System and Service Manager. Retrieved April 23, 2019.","url":"https://www.freedesktop.org/wiki/Software/systemd/","source":"MITRE","title":"systemd System and Service Manager","authors":"Freedesktop.org","date_accessed":"2019-04-23T00:00:00Z","date_published":"2018-09-29T00:00:00Z","owner_name":null,"tidal_id":"26015a32-9669-5159-afc5-bcdc83301d64","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424939Z"},{"id":"670f02f1-3927-4f38-aa2b-9ca0d8cf5b8e","name":"archlinux Systemd Timers Aug 2020","description":"archlinux. (2020, August 11). systemd/Timers. Retrieved October 12, 2020.","url":"https://wiki.archlinux.org/index.php/Systemd/Timers","source":"MITRE","title":"systemd/Timers","authors":"archlinux","date_accessed":"2020-10-12T00:00:00Z","date_published":"2020-08-11T00:00:00Z","owner_name":null,"tidal_id":"34007916-73e3-534a-a349-eae660bfc94a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433217Z"},{"id":"5462ba66-6e26-41c2-bc28-6c19085d4469","name":"TechNet Systeminfo","description":"Microsoft. (n.d.). Systeminfo. Retrieved April 8, 2016.","url":"https://technet.microsoft.com/en-us/library/bb491007.aspx","source":"MITRE","title":"Systeminfo","authors":"Microsoft","date_accessed":"2016-04-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"77e0b4d4-f41e-51ae-9df5-6bd3f3812336","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423097Z"},{"id":"639f8ee1-f817-5019-9549-c955b80a6c27","name":"MITRE","description":"MITRE. (n.d.). System Network Connections Discovery. Retrieved 2018/05/31","url":"https://attack.mitre.org/wiki/Technique/T1049","source":"ICS","title":"System Network Connections Discovery","authors":"MITRE","date_accessed":"2018-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6dc181f6-7330-5783-9b0e-6dc615f98858","created":"2026-01-28T13:08:18.178327Z","modified":"2026-01-28T13:08:18.178330Z"},{"id":"2a3c5216-b153-4d89-b0b1-f32af3aa83d0","name":"Peripheral Discovery macOS","description":"SS64. (n.d.). system_profiler. Retrieved March 11, 2022.","url":"https://ss64.com/osx/system_profiler.html","source":"MITRE","title":"system_profiler","authors":"SS64","date_accessed":"2022-03-11T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e41e7b92-3374-5d4f-9770-0d86f853c2bf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427462Z"},{"id":"2dfd22d7-c78b-5967-b732-736f37ea5489","name":"linux system time","description":"ArchLinux. (2024, February 1). System Time. Retrieved March 27, 2024.","url":"https://wiki.archlinux.org/title/System_time","source":"MITRE","title":"System Time","authors":"ArchLinux","date_accessed":"2024-03-27T00:00:00Z","date_published":"2024-02-01T00:00:00Z","owner_name":null,"tidal_id":"778ab4fa-669b-5467-97ef-74b90a9f74ae","created":"2024-04-25T13:28:41.454492Z","modified":"2025-12-17T15:08:36.436468Z"},{"id":"5e15e03b-be8b-4f3d-a3ae-0df7a4ecfbec","name":"MSDN System Time","description":"Microsoft. (n.d.). System Time. Retrieved November 25, 2016.","url":"https://msdn.microsoft.com/ms724961.aspx","source":"MITRE","title":"System Time","authors":"Microsoft","date_accessed":"2016-11-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3d4382b1-691d-56cf-b0ae-e20985759c66","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436505Z"},{"id":"c7e77109-36d3-5549-a0f7-bacc0d9288b2","name":"atomic-red proc file system","description":"Atomic Red Team. (2023, November). T1003.007 - OS Credential Dumping: Proc Filesystem. Retrieved March 28, 2024.","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.007/T1003.007.md","source":"MITRE","title":"T1003.007 - OS Credential Dumping: Proc Filesystem","authors":"Atomic Red Team","date_accessed":"2024-03-28T00:00:00Z","date_published":"2023-11-01T00:00:00Z","owner_name":null,"tidal_id":"85c5fe9f-7bf6-5270-a218-3d7ccf1b5ad6","created":"2024-04-25T13:28:32.205974Z","modified":"2025-12-17T15:08:36.427150Z"},{"id":"2e7fd604-6ec8-54ec-a9f4-879b349f3542","name":"Red Canary - Atomic Red Team","description":"Red Canary - Atomic Red Team. (n.d.). T1053.005 - Scheduled Task/Job: Scheduled Task. Retrieved June 19, 2024.","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1053.005/T1053.005.md","source":"MITRE","title":"T1053.005 - Scheduled Task/Job: Scheduled Task","authors":"Red Canary - Atomic Red Team","date_accessed":"2024-06-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d35a6603-b726-5ba3-b714-3e4a0a56a797","created":"2024-10-31T16:28:15.404096Z","modified":"2025-12-17T15:08:36.423605Z"},{"id":"e136f5a2-d4c2-4c6c-8f72-0f8ed9abeed1","name":"T1562.002_redcanaryco","description":"redcanaryco. (2021, September 3). T1562.002 - Disable Windows Event Logging. Retrieved September 13, 2021.","url":"https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.002/T1562.002.md","source":"MITRE","title":"T1562.002 - Disable Windows Event Logging","authors":"redcanaryco","date_accessed":"2021-09-13T00:00:00Z","date_published":"2021-09-03T00:00:00Z","owner_name":null,"tidal_id":"c40a506d-5223-5366-8f81-1e421f1b855e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429295Z"},{"id":"d7eefe85-86cf-4b9d-bf70-f16c5a0227cc","name":"Palo Alto T9000 Feb 2016","description":"Grunzweig, J. and Miller-Osborn, J.. (2016, February 4). T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques. Retrieved April 15, 2016.","url":"http://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/","source":"MITRE","title":"T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques","authors":"Grunzweig, J. and Miller-Osborn, J.","date_accessed":"2016-04-15T00:00:00Z","date_published":"2016-02-04T00:00:00Z","owner_name":null,"tidal_id":"7960f6ac-e53c-5bff-9f68-4d670aab4fb2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420030Z"},{"id":"d9992f57-8ff3-432f-b445-937ff4a6ebf9","name":"US-CERT TA18-068A 2018","description":"US-CERT. (2018, March 27). TA18-068A Brute Force Attacks Conducted by Cyber Actors. Retrieved October 2, 2019.","url":"https://www.us-cert.gov/ncas/alerts/TA18-086A","source":"MITRE","title":"TA18-068A Brute Force Attacks Conducted by Cyber Actors","authors":"US-CERT","date_accessed":"2019-10-02T00:00:00Z","date_published":"2018-03-27T00:00:00Z","owner_name":null,"tidal_id":"3a957c7b-7039-5709-b1b4-63bf39e29174","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424338Z"},{"id":"3fe79fc8-c86d-57ad-961f-30fddd0e5f62","name":"Browers FriarFox","description":"Raggi, Michael. Proofpoint Threat Research Team. (2021, February 25). TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations. Retrieved November 17, 2024.","url":"https://www.proofpoint.com/uk/blog/threat-insight/ta413-leverages-new-friarfox-browser-extension-target-gmail-accounts-global","source":"MITRE","title":"TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations","authors":"Raggi, Michael. Proofpoint Threat Research Team","date_accessed":"2024-11-17T00:00:00Z","date_published":"2021-02-25T00:00:00Z","owner_name":null,"tidal_id":"18ce0180-9a6b-5866-8777-9163ab70f25c","created":"2024-04-25T13:28:32.820690Z","modified":"2025-12-17T15:08:36.426512Z"},{"id":"f72685de-c775-41c4-94ed-45fd7f873a1d","name":"Proofpoint TA416 November 2020","description":"Proofpoint Threat Research Team. (2020, November 23). TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader. Retrieved April 13, 2021.","url":"https://www.proofpoint.com/us/blog/threat-insight/ta416-goes-ground-and-returns-golang-plugx-malware-loader","source":"MITRE","title":"TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader","authors":"Proofpoint Threat Research Team","date_accessed":"2021-04-13T00:00:00Z","date_published":"2020-11-23T00:00:00Z","owner_name":null,"tidal_id":"9f9a1595-f119-5738-81aa-02c66cb8d151","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438582Z"},{"id":"4c69ce41-2094-478f-8b51-26c1704a042d","name":"Proofpoint TA422 December 5 2023","description":"Greg Lesnewich, Crista Giering, Proofpoint Threat Research Team. (2023, December 5). TA422’s Dedicated Exploitation Loop—the Same Week After Week. Retrieved March 6, 2025.","url":"https://www.proofpoint.com/us/blog/threat-insight/ta422s-dedicated-exploitation-loop-same-week-after-week","source":"Tidal Cyber","title":"TA422’s Dedicated Exploitation Loop—the Same Week After Week","authors":"Greg Lesnewich, Crista Giering, Proofpoint Threat Research Team","date_accessed":"2025-03-06T00:00:00Z","date_published":"2023-12-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c4a8340e-e74a-5e1c-b264-e646138a9af9","created":"2025-03-10T18:05:46.532781Z","modified":"2025-03-10T18:05:47.047902Z"},{"id":"45e0b869-5447-491b-9e8b-fbf63c62f5d6","name":"NCC Group TA505","description":"Terefos, A. (2020, November 18). TA505: A Brief History of Their Time. Retrieved July 14, 2022.","url":"https://research.nccgroup.com/2020/11/18/ta505-a-brief-history-of-their-time/","source":"MITRE","title":"TA505: A Brief History of Their Time","authors":"Terefos, A","date_accessed":"2022-07-14T00:00:00Z","date_published":"2020-11-18T00:00:00Z","owner_name":null,"tidal_id":"e6b385d7-25f8-5a67-9c1c-c4740fb4dba5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437715Z"},{"id":"4f92af77-0428-4c67-8eec-98ecc3b55630","name":"ProofPoint SettingContent-ms July 2018","description":"Proofpoint Staff. (2018, July 19). TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT. Retrieved April 19, 2019.","url":"https://www.proofpoint.com/us/threat-insight/post/ta505-abusing-settingcontent-ms-within-pdf-files-distribute-flawedammyy-rat","source":"MITRE","title":"TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT","authors":"Proofpoint Staff","date_accessed":"2019-04-19T00:00:00Z","date_published":"2018-07-19T00:00:00Z","owner_name":null,"tidal_id":"981f399c-833f-51bc-acb9-43033964920c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441580Z"},{"id":"bcef8bf8-5fc2-4921-b920-74ef893b8a27","name":"IBM TA505 April 2020","description":"Frydrych, M. (2020, April 14). TA505 Continues to Infect Networks With SDBbot RAT. Retrieved May 29, 2020.","url":"https://securityintelligence.com/posts/ta505-continues-to-infect-networks-with-sdbbot-rat/","source":"MITRE","title":"TA505 Continues to Infect Networks With SDBbot RAT","authors":"Frydrych, M","date_accessed":"2020-05-29T00:00:00Z","date_published":"2020-04-14T00:00:00Z","owner_name":null,"tidal_id":"efe0978b-f198-5a0c-be81-e5f146dfdd13","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420421Z"},{"id":"711ea2b3-58e2-4b38-aa71-877029c12e64","name":"Proofpoint TA505 October 2019","description":"Schwarz, D. et al. (2019, October 16). TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader. Retrieved May 29, 2020.","url":"https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader","source":"MITRE","title":"TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader","authors":"Schwarz, D. et al","date_accessed":"2020-05-29T00:00:00Z","date_published":"2019-10-16T00:00:00Z","owner_name":null,"tidal_id":"5fc05e53-82dd-516d-81c3-7d3d6ce2fb33","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416839Z"},{"id":"e48dec7b-5635-4ae0-b0db-229660806c06","name":"Proofpoint TA505 June 2018","description":"Proofpoint Staff. (2018, June 8). TA505 shifts with the times. Retrieved May 28, 2019.","url":"https://www.proofpoint.com/us/threat-insight/post/ta505-shifts-times","source":"MITRE","title":"TA505 shifts with the times","authors":"Proofpoint Staff","date_accessed":"2019-05-28T00:00:00Z","date_published":"2018-06-08T00:00:00Z","owner_name":null,"tidal_id":"603f3a33-b281-585e-8b74-f4af5b71320c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437709Z"},{"id":"460758ea-ed3e-4e9b-ba2e-97c9d42154a4","name":"TrendMicro TA505 Aug 2019","description":"Trend Micro. (2019, August 27). TA505: Variety in Use of ServHelper and FlawedAmmyy. Retrieved February 22, 2021.","url":"https://www.trendmicro.com/en_us/research/19/h/ta505-at-it-again-variety-is-the-spice-of-servhelper-and-flawedammyy.html","source":"MITRE","title":"TA505: Variety in Use of ServHelper and FlawedAmmyy","authors":"Trend Micro","date_accessed":"2021-02-22T00:00:00Z","date_published":"2019-08-27T00:00:00Z","owner_name":null,"tidal_id":"7b2d8372-e035-5ff7-bf30-36760dd545cd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441044Z"},{"id":"c1fab1dd-bec1-4637-9d50-8317247dc82b","name":"Proofpoint TA547 April 10 2024","description":"Tommy Madjar, Selena Larson, the Proofpoint Threat Research Team. (2024, April 10). TA547 Targets German Organizations with Rhadamanthys Stealer. Retrieved September 9, 2024.","url":"https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta547-targets-german-organizations-rhadamanthys-stealer","source":"Tidal Cyber","title":"TA547 Targets German Organizations with Rhadamanthys Stealer","authors":"Tommy Madjar, Selena Larson, the Proofpoint Threat Research Team","date_accessed":"2024-09-09T00:00:00Z","date_published":"2024-04-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f1f65eb1-a175-5633-9d66-5c383dd1b4b7","created":"2024-10-18T13:25:14.367073Z","modified":"2024-10-18T13:25:14.663472Z"},{"id":"8e34bf1e-86ce-4d52-a6fa-037572766e99","name":"Unit 42 TA551 Jan 2021","description":"Duncan, B. (2021, January 7). TA551: Email Attack Campaign Switches from Valak to IcedID. Retrieved March 17, 2021.","url":"https://unit42.paloaltonetworks.com/ta551-shathak-icedid/","source":"MITRE","title":"TA551: Email Attack Campaign Switches from Valak to IcedID","authors":"Duncan, B","date_accessed":"2021-03-17T00:00:00Z","date_published":"2021-01-07T00:00:00Z","owner_name":null,"tidal_id":"49fe620f-9bc0-5a3b-b99c-e6911b359bb8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439193Z"},{"id":"fe7924b1-a385-4784-b308-15c2d0dbd840","name":"Proofpoint February 23 2023","description":"Proofpoint. (2023, February 23). TA569: SocGholish and Beyond | Proofpoint US. Retrieved May 7, 2023.","url":"https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond","source":"Tidal Cyber","title":"TA569: SocGholish and Beyond | Proofpoint US","authors":"Proofpoint","date_accessed":"2023-05-07T00:00:00Z","date_published":"2023-02-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1f0b4c8e-806d-50c8-b994-565ce7d6497c","created":"2024-04-25T14:10:43.174789Z","modified":"2024-04-25T14:10:43.419334Z"},{"id":"5b463ad7-f425-5e70-b0b0-28514730a888","name":"TA571","description":"Axel F, Selena Larson. (2023, October 30). TA571 Delivers IcedID Forked Loader. Retrieved February 13, 2024.","url":"https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta571-delivers-icedid-forked-loader","source":"MITRE","title":"TA571 Delivers IcedID Forked Loader","authors":"Axel F, Selena Larson","date_accessed":"2024-02-13T00:00:00Z","date_published":"2023-10-30T00:00:00Z","owner_name":null,"tidal_id":"c7a0effe-dbdf-5ff9-b17f-94805559031c","created":"2024-04-25T13:28:41.084787Z","modified":"2025-12-17T15:08:36.436115Z"},{"id":"30ebffb8-be3e-4094-a41b-882aec9e14b8","name":"IBM TA577 OneNote Malspam","description":"IBM X-Force. (2023, May 30). TA577 OneNote Malspam Results in QakBot Deployment. Retrieved January 24, 2024.","url":"https://exchange.xforce.ibmcloud.com/threats/guid:7f0659d266174b9a9ba40c618b853782","source":"Tidal Cyber","title":"TA577 OneNote Malspam Results in QakBot Deployment","authors":"IBM X-Force","date_accessed":"2024-01-24T00:00:00Z","date_published":"2023-05-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d05b3fb3-82f5-5b40-a190-226accb479c8","created":"2024-01-26T18:00:36.624142Z","modified":"2024-01-26T18:00:36.737140Z"},{"id":"bbbef77a-8cd8-411c-a8a7-7faa7b5fdb2c","name":"Proofpoint TA577 NTLM March 4 2024","description":"Tommy Madjar, Kelsey Merriman, Selena Larson, Proofpoint Threat Research Team. (2024, March 4). TA577’s Unusual Attack Chain Leads to NTLM Data Theft. Retrieved March 11, 2024.","url":"https://www.proofpoint.com/us/blog/threat-insight/ta577s-unusual-attack-chain-leads-ntlm-data-theft","source":"Tidal Cyber","title":"TA577’s Unusual Attack Chain Leads to NTLM Data Theft","authors":"Tommy Madjar, Kelsey Merriman, Selena Larson, Proofpoint Threat Research Team","date_accessed":"2024-03-11T00:00:00Z","date_published":"2024-03-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"96b1a5d7-eced-5e17-8bc0-698ca6ca8c32","created":"2024-06-13T20:10:53.523685Z","modified":"2024-06-13T20:10:53.755270Z"},{"id":"ee56d7a3-32c4-4f75-ad0c-73164a83b5a6","name":"Cobalt Strike TTPs Dec 2017","description":"Cobalt Strike. (2017, December 8). Tactics, Techniques, and Procedures. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20210924171429/https://www.cobaltstrike.com/downloads/reports/tacticstechniquesandprocedures.pdf","source":"MITRE","title":"Tactics, Techniques, and Procedures","authors":"Cobalt Strike","date_accessed":"2024-11-17T00:00:00Z","date_published":"2017-12-08T00:00:00Z","owner_name":null,"tidal_id":"1b9fdf72-2fd7-5d37-befc-81033292b997","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440384Z"},{"id":"77293f88-e336-4786-b042-7f0080bbff32","name":"Reuters Taiwan BlackTech August 2020","description":"Lee, Y. (2020, August 19). Taiwan says China behind cyberattacks on government agencies, emails. Retrieved April 6, 2022.","url":"https://www.reuters.com/article/us-taiwan-cyber-china/taiwan-says-china-behind-cyberattacks-on-government-agencies-emails-idUSKCN25F0JK","source":"MITRE","title":"Taiwan says China behind cyberattacks on government agencies, emails","authors":"Lee, Y","date_accessed":"2022-04-06T00:00:00Z","date_published":"2020-08-19T00:00:00Z","owner_name":null,"tidal_id":"e5b5352f-206c-5ac8-94c5-c010809fe792","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437734Z"},{"id":"408da51e-bcd9-5f01-9769-7e20982ec270","name":"Europol FluBot Jun2022","description":"Europol. (2022, June 1). Takedown of SMS-based FluBot spyware infecting Android phones. Retrieved April","url":"https://www.europol.europa.eu/media-press/newsroom/news/takedown-of-sms-based-flubot-spyware-infecting-android-phones","source":"Mobile","title":"Takedown of SMS-based FluBot spyware infecting Android phones","authors":"Europol","date_accessed":"1978-04-01T00:00:00Z","date_published":"2022-06-01T00:00:00Z","owner_name":null,"tidal_id":"ecbe7a3c-3ae5-5b0a-8eb6-3a2ad011e38a","created":"2026-01-28T13:08:10.042236Z","modified":"2026-01-28T13:08:10.042239Z"},{"id":"6e4b1921-99b2-41ce-a7dc-72c05b17c682","name":"Microsoft Process Snapshot","description":"Microsoft. (n.d.). Taking a Snapshot and Viewing Processes. Retrieved December 12, 2017.","url":"https://msdn.microsoft.com/library/windows/desktop/ms686701.aspx","source":"MITRE","title":"Taking a Snapshot and Viewing Processes","authors":"Microsoft","date_accessed":"2017-12-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"66239c98-b410-5330-9a08-67ba90cda239","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430618Z"},{"id":"5908b04b-dbca-4fd8-bacc-141ef15546a1","name":"Lacework TeamTNT May 2021","description":"Stroud, J. (2021, May 25). Taking TeamTNT's Docker Images Offline. Retrieved September 16, 2024.","url":"https://www.lacework.com/blog/taking-teamtnt-docker-images-offline","source":"MITRE","title":"Taking TeamTNT's Docker Images Offline","authors":"Stroud, J","date_accessed":"2024-09-16T00:00:00Z","date_published":"2021-05-25T00:00:00Z","owner_name":null,"tidal_id":"12515bd7-7930-5704-8a8e-a46e7861c8a5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437702Z"},{"id":"1d7f40f7-76e6-5ba2-8561-17f3646cf407","name":"Lumen Versa 2024","description":"Black Lotus Labs. (2024, August 27). Taking The Crossroads: The Versa Director Zero-Day Exploitaiton. Retrieved August 27, 2024.","url":"https://blog.lumen.com/taking-the-crossroads-the-versa-director-zero-day-exploitation/","source":"MITRE","title":"Taking The Crossroads: The Versa Director Zero-Day Exploitaiton","authors":"Black Lotus Labs","date_accessed":"2024-08-27T00:00:00Z","date_published":"2024-08-27T00:00:00Z","owner_name":null,"tidal_id":"38aeb4f0-cd83-5e6f-91d2-5a9e12303543","created":"2024-10-31T16:28:28.032738Z","modified":"2025-12-17T15:08:36.416875Z"},{"id":"f82c001f-13c0-43d0-bfa4-a51b2715a3e7","name":"Lumen August 27 2024","description":"Black Lotus Labs. (2024, August 27). Taking the Crossroads The Versa Director Zero-Day Exploitation. Retrieved September 6, 2024.","url":"https://blog.lumen.com/taking-the-crossroads-the-versa-director-zero-day-exploitation/","source":"Tidal Cyber","title":"Taking the Crossroads The Versa Director Zero-Day Exploitation","authors":"Black Lotus Labs","date_accessed":"2024-09-06T00:00:00Z","date_published":"2024-08-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8e5ec27b-ba97-5a15-ad33-0c8f6dad559a","created":"2024-10-25T19:42:17.641559Z","modified":"2024-10-25T19:42:17.826159Z"},{"id":"7e4e44a7-b079-41af-b41d-176ba7e99563","name":"Datadog ECS January 19 2024","description":"Martin McCloskey, Christophe Tafani-Dereeper. (2024, January 19). Tales from the cloud trenches: Amazon ECS is the new EC2 for crypto mining. Retrieved April 11, 2024.","url":"https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-ecs-crypto-mining/","source":"Tidal Cyber","title":"Tales from the cloud trenches: Amazon ECS is the new EC2 for crypto mining","authors":"Martin McCloskey, Christophe Tafani-Dereeper","date_accessed":"2024-04-11T00:00:00Z","date_published":"2024-01-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"60b0b41c-fee5-5efa-b310-029490612914","created":"2024-06-13T20:10:55.619646Z","modified":"2024-06-13T20:10:55.809586Z"},{"id":"03fb125c-b753-5800-9b63-43447e9da21a","name":"Datadog Security Labs Cloud Persistence 2025","description":"Martin McCloskey. (2025, May 13). Tales from the cloud trenches: The Attacker doth persist too much, methinks. Retrieved May 22, 2025.","url":"https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-the-attacker-doth-persist-too-much/","source":"MITRE","title":"Tales from the cloud trenches: The Attacker doth persist too much, methinks","authors":"Martin McCloskey","date_accessed":"2025-05-22T00:00:00Z","date_published":"2025-05-13T00:00:00Z","owner_name":null,"tidal_id":"a06f0d9a-67ee-5061-b9e4-3eb984c6e10f","created":"2025-10-29T21:08:48.165673Z","modified":"2025-12-17T15:08:36.426112Z"},{"id":"3ee61b8b-640c-4d8e-895d-a19356bfa099","name":"McAfee May 1 2020","description":"ATR Operational Intelligence Team. (2020, May 1). Tales From the Trenches; a Lockbit Ransomware Story . Retrieved December 19, 2024.","url":"https://www.mcafee.com/blogs/other-blogs/mcafee-labs/tales-from-the-trenches-a-lockbit-ransomware-story/","source":"Tidal Cyber","title":"Tales From the Trenches; a Lockbit Ransomware Story","authors":"ATR Operational Intelligence Team","date_accessed":"2024-12-19T00:00:00Z","date_published":"2020-05-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"55274875-78aa-580b-8919-b47e63576991","created":"2025-04-11T15:06:22.818820Z","modified":"2025-04-11T15:06:22.983983Z"},{"id":"2b341021-897e-4e3f-9141-825d3501c498","name":"Splunk Kovar Certificates 2017","description":"Kovar, R. (2017, December 11). Tall Tales of Hunting with TLS/SSL Certificates. Retrieved October 16, 2020.","url":"https://www.splunk.com/en_us/blog/security/tall-tales-of-hunting-with-tls-ssl-certificates.html","source":"MITRE","title":"Tall Tales of Hunting with TLS/SSL Certificates","authors":"Kovar, R","date_accessed":"2020-10-16T00:00:00Z","date_published":"2017-12-11T00:00:00Z","owner_name":null,"tidal_id":"de8eedfa-c817-5f3d-8de4-48edb6c1e3ed","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425691Z"},{"id":"f8ef1920-a4ad-4d65-b9de-8357d75f6929","name":"Dragos TALONITE","description":"Dragos. (null). TALONITE. Retrieved February 25, 2021.","url":"https://www.dragos.com/threat/talonite/","source":"MITRE","title":"TALONITE","authors":"Dragos","date_accessed":"2021-02-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"fab66e49-6652-579c-9eaf-876352b27506","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421541Z"},{"id":"44ec9492-dcbe-4d8b-98a0-3f32d8b37f77","name":"Talos IR Trends April 25 2025","description":"Nicole Hoffman. (2025, April 25). Talos IR trends: BEC attacks surge, while weaknesses in MFA persist. Retrieved June 6, 2025.","url":"https://blog.talosintelligence.com/talos-ir-quarterly-trends-q1-2024/","source":"Tidal Cyber","title":"Talos IR trends: BEC attacks surge, while weaknesses in MFA persist","authors":"Nicole Hoffman","date_accessed":"2025-06-06T00:00:00Z","date_published":"2025-04-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e65c9863-a9f0-5007-9f31-f0b27cd32e47","created":"2025-06-10T15:50:16.535944Z","modified":"2025-06-10T15:50:16.760950Z"},{"id":"fb948877-da2b-4abd-9d57-de9866b7a7c2","name":"Talos Sodinokibi April 2019","description":"Cadieux, P, et al (2019, April 30). Sodinokibi ransomware exploits WebLogic Server vulnerability. Retrieved August 4, 2020.","url":"https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html","source":"MITRE","title":"Talos Sodinokibi April 2019","authors":"","date_accessed":"2020-08-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"0ea5cf31-ac3e-5132-a1bb-f88000e9e428","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421014Z"},{"id":"cd1a7b9a-183f-4acf-95c8-14d9475d0551","name":"Medium Event Tracing Tampering 2018","description":"Palantir. (2018, December 24). Tampering with Windows Event Tracing: Background, Offense, and Defense. Retrieved June 7, 2019.","url":"https://medium.com/palantir/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63","source":"MITRE","title":"Tampering with Windows Event Tracing: Background, Offense, and Defense","authors":"Palantir","date_accessed":"2019-06-07T00:00:00Z","date_published":"2018-12-24T00:00:00Z","owner_name":null,"tidal_id":"dac24d57-e6ba-5201-a39f-c620cf4a1393","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430820Z"},{"id":"e5f54ded-3ec1-49c1-9302-6b9f372d5015","name":"Tar.exe - LOLBAS Project","description":"LOLBAS. (2023, January 30). Tar.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Tar/","source":"Tidal Cyber","title":"Tar.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2023-01-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4b6fe744-1b94-5ff1-b3c6-6b334b5a31e4","created":"2024-01-12T14:47:03.891592Z","modified":"2024-01-12T14:47:04.080189Z"},{"id":"7cdd99d2-bbb2-5c81-ad09-92b581f33ffe","name":"NGLite Trojan","description":"Robert Falcone, Jeff White, and Peter Renals. (2021, November 7). Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer. Retrieved February 8, 2024.","url":"https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/","source":"MITRE","title":"Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer","authors":"Robert Falcone, Jeff White, and Peter Renals","date_accessed":"2024-02-08T00:00:00Z","date_published":"2021-11-07T00:00:00Z","owner_name":null,"tidal_id":"e44b61b4-8188-5d06-9791-ce01c79028f0","created":"2024-04-25T13:28:38.470815Z","modified":"2025-12-17T15:08:36.419522Z"},{"id":"18efeffc-c47b-46ad-8e7b-2eda30a406f0","name":"Netskope GCP Redirection","description":"Ashwin Vamshi. (2019, January 24). Targeted Attacks Abusing Google Cloud Platform Open Redirection. Retrieved August 18, 2022.","url":"https://www.netskope.com/blog/targeted-attacks-abusing-google-cloud-platform-open-redirection","source":"MITRE","title":"Targeted Attacks Abusing Google Cloud Platform Open Redirection","authors":"Ashwin Vamshi","date_accessed":"2022-08-18T00:00:00Z","date_published":"2019-01-24T00:00:00Z","owner_name":null,"tidal_id":"65c02990-4b85-582b-a2a2-b74d3797a753","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432089Z"},{"id":"bbc66e9f-98f9-4e34-b568-2833ea536f2e","name":"AhnLab Andariel Subgroup of Lazarus June 2018","description":"AhnLab. (2018, June 23). Targeted attacks by Andariel Threat Group, a subgroup of the Lazarus. Retrieved September 29, 2021.","url":"https://web.archive.org/web/20230213154832/http://download.ahnlab.com/global/brochure/%5BAnalysis%5DAndariel_Group.pdf","source":"MITRE, Tidal Cyber","title":"Targeted attacks by Andariel Threat Group, a subgroup of the Lazarus","authors":"AhnLab","date_accessed":"2021-09-29T00:00:00Z","date_published":"2018-06-23T00:00:00Z","owner_name":null,"tidal_id":"0a7cf8d7-24f2-5c7f-aa48-4bd1525cb95c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.278821Z"},{"id":"8d46be6c-8f68-55ce-ba42-2beef5843c3c","name":"Unit42 VAMP 2017","description":"Bar, T., Lancaster, T. (2017, April 5). Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA. Retrieved March","url":"https://unit42.paloaltonetworks.com/unit42-targeted-attacks-middle-east-using-kasperagent-micropsia/","source":"Mobile","title":"Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA","authors":"Bar, T., Lancaster, T","date_accessed":"1978-03-01T00:00:00Z","date_published":"2017-04-05T00:00:00Z","owner_name":null,"tidal_id":"364ebcbe-7925-5040-8f79-61490e6de012","created":"2026-01-28T13:08:10.040113Z","modified":"2026-01-28T13:08:10.040118Z"},{"id":"d7694540-fe19-44c7-a9e2-205a0e630878","name":"CERT-UA Alert July 5 2023","description":"CERT-UA. (2023, July 5). Targeted attack using the topic of Ukraine's membership in the North Atlantic Treaty Organization. Retrieved February 13, 2025.","url":"https://cert.gov.ua/article/5077168","source":"Tidal Cyber","title":"Targeted attack using the topic of Ukraine's membership in the North Atlantic Treaty Organization","authors":"CERT-UA","date_accessed":"2025-02-13T00:00:00Z","date_published":"2023-07-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6ef1adfd-a5ca-5dd0-8ca6-bc95146ccf23","created":"2025-02-18T15:18:00.766391Z","modified":"2025-02-18T15:18:00.963012Z"},{"id":"61aca848-6376-560a-8f14-c23a3a9c832b","name":"Sood and Enbody","description":"Aditya Sood and Richard Enbody. (2014, December 16). Targeted Cyber Attacks. Retrieved January 4, 2024.","url":"https://www.techtarget.com/searchsecurity/feature/Targeted-Cyber-Attacks","source":"MITRE","title":"Targeted Cyber Attacks","authors":"Aditya Sood and Richard Enbody","date_accessed":"2024-01-04T00:00:00Z","date_published":"2014-12-16T00:00:00Z","owner_name":null,"tidal_id":"7e7325e1-05e3-5ac9-9615-2f6464085f21","created":"2024-04-25T13:28:53.028092Z","modified":"2025-12-17T15:08:36.442388Z"},{"id":"dfd168c0-40da-4402-a123-963eb8e2125a","name":"dharma_ransomware","description":"Loui, E. Scheuerman, K. et al. (2020, April 16). Targeted Dharma Ransomware Intrusions Exhibit Consistent Techniques. Retrieved January 26, 2022.","url":"https://www.crowdstrike.com/blog/targeted-dharma-ransomware-intrusions-exhibit-consistent-techniques/","source":"MITRE","title":"Targeted Dharma Ransomware Intrusions Exhibit Consistent Techniques","authors":"Loui, E. Scheuerman, K. et al","date_accessed":"2022-01-26T00:00:00Z","date_published":"2020-04-16T00:00:00Z","owner_name":null,"tidal_id":"1aa750da-a3cc-5ba4-8a19-d91c439a54dc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433414Z"},{"id":"53320d81-4060-4414-b5b8-21d09362bc44","name":"Check Point Research September 11 2024","description":"Check Point Research. (2024, September 11). Targeted Iranian Attacks Against Iraqi Government Infrastructure - Check Point Research. Retrieved September 11, 2024.","url":"https://research.checkpoint.com/2024/iranian-malware-attacks-iraqi-government/","source":"Tidal Cyber","title":"Targeted Iranian Attacks Against Iraqi Government Infrastructure - Check Point Research","authors":"Check Point Research","date_accessed":"2024-09-11T00:00:00Z","date_published":"2024-09-11T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e896a8d4-3d39-5b4d-98c2-8fcacfb183a3","created":"2024-09-20T15:08:27.476502Z","modified":"2024-09-20T15:08:27.965009Z"},{"id":"714528e8-0f2e-50a3-93c0-c560a34ba973","name":"Targeted SSL Stripping Attacks Are Real","description":"Check Point. (n.d.). Targeted SSL Stripping Attacks Are Real. Retrieved May 24, 2023.","url":"https://blog.checkpoint.com/research/targeted-ssl-stripping-attacks-are-real/amp/","source":"MITRE","title":"Targeted SSL Stripping Attacks Are Real","authors":"Check Point","date_accessed":"2023-05-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"19307e50-ec10-5731-867e-4a86bf9e5ce2","created":"2023-11-07T00:36:05.159684Z","modified":"2025-12-17T15:08:36.431878Z"},{"id":"2ec4f877-de9a-44bf-8236-20d7ecd631df","name":"CFR Vaccine Development Threats","description":"Council on Foreign Relations. (2020, November 28). Targeting of companies involved in vaccine development. Retrieved October 30, 2023.","url":"https://www.cfr.org/cyber-operations/targeting-companies-involved-vaccine-development","source":"Tidal Cyber","title":"Targeting of companies involved in vaccine development","authors":"Council on Foreign Relations","date_accessed":"2023-10-30T00:00:00Z","date_published":"2020-11-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f51dc322-94a3-5561-bec1-12f837f76bb5","created":"2023-11-10T19:02:30.629449Z","modified":"2023-11-10T19:02:30.938592Z"},{"id":"87682623-d1dd-4ee8-ae68-b08be5113e3e","name":"Tarrask scheduled task","description":"Microsoft Threat Intelligence Team & Detection and Response Team . (2022, April 12). Tarrask malware uses scheduled tasks for defense evasion. Retrieved June 1, 2022.","url":"https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/","source":"MITRE","title":"Tarrask malware uses scheduled tasks for defense evasion","authors":"Microsoft Threat Intelligence Team & Detection and Response Team","date_accessed":"2022-06-01T00:00:00Z","date_published":"2022-04-12T00:00:00Z","owner_name":null,"tidal_id":"51907561-a59e-53fb-9d52-82c33fe1d83c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420602Z"},{"id":"2c09561a-02ee-4948-9745-9d6c8eb2881d","name":"Microsoft Tasklist","description":"Microsoft. (n.d.). Tasklist. Retrieved December 23, 2015.","url":"https://technet.microsoft.com/en-us/library/bb491010.aspx","source":"MITRE","title":"Tasklist","authors":"Microsoft","date_accessed":"2015-12-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8b36c24f-22d4-563d-bce7-83b2af589c3d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422842Z"},{"id":"def6601b-67e6-41e5-bcf3-9c701b86fd10","name":"Microsoft Tasks","description":"Microsoft. (2018, May 31). Tasks. Retrieved September 28, 2021.","url":"https://docs.microsoft.com/en-us/windows/win32/taskschd/tasks","source":"MITRE","title":"Tasks","authors":"Microsoft","date_accessed":"2021-09-28T00:00:00Z","date_published":"2018-05-31T00:00:00Z","owner_name":null,"tidal_id":"883ff4b0-4b82-5b2e-b229-88ee1cf494fa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437238Z"},{"id":"3a6d08ba-d79d-46f7-917d-075a98c59228","name":"TechNet Task Scheduler Security","description":"Microsoft. (2005, January 21). Task Scheduler and security. Retrieved June 8, 2016.","url":"https://technet.microsoft.com/en-us/library/cc785125.aspx","source":"MITRE","title":"Task Scheduler and security","authors":"Microsoft","date_accessed":"2016-06-08T00:00:00Z","date_published":"2005-01-21T00:00:00Z","owner_name":null,"tidal_id":"1b1217f5-95e2-5d8f-a054-5f1bcf646c80","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427633Z"},{"id":"1c62ed57-43f7-40d7-a5c9-46b40a40af0e","name":"tau bundlore erika noerenberg 2020","description":"Erika Noerenberg. (2020, June 29). TAU Threat Analysis: Bundlore (macOS) mm-install-macos. Retrieved October 12, 2021.","url":"https://blogs.vmware.com/security/2020/06/tau-threat-analysis-bundlore-macos-mm-install-macos.html","source":"MITRE","title":"TAU Threat Analysis: Bundlore (macOS) mm-install-macos","authors":"Erika Noerenberg","date_accessed":"2021-10-12T00:00:00Z","date_published":"2020-06-29T00:00:00Z","owner_name":null,"tidal_id":"b56e1ae1-c226-57ba-8d0a-234a72561226","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433595Z"},{"id":"3c3a6dc0-66f2-492e-8c9c-c0bcca73008e","name":"CarbonBlack Conti July 2020","description":"Baskin, B. (2020, July 8). TAU Threat Discovery: Conti Ransomware. Retrieved February 17, 2021.","url":"https://www.carbonblack.com/blog/tau-threat-discovery-conti-ransomware/","source":"MITRE","title":"TAU Threat Discovery: Conti Ransomware","authors":"Baskin, B","date_accessed":"2021-02-17T00:00:00Z","date_published":"2020-07-08T00:00:00Z","owner_name":null,"tidal_id":"36565139-6bee-5f4b-a486-fcb428632bf8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418386Z"},{"id":"9970063c-6df7-4638-a247-6b1102289372","name":"CarbonBlack LockerGoga 2019","description":"CarbonBlack Threat Analysis Unit. (2019, March 22). TAU Threat Intelligence Notification – LockerGoga Ransomware. Retrieved April 16, 2019.","url":"https://www.carbonblack.com/2019/03/22/tau-threat-intelligence-notification-lockergoga-ransomware/","source":"MITRE","title":"TAU Threat Intelligence Notification – LockerGoga Ransomware","authors":"CarbonBlack Threat Analysis Unit","date_accessed":"2019-04-16T00:00:00Z","date_published":"2019-03-22T00:00:00Z","owner_name":null,"tidal_id":"d8c0da89-9add-5fd9-9504-d805938ddb60","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418898Z"},{"id":"ed3534be-06ce-487b-911d-abe2fba70210","name":"GitHub Turla Driver Loader","description":"TDL Project. (2016, February 4). TDL (Turla Driver Loader). Retrieved April 22, 2021.","url":"https://github.com/hfiref0x/TDL","source":"MITRE","title":"TDL (Turla Driver Loader)","authors":"TDL Project","date_accessed":"2021-04-22T00:00:00Z","date_published":"2016-02-04T00:00:00Z","owner_name":null,"tidal_id":"9388c5e0-f5a0-5521-a6cd-b5a0d9fb2bdf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429862Z"},{"id":"20ef3645-fb92-4e13-a5a8-99367869bcba","name":"S1 Old Rat New Tricks","description":"Landry, J. (2016, April 21). Teaching an old RAT new tricks. Retrieved October 4, 2021.","url":"https://www.sentinelone.com/blog/teaching-an-old-rat-new-tricks/","source":"MITRE","title":"Teaching an old RAT new tricks","authors":"Landry, J","date_accessed":"2021-10-04T00:00:00Z","date_published":"2016-04-21T00:00:00Z","owner_name":null,"tidal_id":"d72b4326-e763-5614-83df-7d3e450dc34e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428928Z"},{"id":"ceee2b13-331f-4019-9c27-af0ce8b25414","name":"Teams.exe - LOLBAS Project","description":"LOLBAS. (2022, January 17). Teams.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Teams/","source":"Tidal Cyber","title":"Teams.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-01-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"39060b63-aa6d-5fe1-bae9-3445c489482d","created":"2024-01-12T14:47:31.324403Z","modified":"2024-01-12T14:47:31.504682Z"},{"id":"a672b74f-1f04-4d3a-84a6-1dd50e1a9951","name":"TeamTNT Cloud Enumeration","description":"Nathaniel Quist. (2021, June 4). TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations. Retrieved February 8, 2022.","url":"https://unit42.paloaltonetworks.com/teamtnt-operations-cloud-environments","source":"MITRE","title":"TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations","authors":"Nathaniel Quist","date_accessed":"2022-02-08T00:00:00Z","date_published":"2021-06-04T00:00:00Z","owner_name":null,"tidal_id":"20cf39c4-a84d-5430-85ec-9c2f50c98a90","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442034Z"},{"id":"e0d6208b-a4d6-45f0-bb3a-6c8681630b55","name":"Intezer TeamTNT Explosion September 2021","description":"Intezer. (2021, September 1). TeamTNT Cryptomining Explosion. Retrieved October 15, 2021.","url":"https://www.intezer.com/wp-content/uploads/2021/09/TeamTNT-Cryptomining-Explosion.pdf","source":"MITRE","title":"TeamTNT Cryptomining Explosion","authors":"Intezer","date_accessed":"2021-10-15T00:00:00Z","date_published":"2021-09-01T00:00:00Z","owner_name":null,"tidal_id":"79b80b0c-b076-5a75-bb03-e72ec6bdd8bd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437683Z"},{"id":"b98f1967-c62f-5afe-a2f7-4c426615d576","name":"AquaSec TeamTNT 2023","description":"Ofek Itach and Assaf Morag. (2023, July 13). TeamTNT Reemerged with New Aggressive Cloud Campaign. Retrieved February 15, 2024.","url":"https://blog.aquasec.com/teamtnt-reemerged-with-new-aggressive-cloud-campaign","source":"MITRE","title":"TeamTNT Reemerged with New Aggressive Cloud Campaign","authors":"Ofek Itach and Assaf Morag","date_accessed":"2024-02-15T00:00:00Z","date_published":"2023-07-13T00:00:00Z","owner_name":null,"tidal_id":"d0b05021-8c63-57a7-971a-eb54a97efc43","created":"2024-04-25T13:28:38.619761Z","modified":"2025-12-17T15:08:36.433543Z"},{"id":"8c691655-91ad-5826-8b9f-faffdc8e61c1","name":"aquasec","description":"Ofek Itach, Assaf Morag. (2023, July 13). TeamTNT Reemerged with New Aggressive Cloud Campaign. Retrieved June 15, 2025.","url":"https://www.aquasec.com/blog/teamtnt-reemerged-with-new-aggressive-cloud-campaign/","source":"MITRE","title":"TeamTNT Reemerged with New Aggressive Cloud Campaign","authors":"Ofek Itach, Assaf Morag","date_accessed":"2025-06-15T00:00:00Z","date_published":"2023-07-13T00:00:00Z","owner_name":null,"tidal_id":"f8d38738-c887-59a3-ade7-f32f3eeb7eef","created":"2025-10-29T21:08:48.166408Z","modified":"2025-12-17T15:08:36.434279Z"},{"id":"f39b5f92-6e14-4c7f-b79d-7bade722e6d9","name":"Cisco Talos Intelligence Group","description":"Darin Smith. (2022, April 21). TeamTNT targeting AWS, Alibaba. Retrieved August 4, 2022.","url":"https://blog.talosintelligence.com/teamtnt-targeting-aws-alibaba-2/","source":"MITRE","title":"TeamTNT targeting AWS, Alibaba","authors":"Darin Smith","date_accessed":"2022-08-04T00:00:00Z","date_published":"2022-04-21T00:00:00Z","owner_name":null,"tidal_id":"369bd470-0d02-59e2-b578-1665a4413b0f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439671Z"},{"id":"acd1b4c5-da28-584e-b892-599180a8dbb0","name":"Talos TeamTNT","description":"Darin Smith. (2022, April 21). TeamTNT targeting AWS, Alibaba. Retrieved July 8, 2022.","url":"https://blog.talosintelligence.com/2022/04/teamtnt-targeting-aws-alibaba.html","source":"MITRE","title":"TeamTNT targeting AWS, Alibaba","authors":"Darin Smith","date_accessed":"2022-07-08T00:00:00Z","date_published":"2022-04-21T00:00:00Z","owner_name":null,"tidal_id":"288889b7-a316-50ad-a9b5-02c053a13bab","created":"2023-05-26T01:21:20.920236Z","modified":"2025-12-17T15:08:36.442784Z"},{"id":"a3804b54-3fd5-5a48-8826-47b0fc20b08b","name":"Cisco Talos Blog","description":"Jaeson Schultz, Darin Smith. (2022, April 21). TeamTNT Targeting AWS, Alibaba. Retrieved June 15, 2025.","url":"https://blog.talosintelligence.com/teamtnt-targeting-aws-alibaba-2/","source":"MITRE","title":"TeamTNT Targeting AWS, Alibaba","authors":"Jaeson Schultz, Darin Smith","date_accessed":"2025-06-15T00:00:00Z","date_published":"2022-04-21T00:00:00Z","owner_name":null,"tidal_id":"ef646939-e334-5f9d-b800-78ddb8460946","created":"2025-10-29T21:08:48.166373Z","modified":"2025-12-17T15:08:36.434267Z"},{"id":"8ccab4fe-155d-44b0-b0f2-941e9f8f87db","name":"Cado Security TeamTNT Worm August 2020","description":"Cado Security. (2020, August 16). Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials. Retrieved September 22, 2021.","url":"https://www.cadosecurity.com/team-tnt-the-first-crypto-mining-worm-to-steal-aws-credentials/","source":"MITRE","title":"Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials","authors":"Cado Security","date_accessed":"2021-09-22T00:00:00Z","date_published":"2020-08-16T00:00:00Z","owner_name":null,"tidal_id":"42440e52-de10-5955-8f1e-22ab6e128ae9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437665Z"},{"id":"5d9f402f-4ff4-4993-8685-e5656e2f3aff","name":"ATT TeamTNT Chimaera September 2020","description":"AT&T Alien Labs. (2021, September 8). TeamTNT with new campaign aka Chimaera. Retrieved September 22, 2021.","url":"https://cybersecurity.att.com/blogs/labs-research/teamtnt-with-new-campaign-aka-chimaera","source":"MITRE","title":"TeamTNT with new campaign aka Chimaera","authors":"AT&T Alien Labs","date_accessed":"2021-09-22T00:00:00Z","date_published":"2021-09-08T00:00:00Z","owner_name":null,"tidal_id":"1da9da5b-d4e8-5229-af40-271921303f57","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437657Z"},{"id":"5ee3a92c-df33-4ecd-b21e-7b9a4f6de227","name":"OSX Coldroot RAT","description":"Patrick Wardle. (2018, February 17). Tearing Apart the Undetected (OSX)Coldroot RAT. Retrieved August 8, 2019.","url":"https://objective-see.com/blog/blog_0x2A.html","source":"MITRE","title":"Tearing Apart the Undetected (OSX)Coldroot RAT","authors":"Patrick Wardle","date_accessed":"2019-08-08T00:00:00Z","date_published":"2018-02-17T00:00:00Z","owner_name":null,"tidal_id":"769698cc-a8e5-5d6d-a60e-7df3a916b0bf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425027Z"},{"id":"1664726e-3a79-4d90-86e0-b2d50e9e0ba2","name":"Kaspersky ProjectSauron Technical Analysis","description":"Kaspersky Lab's Global Research & Analysis Team. (2016, August 9). The ProjectSauron APT. Technical Analysis. Retrieved August 17, 2016.","url":"https://securelist.com/files/2016/07/The-ProjectSauron-APT_Technical_Analysis_KL.pdf","source":"MITRE","title":"Technical Analysis","authors":"Kaspersky Lab's Global Research & Analysis Team. (2016, August 9)","date_accessed":"2016-08-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7c2854f3-08e1-5520-b7b2-298e8f64da61","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440476Z"},{"id":"bb23ca19-78bb-4406-90a4-bf82bd467e04","name":"McAfee Babuk February 2021","description":"Mundo, A. et al. (2021, February). Technical Analysis of Babuk Ransomware. Retrieved August 11, 2021.","url":"https://www.mcafee.com/enterprise/en-us/assets/reports/rp-babuk-ransomware.pdf","source":"MITRE","title":"Technical Analysis of Babuk Ransomware","authors":"Mundo, A. et al","date_accessed":"2021-08-11T00:00:00Z","date_published":"2021-02-01T00:00:00Z","owner_name":null,"tidal_id":"0b5c590f-87d7-5e7b-a456-be67ec907b29","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419143Z"},{"id":"7c22d9d0-a2d8-5936-a6b1-5c696a2a19c6","name":"Crytox Ransomware","description":"Romain Dumont . (2022, September 21). Technical Analysis of Crytox Ransomware. Retrieved November 22, 2023.","url":"https://www.zscaler.com/blogs/security-research/technical-analysis-crytox-ransomware","source":"MITRE","title":"Technical Analysis of Crytox Ransomware","authors":"Romain Dumont","date_accessed":"2023-11-22T00:00:00Z","date_published":"2022-09-21T00:00:00Z","owner_name":null,"tidal_id":"e96e7a04-7e83-57f1-8b96-d710053d9729","created":"2024-04-25T13:28:41.612682Z","modified":"2025-12-17T15:08:36.436636Z"},{"id":"e0e86e08-64ec-48dc-91e6-24fde989cd77","name":"McAfee Cuba April 2021","description":"Roccio, T., et al. (2021, April). Technical Analysis of Cuba Ransomware. Retrieved June 18, 2021.","url":"https://www.mcafee.com/enterprise/en-us/assets/reports/rp-cuba-ransomware.pdf","source":"MITRE","title":"Technical Analysis of Cuba Ransomware","authors":"Roccio, T., et al","date_accessed":"2021-06-18T00:00:00Z","date_published":"2021-04-01T00:00:00Z","owner_name":null,"tidal_id":"4b548f62-f14d-5292-8f57-410495aeb2a1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419409Z"},{"id":"f195a423-0223-4a03-8c5f-b7ff3741ad35","name":"Zscaler Matanbuchus December 02 2025","description":"THREATLABZ. (2025, December 2). Technical Analysis of Matanbuchus 3.0 | ThreatLabz. Retrieved December 5, 2025.","url":"https://www.zscaler.com/blogs/security-research/technical-analysis-matanbuchus-3-0","source":"Tidal Cyber","title":"Technical Analysis of Matanbuchus 3.0 | ThreatLabz","authors":"THREATLABZ","date_accessed":"2025-12-05T12:00:00Z","date_published":"2025-12-02T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9a154e92-9a08-5b7e-9510-d57d96a12d0f","created":"2026-01-14T13:29:36.389485Z","modified":"2026-01-14T13:29:36.556156Z"},{"id":"a40a69d7-7abc-4829-9905-98c156a809fe","name":"McAfee Dianxun March 2021","description":"Roccia, T., Seret, T., Fokker, J. (2021, March 16). Technical Analysis of Operation Dianxun. Retrieved April 13, 2021.","url":"https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-dianxun.pdf","source":"MITRE","title":"Technical Analysis of Operation Dianxun","authors":"Roccia, T., Seret, T., Fokker, J","date_accessed":"2021-04-13T00:00:00Z","date_published":"2021-03-16T00:00:00Z","owner_name":null,"tidal_id":"fe193141-5c6d-5ff1-998d-b16aed60f4be","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440965Z"},{"id":"3283f667-cbf8-55f9-9a01-f57acb757e63","name":"Lookout-Pegasus","description":"Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December","url":"https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf","source":"Mobile","title":"Technical Analysis of Pegasus Spyware","authors":"Lookout","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-01-01T00:00:00Z","owner_name":null,"tidal_id":"e01153ae-3968-5c2d-bd0a-b36c243f0442","created":"2026-01-28T13:08:10.040191Z","modified":"2026-01-28T13:08:10.040194Z"},{"id":"7d3785e3-52db-54ec-ad54-32a2ecdb451f","name":"Zscaler Pikabot 2023","description":"Brett Stone-Gross & Nikolaos Pantazopoulos. (2023, May 24). Technical Analysis of Pikabot. Retrieved July 12, 2024.","url":"https://www.zscaler.com/blogs/security-research/technical-analysis-pikabot","source":"MITRE","title":"Technical Analysis of Pikabot","authors":"Brett Stone-Gross & Nikolaos Pantazopoulos","date_accessed":"2024-07-12T00:00:00Z","date_published":"2023-05-24T00:00:00Z","owner_name":null,"tidal_id":"2053b48a-00d7-5782-9df8-2bcec30f891b","created":"2024-10-31T16:28:32.106926Z","modified":"2025-12-17T15:08:36.416518Z"},{"id":"ec87676b-bc88-44b5-9e9a-5eb8eb39b4a1","name":"Zscaler Pikabot May 24 2023","description":"Brett Stone-Gross, Nikolaos Pantazopoulos. (2023, May 24). Technical Analysis of Pikabot. Retrieved January 11, 2024.","url":"https://www.zscaler.com/blogs/security-research/technical-analysis-pikabot","source":"Tidal Cyber","title":"Technical Analysis of Pikabot","authors":"Brett Stone-Gross, Nikolaos Pantazopoulos","date_accessed":"2024-01-11T00:00:00Z","date_published":"2023-05-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f0072383-55f7-5e6b-ad50-08b859f830e7","created":"2024-01-26T18:00:32.444763Z","modified":"2024-01-26T18:00:32.571776Z"},{"id":"5e3fa76b-0ca3-4935-830a-6ca132fa2fb4","name":"Technical Analysis of PureCrypter | Zscaler Blog","description":"Zscaler. (2022, June 13). Technical Analysis of PureCrypter | Zscaler Blog. Retrieved May 10, 2023.","url":"https://www.zscaler.com/blogs/security-research/technical-analysis-purecrypter","source":"Tidal Cyber","title":"Technical Analysis of PureCrypter | Zscaler Blog","authors":"Zscaler","date_accessed":"2023-05-10T00:00:00Z","date_published":"2022-06-13T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a6d61cb1-4a0c-5f38-9d17-dfe039beec91","created":"2024-06-13T20:10:21.470381Z","modified":"2024-06-13T20:10:21.815948Z"},{"id":"a289704d-952d-4150-b9cc-5c53e4b0a41f","name":"Zscaler Rhadamanthys February 21 2023","description":"Nikolao Pantazopoulos, Sarthak Misraa. (2023, February 21). Technical Analysis of Rhadamanthys Obfuscation Techniques. Retrieved October 14, 2024.","url":"https://www.zscaler.com/blogs/security-research/technical-analysis-rhadamanthys-obfuscation-techniques","source":"Tidal Cyber","title":"Technical Analysis of Rhadamanthys Obfuscation Techniques","authors":"Nikolao Pantazopoulos, Sarthak Misraa","date_accessed":"2024-10-14T00:00:00Z","date_published":"2023-02-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9c5cd31a-ffb5-5594-a240-d941d1e1598c","created":"2024-10-14T19:18:56.998970Z","modified":"2024-10-14T19:18:57.227791Z"},{"id":"846bccb4-b177-4c17-8cc5-56769c1d4b60","name":"Crowdstrike WhisperGate January 2022","description":"Crowdstrike. (2022, January 19). Technical Analysis of the WhisperGate Malicious Bootloader. Retrieved March 10, 2022.","url":"https://www.crowdstrike.com/blog/technical-analysis-of-whispergate-malware","source":"MITRE","title":"Technical Analysis of the WhisperGate Malicious Bootloader","authors":"Crowdstrike","date_accessed":"2022-03-10T00:00:00Z","date_published":"2022-01-19T00:00:00Z","owner_name":null,"tidal_id":"3c4005d2-c861-5903-887e-2f781f5de8d1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439879Z"},{"id":"6e4b763e-b9a7-56b4-8d3c-2c080e852eea","name":"Zscaler XLoader 2025","description":"Zscaler Threatlabz. (2025, January 27). Technical Analysis of Xloader Versions 6 and 7 | Part 1. Retrieved March 11, 2025.","url":"https://www.zscaler.com/blogs/security-research/technical-analysis-xloader-versions-6-and-7-part-1","source":"MITRE","title":"Technical Analysis of Xloader Versions 6 and 7 | Part 1","authors":"Zscaler Threatlabz","date_accessed":"2025-03-11T00:00:00Z","date_published":"2025-01-27T00:00:00Z","owner_name":null,"tidal_id":"2f8f67db-3e75-5e4f-a57b-2706c0148faa","created":"2025-04-22T20:47:28.111354Z","modified":"2025-12-17T15:08:36.420728Z"},{"id":"a83353b6-1c8e-4fbe-a034-ff27cbd8f100","name":"MITRE-Engenuity May 3 2024","description":"Lex Crumpton. (2024, May 3). Technical Deep Dive Understanding the Anatomy of a Cyber Intrusion. Retrieved May 6, 2024.","url":"https://medium.com/mitre-engenuity/technical-deep-dive-understanding-the-anatomy-of-a-cyber-intrusion-080bddc679f3","source":"Tidal Cyber","title":"Technical Deep Dive Understanding the Anatomy of a Cyber Intrusion","authors":"Lex Crumpton","date_accessed":"2024-05-06T00:00:00Z","date_published":"2024-05-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bf671705-e867-5306-b01b-1ea9fc90e918","created":"2025-04-11T15:06:17.563441Z","modified":"2025-04-11T15:06:17.726476Z"},{"id":"73edb6d5-c035-54b4-9669-eae743ebe327","name":"TP-Link Quad 7 AUG 2025","description":"TP-Link . (2025, August 29). Technical News and Reports about Quad 7 (7777) Botnet aka CovertNetwork-1658. Retrieved October 10, 2025.","url":"https://www.tp-link.com/us/support/faq/4365/","source":"MITRE","title":"Technical News and Reports about Quad 7 (7777) Botnet aka CovertNetwork-1658","authors":"TP-Link","date_accessed":"2025-10-10T00:00:00Z","date_published":"2025-08-29T00:00:00Z","owner_name":null,"tidal_id":"6dbbf1ff-c75f-5eb7-870d-e55f866c9c89","created":"2025-10-29T21:08:48.167166Z","modified":"2025-12-17T15:08:36.439278Z"},{"id":"8cd7676a-bbef-4c31-8288-365837acf65d","name":"Apple TN2459 Kernel Extensions","description":"Apple. (2018, April 19). Technical Note TN2459: User-Approved Kernel Extension Loading. Retrieved June 30, 2020.","url":"https://developer.apple.com/library/archive/technotes/tn2459/_index.html","source":"MITRE","title":"Technical Note TN2459: User-Approved Kernel Extension Loading","authors":"Apple","date_accessed":"2020-06-30T00:00:00Z","date_published":"2018-04-19T00:00:00Z","owner_name":null,"tidal_id":"0c72066c-c5aa-512f-9f43-5e14ea5e6602","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441818Z"},{"id":"1dca5e73-0b6e-51cd-867c-927d081f228d","name":"fb_arid_viper","description":"Flossman, M., Scott, M. (2021, April). Technical Paper // Taking Action Against Arid Viper. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20231126111812/https:/about.fb.com/wp-content/uploads/2021/04/Technical-threat-report-Arid-Viper-April-2021.pdf","source":"MITRE","title":"Technical Paper // Taking Action Against Arid Viper","authors":"Flossman, M., Scott, M","date_accessed":"2024-11-17T00:00:00Z","date_published":"2021-04-01T00:00:00Z","owner_name":null,"tidal_id":"69387cf2-a3c1-56fc-a178-4c315337d729","created":"2024-04-25T13:28:44.951709Z","modified":"2025-12-17T15:08:36.439608Z"},{"id":"2e4a445f-b55c-4800-9d75-9d8fe20abc74","name":"GovCERT Carbon May 2016","description":"GovCERT. (2016, May 23). Technical Report about the Espionage Case at RUAG. Retrieved November 7, 2018.","url":"https://web.archive.org/web/20170718174931/https://www.melani.admin.ch/dam/melani/de/dokumente/2016/technical%20report%20ruag.pdf.download.pdf/Report_Ruag-Espionage-Case.pdf","source":"MITRE","title":"Technical Report about the Espionage Case at RUAG","authors":"GovCERT","date_accessed":"2018-11-07T00:00:00Z","date_published":"2016-05-23T00:00:00Z","owner_name":null,"tidal_id":"5e209db3-f232-5ba9-9e3d-eac089207881","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441275Z"},{"id":"3138f32c-f89c-439c-a8c5-2964c356308d","name":"Palo Alto Office Test Sofacy","description":"Falcone, R. (2016, July 20). Technical Walkthrough: Office Test Persistence Method Used In Recent Sofacy Attacks. Retrieved July 3, 2017.","url":"https://researchcenter.paloaltonetworks.com/2016/07/unit42-technical-walkthrough-office-test-persistence-method-used-in-recent-sofacy-attacks/","source":"MITRE","title":"Technical Walkthrough: Office Test Persistence Method Used In Recent Sofacy Attacks","authors":"Falcone, R","date_accessed":"2017-07-03T00:00:00Z","date_published":"2016-07-20T00:00:00Z","owner_name":null,"tidal_id":"b6ef04a3-1444-53eb-9621-36457e04ab37","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436247Z"},{"id":"a2d50199-6ff4-504b-8f26-9cca4c0eb46f","name":"polymorphic-linkedin","description":"Sherwin Akshay. (2024, May 28). Techniques for concealing malware and hindering analysis: Packing up and unpacking stuff. Retrieved September 27, 2024.","url":"https://www.linkedin.com/pulse/techniques-concealing-malware-hindering-analysis-packing-akshay-unijc","source":"MITRE","title":"Techniques for concealing malware and hindering analysis: Packing up and unpacking stuff","authors":"Sherwin Akshay","date_accessed":"2024-09-27T00:00:00Z","date_published":"2024-05-28T00:00:00Z","owner_name":null,"tidal_id":"8cb1c804-781c-5dee-872b-ac803f54008a","created":"2024-10-31T16:28:24.877011Z","modified":"2025-12-17T15:08:36.433830Z"},{"id":"e7329381-319e-4dcc-8187-92882e6f2e12","name":"te.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). te.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Te/","source":"Tidal Cyber","title":"te.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7830b7e4-264f-5ec3-96be-59fb5a14cfe9","created":"2024-01-12T14:47:30.961875Z","modified":"2024-01-12T14:47:31.154566Z"},{"id":"eb5c2951-b149-4e40-bc5f-b2630213eb8b","name":"ESET Telebots June 2017","description":"Cherepanov, A.. (2017, June 30). TeleBots are back: Supply chain attacks against Ukraine. Retrieved June 11, 2020.","url":"https://www.welivesecurity.com/2017/06/30/telebots-back-supply-chain-attacks-against-ukraine/","source":"MITRE","title":"TeleBots are back: Supply chain attacks against Ukraine","authors":"Cherepanov, A.","date_accessed":"2020-06-11T00:00:00Z","date_published":"2017-06-30T00:00:00Z","owner_name":null,"tidal_id":"5acfadde-98f5-5bf9-ba11-a74b4e53f1e3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418720Z"},{"id":"2624b235-c94f-414f-8728-4a4333ff45bf","name":"Telegram December 4 2024","description":"Telegram. (2024, December 4). Telegram – a new era of messaging. Retrieved December 12, 2024.","url":"https://telegram.org/","source":"Tidal Cyber","title":"Telegram – a new era of messaging","authors":"Telegram","date_accessed":"2024-12-12T00:00:00Z","date_published":"2024-12-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c9ef7f55-3037-5f11-9506-d66de2bcac73","created":"2025-04-11T15:06:03.554025Z","modified":"2025-04-11T15:06:03.722502Z"},{"id":"228b8384-1d68-4f17-bee3-fad4ef2fcc28","name":"Telegram GhostSec","description":"Telegram. (n.d.). Telegram Contact @GhostSecc. Retrieved December 12, 2024.","url":"https://t.me/GhostSecc","source":"Tidal Cyber","title":"Telegram Contact @GhostSecc","authors":"Telegram","date_accessed":"2024-12-12T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"7dbb894c-ca7d-58e9-b1e8-4a7152ef965a","created":"2025-04-11T15:06:00.911251Z","modified":"2025-04-11T15:06:01.082265Z"},{"id":"0613f947-1db6-5be2-b14e-d2d5cab80998","name":"TelephonyManager","description":"Android. (n.d.). TelephonyManager. Retrieved December","url":"https://developer.android.com/reference/android/telephony/TelephonyManager.html","source":"Mobile","title":"TelephonyManager","authors":"Android","date_accessed":"1978-12-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a829c3b9-0fe8-5e0f-b69c-eba53c70bcb5","created":"2026-01-28T13:08:10.046024Z","modified":"2026-01-28T13:08:10.046027Z"},{"id":"8c010c87-865b-4168-87a7-4a24db413def","name":"SANS Brian Wiltse Template Injection","description":"Wiltse, B.. (2018, November 7). Template Injection Attacks - Bypassing Security Controls by Living off the Land. Retrieved April 10, 2019.","url":"https://www.sans.org/reading-room/whitepapers/testing/template-injection-attacks-bypassing-security-controls-living-land-38780","source":"MITRE","title":"Template Injection Attacks - Bypassing Security Controls by Living off the Land","authors":"Wiltse, B.","date_accessed":"2019-04-10T00:00:00Z","date_published":"2018-11-07T00:00:00Z","owner_name":null,"tidal_id":"0ed0a5aa-a75f-5160-bb05-27587651493e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435357Z"},{"id":"d3740d23-1561-47c4-a6e5-df1b6277839e","name":"Amazon AWS Temporary Security Credentials","description":"Amazon. (n.d.). Temporary Security Credentials. Retrieved October 18, 2019.","url":"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html","source":"MITRE","title":"Temporary Security Credentials","authors":"Amazon","date_accessed":"2019-10-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"23b0501a-9e09-522c-8bc9-70e80547f040","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440988Z"},{"id":"7982b22d-0976-5f11-8cc6-b2408ed29af7","name":"JPCert Blog Laz Subgroups 2025","description":"佐々木勇人 Hayato Sasaki. (2025, March 25). Tempted to Classifying APT Actors: Practical Challenges of Attribution in the Case of Lazarus’s Subgroup. Retrieved August 25, 2025.","url":"https://blogs.jpcert.or.jp/en/2025/03/classifying-lazaruss-subgroup.html","source":"MITRE","title":"Tempted to Classifying APT Actors: Practical Challenges of Attribution in the Case of Lazarus’s Subgroup","authors":"佐々木勇人 Hayato Sasaki","date_accessed":"2025-08-25T00:00:00Z","date_published":"2025-03-25T00:00:00Z","owner_name":null,"tidal_id":"7b1660f6-f630-54c1-8cc8-499bfd94e493","created":"2025-10-29T21:08:48.166766Z","modified":"2025-12-17T15:08:36.437625Z"},{"id":"bc385280-c918-5fd1-81eb-f813426a5a49","name":"Datadog Contagious Interview Tenacious Pungsan October 2024","description":"Ian Kretz, Sebastian Obregoso, Datadog Security Research Team. (2024, October 24). Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview. Retrieved October 20, 2025.","url":"https://securitylabs.datadoghq.com/articles/tenacious-pungsan-dprk-threat-actor-contagious-interview/","source":"MITRE","title":"Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview","authors":"Ian Kretz, Sebastian Obregoso, Datadog Security Research Team","date_accessed":"2025-10-20T00:00:00Z","date_published":"2024-10-24T00:00:00Z","owner_name":null,"tidal_id":"b9fb0389-bbb7-5ced-9ca6-0b2db42bc8f4","created":"2025-10-29T21:08:48.167105Z","modified":"2025-12-17T15:08:36.439017Z"},{"id":"02c9100d-27eb-4f2f-b302-adf890055546","name":"Elastic Process Injection July 2017","description":"Hosseini, A. (2017, July 18). Ten Process Injection Techniques: A Technical Survey Of Common And Trending Process Injection Techniques. Retrieved December 7, 2017.","url":"https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process","source":"MITRE","title":"Ten Process Injection Techniques: A Technical Survey Of Common And Trending Process Injection Techniques","authors":"Hosseini, A","date_accessed":"2017-12-07T00:00:00Z","date_published":"2017-07-18T00:00:00Z","owner_name":null,"tidal_id":"49080368-e142-54c8-9383-a44d29fd4a11","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423555Z"},{"id":"06d4ce21-ef87-5977-80df-10bd36ae722e","name":"AWS Organizations","description":"AWS. (n.d.). Terminology and concepts for AWS Organizations. Retrieved September 25, 2024.","url":"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html","source":"MITRE","title":"Terminology and concepts for AWS Organizations","authors":"AWS","date_accessed":"2024-09-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"74db6fa6-9d36-5639-bb0f-08714ba84a22","created":"2024-10-31T16:28:16.341951Z","modified":"2025-12-17T15:08:36.424590Z"},{"id":"e854ae37-3137-4cdd-a464-7e2328b1246e","name":"DarkReading Termite Cleo December 10 2024","description":"Jai Vijayan. (2024, December 10). 'Termite' Ransomware Likely Behind Cleo Zero-Day Attacks. Retrieved December 17, 2024.","url":"https://www.darkreading.com/cyberattacks-data-breaches/termite-ransomware-behind-cleo-zero-day-attacks","source":"Tidal Cyber","title":"'Termite' Ransomware Likely Behind Cleo Zero-Day Attacks","authors":"Jai Vijayan","date_accessed":"2024-12-17T00:00:00Z","date_published":"2024-12-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2ba65a21-bcd9-5658-a548-a9cc4ec91f49","created":"2024-12-17T14:33:54.389372Z","modified":"2024-12-17T14:33:54.513323Z"},{"id":"f00a2f95-8406-566f-ab28-c005a3a1949e","name":"WhiteOps TERRACOTTA","description":"Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December","url":"https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study","source":"Mobile","title":"TERRACOTTA Android Malware: A Technical Study","authors":"Satori Threat Intelligence and Research Team","date_accessed":"1978-12-01T00:00:00Z","date_published":"2020-08-01T00:00:00Z","owner_name":null,"tidal_id":"292d0707-71f5-512b-afd2-4c92ae78da10","created":"2026-01-28T13:08:10.042077Z","modified":"2026-01-28T13:08:10.042080Z"},{"id":"0cc891bc-692c-4a52-9985-39ddb434294d","name":"TestWindowRemoteAgent.exe - LOLBAS Project","description":"LOLBAS. (2023, August 21). TestWindowRemoteAgent.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Testwindowremoteagent/","source":"Tidal Cyber","title":"TestWindowRemoteAgent.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2023-08-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"db579a85-2fab-5301-ac29-8c54171b2115","created":"2024-01-12T14:47:31.682002Z","modified":"2024-01-12T14:47:31.853306Z"},{"id":"932897a6-0fa4-5be3-bf0b-20d6ddad238e","name":"Sygnia Elephant Beetle Jan 2022","description":"Sygnia Incident Response Team. (2022, January 5). TG2003: ELEPHANT BEETLE UNCOVERING AN ORGANIZED FINANCIAL-THEFT OPERATION. Retrieved February 9, 2023.","url":"https://f.hubspotusercontent30.net/hubfs/8776530/Sygnia-%20Elephant%20Beetle_Jan2022.pdf?__hstc=147695848.3e8f1a482c8f8d4531507747318e660b.1680005306711.1680005306711.1680005306711.1&__hssc=147695848.1.1680005306711&__hsfp=3000179024&hsCtaTracking=189ec409-ae2d-4909-8bf1-62dcdd694372%7Cca91d317-8f10-4a38-9f80-367f551ad64d","source":"MITRE","title":"TG2003: ELEPHANT BEETLE UNCOVERING AN ORGANIZED FINANCIAL-THEFT OPERATION","authors":"Sygnia Incident Response Team","date_accessed":"2023-02-09T00:00:00Z","date_published":"2022-01-05T00:00:00Z","owner_name":null,"tidal_id":"577b030f-ab3d-5a64-8a2b-ada74f3f605d","created":"2023-11-07T00:36:14.481200Z","modified":"2025-12-17T15:08:36.433441Z"},{"id":"0d183112-77d9-472f-8b0e-5724e1bb4706","name":"Cloudflare February 5 2024","description":"Matthew Prince. (2024, February 1). Thanksgiving 2023 security incident. Retrieved February 5, 2024.","url":"https://blog.cloudflare.com/thanksgiving-2023-security-incident","source":"Tidal Cyber","title":"Thanksgiving 2023 security incident","authors":"Matthew Prince","date_accessed":"2024-02-05T00:00:00Z","date_published":"2024-02-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0262225e-24f6-59e1-b1db-fbe1a4a83b81","created":"2024-06-13T20:10:47.096334Z","modified":"2024-06-13T20:10:47.285538Z"},{"id":"7e82a1a4-fddb-4670-98a9-7e938cb48083","name":"F5 Labs June 1 2016","description":"Liron Segal. (2016, June 1). Thanks to Anonymous' Latest Toolset, Anyone Can Play the DDoS Game. Retrieved April 10, 2025.","url":"https://www.f5.com/labs/articles/threat-intelligence/thanks-to-anonymous-latest-toolset-anyone-can-play-the-ddos-game-22423","source":"Tidal Cyber","title":"Thanks to Anonymous' Latest Toolset, Anyone Can Play the DDoS Game","authors":"Liron Segal","date_accessed":"2025-04-10T00:00:00Z","date_published":"2016-06-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8d07391a-3c2d-5265-8cca-6e212ce24d80","created":"2025-04-11T15:33:25.105646Z","modified":"2025-04-11T15:33:25.285083Z"},{"id":"30ab5d35-db9b-401f-89cb-73f2c7fea060","name":"Domain_Steal_CC","description":"Krebs, B. (2018, November 13). That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards. Retrieved September 20, 2019.","url":"https://krebsonsecurity.com/2018/11/that-domain-you-forgot-to-renew-yeah-its-now-stealing-credit-cards/","source":"MITRE","title":"That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards","authors":"Krebs, B","date_accessed":"2019-09-20T00:00:00Z","date_published":"2018-11-13T00:00:00Z","owner_name":null,"tidal_id":"4ed0b05c-d908-528e-889d-8a6af3b99786","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428453Z"},{"id":"d8c93272-00f8-4dc4-b4cd-03246fc0fc23","name":"Kali Hydra","description":"Kali. (2014, February 18). THC-Hydra. Retrieved November 2, 2017.","url":"https://tools.kali.org/password-attacks/hydra","source":"MITRE","title":"THC-Hydra","authors":"Kali","date_accessed":"2017-11-02T00:00:00Z","date_published":"2014-02-18T00:00:00Z","owner_name":null,"tidal_id":"72eae3ee-3b40-5944-8ed0-05ff7ecb8b75","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441430Z"},{"id":"ffd1cfdf-1dfa-5674-87de-b48e21274d0b","name":"Check Point Medusa Ransomware April 2025","description":"Check Point. (2025, April 16). The 2025 Ransomware Surge: Context for Medusa’s Rise. Retrieved October 15, 2025.","url":"https://www.checkpoint.com/cyber-hub/threat-prevention/ransomware/medusa-ransomware-group/","source":"MITRE","title":"The 2025 Ransomware Surge: Context for Medusa’s Rise","authors":"Check Point","date_accessed":"2025-10-15T00:00:00Z","date_published":"2025-04-16T00:00:00Z","owner_name":null,"tidal_id":"410187a3-3e23-5c3a-9d63-efa91076cfd8","created":"2025-10-29T21:08:48.167725Z","modified":"2025-12-17T15:08:36.441448Z"},{"id":"f29ed400-2986-4b2c-9b8a-7dde37562d22","name":"Adventures of a Keystroke","description":"Tinaztepe, E. (n.d.). The Adventures of a Keystroke: An in-depth look into keyloggers on Windows. Retrieved April 27, 2016.","url":"http://opensecuritytraining.info/Keylogging_files/The%20Adventures%20of%20a%20Keystroke.pdf","source":"MITRE","title":"The Adventures of a Keystroke: An in-depth look into keyloggers on Windows","authors":"Tinaztepe, E","date_accessed":"2016-04-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9a8d54f8-4adf-5042-aa13-5d9e8ce33b9f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424297Z"},{"id":"924efb81-e7a7-5fee-be0b-0a2830e04dbc","name":"Sygnia Abyss Locker 2025","description":"Abigail See, Zhongyuan (Aaron) Hau, Ren Jie Yow, Yoav Mazor, Omer Kidron, and Oren Biderman. (2025, February 4). The Anatomy of Abyss Locker Ransomware Attack. Retrieved April 4, 2025.","url":"https://www.sygnia.co/blog/abyss-locker-ransomware-attack-analysis/","source":"MITRE","title":"The Anatomy of Abyss Locker Ransomware Attack","authors":"Abigail See, Zhongyuan (Aaron) Hau, Ren Jie Yow, Yoav Mazor, Omer Kidron, and Oren Biderman","date_accessed":"2025-04-04T00:00:00Z","date_published":"2025-02-04T00:00:00Z","owner_name":null,"tidal_id":"0dec7d09-27b8-509f-94f7-04acad67538d","created":"2025-04-22T20:47:11.593894Z","modified":"2025-12-17T15:08:36.426905Z"},{"id":"61ecd0b4-6cac-4d9f-8e8c-3d488fef6fec","name":"ThreatConnect Anthem","description":"ThreatConnect Research Team. (2015, February 27). The Anthem Hack: All Roads Lead to China. Retrieved January 26, 2016.","url":"https://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/","source":"MITRE, Tidal Cyber","title":"The Anthem Hack: All Roads Lead to China","authors":"ThreatConnect Research Team","date_accessed":"2016-01-26T00:00:00Z","date_published":"2015-02-27T00:00:00Z","owner_name":null,"tidal_id":"3958eb11-fc11-5563-ae25-3859b8042c4a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.260860Z"},{"id":"60a5ee63-3d98-466a-8037-4a1edfcdef8c","name":"Talos Cobalt Strike September 2020","description":"Mavis, N. (2020, September 21). The Art and Science of Detecting Cobalt Strike. Retrieved September 12, 2024.","url":"https://web.archive.org/web/20210219195905/https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf","source":"MITRE","title":"The Art and Science of Detecting Cobalt Strike","authors":"Mavis, N","date_accessed":"2024-09-12T00:00:00Z","date_published":"2020-09-21T00:00:00Z","owner_name":null,"tidal_id":"0e1012c4-b3f7-557b-878f-4b924950c0f7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439659Z"},{"id":"3684bacb-24cb-4467-b463-d0d3f5075c5c","name":"wardle chp2 persistence","description":"Patrick Wardle. (2022, January 1). The Art of Mac Malware Volume 0x1:Analysis. Retrieved April 19, 2022.","url":"https://taomm.org/PDFs/vol1/CH%200x02%20Persistence.pdf","source":"MITRE","title":"The Art of Mac Malware Volume 0x1:Analysis","authors":"Patrick Wardle","date_accessed":"2022-04-19T00:00:00Z","date_published":"2022-01-01T00:00:00Z","owner_name":null,"tidal_id":"1030ed64-710d-5892-bae7-e4bce7677f47","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431570Z"},{"id":"53d0279e-4f30-4bbe-a9c7-90e36cd81570","name":"wardle artofmalware volume1","description":"Patrick Wardle. (2020, August 5). The Art of Mac Malware Volume 0x1: Analysis. Retrieved March 19, 2021.","url":"https://taomm.org/vol1/pdfs.html","source":"MITRE","title":"The Art of Mac Malware Volume 0x1: Analysis","authors":"Patrick Wardle","date_accessed":"2021-03-19T00:00:00Z","date_published":"2020-08-05T00:00:00Z","owner_name":null,"tidal_id":"bdaa566e-507f-5687-bae8-0c4e6eb71cdd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430663Z"},{"id":"054404b7-48a6-4578-9828-9f1e8e21d2df","name":"ArtOfMemoryForensics","description":"Ligh, M.H. et al.. (2014, July). The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory. Retrieved December 20, 2017.","url":"","source":"MITRE","title":"The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory","authors":"Ligh, M.H. et al.","date_accessed":"2017-12-20T00:00:00Z","date_published":"2014-07-01T00:00:00Z","owner_name":null,"tidal_id":"e58223c0-8f47-564c-9716-b3a5546b8907","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428656Z"},{"id":"44c10623-557f-445d-8b88-6006af13c54d","name":"STIG Audit Kernel Modules","description":"Unified Compliance Framework. (2016, December 20). The audit system must be configured to audit the loading and unloading of dynamic kernel modules.. Retrieved September 28, 2021.","url":"https://www.stigviewer.com/stig/oracle_linux_5/2016-12-20/finding/V-22383","source":"MITRE","title":"The audit system must be configured to audit the loading and unloading of dynamic kernel modules.","authors":"Unified Compliance Framework","date_accessed":"2021-09-28T00:00:00Z","date_published":"2016-12-20T00:00:00Z","owner_name":null,"tidal_id":"02015d23-1692-51f6-b1e3-39c042ca7715","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437178Z"},{"id":"356defac-b976-41c1-aac8-5d6ff0c80e28","name":"Medium Metamorfo Apr 2020","description":"Erlich, C. (2020, April 3). The Avast Abuser: Metamorfo Banking Malware Hides By Abusing Avast Executable. Retrieved May 26, 2020.","url":"https://medium.com/@chenerlich/the-avast-abuser-metamorfo-banking-malware-hides-by-abusing-avast-executable-ac9b8b392767","source":"MITRE","title":"The Avast Abuser: Metamorfo Banking Malware Hides By Abusing Avast Executable","authors":"Erlich, C","date_accessed":"2020-05-26T00:00:00Z","date_published":"2020-04-03T00:00:00Z","owner_name":null,"tidal_id":"45fa038f-a1e5-589d-a241-3262771630cf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419904Z"},{"id":"300bf6cb-582b-4e15-8cca-cb68c8856e6f","name":"Microsoft Security Blog February 12 2025","description":"Microsoft Threat Intelligence. (2025, February 12). The BadPilot campaign Seashell Blizzard subgroup conducts multiyear global access operation . Retrieved February 21, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation/","source":"Tidal Cyber","title":"The BadPilot campaign Seashell Blizzard subgroup conducts multiyear global access operation","authors":"Microsoft Threat Intelligence","date_accessed":"2025-02-21T00:00:00Z","date_published":"2025-02-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d3f01360-ba75-5d12-8f1a-ebbe4fecac71","created":"2025-03-04T15:54:56.360105Z","modified":"2025-03-04T15:54:56.507694Z"},{"id":"6c6201d4-8d23-5600-a4c3-19fe9f958093","name":"The BadPilot campaign","description":"Microsoft Threat Intelligence. (2025, February 12). The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation. Retrieved June 18, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation/?ref=thestack.technology","source":"MITRE","title":"The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation","authors":"Microsoft Threat Intelligence","date_accessed":"2025-06-18T00:00:00Z","date_published":"2025-02-12T00:00:00Z","owner_name":null,"tidal_id":"81bf3175-0bb6-55f2-8173-7adb60280d51","created":"2025-10-29T21:08:48.165424Z","modified":"2025-12-17T15:08:36.425069Z"},{"id":"06b6cbe3-8e35-4594-b36f-76b503c11520","name":"Gigamon Berserk Bear October 2021","description":"Slowik, J. (2021, October). THE BAFFLING BERSERK BEAR: A DECADE’S ACTIVITY TARGETING CRITICAL INFRASTRUCTURE. Retrieved December 6, 2021.","url":"https://vblocalhost.com/uploads/VB2021-Slowik.pdf","source":"MITRE","title":"THE BAFFLING BERSERK BEAR: A DECADE’S ACTIVITY TARGETING CRITICAL INFRASTRUCTURE","authors":"Slowik, J","date_accessed":"2021-12-06T00:00:00Z","date_published":"2021-10-01T00:00:00Z","owner_name":null,"tidal_id":"8c7d62f5-ebdf-562f-a4c1-7f6da55c67c3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416745Z"},{"id":"4824dfdf-8dbb-4b98-afcc-4a703c31fbda","name":"Kaspersky Emotet Jan 2019","description":"Shulmin, A. . (2015, April 9). The Banking Trojan Emotet: Detailed Analysis. Retrieved March 25, 2019.","url":"https://securelist.com/the-banking-trojan-emotet-detailed-analysis/69560/","source":"MITRE","title":"The Banking Trojan Emotet: Detailed Analysis","authors":"Shulmin, A.","date_accessed":"2019-03-25T00:00:00Z","date_published":"2015-04-09T00:00:00Z","owner_name":null,"tidal_id":"fe84d8bf-d317-54cc-87dd-eb38ecdb84cc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417717Z"},{"id":"3689def4-9eb1-4e74-b7f0-c2873252eb25","name":"CloudSEK March 21 2025","description":"CloudSEK TRIAD. (2025, March 21). The Biggest Supply Chain Hack Of 2025 6M Records Exfiltrated from Oracle Cloud affecting over 140k Tenants . Retrieved March 31, 2025.","url":"https://www.cloudsek.com/blog/the-biggest-supply-chain-hack-of-2025-6m-records-for-sale-exfiltrated-from-oracle-cloud-affecting-over-140k-tenants","source":"Tidal Cyber","title":"The Biggest Supply Chain Hack Of 2025 6M Records Exfiltrated from Oracle Cloud affecting over 140k Tenants","authors":"CloudSEK TRIAD","date_accessed":"2025-03-31T00:00:00Z","date_published":"2025-03-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0c751ff7-7085-5643-b92c-6e9f777447a3","created":"2025-03-31T15:01:18.098289Z","modified":"2025-03-31T15:01:18.296172Z"},{"id":"0b7745ce-04c0-41d9-a440-df9084a45d09","name":"Symantec Black Vine","description":"DiMaggio, J.. (2015, August 6). The Black Vine cyberespionage group. Retrieved January 26, 2016.","url":"https://web.archive.org/web/20170823094836/http:/www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-black-vine-cyberespionage-group.pdf","source":"MITRE, Tidal Cyber","title":"The Black Vine cyberespionage group","authors":"DiMaggio, J.","date_accessed":"2016-01-26T00:00:00Z","date_published":"2015-08-06T00:00:00Z","owner_name":null,"tidal_id":"285daf31-9db8-5787-85b8-50b511612f10","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.263070Z"},{"id":"6b0dd676-3ea5-4b56-a27b-b1685787de02","name":"Group IB GrimAgent July 2021","description":"Priego, A. (2021, July). THE BROTHERS GRIM: THE REVERSING TALE OF GRIMAGENT MALWARE USED BY RYUK. Retrieved September 19, 2024.","url":"https://www.group-ib.com/blog/grimagent/","source":"MITRE","title":"THE BROTHERS GRIM: THE REVERSING TALE OF GRIMAGENT MALWARE USED BY RYUK","authors":"Priego, A","date_accessed":"2024-09-19T00:00:00Z","date_published":"2021-07-01T00:00:00Z","owner_name":null,"tidal_id":"024f448c-641a-52a2-b177-1bfae8ecd1f1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421527Z"},{"id":"eb947d49-26f4-4104-8296-1552a273c9c3","name":"RSA Carbanak November 2017","description":"RSA. (2017, November 21). THE CARBANAK/FIN7 SYNDICATE A HISTORICAL OVERVIEW OF AN EVOLVING THREAT. Retrieved July 29, 2020.","url":"https://www.rsa.com/content/dam/en/white-paper/the-carbanak-fin7-syndicate.pdf","source":"MITRE","title":"THE CARBANAK/FIN7 SYNDICATE A HISTORICAL OVERVIEW OF AN EVOLVING THREAT","authors":"RSA","date_accessed":"2020-07-29T00:00:00Z","date_published":"2017-11-21T00:00:00Z","owner_name":null,"tidal_id":"2d00cd3d-2024-50d3-8bf8-336fdd37a337","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421410Z"},{"id":"f912ece4-8fa1-42f7-94e6-5e136210cc2c","name":"Medium Cargills Bank Hunters International April 4 2025","description":"Chanidu Madalagama. (2025, April 4). The Cargills Bank Data Leak: Uncovering Sri Lanka’s Largest Breach and the Silence Surrounding It. Retrieved January 16, 2026.","url":"https://chanidumadalagama.medium.com/the-cargills-bank-data-leak-uncovering-sri-lankas-largest-breach-and-the-silence-surrounding-it-aefee619b0e6","source":"Tidal Cyber","title":"The Cargills Bank Data Leak: Uncovering Sri Lanka’s Largest Breach and the Silence Surrounding It","authors":"Chanidu Madalagama","date_accessed":"2026-01-16T12:00:00Z","date_published":"2025-04-04T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"40a41b0b-374a-5af2-a97a-6fc6522df70a","created":"2026-01-23T20:29:35.956451Z","modified":"2026-01-23T20:29:36.139630Z"},{"id":"d7594fb4-e544-491b-a406-228a5c7884a9","name":"Picus Emotet Dec 2018","description":"Özarslan, S. (2018, December 21). The Christmas Card you never wanted - A new wave of Emotet is back to wreak havoc. Retrieved March 25, 2019.","url":"https://www.picussecurity.com/blog/the-christmas-card-you-never-wanted-a-new-wave-of-emotet-is-back-to-wreak-havoc.html","source":"MITRE","title":"The Christmas Card you never wanted - A new wave of Emotet is back to wreak havoc","authors":"Özarslan, S","date_accessed":"2019-03-25T00:00:00Z","date_published":"2018-12-21T00:00:00Z","owner_name":null,"tidal_id":"c6b09f23-87b5-5e3d-a32b-4dfacb4af0e0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417702Z"},{"id":"5f6752a7-50a9-4202-b69b-c5f9d24b86de","name":"Medium Ali Salem Bumblebee April 2022","description":"Salem, A. (2022, April 27). The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection. Retrieved September 2, 2022.","url":"https://elis531989.medium.com/the-chronicles-of-bumblebee-the-hook-the-bee-and-the-trickbot-connection-686379311056","source":"MITRE","title":"The chronicles of Bumblebee: The Hook, the Bee, and the Trickbot connection","authors":"Salem, A","date_accessed":"2022-09-02T00:00:00Z","date_published":"2022-04-27T00:00:00Z","owner_name":null,"tidal_id":"64270c87-fd10-52b0-8895-d7308d0205ab","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441123Z"},{"id":"564931cf-a3e1-488f-bc90-be37c448f3b3","name":"Avira XWorm April 2023","description":"Gurumoorthi Ramanathan. (2023, April 25). The Claws of Evilcode Gauntlet – XWorm RAT  . Retrieved May 10, 2023.","url":"https://www.avira.com/en/blog/the-claws-of-evilcode-gauntlet-xworm-rat","source":"Tidal Cyber","title":"The Claws of Evilcode Gauntlet – XWorm RAT","authors":"Gurumoorthi Ramanathan","date_accessed":"2023-05-10T00:00:00Z","date_published":"2023-04-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7d6aed0e-b6b1-52f0-b65f-6c4630faa525","created":"2024-06-13T20:10:20.693812Z","modified":"2024-06-13T20:10:20.895790Z"},{"id":"898df7c7-4f19-40cb-a216-7b0f6c6155b3","name":"MSDN COM Elevation","description":"Microsoft. (n.d.). The COM Elevation Moniker. Retrieved July 26, 2016.","url":"https://msdn.microsoft.com/en-us/library/ms679687.aspx","source":"MITRE","title":"The COM Elevation Moniker","authors":"Microsoft","date_accessed":"2016-07-26T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"92da53f2-9d3b-557f-8b45-9763f4cd3979","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425240Z"},{"id":"e1bb3872-7748-4e64-818f-6187a20d59f0","name":"Microsoft Component Object Model","description":"Microsoft. (n.d.). The Component Object Model. Retrieved August 18, 2016.","url":"https://msdn.microsoft.com/library/ms694363.aspx","source":"MITRE","title":"The Component Object Model","authors":"Microsoft","date_accessed":"2016-08-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"bc2de1b4-28f1-5d1e-a81c-7280b53d58a3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432875Z"},{"id":"2dca2274-5f25-475a-b87d-97f3e3a525de","name":"SANS Conficker","description":"Burton, K. (n.d.). The Conficker Worm. Retrieved February 18, 2021.","url":"https://web.archive.org/web/20200125132645/https://www.sans.org/security-resources/malwarefaq/conficker-worm","source":"MITRE","title":"The Conficker Worm","authors":"Burton, K","date_accessed":"2021-02-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3f0607a3-7ebe-5322-b13e-eb16269e1850","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418785Z"},{"id":"83fb92d8-1245-5d68-b9f2-0915c10401c6","name":"Trellix Darkgate 2023","description":"Ernesto Fernández Provecho, Pham Duy Phuc, Ciana Driscoll & Vinoo Thomas. (2023, November 21). The Continued Evolution of the DarkGate Malware-as-a-Service. Retrieved February 9, 2024.","url":"https://www.trellix.com/blogs/research/the-continued-evolution-of-the-darkgate-malware-as-a-service/","source":"MITRE","title":"The Continued Evolution of the DarkGate Malware-as-a-Service","authors":"Ernesto Fernández Provecho, Pham Duy Phuc, Ciana Driscoll & Vinoo Thomas","date_accessed":"2024-02-09T00:00:00Z","date_published":"2023-11-21T00:00:00Z","owner_name":null,"tidal_id":"50caca62-b4f1-5d65-b09c-24b097b7be9f","created":"2024-04-25T13:28:48.080849Z","modified":"2025-12-17T15:08:36.419429Z"},{"id":"878e0382-4191-4bca-8adc-c379b0d57ba8","name":"Symantec DDoS October 2014","description":"Wueest, C.. (2014, October 21). The continued rise of DDoS attacks. Retrieved April 24, 2019.","url":"https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-continued-rise-of-ddos-attacks.pdf","source":"MITRE","title":"The continued rise of DDoS attacks","authors":"Wueest, C.","date_accessed":"2019-04-24T00:00:00Z","date_published":"2014-10-21T00:00:00Z","owner_name":null,"tidal_id":"d1d40338-01df-5d9c-ab48-a27020c5d4cf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434521Z"},{"id":"236294a2-55e6-5a05-bae8-09c46e6065b6","name":"LinkedIn Dmitry LightSpy 2025","description":"Dmitry Bestuzhev. (2025, April 7). The Coordinated Kill Switch: LightSpy's iOS Destructive Plugin Architecture Manages Device Disablement. Retrieved April","url":"https://www.linkedin.com/pulse/coordinated-kill-switch-lightspys-ios-destructive-plugin-bestuzhev-zhoye/","source":"Mobile","title":"The Coordinated Kill Switch: LightSpy's iOS Destructive Plugin Architecture Manages Device Disablement","authors":"Dmitry Bestuzhev","date_accessed":"1978-04-01T00:00:00Z","date_published":"2025-04-07T00:00:00Z","owner_name":null,"tidal_id":"8a770a04-40d4-5f09-a322-4ec7e9ffd2a9","created":"2026-01-28T13:08:10.046890Z","modified":"2026-01-28T13:08:10.046893Z"},{"id":"93a23447-641c-4ee2-9fbd-64b2adea8a5f","name":"BlackBerry CostaRicto November 2020","description":"The BlackBerry Research and Intelligence Team. (2020, November 12). The CostaRicto Campaign: Cyber-Espionage Outsourced. Retrieved May 24, 2021.","url":"https://blogs.blackberry.com/en/2020/11/the-costaricto-campaign-cyber-espionage-outsourced","source":"MITRE","title":"The CostaRicto Campaign: Cyber-Espionage Outsourced","authors":"The BlackBerry Research and Intelligence Team","date_accessed":"2021-05-24T00:00:00Z","date_published":"2020-11-12T00:00:00Z","owner_name":null,"tidal_id":"469534e9-5073-5f6a-b26f-644069ed563c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417059Z"},{"id":"4feebcde-4471-4275-80b1-0a9ade1745a5","name":"Google Cloud June 4 2025","description":"Google Threat Intelligence Group. (2025, June 4). The Cost of a Call From Voice Phishing to Data Extortion . Retrieved June 8, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion","source":"Tidal Cyber","title":"The Cost of a Call From Voice Phishing to Data Extortion","authors":"Google Threat Intelligence Group","date_accessed":"2025-06-08T00:00:00Z","date_published":"2025-06-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"937fa0c2-68a0-56f0-b8e6-2db25829ce25","created":"2025-06-10T15:50:20.702610Z","modified":"2025-06-10T15:50:20.945334Z"},{"id":"4f9aec3c-28be-5b81-b78b-0fda0d3b214d","name":"Google Salesforce JUN 2025","description":"Google Threat Intelligence Group. (2025, June 4). The Cost of a Call: From Voice Phishing to Data Extortion. Retrieved October 22, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion","source":"MITRE","title":"The Cost of a Call: From Voice Phishing to Data Extortion","authors":"Google Threat Intelligence Group","date_accessed":"2025-10-22T00:00:00Z","date_published":"2025-06-04T00:00:00Z","owner_name":null,"tidal_id":"0e15fdb1-a2a0-5c11-a007-76633cd291b4","created":"2025-10-29T21:08:48.167196Z","modified":"2025-12-17T15:08:36.439291Z"},{"id":"2d5f20a7-9086-4c32-9e13-000f310b45d7","name":"Huntress October 08 2025","description":"None identified. (2025, October 8). The Crown Prince, Nezha: A New Tool Favored by China-Nexus Threat Actors | Huntress. Retrieved October 10, 2025.","url":"https://www.huntress.com/blog/nezha-china-nexus-threat-actor-tool","source":"Tidal Cyber","title":"The Crown Prince, Nezha: A New Tool Favored by China-Nexus Threat Actors | Huntress","authors":"None identified","date_accessed":"2025-10-10T12:00:00Z","date_published":"2025-10-08T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d2a6c2a1-96c4-5048-a9dd-5e6442523fbf","created":"2025-10-13T17:28:45.667562Z","modified":"2025-10-13T17:28:45.801918Z"},{"id":"f6612b6c-6bed-474f-9ff3-ae3024d099c2","name":"SpyCloud Phemedrone September 6 2024","description":"James. (2024, September 6). The Curious Case of an Open Source Stealer: Phemedrone. Retrieved October 10, 2024.","url":"https://spycloud.com/blog/phemedrone-stealer/","source":"Tidal Cyber","title":"The Curious Case of an Open Source Stealer: Phemedrone","authors":"James","date_accessed":"2024-10-10T00:00:00Z","date_published":"2024-09-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c9ab906b-e51c-558e-b34b-f5034603e887","created":"2024-10-14T19:18:50.049968Z","modified":"2024-10-14T19:18:50.254832Z"},{"id":"90d608b9-ddbf-5476-bce1-85e8466aca47","name":"Invictus IR DangerDev 2024","description":"Invictus Incident Response. (2024, January 31). The curious case of DangerDev@protonmail.me. Retrieved March 19, 2024.","url":"https://www.invictus-ir.com/news/the-curious-case-of-dangerdev-protonmail-me","source":"MITRE","title":"The curious case of DangerDev@protonmail.me","authors":"Invictus Incident Response","date_accessed":"2024-03-19T00:00:00Z","date_published":"2024-01-31T00:00:00Z","owner_name":null,"tidal_id":"b07ec41d-8b69-5811-a858-a67b460a5791","created":"2024-04-25T13:28:32.035733Z","modified":"2025-12-17T15:08:36.426953Z"},{"id":"803a084a-0468-4c43-9843-a0b5652acdba","name":"Www.invictus-ir.com 1 31 2024","description":"Www.invictus-ir.com. (2024, January 31). The curious case of DangerDev@protonmail.me. Retrieved April 17, 2024.","url":"https://www.invictus-ir.com/news/the-curious-case-of-dangerdev-protonmail-me","source":"Tidal Cyber","title":"The curious case of DangerDev@protonmail.me","authors":"Www.invictus-ir.com","date_accessed":"2024-04-17T00:00:00Z","date_published":"2024-01-31T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"51ebad7d-7013-5a4b-8d59-88bcc8bb1275","created":"2024-06-13T20:10:56.362602Z","modified":"2024-06-13T20:10:56.551562Z"},{"id":"b0fbe842-f042-47a6-945c-445658b9347f","name":"www.invictus-ir.com 1 31 2024","description":"Www.invictus-ir.com. (2024, January 31). The curious case of DangerDev@protonmail.me. Retrieved April 17, 2024.","url":"https://www.invictus-ir.com/news/the-curious-case-of-dangerdev-protonmail-me","source":"Tidal Cyber","title":"The curious case of DangerDev@protonmail.me","authors":"Www.invictus-ir.com","date_accessed":"2024-04-17T12:00:00Z","date_published":"2024-01-31T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b78428c6-eee3-5bc1-ad7a-e4d25273aa9a","created":"2026-01-23T20:29:32.093125Z","modified":"2026-01-23T20:29:32.294455Z"},{"id":"754c9276-ef05-4d05-956f-75866090aa78","name":"SecureWorks Mia Ash July 2017","description":"Counter Threat Unit Research Team. (2017, July 27). The Curious Case of Mia Ash: Fake Persona Lures Middle Eastern Targets. Retrieved February 26, 2018.","url":"https://www.secureworks.com/research/the-curious-case-of-mia-ash","source":"MITRE","title":"The Curious Case of Mia Ash: Fake Persona Lures Middle Eastern Targets","authors":"Counter Threat Unit Research Team","date_accessed":"2018-02-26T00:00:00Z","date_published":"2017-07-27T00:00:00Z","owner_name":null,"tidal_id":"c87470d0-396a-5bb6-b9cf-518788a02d5a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442771Z"},{"id":"97fe7237-2dbf-560c-9ee8-4b2ceeb2f5ef","name":"Medium 777-Botnet","description":"Gi7w0rm. (2023, October 19). The curious case of the 7777-Botnet. Retrieved June 5, 2025.","url":"https://gi7w0rm.medium.com/the-curious-case-of-the-7777-botnet-86e3464c3ffd","source":"MITRE","title":"The curious case of the 7777-Botnet","authors":"Gi7w0rm","date_accessed":"2025-06-05T00:00:00Z","date_published":"2023-10-19T00:00:00Z","owner_name":null,"tidal_id":"05dadc4c-5785-558a-ae02-8d121ba9205d","created":"2025-10-29T21:08:48.167149Z","modified":"2025-12-17T15:08:36.439271Z"},{"id":"cbb79c3c-1e2c-42ac-8183-9566ccde0cd6","name":"Trustwave IIS Module 2013","description":"Grunzweig, J. (2013, December 9). The Curious Case of the Malicious IIS Module. Retrieved June 3, 2021.","url":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-curious-case-of-the-malicious-iis-module/","source":"MITRE","title":"The Curious Case of the Malicious IIS Module","authors":"Grunzweig, J","date_accessed":"2021-06-03T00:00:00Z","date_published":"2013-12-09T00:00:00Z","owner_name":null,"tidal_id":"7d81ef88-d084-5103-ab1b-aab853eb5d60","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433710Z"},{"id":"7c237b73-233f-4fe3-b4a6-ce523fd82853","name":"CloudSploit - Unused AWS Regions","description":"CloudSploit. (2019, June 8). The Danger of Unused AWS Regions. Retrieved October 8, 2019.","url":"https://medium.com/cloudsploit/the-danger-of-unused-aws-regions-af0bf1b878fc","source":"MITRE","title":"The Danger of Unused AWS Regions","authors":"CloudSploit","date_accessed":"2019-10-08T00:00:00Z","date_published":"2019-06-08T00:00:00Z","owner_name":null,"tidal_id":"f1a65bdf-de36-5107-8cec-34326d0d12e6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430076Z"},{"id":"14473272-5941-4ebb-8ea7-5521f6a9a283","name":"Huntress September 15 2025","description":"None Identified. (2025, September 15). The Dangers of Storing Unencrypted Passwords | Huntress. Retrieved December 15, 2025.","url":"https://www.huntress.com/blog/dangers-of-storing-unencrypted-passwords","source":"Tidal Cyber","title":"The Dangers of Storing Unencrypted Passwords | Huntress","authors":"None Identified","date_accessed":"2025-12-15T12:00:00Z","date_published":"2025-09-15T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6d2cd3a4-5bfa-536f-b99b-b83080e55304","created":"2025-12-17T14:17:42.115195Z","modified":"2025-12-17T14:17:42.292552Z"},{"id":"e58b4e78-d858-4b28-8d06-2fb467b26337","name":"Dormann Dangers of VHD 2019","description":"Dormann, W. (2019, September 4). The Dangers of VHD and VHDX Files. Retrieved March 16, 2021.","url":"https://insights.sei.cmu.edu/cert/2019/09/the-dangers-of-vhd-and-vhdx-files.html","source":"MITRE","title":"The Dangers of VHD and VHDX Files","authors":"Dormann, W","date_accessed":"2021-03-16T00:00:00Z","date_published":"2019-09-04T00:00:00Z","owner_name":null,"tidal_id":"77098873-ae22-53cb-b8d1-07b8834a1a92","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442850Z"},{"id":"3247c03a-a57c-4945-9b85-72a70719e1cd","name":"Kaspersky Darkhotel","description":"Kaspersky Lab's Global Research and Analysis Team. (2014, November). The Darkhotel APT A Story of Unusual Hospitality. Retrieved November 12, 2014.","url":"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08070903/darkhotel_kl_07.11.pdf","source":"MITRE, Tidal Cyber","title":"The Darkhotel APT A Story of Unusual Hospitality","authors":"Kaspersky Lab's Global Research and Analysis Team","date_accessed":"2014-11-12T00:00:00Z","date_published":"2014-11-01T00:00:00Z","owner_name":null,"tidal_id":"3f658ed0-d5ce-58a0-be8e-3bb09cf8474f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.278543Z"},{"id":"0e25bf8b-3c9e-4661-a9fd-79b2ad3b8dd2","name":"ESET ForSSHe December 2018","description":"Dumont, R., M.Léveillé, M., Porcher, H. (2018, December 1). THE DARK SIDE OF THE FORSSHE A landscape of OpenSSH backdoors. Retrieved July 16, 2020.","url":"https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf","source":"MITRE","title":"THE DARK SIDE OF THE FORSSHE A landscape of OpenSSH backdoors","authors":"Dumont, R., M.Léveillé, M., Porcher, H","date_accessed":"2020-07-16T00:00:00Z","date_published":"2018-12-01T00:00:00Z","owner_name":null,"tidal_id":"951c9f82-6f51-5793-af60-e401bcd806a2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418335Z"},{"id":"55522504-0d48-5854-933e-e9654d081cbb","name":"Push notifications - viruspositive","description":"Gaurav Sethi. (2021, December 14). The Dark Side of Web Push Notifications. Retrieved March 14, 2025.","url":"https://viruspositive.com/resources/blogs/the-dark-side-of-web-push-notifications","source":"MITRE","title":"The Dark Side of Web Push Notifications","authors":"Gaurav Sethi","date_accessed":"2025-03-14T00:00:00Z","date_published":"2021-12-14T00:00:00Z","owner_name":null,"tidal_id":"70e38ae1-ccd5-5b07-89ea-a98a50e27804","created":"2025-04-22T20:47:19.830113Z","modified":"2025-12-17T15:08:36.435296Z"},{"id":"17ebabfb-6399-4b5f-8274-b34045e2d51a","name":"Zscaler 2 12 2024","description":"Nikolaos Pantazopoulos. (2024, February 12). The (D)Evolution of Pikabot. Retrieved March 12, 2024.","url":"https://www.zscaler.com/blogs/security-research/d-evolution-pikabot","source":"Tidal Cyber","title":"The (D)Evolution of Pikabot","authors":"Nikolaos Pantazopoulos","date_accessed":"2024-03-12T00:00:00Z","date_published":"2024-02-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a4c6b91a-c1ec-5463-a71c-c6e2138376ca","created":"2024-03-14T16:06:28.801719Z","modified":"2024-03-14T16:06:29.326718Z"},{"id":"9c1edd25-0fd0-5b5d-8091-68074da52593","name":"Zscaler Pikabot 2024","description":"Nikolaos Pantazopoulos. (2024, February 12). The (D)Evolution of Pikabot. Retrieved July 17, 2024.","url":"https://www.zscaler.com/blogs/security-research/d-evolution-pikabot","source":"MITRE","title":"The (D)Evolution of Pikabot","authors":"Nikolaos Pantazopoulos","date_accessed":"2024-07-17T00:00:00Z","date_published":"2024-02-12T00:00:00Z","owner_name":null,"tidal_id":"d47fc264-7916-5190-92ab-d62770f91a87","created":"2024-10-31T16:28:27.975726Z","modified":"2025-12-17T15:08:36.439582Z"},{"id":"8cc9f506-65ce-4adb-aa79-c6cea1efb99b","name":"Binary Reverse Engineering Blog 9 6 2023","description":"Binary Reverse Engineering Blog. (2023, September 6). The DGA of BumbleBee. Retrieved February 19, 2024.","url":"https://bin.re/blog/the-dga-of-bumblebee/","source":"Tidal Cyber","title":"The DGA of BumbleBee","authors":"Binary Reverse Engineering Blog","date_accessed":"2024-02-19T00:00:00Z","date_published":"2023-09-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"18b54e9c-2310-5ba0-a516-e0960b430d08","created":"2024-06-13T20:10:50.500183Z","modified":"2024-06-13T20:10:50.685252Z"},{"id":"ef9f8e9d-1622-5227-a4a3-7d857e577def","name":"HorseShell","description":"Cohen, Itay. Madej, Radoslaw. Threat Intelligence Team. (2023, May 16). THE DRAGON WHO SOLD HIS CAMARO: ANALYZING CUSTOM ROUTER IMPLANT. Retrieved December 26, 2023.","url":"https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/","source":"MITRE","title":"THE DRAGON WHO SOLD HIS CAMARO: ANALYZING CUSTOM ROUTER IMPLANT","authors":"Cohen, Itay. Madej, Radoslaw. Threat Intelligence Team","date_accessed":"2023-12-26T00:00:00Z","date_published":"2023-05-16T00:00:00Z","owner_name":null,"tidal_id":"d37dae93-d59f-5a87-b5ea-0d58251bf40e","created":"2025-10-29T21:08:48.166809Z","modified":"2025-12-17T15:08:36.438537Z"},{"id":"2efa655f-ebd3-459b-9fd7-712d3f4ba1f8","name":"Securelist Dropping Elephant","description":"Kaspersky Lab's Global Research & Analysis Team. (2016, July 8). The Dropping Elephant – aggressive cyber-espionage in the Asian region. Retrieved August 3, 2016.","url":"https://securelist.com/the-dropping-elephant-actor/75328/","source":"MITRE","title":"The Dropping Elephant – aggressive cyber-espionage in the Asian region","authors":"Kaspersky Lab's Global Research & Analysis Team","date_accessed":"2016-08-03T00:00:00Z","date_published":"2016-07-08T00:00:00Z","owner_name":null,"tidal_id":"592ecc06-7489-5b82-85a9-3ca44d7a7a07","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437911Z"},{"id":"cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27","name":"F-Secure The Dukes","description":"F-Secure Labs. (2015, September 17). The Dukes: 7 years of Russian cyberespionage. Retrieved December 10, 2015.","url":"https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf","source":"MITRE","title":"The Dukes: 7 years of Russian cyberespionage","authors":"F-Secure Labs","date_accessed":"2015-12-10T00:00:00Z","date_published":"2015-09-17T00:00:00Z","owner_name":null,"tidal_id":"d955a78e-6b32-5581-a82d-ea0ec92b12c7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417190Z"},{"id":"b4d6db03-1587-4af3-87ff-51542ef7c87b","name":"Kaspersky Duqu 2.0","description":"Kaspersky Lab. (2015, June 11). The Duqu 2.0. Retrieved April 21, 2017.","url":"https://web.archive.org/web/20150906233433/https://securelist.com/files/2015/06/The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf","source":"MITRE","title":"The Duqu 2.0","authors":"Kaspersky Lab","date_accessed":"2017-04-21T00:00:00Z","date_published":"2015-06-11T00:00:00Z","owner_name":null,"tidal_id":"f2077e57-6737-58b1-a2c9-7d98cfe01f07","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440666Z"},{"id":"e91fa2b8-4b04-4ae9-9ebd-7bfe3bfd1936","name":"ReliaQuest August 26 2021","description":"ReliaQuest Threat Research Team. (2021, August 26). The Eeveelution of ShinyHunters: From Data Leaks to Extortions - ReliaQuest. Retrieved November 14, 2025.","url":"https://reliaquest.com/blog/the-eeveelution-of-shinyhunters-from-data-leaks-to-extortions/","source":"Tidal Cyber","title":"The Eeveelution of ShinyHunters: From Data Leaks to Extortions - ReliaQuest","authors":"ReliaQuest Threat Research Team","date_accessed":"2025-11-14T12:00:00Z","date_published":"2021-08-26T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c9e0f4c6-4c92-52be-ac91-090062d29f62","created":"2025-11-19T17:44:51.652154Z","modified":"2025-11-19T17:44:51.787115Z"},{"id":"5e908748-d260-42f1-a599-ac38b4e22559","name":"Symantec Elderwood Sept 2012","description":"O'Gorman, G., and McDonald, G.. (2012, September 6). The Elderwood Project. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20190717233006/http:/www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the-elderwood-project.pdf","source":"MITRE","title":"The Elderwood Project","authors":"O'Gorman, G., and McDonald, G.","date_accessed":"2024-11-17T00:00:00Z","date_published":"2012-09-06T00:00:00Z","owner_name":null,"tidal_id":"c3ed0e0b-2306-5dcc-b304-ba8212fbec29","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416543Z"},{"id":"52577f34-0aa6-4765-9f6b-dd7397183223","name":"Kaspersky Turla Aug 2014","description":"Kaspersky Lab's Global Research & Analysis Team. (2014, August 06). The Epic Turla Operation: Solving some of the mysteries of Snake/Uroboros. Retrieved November 7, 2018.","url":"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08080105/KL_Epic_Turla_Technical_Appendix_20140806.pdf","source":"MITRE","title":"The Epic Turla Operation: Solving some of the mysteries of Snake/Uroboros","authors":"Kaspersky Lab's Global Research & Analysis Team","date_accessed":"2018-11-07T00:00:00Z","date_published":"2014-08-06T00:00:00Z","owner_name":null,"tidal_id":"e0ddf6d5-ad97-5a63-b21f-c0c519d5d7b4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439714Z"},{"id":"535e9f1a-f89e-4766-a290-c5b8100968f8","name":"Kaspersky Turla","description":"Kaspersky Lab's Global Research and Analysis Team. (2014, August 7). The Epic Turla Operation: Solving some of the mysteries of Snake/Uroburos. Retrieved December 11, 2014.","url":"https://securelist.com/the-epic-turla-operation/65545/","source":"MITRE, Tidal Cyber","title":"The Epic Turla Operation: Solving some of the mysteries of Snake/Uroburos","authors":"Kaspersky Lab's Global Research and Analysis Team","date_accessed":"2014-12-11T00:00:00Z","date_published":"2014-08-07T00:00:00Z","owner_name":null,"tidal_id":"20804181-964c-591e-87c6-32495fe219b8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.259754Z"},{"id":"7fd58ef5-a0b7-40b6-8771-ca5e87740965","name":"FireEye EPS Awakens Part 2","description":"Winters, R. (2015, December 20). The EPS Awakens - Part 2. Retrieved January 22, 2016.","url":"https://web.archive.org/web/20151226205946/https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html","source":"MITRE, Tidal Cyber","title":"The EPS Awakens - Part 2","authors":"Winters, R","date_accessed":"2016-01-22T00:00:00Z","date_published":"2015-12-20T00:00:00Z","owner_name":null,"tidal_id":"ece75e46-ccbf-540e-8b73-27eb81fa874f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.258211Z"},{"id":"b032fa1a-0876-43af-b5af-b109f5ff1449","name":"Fortinet Blog October 08 2025","description":"None identified. (2025, October 8). The Evolution of Chaos Ransomware: Faster, Smarter, and More Dangerous | FortiGuard Labs. Retrieved October 10, 2025.","url":"https://www.fortinet.com/blog/threat-research/evolution-of-chaos-ransomware-faster-smarter-and-more-dangerous","source":"Tidal Cyber","title":"The Evolution of Chaos Ransomware: Faster, Smarter, and More Dangerous | FortiGuard Labs","authors":"None identified","date_accessed":"2025-10-10T12:00:00Z","date_published":"2025-10-08T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"950ec2d1-139a-552b-96b2-9a5a7d4f967d","created":"2025-10-13T17:28:44.787326Z","modified":"2025-10-13T17:28:44.928846Z"},{"id":"b94b5be4-1c77-48e1-875e-0cff0023fbd9","name":"Symantec Emotet Jul 2018","description":"Symantec. (2018, July 18). The Evolution of Emotet: From Banking Trojan to Threat Distributor. Retrieved March 25, 2019.","url":"https://www.symantec.com/blogs/threat-intelligence/evolution-emotet-trojan-distributor","source":"MITRE","title":"The Evolution of Emotet: From Banking Trojan to Threat Distributor","authors":"Symantec","date_accessed":"2019-03-25T00:00:00Z","date_published":"2018-07-18T00:00:00Z","owner_name":null,"tidal_id":"deeddcb3-d809-5659-ad83-59084e6b7a26","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417731Z"},{"id":"8eec1af3-c65e-4522-8087-73122ac6c281","name":"SilentBreak Offensive PS Dec 2015","description":"Christensen, L.. (2015, December 28). The Evolution of Offensive PowerShell Invocation. Retrieved December 8, 2018.","url":"https://web.archive.org/web/20190508170150/https://silentbreaksecurity.com/powershell-jobs-without-powershell-exe/","source":"MITRE","title":"The Evolution of Offensive PowerShell Invocation","authors":"Christensen, L.","date_accessed":"2018-12-08T00:00:00Z","date_published":"2015-12-28T00:00:00Z","owner_name":null,"tidal_id":"9cf80cf5-f1f4-5ebd-830c-ca8ec16ca740","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432815Z"},{"id":"7578541b-1ae3-58d0-a8b9-120bd6cd96f5","name":"CrowdStrike Evolution of Pinchy Spider July 2021","description":"Meyers, Adam. (2021, July 6). The Evolution of PINCHY SPIDER from GandCrab to REvil. Retrieved March 28, 2023.","url":"https://www.crowdstrike.com/blog/the-evolution-of-revil-ransomware-and-pinchy-spider/","source":"MITRE","title":"The Evolution of PINCHY SPIDER from GandCrab to REvil","authors":"Meyers, Adam","date_accessed":"2023-03-28T00:00:00Z","date_published":"2021-07-06T00:00:00Z","owner_name":null,"tidal_id":"18abeae4-28d4-5997-87f7-3dc0f0e752b0","created":"2023-05-26T01:21:14.425415Z","modified":"2025-12-17T15:08:36.439405Z"},{"id":"5c2985f1-2d80-488b-ab63-fbd56aba229b","name":"VMware Chromeloader September 19 2022","description":"Abe Schneider, Bethany Hardin, Lavine Oluoch . (2022, September 19). The Evolution of the Chromeloader Malware. Retrieved September 26, 2024.","url":"https://blogs.vmware.com/security/2022/09/the-evolution-of-the-chromeloader-malware.html","source":"Tidal Cyber","title":"The Evolution of the Chromeloader Malware","authors":"Abe Schneider, Bethany Hardin, Lavine Oluoch","date_accessed":"2024-09-26T00:00:00Z","date_published":"2022-09-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d690b42a-d1c8-5a88-a7d6-68699250db51","created":"2024-09-27T16:59:18.020493Z","modified":"2024-09-27T16:59:18.272786Z"},{"id":"5c74fdea-e5d5-5a77-a945-4819184e571f","name":"ATT Felismus","description":"Julia Kisielius. (2017, April 25). The Felismus RAT: Powerful Threat, Mysterious Purpose. Retrieved November 17, 2024.","url":"https://levelblue.com/blogs/security-essentials/the-felismus-rat-powerful-threat-mysterious-purpose","source":"MITRE","title":"The Felismus RAT: Powerful Threat, Mysterious Purpose","authors":"Julia Kisielius","date_accessed":"2024-11-17T00:00:00Z","date_published":"2017-04-25T00:00:00Z","owner_name":null,"tidal_id":"2dd98075-10a3-59ad-bc81-83d66780b946","created":"2024-04-25T13:28:51.666718Z","modified":"2025-12-17T15:08:36.441135Z"},{"id":"9897baf6-d3aa-50f0-9a5c-26443491881c","name":"Ludwig-GhostPush","description":"Adrian Ludwig. (2016, November 29). The fight against Ghost Push continues. Retrieved December","url":"https://plus.google.com/+AdrianLudwig/posts/GXzJ8vaAFsi","source":"Mobile","title":"The fight against Ghost Push continues","authors":"Adrian Ludwig","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-11-29T00:00:00Z","owner_name":null,"tidal_id":"d93d891a-8642-59b5-b322-845c3a6ba260","created":"2026-01-28T13:08:10.039120Z","modified":"2026-01-28T13:08:10.039124Z"},{"id":"3b0631ae-f589-4b7c-a00a-04dcd5f3a77b","name":"Proofpoint Ransomware Initial Access June 2021","description":"Selena Larson, Daniel Blackford, Garrett G. (2021, June 16). The First Step: Initial Access Leads to Ransomware. Retrieved January 24, 2024.","url":"https://www.proofpoint.com/us/blog/threat-insight/first-step-initial-access-leads-ransomware","source":"Tidal Cyber","title":"The First Step: Initial Access Leads to Ransomware","authors":"Selena Larson, Daniel Blackford, Garrett G","date_accessed":"2024-01-24T00:00:00Z","date_published":"2021-06-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"04c40c26-87b9-5045-a71f-6398341c88d6","created":"2024-01-26T18:00:36.407863Z","modified":"2024-01-26T18:00:36.514339Z"},{"id":"5db473fd-7e98-5d4a-969a-c3daa8a67db7","name":"Microsoft BlackByte 2023","description":"Microsoft Incident Response. (2023, July 6). The five-day job: A BlackByte ransomware intrusion case study. Retrieved December 16, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/","source":"MITRE","title":"The five-day job: A BlackByte ransomware intrusion case study","authors":"Microsoft Incident Response","date_accessed":"2024-12-16T00:00:00Z","date_published":"2023-07-06T00:00:00Z","owner_name":null,"tidal_id":"b1135bdc-357b-5fa0-983c-0945935908ff","created":"2025-04-22T20:47:22.676446Z","modified":"2025-12-17T15:08:36.418031Z"},{"id":"09a12b10-f8d2-4d9d-8fb7-7cc7e2af0a5e","name":"SOCRadar® Cyber Intelligence Inc. November 3 2023","description":"Cem Sarı. (2023, November 3). The Five Families Hacker Collaboration Redefining the Game - SOCRadar® Cyber Intelligence Inc.. Retrieved December 12, 2024.","url":"https://socradar.io/the-five-families-hacker-collaboration-redefining-the-game/","source":"Tidal Cyber","title":"The Five Families Hacker Collaboration Redefining the Game - SOCRadar® Cyber Intelligence Inc.","authors":"Cem Sarı","date_accessed":"2024-12-12T00:00:00Z","date_published":"2023-11-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"025de114-1cb0-5b7e-8867-e0bb6c8d95d0","created":"2025-04-11T15:06:00.606315Z","modified":"2025-04-11T15:06:00.761960Z"},{"id":"6db8f76d-fe38-43b1-ad85-ad372da9c09d","name":"Kaspersky Flame","description":"Gostev, A. (2012, May 28). The Flame: Questions and Answers. Retrieved March 1, 2017.","url":"https://securelist.com/the-flame-questions-and-answers-51/34344/","source":"MITRE","title":"The Flame: Questions and Answers","authors":"Gostev, A","date_accessed":"2017-03-01T00:00:00Z","date_published":"2012-05-28T00:00:00Z","owner_name":null,"tidal_id":"08557ed7-2c8d-5300-a2ba-d2c227076415","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422637Z"},{"id":"6c91c12a-4696-42a6-aabc-277b75dc52a9","name":"BlackBerry Follina Guide","description":"BlackBerry. (n.d.). The Follina Vulnerability: A Guide. Retrieved January 17, 2025.","url":"https://www.blackberry.com/us/en/solutions/endpoint-security/security-vulnerabilities/follina-vulnerability","source":"Tidal Cyber","title":"The Follina Vulnerability: A Guide","authors":"BlackBerry","date_accessed":"2025-01-17T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"482b3b09-8a2f-5240-8f09-1432f5485b1b","created":"2025-01-28T15:53:30.636427Z","modified":"2025-01-28T15:53:30.991712Z"},{"id":"6986a64a-5fe6-4697-b70b-79cccaf3d730","name":"Unit 42 CARROTBAT November 2018","description":"Grunzweig, J. and Wilhoit, K. (2018, November 29). The Fractured Block Campaign: CARROTBAT Used to Deliver Malware Targeting Southeast Asia. Retrieved June 2, 2020.","url":"https://unit42.paloaltonetworks.com/unit42-the-fractured-block-campaign-carrotbat-malware-used-to-deliver-malware-targeting-southeast-asia/","source":"MITRE","title":"The Fractured Block Campaign: CARROTBAT Used to Deliver Malware Targeting Southeast Asia","authors":"Grunzweig, J. and Wilhoit, K","date_accessed":"2020-06-02T00:00:00Z","date_published":"2018-11-29T00:00:00Z","owner_name":null,"tidal_id":"74013f83-540f-5b93-926c-d51452dd5383","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417197Z"},{"id":"3f9a6343-1db3-4696-99ed-f22c6eabee71","name":"Palo Alto Gamaredon Feb 2017","description":"Kasza, A. and Reichel, D. (2017, February 27). The Gamaredon Group Toolset Evolution. Retrieved March 1, 2017.","url":"https://researchcenter.paloaltonetworks.com/2017/02/unit-42-title-gamaredon-group-toolset-evolution/","source":"MITRE, Tidal Cyber","title":"The Gamaredon Group Toolset Evolution","authors":"Kasza, A. and Reichel, D","date_accessed":"2017-03-01T00:00:00Z","date_published":"2017-02-27T00:00:00Z","owner_name":null,"tidal_id":"514b9577-f0c5-59b0-b57d-724b480e657c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.259368Z"},{"id":"7723677a-35e3-49d0-ad49-b08a042dc739","name":"www.trellix.com January 06 2026","description":"None Identified. (2026, January 6). The Ghost in the Machine: Unmasking CrazyHunter's Stealth Tactics. Retrieved January 12, 2026.","url":"https://www.trellix.com/blogs/research/the-ghost-in-the-machine-crazyhunters-stealth-tactics/","source":"Tidal Cyber","title":"The Ghost in the Machine: Unmasking CrazyHunter's Stealth Tactics","authors":"None Identified","date_accessed":"2026-01-12T12:00:00Z","date_published":"2026-01-06T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"13e9b821-b8d6-50e2-9605-b884e46b84f5","created":"2026-01-23T20:29:34.097609Z","modified":"2026-01-23T20:29:34.247610Z"},{"id":"fbecafee-381c-40f6-bb75-dcad4233b070","name":"Www.trellix.com January 06 2026","description":"None Identified. (2026, January 6). The Ghost in the Machine: Unmasking CrazyHunter's Stealth Tactics. Retrieved January 12, 2026.","url":"https://www.trellix.com/blogs/research/the-ghost-in-the-machine-crazyhunters-stealth-tactics/","source":"Tidal Cyber","title":"The Ghost in the Machine: Unmasking CrazyHunter's Stealth Tactics","authors":"None Identified","date_accessed":"2026-01-12T12:00:00Z","date_published":"2026-01-06T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1439786f-e7fc-5cc7-87f1-64178c4e9877","created":"2026-01-14T13:29:40.784448Z","modified":"2026-01-14T13:29:40.932123Z"},{"id":"a3f8f760-e581-5aa0-b01b-9994ad0a8b8d","name":"Palo Alto Networks GitHub Actions Worm 2023","description":"Asi Greenholts. (2023, September 14). The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree. Retrieved May 22, 2025.","url":"https://www.paloaltonetworks.com/blog/cloud-security/github-actions-worm-dependencies/","source":"MITRE","title":"The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree","authors":"Asi Greenholts","date_accessed":"2025-05-22T00:00:00Z","date_published":"2023-09-14T00:00:00Z","owner_name":null,"tidal_id":"718a9d8d-60f8-5928-9304-b5fd8c78bed0","created":"2025-10-29T21:08:48.165500Z","modified":"2025-12-17T15:08:36.425609Z"},{"id":"47222894-95fe-55e1-a6b9-0f1578c4ee65","name":"Chexmarx-seo","description":"Yehuda Gelb. (2023, November 30). The GitHub Black Market: Gaming the Star Ranking Game. Retrieved June 18, 2024.","url":"https://zero.checkmarx.com/the-github-black-market-gaming-the-star-ranking-game-fc42f5913fb7","source":"MITRE","title":"The GitHub Black Market: Gaming the Star Ranking Game","authors":"Yehuda Gelb","date_accessed":"2024-06-18T00:00:00Z","date_published":"2023-11-30T00:00:00Z","owner_name":null,"tidal_id":"e3885a5b-b93f-5aa4-b4d3-8551ac02413d","created":"2024-10-31T16:28:26.656066Z","modified":"2025-12-17T15:08:36.435820Z"},{"id":"ef3edd44-b8d1-4d7d-a0d8-0e75aa441eac","name":"GNU Acct","description":"GNU. (2010, February 5). The GNU Accounting Utilities. Retrieved December 20, 2017.","url":"https://www.gnu.org/software/acct/","source":"MITRE","title":"The GNU Accounting Utilities","authors":"GNU","date_accessed":"2017-12-20T00:00:00Z","date_published":"2010-02-05T00:00:00Z","owner_name":null,"tidal_id":"6954c540-82b2-500b-8132-195171ab51bf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428642Z"},{"id":"75a6a1bf-a5a7-419d-b290-6662aeddb7eb","name":"GLIBC","description":"glibc developer community. (2020, February 1). The GNU C Library (glibc). Retrieved June 25, 2020.","url":"https://www.gnu.org/software/libc/","source":"MITRE","title":"The GNU C Library (glibc)","authors":"glibc developer community","date_accessed":"2020-06-25T00:00:00Z","date_published":"2020-02-01T00:00:00Z","owner_name":null,"tidal_id":"c949201e-2919-52fc-8231-cfdeae6115cc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427835Z"},{"id":"7a31155e-ca8b-5f32-8672-0cd9da1199b4","name":"MerkleScience_Godfather_April2023","description":"Merkle Science. (2023, April 25). The Godfather Android Malware: Threat under the lens. Retrieved July","url":"https://www.merklescience.com/blog/the-godfather-android-malware-threat-under-the-lens","source":"Mobile","title":"The Godfather Android Malware: Threat under the lens","authors":"Merkle Science","date_accessed":"1978-07-01T00:00:00Z","date_published":"2023-04-25T00:00:00Z","owner_name":null,"tidal_id":"25407754-25a1-5473-b7c4-950ebc084f5c","created":"2026-01-28T13:08:10.041592Z","modified":"2026-01-28T13:08:10.041595Z"},{"id":"2a27a2ea-2815-4d97-88c0-47a6e04e84f8","name":"Trustwave GoldenSpy June 2020","description":"Trustwave SpiderLabs. (2020, June 25). The Golden Tax Department and Emergence of GoldenSpy Malware. Retrieved July 23, 2020.","url":"https://www.trustwave.com/en-us/resources/library/documents/the-golden-tax-department-and-the-emergence-of-goldenspy-malware/","source":"MITRE","title":"The Golden Tax Department and Emergence of GoldenSpy Malware","authors":"Trustwave SpiderLabs","date_accessed":"2020-07-23T00:00:00Z","date_published":"2020-06-25T00:00:00Z","owner_name":null,"tidal_id":"6abb452e-9ca5-5252-984e-f5c9a2153f41","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421369Z"},{"id":"5731d7e4-dd19-4d08-b493-7b1a467599d3","name":"Proofpoint TA416 Europe March 2022","description":"Raggi, M. et al. (2022, March 7). The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates. Retrieved March 16, 2022.","url":"https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european","source":"MITRE","title":"The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates","authors":"Raggi, M. et al","date_accessed":"2022-03-16T00:00:00Z","date_published":"2022-03-07T00:00:00Z","owner_name":null,"tidal_id":"464d9284-1a39-54bd-86a0-1c5ff5024b11","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438595Z"},{"id":"658e3a1a-2f68-4e84-8dab-43e48766703e","name":"Red Canary Gootloader April 2023","description":"Tony Lambert, Lauren Podber. (2023, April 28). The Goot cause: Detecting Gootloader and its follow-on activity. Retrieved May 7, 2023.","url":"https://redcanary.com/blog/gootloader/","source":"Tidal Cyber","title":"The Goot cause: Detecting Gootloader and its follow-on activity","authors":"Tony Lambert, Lauren Podber","date_accessed":"2023-05-07T00:00:00Z","date_published":"2023-04-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"501cb8a2-f5c0-53ad-b4b3-1005f11d92af","created":"2024-06-13T20:10:18.410286Z","modified":"2024-06-13T20:10:18.605942Z"},{"id":"d0605185-3f8d-4846-a718-15572714e15b","name":"Unit 42 Gorgon Group Aug 2018","description":"Falcone, R., et al. (2018, August 02). The Gorgon Group: Slithering Between Nation State and Cybercrime. Retrieved August 7, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/","source":"MITRE, Tidal Cyber","title":"The Gorgon Group: Slithering Between Nation State and Cybercrime","authors":"Falcone, R., et al","date_accessed":"2018-08-07T00:00:00Z","date_published":"2018-08-02T00:00:00Z","owner_name":null,"tidal_id":"9e1de505-9073-5535-983a-9d686da28bfb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.261714Z"},{"id":"922de20d-4923-552d-b5ac-52f3d2507d43","name":"CitizenLab Great iPwn","description":"Marczak, B., et al. (2020, December 20). The Great iPwn. Retrieved April","url":"https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/","source":"Mobile","title":"The Great iPwn","authors":"Marczak, B., et al","date_accessed":"1978-04-01T00:00:00Z","date_published":"2020-12-20T00:00:00Z","owner_name":null,"tidal_id":"8d96e3e7-553e-5d90-b66e-8f2e3222a7af","created":"2026-01-28T13:08:10.047690Z","modified":"2026-01-28T13:08:10.047693Z"},{"id":"03b6e028-96b1-5d04-abf6-f0d190f44df4","name":"SecureWorks Infostealers 2023","description":"SecureWorks Counter Threat Unit Research Team. (2023, May 16). The Growing Threat from Infostealers. Retrieved October 10, 2024.","url":"https://www.secureworks.com/research/the-growing-threat-from-infostealers","source":"MITRE","title":"The Growing Threat from Infostealers","authors":"SecureWorks Counter Threat Unit Research Team","date_accessed":"2024-10-10T00:00:00Z","date_published":"2023-05-16T00:00:00Z","owner_name":null,"tidal_id":"2ee79577-404a-5a5a-9790-edd7a037b1c1","created":"2024-10-31T16:28:25.178517Z","modified":"2025-12-17T15:08:36.434081Z"},{"id":"f42a36c2-1ca5-49ff-a7ec-7de90379a6d5","name":"Trend Micro HeartBeat Campaign January 2013","description":"Roland Dela Paz. (2003, January 3). The HeartBeat APT Campaign. Retrieved October 17, 2021.","url":"https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the-heartbeat-apt-campaign.pdf?","source":"MITRE","title":"The HeartBeat APT Campaign","authors":"Roland Dela Paz","date_accessed":"2021-10-17T00:00:00Z","date_published":"2003-01-03T00:00:00Z","owner_name":null,"tidal_id":"d40542ea-a10b-528e-a572-081c0402d8a9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439106Z"},{"id":"65d751cb-fdd2-4a45-81db-8a5a11bbee62","name":"FireEye Hikit Rootkit","description":"Glyer, C., Kazanciyan, R. (2012, August 20). The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 1). Retrieved November 17, 2024.","url":"https://web.archive.org/web/20190216180458/https://www.fireeye.com/blog/threat-research/2012/08/hikit-rootkit-advanced-persistent-attack-techniques-part-1.html","source":"MITRE","title":"The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 1)","authors":"Glyer, C., Kazanciyan, R","date_accessed":"2024-11-17T00:00:00Z","date_published":"2012-08-20T00:00:00Z","owner_name":null,"tidal_id":"000a995d-854c-552d-92d2-1acedaa1b2d7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420503Z"},{"id":"48448972-a5ed-4371-b930-b51dcb174b82","name":"FireEye HIKIT Rootkit Part 2","description":"Glyer, C., Kazanciyan, R. (2012, August 22). The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 2). Retrieved November 17, 2024.","url":"https://web.archive.org/web/20210920172620/https://www.fireeye.com/blog/threat-research/2012/08/hikit-rootkit-advanced-persistent-attack-techniques-part-2.html","source":"MITRE","title":"The “Hikit” Rootkit: Advanced and Persistent Attack Techniques (Part 2)","authors":"Glyer, C., Kazanciyan, R","date_accessed":"2024-11-17T00:00:00Z","date_published":"2012-08-22T00:00:00Z","owner_name":null,"tidal_id":"f42a78ac-ca4d-5305-aadd-49a7092032b7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429838Z"},{"id":"efddf678-b17a-47f3-8750-602a82acac05","name":"Securelist December 29 2025","description":"None Identified. (2025, December 29). The HoneyMyte APT now protects malware with a kernel-mode rootkit | Securelist. Retrieved January 5, 2026.","url":"https://securelist.com/honeymyte-kernel-mode-rootkit/118590/","source":"Tidal Cyber","title":"The HoneyMyte APT now protects malware with a kernel-mode rootkit | Securelist","authors":"None Identified","date_accessed":"2026-01-05T12:00:00Z","date_published":"2025-12-29T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e46cf68e-d42a-5f69-bb1d-59f5cc92139b","created":"2026-01-06T18:03:34.642469Z","modified":"2026-01-06T18:03:34.780288Z"},{"id":"143e191f-9175-557b-8fe1-41dbe04867a6","name":"Proofpoint Human Factor","description":"Proofpoint. (n.d.). The Human Factor 2023: Analyzing the cyber attack chain. Retrieved July 20, 2023.","url":"https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-human-factor-report.pdf","source":"MITRE","title":"The Human Factor 2023: Analyzing the cyber attack chain","authors":"Proofpoint","date_accessed":"2023-07-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"835f1c96-321f-58e0-b310-64475fbaed08","created":"2023-11-07T00:35:59.528350Z","modified":"2025-12-17T15:08:36.426879Z"},{"id":"88367099-df19-4044-8c9b-2db4c9f418c4","name":"TechNet Blogs Credential Protection","description":"Wilson, B. (2016, April 18). The Importance of KB2871997 and KB2928120 for Credential Protection. Retrieved April 11, 2018.","url":"https://blogs.technet.microsoft.com/askpfeplat/2016/04/18/the-importance-of-kb2871997-and-kb2928120-for-credential-protection/","source":"MITRE","title":"The Importance of KB2871997 and KB2928120 for Credential Protection","authors":"Wilson, B","date_accessed":"2018-04-11T00:00:00Z","date_published":"2016-04-18T00:00:00Z","owner_name":null,"tidal_id":"ab34790d-8147-5838-b0ae-11dcb148b661","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430504Z"},{"id":"f1d16045-d365-43d2-bc08-65ba1ddbe0fd","name":"dhs_threat_to_net_devices","description":"U.S. Department of Homeland Security. (2016, August 30). The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations. Retrieved July 29, 2022.","url":"https://cyber.dhs.gov/assets/report/ar-16-20173.pdf","source":"MITRE","title":"The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations","authors":"U.S. Department of Homeland Security","date_accessed":"2022-07-29T00:00:00Z","date_published":"2016-08-30T00:00:00Z","owner_name":null,"tidal_id":"991462e2-05e1-51de-b188-a1874835fddf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436604Z"},{"id":"5cc54d85-ee53-579d-a8fb-9b54b3540dc0","name":"Triton-EENews-2017","description":"Blake Sobczak. (2019, March 7). The inside story of the world’s most dangerous malware. Retrieved March 25, 2024.","url":"https://www.eenews.net/articles/the-inside-story-of-the-worlds-most-dangerous-malware/","source":"MITRE","title":"The inside story of the world’s most dangerous malware","authors":"Blake Sobczak","date_accessed":"2024-03-25T00:00:00Z","date_published":"2019-03-07T00:00:00Z","owner_name":null,"tidal_id":"6aeaa4b6-5c3b-5e57-87ac-6447f017acdf","created":"2024-04-25T13:28:42.057816Z","modified":"2025-12-17T15:08:36.439515Z"},{"id":"d29d4942-412c-51d7-a220-17f5ea63b925","name":"DFIR Proc Bind Mount","description":"DFIR. (2024, May 16). The 'Invisibility Cloak' - Slash-Proc Magic. Retrieved April 11, 2025.","url":"https://dfir.ch/posts/slash-proc/","source":"MITRE","title":"The 'Invisibility Cloak' - Slash-Proc Magic","authors":"DFIR","date_accessed":"2025-04-11T00:00:00Z","date_published":"2024-05-16T00:00:00Z","owner_name":null,"tidal_id":"db6bc199-534b-5ea1-b69a-0cf7e53cc136","created":"2025-04-22T20:47:32.713769Z","modified":"2025-04-22T20:47:32.713776Z"},{"id":"19ebc031-73c5-49b4-9944-f03bb70cf40e","name":"Trellix Iranian Cyber Capability September 19 2024","description":"Ernesto Fernández Provecho, Pham Duy Phuc, John Fokker. (2024, September 19). The Iranian Cyber Capability. Retrieved July 7, 2025.","url":"https://www.trellix.com/blogs/research/the-iranian-cyber-capability/","source":"Tidal Cyber","title":"The Iranian Cyber Capability","authors":"Ernesto Fernández Provecho, Pham Duy Phuc, John Fokker","date_accessed":"2025-07-07T12:00:00Z","date_published":"2024-09-19T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ab4464ed-e11a-532e-82f6-f8dd040d6e28","created":"2025-07-08T16:58:16.470168Z","modified":"2025-07-08T16:58:16.660317Z"},{"id":"8fa21bad-0186-5181-b52e-32f7f116695c","name":"sentinelone_israel_hamas_war","description":"Hegel, T., Milenkoski, A. (2023, October 24). The Israel-Hamas War | Cyber Domain State-Sponsored Activity of Interest. Retrieved March 4, 2024.","url":"https://web.archive.org/web/20240208234008/www.sentinelone.com/labs/the-israel-hamas-war-cyber-domain-state-sponsored-activity-of-interest/","source":"MITRE","title":"The Israel-Hamas War | Cyber Domain State-Sponsored Activity of Interest","authors":"Hegel, T., Milenkoski, A","date_accessed":"2024-03-04T00:00:00Z","date_published":"2023-10-24T00:00:00Z","owner_name":null,"tidal_id":"abdbd469-cd4a-51b2-9284-9c6c917e7592","created":"2024-04-25T13:28:44.957003Z","modified":"2025-12-17T15:08:36.439614Z"},{"id":"50764afc-4d2e-54a1-8d24-2128fc91a5d3","name":"Lumen J-Magic JAN 2025","description":"Black Lotus Labs. (2025, January 23). The J-Magic Show: Magic Packets and Where to find them. Retrieved February 17, 2025.","url":"https://blog.lumen.com/the-j-magic-show-magic-packets-and-where-to-find-them/","source":"MITRE","title":"The J-Magic Show: Magic Packets and Where to find them","authors":"Black Lotus Labs","date_accessed":"2025-02-17T00:00:00Z","date_published":"2025-01-23T00:00:00Z","owner_name":null,"tidal_id":"90d9d4ff-f487-5f14-903e-f2e434e8bbad","created":"2025-04-22T20:47:21.813441Z","modified":"2025-12-17T15:08:36.416449Z"},{"id":"e125ade3-18c8-5561-bc78-82d67902f2f2","name":"SecurityScorecard Contagious Interview FamousChollima October 2024","description":"Steve Cobb. (2024, October 29). The Job Offer That Wasn’t: How We Stopped an Espionage Plot. Retrieved October 20, 2025.","url":"https://securityscorecard.com/blog/the-job-offer-that-wasnt-how-we-stopped-an-espionage-plot/","source":"MITRE","title":"The Job Offer That Wasn’t: How We Stopped an Espionage Plot","authors":"Steve Cobb","date_accessed":"2025-10-20T00:00:00Z","date_published":"2024-10-29T00:00:00Z","owner_name":null,"tidal_id":"d45fb359-467f-5cd6-8fae-a2de4a505513","created":"2025-10-29T21:08:48.167537Z","modified":"2025-12-17T15:08:36.440780Z"},{"id":"0a0d9052-3699-53e5-b983-e07fbbbbfa62","name":"CheckPoint-Judy","description":"CheckPoint. (2017, May 25). The Judy Malware: Possibly the largest malware campaign found on Google Play. Retrieved September","url":"https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/","source":"Mobile","title":"The Judy Malware: Possibly the largest malware campaign found on Google Play","authors":"CheckPoint","date_accessed":"1978-09-01T00:00:00Z","date_published":"2017-05-25T00:00:00Z","owner_name":null,"tidal_id":"2a9a3fe5-f9ab-573f-b40f-4ed1c4435935","created":"2026-01-28T13:08:10.039017Z","modified":"2026-01-28T13:08:10.039020Z"},{"id":"84b9fd50-4bcf-5f0b-9712-27d6581b8c7a","name":"Kerberos GNU/Linux","description":"Adepts of 0xCC. (2021, January 28). The Kerberos Credential Thievery Compendium (GNU/Linux). Retrieved September 17, 2024.","url":"https://adepts.of0x.cc/kerberos-thievery-linux/","source":"MITRE","title":"The Kerberos Credential Thievery Compendium (GNU/Linux)","authors":"Adepts of 0xCC","date_accessed":"2024-09-17T00:00:00Z","date_published":"2021-01-28T00:00:00Z","owner_name":null,"tidal_id":"0f370a6c-b2da-5149-99a2-17706986809f","created":"2024-10-31T16:28:19.329906Z","modified":"2025-12-17T15:08:36.427885Z"},{"id":"9ac6737b-c8a2-416f-bbc3-8c5556ad4833","name":"PWC KeyBoys Feb 2017","description":"Parys, B. (2017, February 11). The KeyBoys are back in town. Retrieved June 13, 2019.","url":"https://web.archive.org/web/20211129064701/https://www.pwc.co.uk/issues/cyber-security-services/research/the-keyboys-are-back-in-town.html","source":"MITRE","title":"The KeyBoys are back in town","authors":"Parys, B","date_accessed":"2019-06-13T00:00:00Z","date_published":"2017-02-11T00:00:00Z","owner_name":null,"tidal_id":"4a822125-b1f2-5d35-99a3-60e1d99d9217","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419010Z"},{"id":"f26771b0-2101-4fed-ac82-1bd9683dd7da","name":"Securelist Kimsuky Sept 2013","description":"Tarakanov , D.. (2013, September 11). The “Kimsuky” Operation: A North Korean APT?. Retrieved August 13, 2019.","url":"https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/","source":"MITRE","title":"The “Kimsuky” Operation: A North Korean APT?","authors":"Tarakanov , D.","date_accessed":"2019-08-13T00:00:00Z","date_published":"2013-09-11T00:00:00Z","owner_name":null,"tidal_id":"836d17b5-945f-5faf-a071-9ff184d2aacd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438420Z"},{"id":"f5114978-2528-4199-a586-0158c5f8a138","name":"ClearSky Kittens Back 2 Oct 2019","description":"ClearSky Research Team. (2019, October 1). The Kittens Are Back in Town2 - Charming Kitten Campaign KeepsGoing on, Using New Impersonation Methods. Retrieved April 21, 2021.","url":"https://www.clearskysec.com/wp-content/uploads/2019/10/The-Kittens-Are-Back-in-Town-2-1.pdf","source":"MITRE","title":"The Kittens Are Back in Town2 - Charming Kitten Campaign KeepsGoing on, Using New Impersonation Methods","authors":"ClearSky Research Team","date_accessed":"2021-04-21T00:00:00Z","date_published":"2019-10-01T00:00:00Z","owner_name":null,"tidal_id":"4e5e334e-f927-524a-b4c8-7985617dfae1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438057Z"},{"id":"a10c6a53-79bb-4454-b444-cfb9136ecd36","name":"ClearSky Kittens Back 3 August 2020","description":"ClearSky Research Team. (2020, August 1). The Kittens Are Back in Town 3 - Charming Kitten Campaign Evolved and Deploying Spear-Phishing link by WhatsApp. Retrieved April 21, 2021.","url":"https://www.clearskysec.com/wp-content/uploads/2020/08/The-Kittens-are-Back-in-Town-3.pdf","source":"MITRE, Tidal Cyber","title":"The Kittens Are Back in Town 3 - Charming Kitten Campaign Evolved and Deploying Spear-Phishing link by WhatsApp","authors":"ClearSky Research Team","date_accessed":"2021-04-21T00:00:00Z","date_published":"2020-08-01T00:00:00Z","owner_name":null,"tidal_id":"2bfbbebb-179c-5d14-ba90-f583e3d8821e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.278652Z"},{"id":"5bdd1b82-9e5c-4db0-9764-240e37a1cc99","name":"Kubernetes API","description":"The Kubernetes Authors. (n.d.). The Kubernetes API. Retrieved March 29, 2021.","url":"https://kubernetes.io/docs/concepts/overview/kubernetes-api/","source":"MITRE","title":"The Kubernetes API","authors":"The Kubernetes Authors","date_accessed":"2021-03-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b09d54ec-144c-5406-9873-5655a9ad7b12","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424097Z"},{"id":"9347b507-3a41-405d-87f9-d4fc2bfc48e5","name":"GitHub LaZagne Dec 2018","description":"Zanni, A. (n.d.). The LaZagne Project !!!. Retrieved December 14, 2018.","url":"https://github.com/AlessandroZ/LaZagne","source":"MITRE","title":"The LaZagne Project !!!","authors":"Zanni, A","date_accessed":"2018-12-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b4da2dd1-2e0b-5aa7-9352-6e86562b992a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423293Z"},{"id":"33cca4fa-72a8-59a3-a62f-12f71a499a15","name":"GitHub LaZange Dec 2018","description":"Zanni, A. (n.d.). The LaZagne Project !!!. Retrieved December 14, 2018.","url":"https://github.com/AlessandroZ/LaZagne","source":"MITRE","title":"The LaZagne Project !!!","authors":"Zanni, A","date_accessed":"2018-12-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"bd41345a-f0ae-5532-92d7-a375578a5c24","created":"2024-04-25T13:28:53.712358Z","modified":"2025-12-17T15:08:36.423300Z"},{"id":"773d1d91-a93c-4bb3-928b-4c3f82f2c889","name":"Dell P2P ZeuS","description":"SecureWorks. (2012). The Lifecycle of Peer-to-Peer (Gameover) ZeuS. Retrieved August 19, 2015.","url":"https://www.secureworks.com/research/The-Lifecycle-of-Peer-to-Peer-Gameover-ZeuS","source":"MITRE","title":"The Lifecycle of Peer-to-Peer (Gameover) ZeuS","authors":"SecureWorks","date_accessed":"2015-08-19T00:00:00Z","date_published":"2012-01-01T00:00:00Z","owner_name":null,"tidal_id":"41950643-837b-5793-b62c-d5f1d6e1df31","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421205Z"},{"id":"06442111-2c71-5efb-9530-cabeba159a91","name":"Cylera Kwampirs 2022","description":"Pablo Rincón Crespo. (2022, January). The link between Kwampirs (Orangeworm) and Shamoon APTs. Retrieved February 8, 2024.","url":"https://resources.cylera.com/hubfs/Cylera%20Labs/Cylera%20Labs%20Kwampirs%20Shamoon%20Technical%20Report.pdf","source":"MITRE","title":"The link between Kwampirs (Orangeworm) and Shamoon APTs","authors":"Pablo Rincón Crespo","date_accessed":"2024-02-08T00:00:00Z","date_published":"2022-01-01T00:00:00Z","owner_name":null,"tidal_id":"c3ab1a3a-a129-5bfc-a278-7d1f83a5f7ca","created":"2024-04-25T13:28:44.586545Z","modified":"2025-12-17T15:08:36.420095Z"},{"id":"0a30d54e-187a-43e0-9725-3c80aa1c7619","name":"Linux Kernel API","description":"Linux Kernel Organization, Inc. (n.d.). The Linux Kernel API. Retrieved June 25, 2020.","url":"https://www.kernel.org/doc/html/v4.12/core-api/kernel-api.html","source":"MITRE","title":"The Linux Kernel API","authors":"Linux Kernel Organization, Inc","date_accessed":"2020-06-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7ea26887-b066-557f-86d3-de9e225d4d8f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427847Z"},{"id":"70f31f19-e0b3-40b1-b8dd-6667557bb334","name":"Linux Kernel Programming","description":"Pomerantz, O., Salzman, P.. (2003, April 4). The Linux Kernel Module Programming Guide. Retrieved April 6, 2018.","url":"https://www.tldp.org/LDP/lkmpg/2.4/lkmpg.pdf","source":"MITRE","title":"The Linux Kernel Module Programming Guide","authors":"Pomerantz, O., Salzman, P.","date_accessed":"2018-04-06T00:00:00Z","date_published":"2003-04-04T00:00:00Z","owner_name":null,"tidal_id":"d57eef6b-129f-53b7-9f39-e3f874fb1e5c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426009Z"},{"id":"b1002e9a-020d-4224-bf60-0c2a66d511f2","name":"The DFIR Report Dharma Ransomware June 2020","description":"The DFIR Report. (2020, June 16). The Little Ransomware That Couldn’t (Dharma). Retrieved March 7, 2024.","url":"https://thedfirreport.com/2020/06/16/the-little-ransomware-that-couldnt-dharma/","source":"Tidal Cyber","title":"The Little Ransomware That Couldn’t (Dharma)","authors":"The DFIR Report","date_accessed":"2024-03-07T00:00:00Z","date_published":"2020-06-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f16ababf-0346-55a1-b023-1b96ad46f379","created":"2024-03-07T21:00:47.221149Z","modified":"2024-03-07T21:00:47.397663Z"},{"id":"ed5a2ec0-8328-40db-9f58-7eaac4ad39a0","name":"Villeneuve 2011","description":"Villeneuve, N., Sancho, D. (2011). THE “LURID” DOWNLOADER. Retrieved November 12, 2014.","url":"http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_dissecting-lurid-apt.pdf","source":"MITRE","title":"THE “LURID” DOWNLOADER","authors":"Villeneuve, N., Sancho, D","date_accessed":"2014-11-12T00:00:00Z","date_published":"2011-01-01T00:00:00Z","owner_name":null,"tidal_id":"9b8ff16e-23db-5130-a190-fa1a22a51637","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417358Z"},{"id":"548f23b2-3ab6-4ea0-839f-8f9c8745d91d","name":"Proofpoint August 29 2024","description":"Tommy Madjar; Pim Trouerbach; Selena Larson; The Proofpoint Threat Research Team. (2024, August 29). The Malware That Must Not Be Named Suspected Espionage Campaign Delivers “Voldemort” . Retrieved August 29, 2024.","url":"https://www.proofpoint.com/us/blog/threat-insight/malware-must-not-be-named-suspected-espionage-campaign-delivers-voldemort","source":"Tidal Cyber","title":"The Malware That Must Not Be Named Suspected Espionage Campaign Delivers “Voldemort”","authors":"Tommy Madjar; Pim Trouerbach; Selena Larson; The Proofpoint Threat Research Team","date_accessed":"2024-08-29T00:00:00Z","date_published":"2024-08-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ac4bba90-305c-54f2-b9a8-65aa2c8ea6f8","created":"2024-09-06T15:12:22.299125Z","modified":"2024-09-06T15:12:23.291060Z"},{"id":"55be1ca7-fdb7-5d76-a9c8-5f44a0d00b0e","name":"Microsoft BlackCat Jun 2022","description":"Microsoft Defender Threat Intelligence. (2022, June 13). The many lives of BlackCat ransomware. Retrieved December 20, 2022.","url":"https://www.microsoft.com/en-us/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/","source":"MITRE","title":"The many lives of BlackCat ransomware","authors":"Microsoft Defender Threat Intelligence","date_accessed":"2022-12-20T00:00:00Z","date_published":"2022-06-13T00:00:00Z","owner_name":null,"tidal_id":"24cbd421-6ece-553f-9167-c7b5dd7da165","created":"2023-05-26T01:21:15.907849Z","modified":"2025-12-17T15:08:36.418554Z"},{"id":"a055d7a2-a356-4f0e-9a66-7f7b3ac7e74a","name":"Talos Nyetya MEDoc 2017","description":"Maynor, D., Nikolic, A., Olney, M., and Younan, Y. (2017, July 5). The MeDoc Connection. Retrieved March 26, 2019.","url":"https://blog.talosintelligence.com/2017/07/the-medoc-connection.html","source":"MITRE","title":"The MeDoc Connection","authors":"Maynor, D., Nikolic, A., Olney, M., and Younan, Y","date_accessed":"2019-03-26T00:00:00Z","date_published":"2017-07-05T00:00:00Z","owner_name":null,"tidal_id":"7938f17b-0218-541a-9bde-53d2c00a850d","created":"2022-12-14T20:06:32.013016Z","modified":"2024-10-31T16:28:38.979976Z"},{"id":"d248e284-37d3-4425-a29e-5a0c814ae803","name":"PegasusCitizenLab","description":"Bill Marczak and John Scott-Railton. (2016, August 24). The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender. Retrieved December 12, 2016.","url":"https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/","source":"MITRE","title":"The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender","authors":"Bill Marczak and John Scott-Railton","date_accessed":"2016-12-12T00:00:00Z","date_published":"2016-08-24T00:00:00Z","owner_name":null,"tidal_id":"b34a1776-2943-5d6d-9daf-de703fa96f27","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434817Z"},{"id":"def2a635-d322-4c27-9167-2642bf8f153c","name":"Securelist MiniDuke Feb 2013","description":"Kaspersky Lab's Global Research & Analysis Team. (2013, February 27). The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20170630181406/https://cdn.securelist.com/files/2014/07/themysteryofthepdf0-dayassemblermicrobackdoor.pdf","source":"MITRE","title":"The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor","authors":"Kaspersky Lab's Global Research & Analysis Team","date_accessed":"2024-11-17T00:00:00Z","date_published":"2013-02-27T00:00:00Z","owner_name":null,"tidal_id":"d540de04-5be3-52ef-8cea-e1cd82f1668c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440915Z"},{"id":"886804fc-f436-5d8c-abbf-cb64ab2cafe9","name":"The MITRE Corporation May 2017","description":"The MITRE Corporation 2017, May 31 ATT&CK T1106: Native API. Retrieved 2021/04/26","url":"https://attack.mitre.org/techniques/T1106/","source":"ICS","title":"The MITRE Corporation May 2017","authors":"","date_accessed":"2021-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6b9518f6-129f-5aaf-a86f-02603e57a02b","created":"2026-01-28T13:08:18.177453Z","modified":"2026-01-28T13:08:18.177456Z"},{"id":"e8f7df08-1a62-41d9-b8a4-ff39a2160294","name":"Harmj0y SeEnableDelegationPrivilege Right","description":"Schroeder, W. (2017, January 10). The Most Dangerous User Right You (Probably) Have Never Heard Of. Retrieved September 23, 2024.","url":"https://blog.harmj0y.net/activedirectory/the-most-dangerous-user-right-you-probably-have-never-heard-of/","source":"MITRE","title":"The Most Dangerous User Right You (Probably) Have Never Heard Of","authors":"Schroeder, W","date_accessed":"2024-09-23T00:00:00Z","date_published":"2017-01-10T00:00:00Z","owner_name":null,"tidal_id":"4b2850cf-8d3d-582f-822a-1713888c2e0a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430160Z"},{"id":"09302b4f-7f71-4289-92f6-076c685f0810","name":"Baumgartner Naikon 2015","description":"Baumgartner, K., Golovkin, M.. (2015, May). The MsnMM Campaigns: The Earliest Naikon APT Campaigns. Retrieved April 10, 2019.","url":"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07205555/TheNaikonAPT-MsnMM1.pdf","source":"MITRE","title":"The MsnMM Campaigns: The Earliest Naikon APT Campaigns","authors":"Baumgartner, K., Golovkin, M.","date_accessed":"2019-04-10T00:00:00Z","date_published":"2015-05-01T00:00:00Z","owner_name":null,"tidal_id":"e6dced9a-a031-5b32-9b43-37934eda59d1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416399Z"},{"id":"137474b7-638a-56d7-9ce2-ab906f207175","name":"SentinelLabs Metador Sept 2022","description":"Ehrlich, A., et al. (2022, September). THE MYSTERY OF METADOR | AN UNATTRIBUTED THREAT HIDING IN TELCOS, ISPS, AND UNIVERSITIES. Retrieved January 23, 2023.","url":"https://assets.sentinelone.com/sentinellabs22/metador#page=1","source":"MITRE","title":"THE MYSTERY OF METADOR | AN UNATTRIBUTED THREAT HIDING IN TELCOS, ISPS, AND UNIVERSITIES","authors":"Ehrlich, A., et al","date_accessed":"2023-01-23T00:00:00Z","date_published":"2022-09-01T00:00:00Z","owner_name":null,"tidal_id":"0b146188-9c6a-577e-9c36-9ebfe2714a0e","created":"2023-05-26T01:21:14.309102Z","modified":"2025-12-17T15:08:36.417925Z"},{"id":"5163576f-0b2c-49ba-8f34-b7efe3f3f6db","name":"Baumgartner Golovkin Naikon 2015","description":"Baumgartner, K., Golovkin, M.. (2015, May 14). The Naikon APT. Retrieved January 14, 2015.","url":"https://securelist.com/the-naikon-apt/69953/","source":"MITRE","title":"The Naikon APT","authors":"Baumgartner, K., Golovkin, M.","date_accessed":"2015-01-14T00:00:00Z","date_published":"2015-05-14T00:00:00Z","owner_name":null,"tidal_id":"187397c7-cf90-58af-af06-e0683ad40f14","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439066Z"},{"id":"de31ba54-5634-48c5-aa57-c6b0dbb53870","name":"Cofense NanoCore Mar 2018","description":"Patel, K. (2018, March 02). The NanoCore RAT Has Resurfaced From the Sewers. Retrieved September 25, 2024.","url":"https://web.archive.org/web/20240522112705/https://cofense.com/blog/nanocore-rat-resurfaced-sewers/","source":"MITRE","title":"The NanoCore RAT Has Resurfaced From the Sewers","authors":"Patel, K","date_accessed":"2024-09-25T00:00:00Z","date_published":"2018-03-02T00:00:00Z","owner_name":null,"tidal_id":"e3b7e5e3-7fad-56e6-83f5-97414935e67f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421274Z"},{"id":"3ce0be51-aef5-4def-b902-c2859b9d14ab","name":"Cyberint Beast Ransomware January 8 2024","description":"Adi Bleih. (2024, January 8). The Nature of the Beast Ransomware. Retrieved August 12, 2025.","url":"https://cyberint.com/blog/research/the-nature-of-the-beast-ransomware/","source":"Tidal Cyber","title":"The Nature of the Beast Ransomware","authors":"Adi Bleih","date_accessed":"2025-08-12T12:00:00Z","date_published":"2024-01-08T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"799ba57d-da93-562d-88cf-e40e7346fa01","created":"2025-08-14T15:16:01.481245Z","modified":"2025-08-14T15:16:01.663749Z"},{"id":"25b312ea-0d7a-5f05-9db1-14bbab909317","name":"Nearest Neighbor Volexity","description":"Koessel, Sean. Adair, Steven. Lancaster, Tom. (2024, November 22). The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access. Retrieved February 25, 2025.","url":"https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/","source":"MITRE","title":"The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access","authors":"Koessel, Sean. Adair, Steven. Lancaster, Tom","date_accessed":"2025-02-25T00:00:00Z","date_published":"2024-11-22T00:00:00Z","owner_name":null,"tidal_id":"ecb5bab9-7936-5c6a-92f6-67093ed45bf2","created":"2025-04-22T20:47:16.353933Z","modified":"2025-12-17T15:08:36.431724Z"},{"id":"a7d4b322-3710-436f-bd51-e5c258073dba","name":"Kaspersky NetTraveler","description":"Kaspersky Lab's Global Research and Analysis Team. (n.d.). The NetTraveler (aka ‘Travnet’). Retrieved November 17, 2024.","url":"https://web.archive.org/web/20160326004042/http://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf","source":"MITRE","title":"The NetTraveler (aka ‘Travnet’)","authors":"Kaspersky Lab's Global Research and Analysis Team","date_accessed":"2024-11-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"22f65e73-0470-5c38-8cd0-337b2c343a00","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421574Z"},{"id":"fcaf57f1-6696-54a5-a78c-255c8f6ac235","name":"Unit42 OceanLotus 2017","description":"Erye Hernandez and Danny Tsechansky. (2017, June 22). The New and Improved macOS Backdoor from OceanLotus. Retrieved September 8, 2023.","url":"https://unit42.paloaltonetworks.com/unit42-new-improved-macos-backdoor-oceanlotus/","source":"MITRE","title":"The New and Improved macOS Backdoor from OceanLotus","authors":"Erye Hernandez and Danny Tsechansky","date_accessed":"2023-09-08T00:00:00Z","date_published":"2017-06-22T00:00:00Z","owner_name":null,"tidal_id":"c8e75cfe-b9ac-5663-abf0-a263fdb5d074","created":"2023-11-07T00:35:57.193912Z","modified":"2025-12-17T15:08:36.421117Z"},{"id":"200bf330-5da5-5504-b56e-6bff108a3398","name":"Lookout-NotCompatible","description":"Tim Strazzere. (2014, November 19). The new NotCompatible: Sophisticated and evasive threat harbors the potential to compromise enterprise networks. Retrieved December","url":"https://blog.lookout.com/blog/2014/11/19/notcompatible/","source":"Mobile","title":"The new NotCompatible: Sophisticated and evasive threat harbors the potential to compromise enterprise networks","authors":"Tim Strazzere","date_accessed":"1978-12-01T00:00:00Z","date_published":"2014-11-19T00:00:00Z","owner_name":null,"tidal_id":"5989986c-8c9a-57f1-b1f1-cbb9e5cea6f9","created":"2026-01-28T13:08:10.039776Z","modified":"2026-01-28T13:08:10.039786Z"},{"id":"058c50c2-5596-536f-8361-bcbea620428e","name":"Cado Security Commando Cat 2024","description":"Nate Bill & Matt Muir. (2024, February 1). The Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker. Retrieved April 4, 2025.","url":"https://www.cadosecurity.com/blog/the-nine-lives-of-commando-cat-analysing-a-novel-malware-campaign-targeting-docker","source":"MITRE","title":"The Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker","authors":"Nate Bill & Matt Muir","date_accessed":"2025-04-04T00:00:00Z","date_published":"2024-02-01T00:00:00Z","owner_name":null,"tidal_id":"aa14289d-8b5f-5b00-8cbe-043fbdd765d7","created":"2025-04-22T20:47:14.713184Z","modified":"2025-12-17T15:08:36.430127Z"},{"id":"4b3cd2c0-fd0b-5583-8746-648229fc5f9d","name":"CyberArk Labs Discord","description":"CyberArk Labs. (2023, April 13). The (Not so) Secret War on Discord. Retrieved July 20, 2023.","url":"https://www.cyberark.com/resources/threat-research-blog/the-not-so-secret-war-on-discord","source":"MITRE","title":"The (Not so) Secret War on Discord","authors":"CyberArk Labs","date_accessed":"2023-07-20T00:00:00Z","date_published":"2023-04-13T00:00:00Z","owner_name":null,"tidal_id":"8febb0cd-6ca2-5098-9ace-cc4a4a39d951","created":"2023-11-07T00:36:01.585601Z","modified":"2025-12-17T15:08:36.428676Z"},{"id":"88d7bf25-985a-4b5e-92d6-ec4fa47a314f","name":"Gh0stRAT ATT March 2019","description":"Quinn, J. (2019, March 25). The odd case of a Gh0stRAT variant. Retrieved July 15, 2020.","url":"https://cybersecurity.att.com/blogs/labs-research/the-odd-case-of-a-gh0strat-variant","source":"MITRE","title":"The odd case of a Gh0stRAT variant","authors":"Quinn, J","date_accessed":"2020-07-15T00:00:00Z","date_published":"2019-03-25T00:00:00Z","owner_name":null,"tidal_id":"975de49f-7b15-567f-bad2-0be58c6a41e5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439790Z"},{"id":"9bb6de17-ce5a-52bf-aa37-3a2722c7544f","name":"The Office of Nuclear Reactor Regulation","description":"The Office of Nuclear Reactor Regulation Schneider Electric 2018, January 23 TRITON - Schneider Electric Analysis and Disclosure. Retrieved 2019/03/14","url":"https://www.nrc.gov/docs/ML1209/ML120900890.pdf","source":"ICS","title":"The Office of Nuclear Reactor Regulation","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"81f73f08-e7c4-5947-8114-587481fe66f2","created":"2026-01-28T13:08:18.180542Z","modified":"2026-01-28T13:08:18.180545Z"},{"id":"53836b95-a30a-4e95-8e19-e2bb2f18c738","name":"Palo Alto OilRig May 2016","description":"Falcone, R. and Lee, B.. (2016, May 26). The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor. Retrieved May 3, 2017.","url":"http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/","source":"MITRE, Tidal Cyber","title":"The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor","authors":"Falcone, R. and Lee, B.","date_accessed":"2017-05-03T00:00:00Z","date_published":"2016-05-26T00:00:00Z","owner_name":null,"tidal_id":"ae790a7a-07b1-579e-8522-86e2e33b436f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.262825Z"},{"id":"26a8ac8c-8fe1-501c-a5fb-dbebd62f68a9","name":"SecureList OpTriangulation 23Oct2023","description":"Kucherin, G., et al. (2023, October 23). The outstanding stealth of Operation Triangulation. Retrieved April","url":"https://securelist.com/triangulation-validators-modules/110847/","source":"Mobile","title":"The outstanding stealth of Operation Triangulation","authors":"Kucherin, G., et al","date_accessed":"1978-04-01T00:00:00Z","date_published":"2023-10-23T00:00:00Z","owner_name":null,"tidal_id":"4b77c333-ed03-53d1-b29b-af522290d687","created":"2026-01-28T13:08:10.041567Z","modified":"2026-01-28T13:08:10.041570Z"},{"id":"eb72f4a8-6f3f-5cf1-88e2-178f640d39b9","name":"M. Rentschler and H. Heine","description":"M. Rentschler and H. Heine. (n.d.). The Parallel Redundancy Protocol for industrial IP networks. Retrieved 2020/09/25","url":"https://ieeexplore.ieee.org/document/6505877","source":"ICS","title":"The Parallel Redundancy Protocol for industrial IP networks","authors":"M. Rentschler and H. Heine","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2ee33081-828f-5d7d-9177-c262c49e7e0a","created":"2026-01-28T13:08:18.179947Z","modified":"2026-01-28T13:08:18.179950Z"},{"id":"a42fc58f-e7a7-46de-a2f4-25fa8498b3b3","name":"STIG krbtgt reset","description":"UCF. (n.d.). The password for the krbtgt account on a domain must be reset at least every 180 days. Retrieved November 5, 2020.","url":"https://www.stigviewer.com/stig/windows_server_2016/2019-12-12/finding/V-91779","source":"MITRE","title":"The password for the krbtgt account on a domain must be reset at least every 180 days","authors":"UCF","date_accessed":"2020-11-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"23fc2834-75b6-57a9-91f3-b7306f340022","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439848Z"},{"id":"4e10228d-d9da-4ba4-bca7-d3bbdce42e0d","name":"Haq 2014","description":"Haq, T., Moran, N., Scott, M., & Vashisht, S. O. (2014, September 10). The Path to Mass-Producing Cyber Attacks [Blog]. Retrieved November 12, 2014.","url":"https://www.fireeye.com/blog/threat-research/2014/09/the-path-to-mass-producing-cyber-attacks.html","source":"MITRE, Tidal Cyber","title":"The Path to Mass-Producing Cyber Attacks [Blog]","authors":"Haq, T., Moran, N., Scott, M., & Vashisht, S. O","date_accessed":"2014-11-12T00:00:00Z","date_published":"2014-09-10T00:00:00Z","owner_name":null,"tidal_id":"95188689-5038-5a1c-bc77-d4785db32e32","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:10:13.443130Z"},{"id":"957edb5c-b893-4968-9603-1a6b8577f3aa","name":"Kaspersky Turla Penquin December 2014","description":"Baumgartner, K. and Raiu, C. (2014, December 8). The ‘Penquin’ Turla. Retrieved March 11, 2021.","url":"https://securelist.com/the-penquin-turla-2/67962/","source":"MITRE","title":"The ‘Penquin’ Turla","authors":"Baumgartner, K. and Raiu, C","date_accessed":"2021-03-11T00:00:00Z","date_published":"2014-12-08T00:00:00Z","owner_name":null,"tidal_id":"4fd32b7a-b017-5f4a-9814-40eacd4ca5fa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421706Z"},{"id":"b8b72a8e-87a1-4ce7-94df-ed938f9eb61c","name":"FireEye PLA","description":"FireEye Labs. (2014, May 20). The PLA and the 8:00am-5:00pm Work Day: FireEye Confirms DOJ’s Findings on APT1 Intrusion Activity. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20210417085454/https://www.fireeye.com/blog/threat-research/2014/05/the-pla-and-the-800am-500pm-work-day-fireeye-confirms-dojs-findings-on-apt1-intrusion-activity.html","source":"MITRE","title":"The PLA and the 8:00am-5:00pm Work Day: FireEye Confirms DOJ’s Findings on APT1 Intrusion Activity","authors":"FireEye Labs","date_accessed":"2024-11-17T00:00:00Z","date_published":"2014-05-20T00:00:00Z","owner_name":null,"tidal_id":"0f73f972-fefa-5c49-a226-9c869b15866a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442944Z"},{"id":"6840c1d6-89dc-4138-99e8-fbd2a45f2a1c","name":"Kaspersky ProjectSauron Full Report","description":"Kaspersky Lab's Global Research & Analysis Team. (2016, August 9). The ProjectSauron APT. Retrieved August 17, 2016.","url":"https://securelist.com/files/2016/07/The-ProjectSauron-APT_research_KL.pdf","source":"MITRE","title":"The ProjectSauron APT","authors":"Kaspersky Lab's Global Research & Analysis Team","date_accessed":"2016-08-17T00:00:00Z","date_published":"2016-08-09T00:00:00Z","owner_name":null,"tidal_id":"249b07ec-b647-5464-962d-e971b8dfa099","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439575Z"},{"id":"274fdba1-29f1-5c92-88f6-9a1b21598411","name":"Kaspersky Lua","description":"Global Research and Analysis Team. (2016, August 9). The ProjectSauron APT. Retrieved August 5, 2024.","url":"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07190154/The-ProjectSauron-APT_research_KL.pdf","source":"MITRE","title":"The ProjectSauron APT","authors":"Global Research and Analysis Team","date_accessed":"2024-08-05T00:00:00Z","date_published":"2016-08-09T00:00:00Z","owner_name":null,"tidal_id":"fa7b6086-2ecd-54fa-9add-456ce627cbbd","created":"2024-10-31T16:28:24.521024Z","modified":"2025-12-17T15:08:36.433474Z"},{"id":"6b57e883-75a1-4a71-accc-2d18148b9c3d","name":"McMillan Pwn March 2012","description":"Robert McMillan. (2012, March 3). The Pwn Plug is a little white box that can hack your network. Retrieved March 30, 2018.","url":"https://arstechnica.com/information-technology/2012/03/the-pwn-plug-is-a-little-white-box-that-can-hack-your-network/","source":"MITRE","title":"The Pwn Plug is a little white box that can hack your network","authors":"Robert McMillan","date_accessed":"2018-03-30T00:00:00Z","date_published":"2012-03-03T00:00:00Z","owner_name":null,"tidal_id":"7424b72f-e9d2-5254-ad0d-002e2b9a0425","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435110Z"},{"id":"658c8dd6-1a6a-40f0-a7b5-286fd4b1985d","name":"FireEye Application Shimming","description":"Ballenthin, W., Tomczak, J.. (2015). The Real Shim Shary. Retrieved May 4, 2020.","url":"http://files.brucon.org/2015/Tomczak_and_Ballenthin_Shims_for_the_Win.pdf","source":"MITRE","title":"The Real Shim Shary","authors":"Ballenthin, W., Tomczak, J.","date_accessed":"2020-05-04T00:00:00Z","date_published":"2015-01-01T00:00:00Z","owner_name":null,"tidal_id":"bcda7955-0379-5150-ac24-2b0c1cf0c5ee","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428555Z"},{"id":"62d5e493-5931-5f6d-8e93-4876e30ab1e0","name":"Juniper RedPenguin MAR 2025","description":"Juniper Networks, Cybersecurity R&D. (2025, March 11). The RedPenguin Malware Incident. Retrieved June 24, 2025.","url":"https://supportportal.juniper.net/sfc/servlet.shepherd/document/download/069Dp00000FzdmIIAR?operationContext=S1","source":"MITRE","title":"The RedPenguin Malware Incident","authors":"Juniper Networks, Cybersecurity R&D","date_accessed":"2025-06-24T00:00:00Z","date_published":"2025-03-11T00:00:00Z","owner_name":null,"tidal_id":"c6a47056-a9a4-5e20-8626-1c1ea199517c","created":"2025-10-29T21:08:48.167061Z","modified":"2025-12-17T15:08:36.438967Z"},{"id":"1b521b76-5b8f-4bd9-b312-7c795fc97898","name":"Kaspersky Regin","description":"Kaspersky Lab's Global Research and Analysis Team. (2014, November 24). THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS. Retrieved December 1, 2014.","url":"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08070305/Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf","source":"MITRE","title":"THE REGIN PLATFORM NATION-STATE OWNAGE OF GSM NETWORKS","authors":"Kaspersky Lab's Global Research and Analysis Team","date_accessed":"2014-12-01T00:00:00Z","date_published":"2014-11-24T00:00:00Z","owner_name":null,"tidal_id":"e7e5dd60-4ebd-5737-809f-94d5bc329e7c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418327Z"},{"id":"4c75a00d-aa90-4260-ab7a-2addc17d1728","name":"The Remote Framebuffer Protocol","description":"T. Richardson, J. Levine, RealVNC Ltd.. (2011, March). The Remote Framebuffer Protocol. Retrieved September 20, 2021.","url":"https://datatracker.ietf.org/doc/html/rfc6143#section-7.2.2","source":"MITRE","title":"The Remote Framebuffer Protocol","authors":"T. Richardson, J. Levine, RealVNC Ltd.","date_accessed":"2021-09-20T00:00:00Z","date_published":"2011-03-01T00:00:00Z","owner_name":null,"tidal_id":"2360f267-8ee9-5f97-bc11-e7a4390ae41c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423755Z"},{"id":"4656cc2c-aff3-4416-b18d-995876d37e06","name":"Malwarebytes Heroku Skimmers","description":"Jérôme Segura. (2019, December 4). There's an app for that: web skimmers found on PaaS Heroku. Retrieved August 18, 2022.","url":"https://www.malwarebytes.com/blog/news/2019/12/theres-an-app-for-that-web-skimmers-found-on-paas-heroku","source":"MITRE","title":"There's an app for that: web skimmers found on PaaS Heroku","authors":"Jérôme Segura","date_accessed":"2022-08-18T00:00:00Z","date_published":"2019-12-04T00:00:00Z","owner_name":null,"tidal_id":"b9a4ceec-6dd6-5c53-a0ed-15c0d2385691","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429416Z"},{"id":"e1762a94-5efc-5211-a714-f4d6d71bfe37","name":"Electron 1","description":"TOM ABAI. (2023, August 10). There’s a New Stealer Variant in Town, and It’s Using Electron to Stay Fully Undetected. Retrieved March 7, 2024.","url":"https://www.mend.io/blog/theres-a-new-stealer-variant-in-town-and-its-using-electron-to-stay-fully-undetected/","source":"MITRE","title":"There’s a New Stealer Variant in Town, and It’s Using Electron to Stay Fully Undetected","authors":"TOM ABAI","date_accessed":"2024-03-07T00:00:00Z","date_published":"2023-08-10T00:00:00Z","owner_name":null,"tidal_id":"9c1977be-63af-55d7-8cd3-c9e88e00d995","created":"2024-04-25T13:28:34.836830Z","modified":"2025-12-17T15:08:36.429777Z"},{"id":"e62d67ed-48d0-4141-aacc-92e165d66f16","name":"ELC Extended Attributes","description":"Howard Oakley. (2020, October 24). There's more to files than data: Extended Attributes. Retrieved October 12, 2021.","url":"https://eclecticlight.co/2020/10/24/theres-more-to-files-than-data-extended-attributes/","source":"MITRE","title":"There's more to files than data: Extended Attributes","authors":"Howard Oakley","date_accessed":"2021-10-12T00:00:00Z","date_published":"2020-10-24T00:00:00Z","owner_name":null,"tidal_id":"4f477369-8623-5b79-ab90-5180569da86e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433606Z"},{"id":"a9333ef5-5637-4a4c-9aaf-fdc9daf8b860","name":"FireEye WMI SANS 2015","description":"Devon Kerr. (2015). There's Something About WMI. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20221203203722/https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/sans-dfir-2015.pdf","source":"MITRE","title":"There's Something About WMI","authors":"Devon Kerr","date_accessed":"2024-11-17T00:00:00Z","date_published":"2015-01-01T00:00:00Z","owner_name":null,"tidal_id":"8ef2ab00-a7a2-52e6-a77e-486da376c46b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432579Z"},{"id":"e7703727-2388-4cf6-ac39-0a2a007019ac","name":"Intelligence to Risk Retaliation Window June 23 2025","description":"Levi Gundert. (2025, June 23). The Retaliation Window. Retrieved July 7, 2025.","url":"https://intelligence2risk.substack.com/p/the-retaliation-window","source":"Tidal Cyber","title":"The Retaliation Window","authors":"Levi Gundert","date_accessed":"2025-07-07T12:00:00Z","date_published":"2025-06-23T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8efdab08-e938-53eb-88de-b7acaca1e325","created":"2025-07-08T16:58:15.976798Z","modified":"2025-07-08T16:58:16.160815Z"},{"id":"7d30acb4-9600-46bd-a800-1c7e1149e9b4","name":"Sygnia July 17 2024","description":"Sygnia. (2024, July 17). The Return of Ghost Emperor's Demodex. Retrieved August 9, 2024.","url":"https://www.sygnia.co/blog/ghost-emperor-demodex-rootkit/","source":"Tidal Cyber","title":"The Return of Ghost Emperor's Demodex","authors":"Sygnia","date_accessed":"2024-08-09T00:00:00Z","date_published":"2024-07-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"aaca1aa4-e39c-5f15-b33b-75f440243552","created":"2024-10-25T19:42:16.689362Z","modified":"2024-10-25T19:42:17.065559Z"},{"id":"a3fa92ed-763c-4082-8220-cab82d70fad4","name":"Nviso Spoof Command Line 2020","description":"Daman, R. (2020, February 4). The return of the spoof part 2: Command line spoofing. Retrieved November 19, 2021.","url":"https://blog.nviso.eu/2020/02/04/the-return-of-the-spoof-part-2-command-line-spoofing/","source":"MITRE","title":"The return of the spoof part 2: Command line spoofing","authors":"Daman, R","date_accessed":"2021-11-19T00:00:00Z","date_published":"2020-02-04T00:00:00Z","owner_name":null,"tidal_id":"d5d234f0-5fc2-59a5-824d-888b664ab07f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433576Z"},{"id":"26d7ee2c-d4f7-441a-9073-49c9049b017e","name":"Zscaler Higaisa 2020","description":"Singh, S. Singh, A. (2020, June 11). The Return on the Higaisa APT. Retrieved March 2, 2021.","url":"https://www.zscaler.com/blogs/security-research/return-higaisa-apt","source":"MITRE","title":"The Return on the Higaisa APT","authors":"Singh, S. Singh, A","date_accessed":"2021-03-02T00:00:00Z","date_published":"2020-06-11T00:00:00Z","owner_name":null,"tidal_id":"8466c9bb-d092-5bb3-a30b-5c1ea1e74ffd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439060Z"},{"id":"0d01416f-4888-4b68-be47-a3245549cec5","name":"Check Point Research Rhysida August 08 2023","description":"Check Point Research. (2023, August 8). The Rhysida Ransomware: Activity Analysis and Ties to Vice Society. Retrieved August 11, 2023.","url":"https://research.checkpoint.com/2023/the-rhysida-ransomware-activity-analysis-and-ties-to-vice-society/","source":"Tidal Cyber","title":"The Rhysida Ransomware: Activity Analysis and Ties to Vice Society","authors":"Check Point Research","date_accessed":"2023-08-11T00:00:00Z","date_published":"2023-08-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"96e6514e-b581-5e93-896c-1086121b603d","created":"2023-11-17T17:09:18.441923Z","modified":"2023-11-17T17:09:18.534665Z"},{"id":"dbae7e21-20d4-454c-88db-43e2a195808e","name":"DigiTrust Agent Tesla Jan 2017","description":"The DigiTrust Group. (2017, January 12). The Rise of Agent Tesla. Retrieved November 5, 2018.","url":"https://www.digitrustgroup.com/agent-tesla-keylogger/","source":"MITRE","title":"The Rise of Agent Tesla","authors":"The DigiTrust Group","date_accessed":"2018-11-05T00:00:00Z","date_published":"2017-01-12T00:00:00Z","owner_name":null,"tidal_id":"2c027c10-25b5-5922-b393-7b55f9727984","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422136Z"},{"id":"f8a8a3a0-5b30-5f3e-a7b0-f8a4aaae7ee7","name":"Cofense Agent Tesla","description":"James Arndt. (2023, February 21). The Rise of Agent Tesla: Understanding the Notorious Keylogger. Retrieved January 10, 2024.","url":"https://cofense.com/blog/the-rise-of-agent-tesla-understanding-the-notorious-keylogger/","source":"MITRE","title":"The Rise of Agent Tesla: Understanding the Notorious Keylogger","authors":"James Arndt","date_accessed":"2024-01-10T00:00:00Z","date_published":"2023-02-21T00:00:00Z","owner_name":null,"tidal_id":"1a296e82-dd73-5ea3-be35-13090af77307","created":"2024-04-25T13:28:53.322571Z","modified":"2025-12-17T15:08:36.442673Z"},{"id":"a86131cd-1a42-4222-9d39-221dd6e054ba","name":"Red Canary March 18 2024","description":"Laura Brosnan. (2024, March 18). The rise of Charcoal Stork . Retrieved September 26, 2024.","url":"https://redcanary.com/blog/threat-intelligence/charcoal-stork/","source":"Tidal Cyber","title":"The rise of Charcoal Stork","authors":"Laura Brosnan","date_accessed":"2024-09-26T00:00:00Z","date_published":"2024-03-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"09da6907-1695-5492-b4d2-39a17f4fabd6","created":"2024-09-27T16:59:19.509092Z","modified":"2024-09-27T16:59:19.891091Z"},{"id":"230dbb27-9f4b-417f-ae7f-e88de27f4bc5","name":"Trend Micro October 22 2025","description":"None Identified. (2025, October 22). The Rise of Collaborative Tactics Among China-aligned Cyber Espionage Campaigns | Trend Micro (US). Retrieved October 22, 2025.","url":"https://www.trendmicro.com/en_us/research/25/j/premier-pass-as-a-service.html","source":"Tidal Cyber","title":"The Rise of Collaborative Tactics Among China-aligned Cyber Espionage Campaigns | Trend Micro (US)","authors":"None Identified","date_accessed":"2025-10-22T12:00:00Z","date_published":"2025-10-22T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c025060c-7890-5571-ba71-78ba14945120","created":"2025-10-24T16:13:07.510419Z","modified":"2025-10-24T16:13:07.640150Z"},{"id":"fd6a22c3-59e4-5f4f-a662-f6ab24a0e89f","name":"Securelist Asacub","description":"T. Shishkova. (2018, August 28). The rise of mobile banker Asacub. Retrieved December","url":"https://securelist.com/the-rise-of-mobile-banker-asacub/87591/","source":"Mobile","title":"The rise of mobile banker Asacub","authors":"T. Shishkova","date_accessed":"1978-12-01T00:00:00Z","date_published":"2018-08-28T00:00:00Z","owner_name":null,"tidal_id":"45b6e156-6930-5ad0-9942-885c28dc469c","created":"2026-01-28T13:08:10.041448Z","modified":"2026-01-28T13:08:10.041451Z"},{"id":"c7b0b3f3-e9ea-4159-acd1-f6d92ed41828","name":"ATT QakBot April 2021","description":"Morrow, D. (2021, April 15). The rise of QakBot. Retrieved September 27, 2021.","url":"https://cybersecurity.att.com/blogs/labs-research/the-rise-of-qakbot","source":"MITRE","title":"The rise of QakBot","authors":"Morrow, D","date_accessed":"2021-09-27T00:00:00Z","date_published":"2021-04-15T00:00:00Z","owner_name":null,"tidal_id":"220e6204-9fac-5045-b4cc-b424810c9c0c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422230Z"},{"id":"34e6e415-099a-4f29-aad0-fc0331a733a4","name":"ESET Telebots Dec 2016","description":"Cherepanov, A.. (2016, December 13). The rise of TeleBots: Analyzing disruptive KillDisk attacks. Retrieved June 10, 2020.","url":"https://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/","source":"MITRE","title":"The rise of TeleBots: Analyzing disruptive KillDisk attacks","authors":"Cherepanov, A.","date_accessed":"2020-06-10T00:00:00Z","date_published":"2016-12-13T00:00:00Z","owner_name":null,"tidal_id":"8ea34179-b99d-5a5c-babc-f3f3364d1f6a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439895Z"},{"id":"2d23c7ba-2c00-4693-a9a2-4c5fabc353b4","name":"Darktrace September 6 2023","description":"Emily Megan Lim. (2023, September 6). The Rise of the Lumma Info-Stealer . Retrieved October 10, 2024.","url":"https://darktrace.com/blog/the-rise-of-the-lumma-info-stealer","source":"Tidal Cyber","title":"The Rise of the Lumma Info-Stealer","authors":"Emily Megan Lim","date_accessed":"2024-10-10T00:00:00Z","date_published":"2023-09-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9fe7ecde-7035-5df4-a5f2-f8f01580c351","created":"2024-10-14T19:18:55.374580Z","modified":"2024-10-14T19:18:55.528374Z"},{"id":"3fafc00e-b808-486e-81bc-c08b6a410133","name":"SEI SSL Inspection Risks","description":"Dormann, W. (2015, March 13). The Risks of SSL Inspection. Retrieved April 5, 2016.","url":"https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html","source":"MITRE","title":"The Risks of SSL Inspection","authors":"Dormann, W","date_accessed":"2016-04-05T00:00:00Z","date_published":"2015-03-13T00:00:00Z","owner_name":null,"tidal_id":"85a47d4e-c69d-56c5-8c21-68b97f7c1c86","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428543Z"},{"id":"e52cf1aa-3d14-40ce-a1d4-e9de672261ef","name":"SourceForge rkhunter","description":"Rootkit Hunter Project. (2018, February 20). The Rootkit Hunter project. Retrieved April 9, 2018.","url":"http://rkhunter.sourceforge.net","source":"MITRE","title":"The Rootkit Hunter project","authors":"Rootkit Hunter Project","date_accessed":"2018-04-09T00:00:00Z","date_published":"2018-02-20T00:00:00Z","owner_name":null,"tidal_id":"532ea5ab-1a49-5baa-b39d-5a59eaacc8e1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415682Z"},{"id":"1d0afa98-978c-5314-90be-d29b49bdaac3","name":"securelist rotexy 2018","description":"T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September","url":"https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/","source":"Mobile","title":"The Rotexy mobile Trojan – banker and ransomware","authors":"T. Shishkova, L. Pikman","date_accessed":"1978-09-01T00:00:00Z","date_published":"2018-11-22T00:00:00Z","owner_name":null,"tidal_id":"92f01962-b7ad-5f2d-a7da-751788828e39","created":"2026-01-28T13:08:10.038836Z","modified":"2026-01-28T13:08:10.038839Z"},{"id":"168a43e3-a29a-5151-b430-016181e9446e","name":"Cyble Embargo Ransomware May 2024","description":"Cyble. (2024, May 24). The Rust Revolution: New Embargo Ransomware Steps In. Retrieved October 19, 2025.","url":"https://cyble.com/blog/the-rust-revolution-new-embargo-ransomware-steps-in/","source":"MITRE","title":"The Rust Revolution: New Embargo Ransomware Steps In","authors":"Cyble","date_accessed":"2025-10-19T00:00:00Z","date_published":"2024-05-24T00:00:00Z","owner_name":null,"tidal_id":"5b65628e-ca7f-5efa-be65-b6246f86e51e","created":"2025-10-29T21:08:48.165123Z","modified":"2025-12-17T15:08:36.419923Z"},{"id":"8bef22ff-f2fc-4e1a-b4d2-d746a120f6c6","name":"Campbell 2014","description":"Campbell, C. (2014). The Secret Life of Krbtgt. Retrieved November 17, 2024.","url":"https://defcon.org/images/defcon-22/dc-22-presentations/Campbell/DEFCON-22-Christopher-Campbell-The-Secret-Life-of-Krbtgt.pdf","source":"MITRE","title":"The Secret Life of Krbtgt","authors":"Campbell, C","date_accessed":"2024-11-17T00:00:00Z","date_published":"2014-01-01T00:00:00Z","owner_name":null,"tidal_id":"4189e771-4a51-5403-84a4-7594fa0dc34f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431462Z"},{"id":"8adfb6ce-6342-53a7-a993-a3cd6f2429d8","name":"CYBERWARCON CHEMISTGAMES","description":"B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December","url":"https://www.youtube.com/watch?v=xoNSbm1aX_w","source":"Mobile","title":"The Secret Life of Sandworms","authors":"B. Leonard, N. Mehta","date_accessed":"1978-12-01T00:00:00Z","date_published":"2019-11-21T00:00:00Z","owner_name":null,"tidal_id":"d9904e67-a312-5788-83ca-9671d7bdfba2","created":"2026-01-28T13:08:10.041268Z","modified":"2026-01-28T13:08:10.041271Z"},{"id":"4653a9a5-95f1-4b02-9bf0-8f1b8cd6c059","name":"Proofpoint Domain Shadowing","description":"Proofpoint Staff. (2015, December 15). The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK. Retrieved October 16, 2020.","url":"https://www.proofpoint.com/us/threat-insight/post/The-Shadow-Knows","source":"MITRE","title":"The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK","authors":"Proofpoint Staff","date_accessed":"2020-10-16T00:00:00Z","date_published":"2015-12-15T00:00:00Z","owner_name":null,"tidal_id":"6d21f6a2-064d-5c8a-86a4-deb0e6177d8c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434310Z"},{"id":"ac634e99-d951-402b-bb1c-e575753dfda8","name":"Symantec Shamoon 2012","description":"Symantec. (2012, August 16). The Shamoon Attacks. Retrieved March 14, 2019.","url":"https://www.symantec.com/connect/blogs/shamoon-attacks","source":"MITRE","title":"The Shamoon Attacks","authors":"Symantec","date_accessed":"2019-03-14T00:00:00Z","date_published":"2012-08-16T00:00:00Z","owner_name":null,"tidal_id":"9c231ba2-ce44-5ac7-8428-f5ca81cd1472","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420102Z"},{"id":"2cc38587-a18e-47e9-a8bb-e3498e4737f5","name":"Spring Dragon Jun 2015","description":"Baumgartner, K.. (2015, June 17). The Spring Dragon APT. Retrieved February 15, 2016.","url":"https://securelist.com/the-spring-dragon-apt/70726/","source":"MITRE","title":"The Spring Dragon APT","authors":"Baumgartner, K.","date_accessed":"2016-02-15T00:00:00Z","date_published":"2015-06-17T00:00:00Z","owner_name":null,"tidal_id":"f4341c94-28d5-5e40-81ac-0c07ff18ad45","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439400Z"},{"id":"7aa740a9-e97d-5127-8054-2e28f581a1d0","name":"BSI State of IT Security 2014","description":"Bundesamt fr Sicherheit in der Informationstechnik (BSI) (German Federal Office for Information Security). (2014). Die Lage der IT-Sicherheit in Deutschland. (2014). (The State of IT Security in Germany). Retrieved 2019/10/30","url":"https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Securitysituation/IT-Security-Situation-in-Germany-2014.pdf?__blob=publicationFile&v=3","source":"ICS","title":"(The State of IT Security in Germany)","authors":"Bundesamt fr Sicherheit in der Informationstechnik (BSI) (German Federal Office for Information Security). (2014). Die Lage der IT-Sicherheit in Deutschland","date_accessed":"2019-01-01T00:00:00Z","date_published":"2014-01-01T00:00:00Z","owner_name":null,"tidal_id":"02d776c1-cb25-5611-a8a7-b7c4032dac58","created":"2026-01-28T13:08:18.177230Z","modified":"2026-01-28T13:08:18.177233Z"},{"id":"84ac99ef-106f-44e9-97f0-3eda90570932","name":"Check Point APT31 February 2021","description":"Itkin, E. and Cohen, I. (2021, February 22). The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day. Retrieved March 24, 2021.","url":"https://research.checkpoint.com/2021/the-story-of-jian/","source":"MITRE","title":"The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day","authors":"Itkin, E. and Cohen, I","date_accessed":"2021-03-24T00:00:00Z","date_published":"2021-02-22T00:00:00Z","owner_name":null,"tidal_id":"1fa03dc2-222b-5928-a2e0-f56cbe7fb12a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439265Z"},{"id":"6123fbd4-c6fc-504c-92f2-5d405730c298","name":"System Information Discovery Technique","description":"YUCEEL, Huseyin Can. Picus Labs. (2022, June 9). The System Information Discovery Technique Explained - MITRE ATT&CK T1082. Retrieved March 27, 2024.","url":"https://www.picussecurity.com/resource/the-system-information-discovery-technique-explained-mitre-attack-t1082","source":"MITRE","title":"The System Information Discovery Technique Explained - MITRE ATT&CK T1082","authors":"YUCEEL, Huseyin Can. Picus Labs","date_accessed":"2024-03-27T00:00:00Z","date_published":"2022-06-09T00:00:00Z","owner_name":null,"tidal_id":"9848ee46-2db6-52a7-b463-1603c6297eec","created":"2024-04-25T13:28:41.512582Z","modified":"2025-12-17T15:08:36.436518Z"},{"id":"7b895692-d401-4d74-ab3f-e6f8e432877a","name":"UCF STIG Elevation Account Enumeration","description":"UCF. (n.d.). The system must require username and password to elevate a running application.. Retrieved December 18, 2017.","url":"https://www.stigviewer.com/stig/microsoft_windows_server_2012_member_server/2013-07-25/finding/WN12-CC-000077","source":"MITRE","title":"The system must require username and password to elevate a running application.","authors":"UCF","date_accessed":"2017-12-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"fc190c66-0f53-5ae4-958d-f7515f119ca1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415780Z"},{"id":"3d703dfa-97c5-498f-a712-cb4995119297","name":"TrendMicro Taidoor","description":"Trend Micro. (2012). The Taidoor Campaign. Retrieved November 12, 2014.","url":"http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the_taidoor_campaign.pdf","source":"MITRE","title":"The Taidoor Campaign","authors":"Trend Micro","date_accessed":"2014-11-12T00:00:00Z","date_published":"2012-01-01T00:00:00Z","owner_name":null,"tidal_id":"339cdf03-deda-5f4e-bf60-c20f595fba83","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421158Z"},{"id":"88ffa36e-c1d8-4e40-86c9-bdefad9a6c95","name":"SpectorOPs SettingContent-ms Jun 2018","description":"Nelson, M. (2018, June 11). The Tale of SettingContent-ms Files. Retrieved April 18, 2019.","url":"https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39","source":"MITRE","title":"The Tale of SettingContent-ms Files","authors":"Nelson, M","date_accessed":"2019-04-18T00:00:00Z","date_published":"2018-06-11T00:00:00Z","owner_name":null,"tidal_id":"c6b43bf2-dde4-5f16-843f-ed3263f30772","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415562Z"},{"id":"ccc34875-93f3-40ed-a9ee-f31b86708507","name":"Securelist Brazilian Banking Malware July 2020","description":"GReAT. (2020, July 14). The Tetrade: Brazilian banking malware goes global. Retrieved November 9, 2020.","url":"https://securelist.com/the-tetrade-brazilian-banking-malware/97779/","source":"MITRE","title":"The Tetrade: Brazilian banking malware goes global","authors":"GReAT","date_accessed":"2020-11-09T00:00:00Z","date_published":"2020-07-14T00:00:00Z","owner_name":null,"tidal_id":"d5581cc3-f3bd-52fc-9959-07740ed21ece","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419205Z"},{"id":"b018a875-559a-5998-b50a-b87b19cb3807","name":"PWC Sea Turtle 2023","description":"PwC Threat Intelligence. (2023, December 5). The Tortoise and The Malware. Retrieved November 20, 2024.","url":"https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/tortoise-and-malwahare.html","source":"MITRE","title":"The Tortoise and The Malware","authors":"PwC Threat Intelligence","date_accessed":"2024-11-20T00:00:00Z","date_published":"2023-12-05T00:00:00Z","owner_name":null,"tidal_id":"47be479e-45cd-5757-9692-058479998664","created":"2025-04-22T20:47:24.090899Z","modified":"2025-12-17T15:08:36.418891Z"},{"id":"10bed842-400f-4276-972d-5fca794ea778","name":"Symantec Trojan.Hydraq Jan 2010","description":"Symantec Security Response. (2010, January 18). The Trojan.Hydraq Incident. Retrieved February 20, 2018.","url":"https://www.symantec.com/connect/blogs/trojanhydraq-incident","source":"MITRE","title":"The Trojan.Hydraq Incident","authors":"Symantec Security Response","date_accessed":"2018-02-20T00:00:00Z","date_published":"2010-01-18T00:00:00Z","owner_name":null,"tidal_id":"b0c067f7-275a-510a-8d82-52cc51421f9b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419599Z"},{"id":"f19877f1-3e0f-4c68-b6c9-ef5b0bd470ed","name":"Fidelis Turbo","description":"Fidelis Cybersecurity. (2016, February 29). The Turbo Campaign, Featuring Derusbi for 64-bit Linux. Retrieved March 2, 2016.","url":"https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2016/2016.02.29.Turbo_Campaign_Derusbi/TA_Fidelis_Turbo_1602_0.pdf","source":"MITRE","title":"The Turbo Campaign, Featuring Derusbi for 64-bit Linux","authors":"Fidelis Cybersecurity","date_accessed":"2016-03-02T00:00:00Z","date_published":"2016-02-29T00:00:00Z","owner_name":null,"tidal_id":"72678e57-657e-5e42-8807-23a94c528723","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420476Z"},{"id":"fefa7321-cd60-4c7e-a9d5-c723d88013f2","name":"USDOJ Sandworm Feb 2020","description":"Pompeo, M. (2020, February 20). The United States Condemns Russian Cyber Attack Against the Country of Georgia. Retrieved September 12, 2024.","url":"https://2017-2021.state.gov/the-united-states-condemns-russian-cyber-attack-against-the-country-of-georgia/index.html","source":"MITRE","title":"The United States Condemns Russian Cyber Attack Against the Country of Georgia","authors":"Pompeo, M","date_accessed":"2024-09-12T00:00:00Z","date_published":"2020-02-20T00:00:00Z","owner_name":null,"tidal_id":"bbca355d-adf7-554a-9b98-6f8b5be80755","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437811Z"},{"id":"5e4e82c0-16b6-43bc-a70d-6b8d55aaef52","name":"Securelist Ventir","description":"Mikhail, K. (2014, October 16). The Ventir Trojan: assemble your MacOS spy. Retrieved April 6, 2018.","url":"https://securelist.com/the-ventir-trojan-assemble-your-macos-spy/67267/","source":"MITRE","title":"The Ventir Trojan: assemble your MacOS spy","authors":"Mikhail, K","date_accessed":"2018-04-06T00:00:00Z","date_published":"2014-10-16T00:00:00Z","owner_name":null,"tidal_id":"c8d143ad-fae9-5ef9-b74c-b8d69f17d212","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430962Z"},{"id":"ec02f951-17b8-44cb-945a-e5c313555124","name":"Symantec Waterbug","description":"Symantec. (2015, January 26). The Waterbug attack group. Retrieved April 10, 2015.","url":"https://www.threatminer.org/report.php?q=waterbug-attack-group.pdf&y=2015#gsc.tab=0&gsc.q=waterbug-attack-group.pdf&gsc.page=1","source":"MITRE","title":"The Waterbug attack group","authors":"Symantec","date_accessed":"2015-04-10T00:00:00Z","date_published":"2015-01-26T00:00:00Z","owner_name":null,"tidal_id":"c0a1b533-3720-573a-a796-1fac07159042","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421900Z"},{"id":"041de280-3e8b-5f5a-9e42-73bc81b46494","name":"Medium Windows Run MRU","description":"Shlomi Boutnaru. (2024, January 1). The Windows Forensics Journey — Run MRU (Run Dialog Box Most Recently Used). Retrieved April 14, 2025.","url":"https://medium.com/@boutnaru/the-windows-foreniscs-journey-run-mru-run-dialog-box-most-recently-used-57375a02d724","source":"MITRE","title":"The Windows Forensics Journey — Run MRU (Run Dialog Box Most Recently Used)","authors":"Shlomi Boutnaru","date_accessed":"2025-04-14T00:00:00Z","date_published":"2024-01-01T00:00:00Z","owner_name":null,"tidal_id":"24f6302c-43d8-5d61-b7bf-dd4de08db558","created":"2025-04-22T20:47:31.866352Z","modified":"2025-04-22T20:47:31.866361Z"},{"id":"aee1e76c-8ff2-4ff0-83e3-edcb76f34d19","name":"Windows NT Command Shell","description":"Tim Hill. (2014, February 2). The Windows NT Command Shell. Retrieved December 5, 2014.","url":"https://docs.microsoft.com/en-us/previous-versions//cc723564(v=technet.10)?redirectedfrom=MSDN#XSLTsection127121120120","source":"MITRE","title":"The Windows NT Command Shell","authors":"Tim Hill","date_accessed":"2014-12-05T00:00:00Z","date_published":"2014-02-02T00:00:00Z","owner_name":null,"tidal_id":"a1d9248c-a9bf-5e36-ab64-21ae4d908ea5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430069Z"},{"id":"f09fdc31-38ca-411d-8478-683b08a68535","name":"Malwarebytes The Windows Vault","description":"Arntz, P. (2016, March 30). The Windows Vault . Retrieved November 23, 2020.","url":"https://blog.malwarebytes.com/101/2016/01/the-windows-vaults/","source":"MITRE","title":"The Windows Vault","authors":"Arntz, P","date_accessed":"2020-11-23T00:00:00Z","date_published":"2016-03-30T00:00:00Z","owner_name":null,"tidal_id":"5a8f58d5-0af2-5d93-9f19-aa870af387d4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435041Z"},{"id":"e3c97d0f-150e-4fe3-a4ce-fc146a2fa718","name":"Microsoft JScript 2007","description":"Microsoft. (2007, August 15). The World of JScript, JavaScript, ECMAScript …. Retrieved June 23, 2020.","url":"https://docs.microsoft.com/archive/blogs/gauravseth/the-world-of-jscript-javascript-ecmascript","source":"MITRE","title":"The World of JScript, JavaScript, ECMAScript …","authors":"Microsoft","date_accessed":"2020-06-23T00:00:00Z","date_published":"2007-08-15T00:00:00Z","owner_name":null,"tidal_id":"7a25177e-90c1-560c-82ce-b7dc31867e32","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424859Z"},{"id":"08f44086-2387-4254-a0b6-3b9be2b6ee30","name":"ntlm_relaying_kerberos_del","description":"Mollema, D. (2019, March 4). The worst of both worlds: Combining NTLM Relaying and Kerberos delegation . Retrieved August 15, 2022.","url":"https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/","source":"MITRE","title":"The worst of both worlds: Combining NTLM Relaying and Kerberos delegation","authors":"Mollema, D","date_accessed":"2022-08-15T00:00:00Z","date_published":"2019-03-04T00:00:00Z","owner_name":null,"tidal_id":"1dce1f1d-a342-514c-91fc-9c323661ab05","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441087Z"},{"id":"0194bb11-8b97-4d61-8ddb-824077edc7db","name":"trendmicro xcsset xcode project 2020","description":"Mac Threat Response, Mobile Research Team. (2020, August 13). The XCSSET Malware: Inserts Malicious Code Into Xcode Projects, Performs UXSS Backdoor Planting in Safari, and Leverages Two Zero-day Exploits. Retrieved October 5, 2021.","url":"https://documents.trendmicro.com/assets/pdf/XCSSET_Technical_Brief.pdf","source":"MITRE","title":"The XCSSET Malware: Inserts Malicious Code Into Xcode Projects, Performs UXSS Backdoor Planting in Safari, and Leverages Two Zero-day Exploits","authors":"Mac Threat Response, Mobile Research Team","date_accessed":"2021-10-05T00:00:00Z","date_published":"2020-08-13T00:00:00Z","owner_name":null,"tidal_id":"514d882f-9fce-5192-af35-afe819339641","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421967Z"},{"id":"bfc6f6fe-b504-4b99-a7c0-1efba08ac14e","name":"Sophos New Ryuk Attack October 2020","description":"Sean Gallagher, Peter Mackenzie, Elida Leite, Syed Shahram, Bill Kearney, Anand Aijan, Sivagnanam Gn, Suraj Mundalik. (2020, October 14). They’re back: inside a new Ryuk ransomware attack. Retrieved October 14, 2020.","url":"https://news.sophos.com/en-us/2020/10/14/inside-a-new-ryuk-ransomware-attack/","source":"MITRE","title":"They’re back: inside a new Ryuk ransomware attack","authors":"Sean Gallagher, Peter Mackenzie, Elida Leite, Syed Shahram, Bill Kearney, Anand Aijan, Sivagnanam Gn, Suraj Mundalik","date_accessed":"2020-10-14T00:00:00Z","date_published":"2020-10-14T00:00:00Z","owner_name":null,"tidal_id":"599d56a2-52bb-5032-a924-4da76c91e4f2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439797Z"},{"id":"8330ab88-9c73-4332-97d6-c1fb95b1a155","name":"RSA EU12 They're Inside","description":"Rivner, U., Schwartz, E. (2012). They’re Inside… Now What?. Retrieved November 25, 2016.","url":"https://www.rsaconference.com/writable/presentations/file_upload/ht-209_rivner_schwartz.pdf","source":"MITRE","title":"They’re Inside… Now What?","authors":"Rivner, U., Schwartz, E","date_accessed":"2016-11-25T00:00:00Z","date_published":"2012-01-01T00:00:00Z","owner_name":null,"tidal_id":"aac1a5b6-3ef3-565e-9c66-c587cb65d35f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436511Z"},{"id":"691fb596-07b6-5c13-9cec-e28530ffde12","name":"APT29 Deep Look at Credential Roaming","description":"Thibault Van Geluwe De Berlaere. (2022, November 8). They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming. Retrieved November 9, 2022.","url":"https://www.mandiant.com/resources/blog/apt29-windows-credential-roaming","source":"MITRE","title":"They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming","authors":"Thibault Van Geluwe De Berlaere","date_accessed":"2022-11-09T00:00:00Z","date_published":"2022-11-08T00:00:00Z","owner_name":null,"tidal_id":"851d456b-5d90-5537-a54f-9acbca17bd2e","created":"2023-05-26T01:21:07.473128Z","modified":"2025-12-17T15:08:36.431640Z"},{"id":"301da9c8-60de-58f0-989f-6b504e3457a3","name":"ZDNet Ransomware Backups 2020","description":"Steve Ranger. (2020, February 27). Ransomware victims thought their backups were safe. They were wrong. Retrieved March 21, 2023.","url":"https://www.zdnet.com/article/ransomware-victims-thought-their-backups-were-safe-they-were-wrong/","source":"MITRE","title":"They were wrong","authors":"Steve Ranger. (2020, February 27)","date_accessed":"2023-03-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7359b394-7bbd-5fb6-8a1d-dc0ce38d5c72","created":"2023-05-26T01:21:11.121241Z","modified":"2025-12-17T15:08:36.436649Z"},{"id":"896c88f9-8765-4b60-b679-667b338757e3","name":"Microsoft Unidentified Dec 2018","description":"Microsoft Defender Research Team. (2018, December 3). Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers. Retrieved April 15, 2019.","url":"https://www.microsoft.com/security/blog/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/","source":"MITRE","title":"think tanks, non-profits, public sector by unidentified attackers","authors":"Microsoft Defender Research Team. (2018, December 3)","date_accessed":"2019-04-15T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"6f973e48-e831-5870-9d1e-dbe8c8bb52f5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438112Z"},{"id":"b8bb0bc5-e131-47b5-8c42-48cd3dc25250","name":"iPhone Charging Cable Hack","description":"Zack Whittaker. (2019, August 12). This hacker’s iPhone charging cable can hijack your computer. Retrieved May 25, 2022.","url":"https://techcrunch.com/2019/08/12/iphone-charging-cable-hack-computer-def-con/","source":"MITRE","title":"This hacker’s iPhone charging cable can hijack your computer","authors":"Zack Whittaker","date_accessed":"2022-05-25T00:00:00Z","date_published":"2019-08-12T00:00:00Z","owner_name":null,"tidal_id":"448b80c6-5fcf-5627-85e7-ca9bc08f3f5a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428123Z"},{"id":"9b75a38e-e5c7-43c8-a7fb-c7f212e00497","name":"Mandiant APT41 Global Intrusion","description":"Gyler, C.,Perez D.,Jones, S.,Miller, S.. (2021, February 25). This is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits. Retrieved February 17, 2022.","url":"https://www.mandiant.com/resources/apt41-initiates-global-intrusion-campaign-using-multiple-exploits","source":"MITRE","title":"This is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits","authors":"Gyler, C.,Perez D.,Jones, S.,Miller, S.","date_accessed":"2022-02-17T00:00:00Z","date_published":"2021-02-25T00:00:00Z","owner_name":null,"tidal_id":"478aa349-3035-5e26-9416-1551ad73bd1b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428143Z"},{"id":"e4d7c8f6-e202-4aac-b39d-7b2c9c5ea48d","name":"FireEye APT41 March 2020","description":"Glyer, C, et al. (2020, March). This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits. Retrieved April 28, 2020.","url":"https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html","source":"MITRE","title":"This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits","authors":"Glyer, C, et al","date_accessed":"2020-04-28T00:00:00Z","date_published":"2020-03-01T00:00:00Z","owner_name":null,"tidal_id":"430ebe4c-e753-5779-9384-2a445921e71f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440830Z"},{"id":"765b0ce9-7305-4b35-b5be-2f6f42339646","name":"Proofpoint Bumblebee April 2022","description":"Merriman, K. and Trouerbach, P. (2022, April 28). This isn't Optimus Prime's Bumblebee but it's Still Transforming. Retrieved August 22, 2022.","url":"https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming","source":"MITRE","title":"This isn't Optimus Prime's Bumblebee but it's Still Transforming","authors":"Merriman, K. and Trouerbach, P","date_accessed":"2022-08-22T00:00:00Z","date_published":"2022-04-28T00:00:00Z","owner_name":null,"tidal_id":"2d183741-2d0a-5a82-8961-f8560fcd5d8f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416604Z"},{"id":"82d41fd8-495d-41b6-b908-6ada5764c94d","name":"Code Injection on Linux and macOS","description":"Itamar Turner-Trauring. (2017, April 18). “This will only hurt for a moment”: code injection on Linux and macOS with LD_PRELOAD. Retrieved December 20, 2017.","url":"https://www.datawire.io/code-injection-on-linux-and-macos/","source":"MITRE","title":"“This will only hurt for a moment”: code injection on Linux and macOS with LD_PRELOAD","authors":"Itamar Turner-Trauring","date_accessed":"2017-12-20T00:00:00Z","date_published":"2017-04-18T00:00:00Z","owner_name":null,"tidal_id":"eb6291f5-cb6b-5099-b6ba-742c10cb0d94","created":"2022-12-14T20:06:32.013016Z","modified":"2024-10-31T16:28:21.801564Z"},{"id":"ca5ee9aa-6c9a-57dc-9cb4-0d976de1b5e5","name":"Cybernews Reuters Leak 2022","description":"Vilius Petkauskas . (2022, November 3). Thomson Reuters collected and leaked at least 3TB of sensitive data. Retrieved September 25, 2024.","url":"https://cybernews.com/security/thomson-reuters-leaked-terabytes-sensitive-data/","source":"MITRE","title":"Thomson Reuters collected and leaked at least 3TB of sensitive data","authors":"Vilius Petkauskas","date_accessed":"2024-09-25T00:00:00Z","date_published":"2022-11-03T00:00:00Z","owner_name":null,"tidal_id":"0e5c0a3e-ebd9-5599-9bb9-cbeed112871d","created":"2024-10-31T16:28:25.950040Z","modified":"2025-12-17T15:08:36.435016Z"},{"id":"1f591eeb-04c0-5125-b378-e3716a839d17","name":"phishing-krebs","description":"Brian Krebs. (2024, March 28). Thread Hijacking: Phishes That Prey on Your Curiosity. Retrieved September 27, 2024.","url":"https://krebsonsecurity.com/2024/03/thread-hijacking-phishes-that-prey-on-your-curiosity/","source":"MITRE","title":"Thread Hijacking: Phishes That Prey on Your Curiosity","authors":"Brian Krebs","date_accessed":"2024-09-27T00:00:00Z","date_published":"2024-03-28T00:00:00Z","owner_name":null,"tidal_id":"d085cc76-0968-5b11-8acf-a7f1bd09c5a2","created":"2024-10-31T16:28:24.306963Z","modified":"2025-12-17T15:08:36.433230Z"},{"id":"186dff50-f68a-4a5a-aa55-8ffbd89859c8","name":"TrendMicros ScreenConnect February 27 2024","description":"Ian Kenefick, Junestherry Dela Cruz, Peter Girnus. (2024, February 27). Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities. Retrieved February 28, 2024.","url":"https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html","source":"Tidal Cyber","title":"Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities","authors":"Ian Kenefick, Junestherry Dela Cruz, Peter Girnus","date_accessed":"2024-02-28T00:00:00Z","date_published":"2024-02-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bf29f73b-440b-58be-8e9d-73cd9ac4c99b","created":"2024-06-13T20:10:53.149725Z","modified":"2024-06-13T20:10:53.337417Z"},{"id":"12a0e22b-987d-4169-b037-b7a817bc4e7c","name":"Threat Actor Groups Tracked by Palo Alto Networks Unit 42","description":"Unit 42. (2024, June 27). Threat Actor Groups Tracked by Palo Alto Networks Unit 42. Retrieved June 9, 2025.","url":"https://unit42.paloaltonetworks.com/threat-actor-groups-tracked-by-palo-alto-networks-unit-42/","source":"Tidal Cyber","title":"Threat Actor Groups Tracked by Palo Alto Networks Unit 42","authors":"Unit 42","date_accessed":"2025-06-09T00:00:00Z","date_published":"2024-06-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7c53bb81-09fd-5332-a42a-0fa3e2a48a51","created":"2025-06-10T15:50:22.605457Z","modified":"2025-06-10T15:50:22.775027Z"},{"id":"2079101c-d988-430a-9082-d25c475b2af5","name":"FireEye Fin8 May 2016","description":"Kizhakkinan, D., et al. (2016, May 11). Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks. Retrieved February 12, 2018.","url":"https://www.fireeye.com/blog/threat-research/2016/05/windows-zero-day-payment-cards.html","source":"MITRE","title":"Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks","authors":"Kizhakkinan, D., et al","date_accessed":"2018-02-12T00:00:00Z","date_published":"2016-05-11T00:00:00Z","owner_name":null,"tidal_id":"1308b496-c6a6-55c9-9c86-432da4bef857","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418947Z"},{"id":"e787e9af-f496-442a-8b36-16056ff8bfc1","name":"Proofpoint TA407 September 2019","description":"Proofpoint Threat Insight Team. (2019, September 5). Threat Actor Profile: TA407, the Silent Librarian. Retrieved February 3, 2021.","url":"https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta407-silent-librarian","source":"MITRE","title":"Threat Actor Profile: TA407, the Silent Librarian","authors":"Proofpoint Threat Insight Team","date_accessed":"2021-02-03T00:00:00Z","date_published":"2019-09-05T00:00:00Z","owner_name":null,"tidal_id":"2f6e068b-0368-513b-a801-541195aaa10a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432115Z"},{"id":"c1fff36f-802b-4436-abce-7f2787c148db","name":"Proofpoint TA505 Sep 2017","description":"Proofpoint Staff. (2017, September 27). Threat Actor Profile: TA505, From Dridex to GlobeImposter. Retrieved May 28, 2019.","url":"https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta505-dridex-globeimposter","source":"MITRE, Tidal Cyber","title":"Threat Actor Profile: TA505, From Dridex to GlobeImposter","authors":"Proofpoint Staff","date_accessed":"2019-05-28T00:00:00Z","date_published":"2017-09-27T00:00:00Z","owner_name":null,"tidal_id":"3dc0cb73-54f8-56a7-899b-10c7a4899b6c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.278170Z"},{"id":"aeb3a9ad-2214-40dc-bfd5-f832a4eaf168","name":"U.S. CISA Ivanti Vulnerabilities January 22 2025","description":"Cybersecurity and Infrastructure Security Agency. (2025, January 22). Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications. Retrieved January 27, 2025.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a","source":"Tidal Cyber","title":"Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2025-01-27T00:00:00Z","date_published":"2025-01-22T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5f4b38c8-8942-57e9-bf44-4ced17af8adb","created":"2025-01-28T15:53:31.217491Z","modified":"2025-01-28T15:53:31.438297Z"},{"id":"bbb517d2-a84a-4e60-a1ae-32c2841e7f34","name":"U.S. CISA LummaC2 May 21 2025","description":"Cybersecurity and Infrastructure Security Agency. (2025, May 21). Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations. Retrieved May 22, 2025.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141b","source":"Tidal Cyber","title":"Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2025-05-22T00:00:00Z","date_published":"2025-05-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"45eabb86-096e-546b-bd9c-d1260d7d0c51","created":"2025-05-23T14:41:31.049869Z","modified":"2025-05-23T14:41:31.225770Z"},{"id":"8d40c966-331f-490c-b1b6-e33a095b888a","name":"Esentire August 27 2025","description":"Esentire Threat Response Unit. (2025, August 27). Threat Actors Deploy Sinobi Ransomware via Compromised SonicWall SSL…. Retrieved September 11, 2025.","url":"https://www.esentire.com/blog/threat-actors-deploy-sinobi-ransomware-via-compromised-sonicwall-ssl-vpn-credentials","source":"Tidal Cyber","title":"Threat Actors Deploy Sinobi Ransomware via Compromised SonicWall SSL…","authors":"Esentire Threat Response Unit","date_accessed":"2025-09-11T12:00:00Z","date_published":"2025-08-27T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"049de413-8440-5be4-ae54-06459cce55c1","created":"2025-09-15T19:13:21.036286Z","modified":"2025-09-15T19:13:21.198367Z"},{"id":"cdef460c-a2e0-4a44-83fe-1cf1adc3ebf1","name":"Cyble 4 26 2023","description":"Cybleinc. (2023, April 26). Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram. Retrieved January 1, 2024.","url":"https://cyble.com/blog/threat-actor-selling-new-atomic-macos-amos-stealer-on-telegram/","source":"Tidal Cyber","title":"Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram","authors":"Cybleinc","date_accessed":"2024-01-01T00:00:00Z","date_published":"2023-04-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8a5f4870-1002-57bf-9f8b-95d960179784","created":"2024-06-13T20:10:58.572525Z","modified":"2024-06-13T20:10:58.757362Z"},{"id":"021c4caa-7a7a-4e49-9c5c-6eec176bf923","name":"U.S. CISA CVE-2023-3519 Exploits","description":"Cybersecurity and Infrastructure Security Agency. (2023, July 20). Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells. Retrieved July 24, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a","source":"Tidal Cyber","title":"Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-07-24T00:00:00Z","date_published":"2023-07-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6689640b-ad10-5414-9644-18cff0946f77","created":"2023-07-28T16:33:32.443743Z","modified":"2023-07-28T16:33:33.973555Z"},{"id":"62305b8a-76c8-49ec-82dc-6756643ccf7a","name":"U.S. CISA CVE-2023-35078 Exploits","description":"Cybersecurity and Infrastructure Security Agency. (2023, August 1). Threat Actors Exploiting Ivanti EPMM Vulnerabilities. Retrieved August 3, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a","source":"Tidal Cyber","title":"Threat Actors Exploiting Ivanti EPMM Vulnerabilities","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-08-03T00:00:00Z","date_published":"2023-08-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"df22ad45-4069-5fb1-ba8d-743e42a3794c","created":"2023-08-04T16:40:33.214997Z","modified":"2023-08-04T16:40:33.343626Z"},{"id":"a501b21d-916d-454e-b5a0-c3d3bdb4e45c","name":"U.S. CISA Ivanti Exploits February 2024","description":"Cybersecurity and Infrastructure Security Agency. (2024, February 29). Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways. Retrieved March 1, 2024.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b","source":"Tidal Cyber","title":"Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2024-03-01T00:00:00Z","date_published":"2024-02-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d047986d-5351-5235-b811-6908c433de65","created":"2024-03-01T20:23:28.067041Z","modified":"2024-03-01T20:23:28.231968Z"},{"id":"c3c52950-51cf-540f-9951-1d8bef4be937","name":"Microsoft Storm-1811 2024","description":"Microsoft Threat Intelligence. (2024, May 15). Threat actors misusing Quick Assist in social engineering attacks leading to ransomware. Retrieved March 14, 2025.","url":"https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/","source":"MITRE","title":"Threat actors misusing Quick Assist in social engineering attacks leading to ransomware","authors":"Microsoft Threat Intelligence","date_accessed":"2025-03-14T00:00:00Z","date_published":"2024-05-15T00:00:00Z","owner_name":null,"tidal_id":"380ab4bb-5a5c-5263-aec9-c9a21b69ee76","created":"2025-04-22T20:47:23.341390Z","modified":"2025-12-17T15:08:36.423505Z"},{"id":"0876de6e-ea0c-4717-89a4-9c7baed53b6f","name":"Microsoft Security Blog 5 15 2024","description":"Microsoft Threat Intelligence. (2024, May 15). Threat actors misusing Quick Assist in social engineering attacks leading to ransomware . Retrieved May 16, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/","source":"Tidal Cyber","title":"Threat actors misusing Quick Assist in social engineering attacks leading to ransomware","authors":"Microsoft Threat Intelligence","date_accessed":"2024-05-16T00:00:00Z","date_published":"2024-05-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6edf5718-c494-56ce-ad14-f132f7d47679","created":"2024-06-13T20:11:02.670332Z","modified":"2024-06-13T20:11:02.859878Z"},{"id":"5df12363-ff50-4741-95db-3d747d262c59","name":"Secureonix STARK#VORTEX September 25 2023","description":"Securonix Threat Research, D.Iuzvyk, T.Peck, O.Kolesnikov. (2023, September 25). Threat Actors Use Drone Manual Lures to Deliver MerlinAgent Payloads. Retrieved March 24, 2025.","url":"https://www.securonix.com/blog/threat-labs-security-advisory-new-starkvortex-attack-campaign-threat-actors-use-drone-manual-lures-to-deliver-merlinagent-payloads/","source":"Tidal Cyber","title":"Threat Actors Use Drone Manual Lures to Deliver MerlinAgent Payloads","authors":"Securonix Threat Research, D.Iuzvyk, T.Peck, O.Kolesnikov","date_accessed":"2025-03-24T00:00:00Z","date_published":"2023-09-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d7607f8a-95df-5ac8-bc85-e5f2f3a59f71","created":"2025-03-25T13:16:01.335445Z","modified":"2025-03-25T13:16:01.532696Z"},{"id":"26d7134e-7b93-4aa1-a859-03cf964ca1b5","name":"Atlas SEO","description":"Atlas Cybersecurity. (2021, April 19). Threat Actors use Search-Engine-Optimization Tactics to Redirect Traffic and Install Malware. Retrieved September 30, 2022.","url":"https://atlas-cybersecurity.com/cyber-threats/threat-actors-use-search-engine-optimization-tactics-to-redirect-traffic-and-install-malware/","source":"MITRE","title":"Threat Actors use Search-Engine-Optimization Tactics to Redirect Traffic and Install Malware","authors":"Atlas Cybersecurity","date_accessed":"2022-09-30T00:00:00Z","date_published":"2021-04-19T00:00:00Z","owner_name":null,"tidal_id":"020c33f7-70d9-54f1-a9b4-d1f18a0de755","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435801Z"},{"id":"b222cabd-347d-45d4-aeaf-4135795d944d","name":"Cisco Talos Blog September 3 2024","description":"Vanja Svajcer. (2024, September 3). Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads. Retrieved September 3, 2024.","url":"https://blog.talosintelligence.com/threat-actors-using-macropack/","source":"Tidal Cyber","title":"Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads","authors":"Vanja Svajcer","date_accessed":"2024-09-03T00:00:00Z","date_published":"2024-09-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"83141e35-786b-5146-8bb5-5bdbe76ac444","created":"2024-09-06T15:12:31.579474Z","modified":"2024-09-06T15:12:32.126102Z"},{"id":"076f2b95-97d2-4d50-bb9b-6199c161e5c6","name":"Cybereason TA505 April 2019","description":"Salem, E. (2019, April 25). Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware. Retrieved May 28, 2019.","url":"https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware","source":"MITRE","title":"Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware","authors":"Salem, E","date_accessed":"2019-05-28T00:00:00Z","date_published":"2019-04-25T00:00:00Z","owner_name":null,"tidal_id":"0ba1a303-0492-5978-b4bd-2a90d6d87952","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441208Z"},{"id":"fb04c74e-3323-50b7-9e3f-715e9dc57cc8","name":"Threat Actor Targets the Manufacturing industry with Lumma Stealer and Amadey Bot","description":"Cyble. (2024, December 5). Threat Actor Targets the Manufacturing industry with Lumma Stealer and Amadey Bot. Retrieved February 4, 2025.","url":"https://cyble.com/blog/threat-actor-targets-manufacturing-industry-with-malware/","source":"MITRE","title":"Threat Actor Targets the Manufacturing industry with Lumma Stealer and Amadey Bot","authors":"Cyble","date_accessed":"2025-02-04T00:00:00Z","date_published":"2024-12-05T00:00:00Z","owner_name":null,"tidal_id":"9be1b94b-8402-5d3d-b068-1c173781ac1c","created":"2025-04-22T20:47:12.678785Z","modified":"2025-12-17T15:08:36.428064Z"},{"id":"88fc1f96-2d55-4c92-a929-234248490c30","name":"Cisco CaddyWiper March 2022","description":"Malhotra, A. (2022, March 15). Threat Advisory: CaddyWiper. Retrieved March 23, 2022.","url":"https://blog.talosintelligence.com/2022/03/threat-advisory-caddywiper.html","source":"MITRE","title":"Threat Advisory: CaddyWiper","authors":"Malhotra, A","date_accessed":"2022-03-23T00:00:00Z","date_published":"2022-03-15T00:00:00Z","owner_name":null,"tidal_id":"4c2ba43e-02f5-558a-ac8b-d479d40d5f90","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421220Z"},{"id":"e288c08c-b89f-41dd-bcca-b7a38723d83b","name":"SBS CyberSecurity January 3 2023","description":"SBS CyberSecurity. (2023, January 3). Threat Advisory FIN7 Hacker Group Using Automation to Compromise Unpatched In-House Exchange Servers. Retrieved April 8, 2025.","url":"https://sbscyber.com/blog/threat-advisory-fin7-hacker-group-using-automation-to-compromise-unpatched-in-house-exchange-servers","source":"Tidal Cyber","title":"Threat Advisory FIN7 Hacker Group Using Automation to Compromise Unpatched In-House Exchange Servers","authors":"SBS CyberSecurity","date_accessed":"2025-04-08T00:00:00Z","date_published":"2023-01-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"403b5dd3-4463-5bdb-bfee-dd0b5e8eb66b","created":"2025-04-08T16:38:28.628737Z","modified":"2025-04-08T16:38:28.949941Z"},{"id":"b23fc191-cc84-49c8-9eb0-09db7e23b24d","name":"Carbon Black Squiblydoo Apr 2016","description":"Nolen, R. et al.. (2016, April 28). Threat Advisory: “Squiblydoo” Continues Trend of Attackers Using Native OS Tools to “Live off the Land”. Retrieved April 9, 2018.","url":"https://www.carbonblack.com/2016/04/28/threat-advisory-squiblydoo-continues-trend-of-attackers-using-native-os-tools-to-live-off-the-land/","source":"MITRE","title":"Threat Advisory: “Squiblydoo” Continues Trend of Attackers Using Native OS Tools to “Live off the Land”","authors":"Nolen, R. et al.","date_accessed":"2018-04-09T00:00:00Z","date_published":"2016-04-28T00:00:00Z","owner_name":null,"tidal_id":"61e559d5-7ce4-5126-b4b2-e161f29bf98a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430754Z"},{"id":"efd64f41-13cc-4b2b-864c-4d2352cdadcd","name":"Aqua Build Images on Hosts","description":"Assaf Morag. (2020, July 15). Threat Alert: Attackers Building Malicious Images on Your Hosts. Retrieved March 29, 2021.","url":"https://blog.aquasec.com/malicious-container-image-docker-container-host","source":"MITRE","title":"Threat Alert: Attackers Building Malicious Images on Your Hosts","authors":"Assaf Morag","date_accessed":"2021-03-29T00:00:00Z","date_published":"2020-07-15T00:00:00Z","owner_name":null,"tidal_id":"233c09a6-c57a-514c-87fa-9b70aede65ad","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429874Z"},{"id":"ebe119d6-add3-5a1b-8e5f-b6419f246ba9","name":"Cybereason INC Ransomware November 2023","description":"Cybereason Security Research Team. (2023, November 20). Threat Alert: INC Ransomware. Retrieved June 5, 2024.","url":"https://www.cybereason.com/hubfs/dam/collateral/reports/threat-alert-inc-ransomware.pdf","source":"MITRE","title":"Threat Alert: INC Ransomware","authors":"Cybereason Security Research Team","date_accessed":"2024-06-05T00:00:00Z","date_published":"2023-11-20T00:00:00Z","owner_name":null,"tidal_id":"139dc01a-bf81-5876-9b0a-78015d8be30f","created":"2024-10-31T16:28:31.375211Z","modified":"2025-12-17T15:08:36.438846Z"},{"id":"67dd04dd-c0e0-49e6-9341-4e445d660641","name":"Aqua Kinsing April 2020","description":"Singer, G. (2020, April 3). Threat Alert: Kinsing Malware Attacks Targeting Container Environments. Retrieved April 1, 2021.","url":"https://blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability","source":"MITRE","title":"Threat Alert: Kinsing Malware Attacks Targeting Container Environments","authors":"Singer, G","date_accessed":"2021-04-01T00:00:00Z","date_published":"2020-04-03T00:00:00Z","owner_name":null,"tidal_id":"2e0c63b7-0d98-59c4-80cc-d27d4ab34a87","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421795Z"},{"id":"b852abd1-9017-5725-bded-b753d8e93c5c","name":"Aquasec Kinsing 2020","description":"Gal Singer. (2020, April 3). Threat Alert: Kinsing Malware Attacks Targeting Container Environments. Retrieved May 22, 2025.","url":"https://www.aquasec.com/blog/threat-alert-kinsing-malware-container-vulnerability/","source":"MITRE","title":"Threat Alert: Kinsing Malware Attacks Targeting Container Environments","authors":"Gal Singer","date_accessed":"2025-05-22T00:00:00Z","date_published":"2020-04-03T00:00:00Z","owner_name":null,"tidal_id":"96737201-2ff3-5475-a0dd-0979f7a5a703","created":"2025-10-29T21:08:48.165803Z","modified":"2025-12-17T15:08:36.427321Z"},{"id":"97e2c881-ddad-41fe-9af5-808e86d92f2a","name":"cybereason.com January 1 2025","description":"Cybereason Security Services Team. (2025, January 1). THREAT ANALYSIS Beast Ransomware. Retrieved August 12, 2025.","url":"https://www.cybereason.com/blog/threat-analysis-beast-ransomware","source":"Tidal Cyber","title":"THREAT ANALYSIS Beast Ransomware","authors":"Cybereason Security Services Team","date_accessed":"2025-08-12T12:00:00Z","date_published":"2025-01-01T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"cd3063a8-bf6d-511e-8089-f1c6b4e9eefa","created":"2025-08-14T15:16:01.850399Z","modified":"2025-08-14T15:16:02.057369Z"},{"id":"d08cf06e-6fd8-4e55-a0e2-9c9bee9da48e","name":"Cybereason LockBit 3","description":"Cybereason. (n.d.). THREAT ANALYSIS REPORT: Assemble LockBit 3.0. Retrieved December 19, 2024.","url":"https://www.cybereason.com/hubfs/dam/collateral/reports/Threat-Analysis-Assemble-LockBit-3.pdf","source":"Tidal Cyber","title":"THREAT ANALYSIS REPORT: Assemble LockBit 3.0","authors":"Cybereason","date_accessed":"2024-12-19T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"6e773cd6-646e-527d-8cc7-33088f814bbe","created":"2025-04-11T15:06:27.913149Z","modified":"2025-04-11T15:06:28.108894Z"},{"id":"ba3b9dac-e59d-5c51-a06b-b0348fb053a7","name":"Cybereason StealBit Exfiltration Tool","description":"Cybereason Global SOC Team. (n.d.). THREAT ANALYSIS REPORT: Inside the LockBit Arsenal - The StealBit Exfiltration Tool. Retrieved January 29, 2025.","url":"https://www.cybereason.com/blog/research/threat-analysis-report-inside-the-lockbit-arsenal-the-stealbit-exfiltration-tool","source":"MITRE","title":"THREAT ANALYSIS REPORT: Inside the LockBit Arsenal - The StealBit Exfiltration Tool","authors":"Cybereason Global SOC Team","date_accessed":"2025-01-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9768e6af-d8c5-5616-bca4-2e5a414d17df","created":"2025-04-22T20:47:28.695480Z","modified":"2025-12-17T15:08:36.421671Z"},{"id":"0472a7a3-45ed-52ff-8be5-384cb7bb9e44","name":"Cybereason Lockbit 2.0","description":"Cybereason Global SOC Team. (n.d.). THREAT ANALYSIS REPORT: LockBit 2.0 - All Paths Lead to Ransom. Retrieved January 24, 2025.","url":"https://www.cybereason.com/blog/threat-analysis-report-lockbit-2.0-all-paths-lead-to-ransom","source":"MITRE","title":"THREAT ANALYSIS REPORT: LockBit 2.0 - All Paths Lead to Ransom","authors":"Cybereason Global SOC Team","date_accessed":"2025-01-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"11f79ae3-7705-5afd-8546-85b21eb10cb9","created":"2025-04-22T20:47:30.857913Z","modified":"2025-12-17T15:08:36.441148Z"},{"id":"29d25b85-ae13-57d6-9e6f-d0f65783b5ac","name":"Segurança Informática URSA Sophisticated Loader 2020","description":"Pedro Tavares (Segurança Informática). (2020, September 15). Threat analysis: The emergent URSA trojan impacts many countries using a sophisticated loader. Retrieved March 13, 2024.","url":"https://seguranca-informatica.pt/threat-analysis-the-emergent-ursa-trojan-impacts-many-countries-using-a-sophisticated-loader/","source":"MITRE","title":"Threat analysis: The emergent URSA trojan impacts many countries using a sophisticated loader","authors":"Pedro Tavares (Segurança Informática)","date_accessed":"2024-03-13T00:00:00Z","date_published":"2020-09-15T00:00:00Z","owner_name":null,"tidal_id":"fc0096c3-6525-5f06-856a-3cf0228575b5","created":"2024-04-25T13:28:47.609262Z","modified":"2025-12-17T15:08:36.418447Z"},{"id":"fc9ee531-3680-549b-86e0-a10a70c3ec67","name":"Palo Alto Networks Black Basta August 2022","description":"Elsad, A. (2022, August 25). Threat Assessment: Black Basta Ransomware. Retrieved March 8, 2023.","url":"https://unit42.paloaltonetworks.com/threat-assessment-black-basta-ransomware","source":"MITRE","title":"Threat Assessment: Black Basta Ransomware","authors":"Elsad, A","date_accessed":"2023-03-08T00:00:00Z","date_published":"2022-08-25T00:00:00Z","owner_name":null,"tidal_id":"7b0b67ea-5e29-5879-8f17-0c615d24abc2","created":"2023-05-26T01:21:16.612963Z","modified":"2025-12-17T15:08:36.420282Z"},{"id":"ce48d631-757c-480b-8572-b7d9f4d738c6","name":"Unit42 Clop April 2021","description":"Santos, D. (2021, April 13). Threat Assessment: Clop Ransomware. Retrieved July 30, 2021.","url":"https://unit42.paloaltonetworks.com/clop-ransomware/","source":"MITRE","title":"Threat Assessment: Clop Ransomware","authors":"Santos, D","date_accessed":"2021-07-30T00:00:00Z","date_published":"2021-04-13T00:00:00Z","owner_name":null,"tidal_id":"22eb4d2d-1f6d-5436-a9c3-210a66cc7814","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421567Z"},{"id":"dcdd4e48-3c3d-4008-a6f6-390f896f147b","name":"Palo Alto Unit 42 EKANS","description":"Hinchliffe, A. Santos, D. (2020, June 26). Threat Assessment: EKANS Ransomware. Retrieved February 9, 2021.","url":"https://unit42.paloaltonetworks.com/threat-assessment-ekans-ransomware/","source":"MITRE","title":"Threat Assessment: EKANS Ransomware","authors":"Hinchliffe, A. Santos, D","date_accessed":"2021-02-09T00:00:00Z","date_published":"2020-06-26T00:00:00Z","owner_name":null,"tidal_id":"214d6094-22ac-51d1-961c-472df7314755","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416479Z"},{"id":"3d0c4862-a67e-4f8e-8045-05596854f14b","name":"Unit 42 December 2 2024","description":"Yoav Zemah. (2024, December 2). Threat Assessment Howling Scorpius (Akira Ransomware). Retrieved December 3, 2024.","url":"https://unit42.paloaltonetworks.com/threat-assessment-howling-scorpius-akira-ransomware/","source":"Tidal Cyber","title":"Threat Assessment Howling Scorpius (Akira Ransomware)","authors":"Yoav Zemah","date_accessed":"2024-12-03T00:00:00Z","date_published":"2024-12-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"536d0c42-67c0-5774-bc74-b4cbae3df209","created":"2024-12-10T14:32:49.416565Z","modified":"2024-12-10T14:32:49.769247Z"},{"id":"26d3e738-8921-51bc-a71c-7e74278a6a78","name":"Palo Alto Howling Scorpius DEC 2024","description":"Zemah, Y. (2024, December 2). Threat Assessment: Howling Scorpius (Akira Ransomware). Retrieved January 8, 2025.","url":"https://unit42.paloaltonetworks.com/threat-assessment-howling-scorpius-akira-ransomware/","source":"MITRE","title":"Threat Assessment: Howling Scorpius (Akira Ransomware)","authors":"Zemah, Y","date_accessed":"2025-01-08T00:00:00Z","date_published":"2024-12-02T00:00:00Z","owner_name":null,"tidal_id":"9b5a3b7a-9e8d-5310-9601-3547a0898a82","created":"2025-04-22T20:47:23.811122Z","modified":"2025-12-17T15:08:36.418482Z"},{"id":"042f51db-c9f3-4827-883d-d7e7422fd642","name":"Unit42 Luna Moth November 21 2022","description":"Kristopher Russo. (2022, November 21). Threat Assessment: Luna Moth Callback Phishing Campaign. Retrieved June 28, 2024.","url":"https://unit42.paloaltonetworks.com/luna-moth-callback-phishing/","source":"Tidal Cyber","title":"Threat Assessment: Luna Moth Callback Phishing Campaign","authors":"Kristopher Russo","date_accessed":"2024-06-28T00:00:00Z","date_published":"2022-11-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"53ddbd9f-df98-5923-a1af-6e14d284072f","created":"2024-06-28T17:22:19.007936Z","modified":"2024-06-28T17:22:19.175541Z"},{"id":"e55dc11d-ccc0-5f89-8f42-0cd5f5e0f128","name":"Unit42 DPRK Threat Groups 2024","description":"Unit 42. (2024, September 9). Threat Assessment: North Korean Threat Groups. Retrieved August 25, 2025.","url":"https://unit42.paloaltonetworks.com/threat-assessment-north-korean-threat-groups-2024/","source":"MITRE","title":"Threat Assessment: North Korean Threat Groups","authors":"Unit 42","date_accessed":"2025-08-25T00:00:00Z","date_published":"2024-09-09T00:00:00Z","owner_name":null,"tidal_id":"fe7e3c4d-d544-5300-affb-4dc475aecace","created":"2025-10-29T21:08:48.167326Z","modified":"2025-12-17T15:08:36.439601Z"},{"id":"0e17c3e9-39ad-5836-9957-9084c5e72db6","name":"Unit42 3cx supply chain 2023","description":"Robert Falcone, Josh Grunzweig. (2023, March 30). Threat Brief: 3CXDesktopApp Supply Chain Attack. Retrieved September 15, 2025.","url":"https://unit42.paloaltonetworks.com/3cxdesktopapp-supply-chain-attack/","source":"MITRE","title":"Threat Brief: 3CXDesktopApp Supply Chain Attack","authors":"Robert Falcone, Josh Grunzweig","date_accessed":"2025-09-15T00:00:00Z","date_published":"2023-03-30T00:00:00Z","owner_name":null,"tidal_id":"3b38a3eb-1e82-5fe9-8cd2-26b9123c5ad8","created":"2025-10-29T21:08:48.167754Z","modified":"2025-12-17T15:08:36.441973Z"},{"id":"50f4c1ed-b046-405a-963d-a113324355a3","name":"UNIT 42 LAPSUS Mar 2022","description":"UNIT 42. (2022, March 24). Threat Brief: Lapsus$ Group. Retrieved May 17, 2022.","url":"https://unit42.paloaltonetworks.com/lapsus-group/","source":"MITRE","title":"Threat Brief: Lapsus$ Group","authors":"UNIT 42","date_accessed":"2022-05-17T00:00:00Z","date_published":"2022-03-24T00:00:00Z","owner_name":null,"tidal_id":"39bc6654-32c6-59c5-9678-db8d863ad92b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438643Z"},{"id":"3daa8c9e-da17-4eda-aa0d-df97c5de8f64","name":"Unit 42 WhisperGate January 2022","description":"Falcone, R. et al.. (2022, January 20). Threat Brief: Ongoing Russia and Ukraine Cyber Conflict. Retrieved March 10, 2022.","url":"https://unit42.paloaltonetworks.com/ukraine-cyber-conflict-cve-2021-32648-whispergate/#whispergate-malware-family","source":"MITRE","title":"Threat Brief: Ongoing Russia and Ukraine Cyber Conflict","authors":"Falcone, R. et al.","date_accessed":"2022-03-10T00:00:00Z","date_published":"2022-01-20T00:00:00Z","owner_name":null,"tidal_id":"a43253e4-fb84-594e-a81c-f96f978a2b27","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418239Z"},{"id":"38c713c2-06ad-4f97-b08a-4a97bc6bcd11","name":"Unit 42 November 18 2024","description":"Unit. (2024, November 18). Threat Brief Operation Lunar Peek, Activity Related to CVE-2024-0012. Retrieved November 19, 2024.","url":"https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/","source":"Tidal Cyber","title":"Threat Brief Operation Lunar Peek, Activity Related to CVE-2024-0012","authors":"Unit","date_accessed":"2024-11-19T00:00:00Z","date_published":"2024-11-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"26b5bf7c-06e4-569c-89d0-b348fdce5760","created":"2024-12-02T20:28:32.945435Z","modified":"2024-12-02T20:28:33.148967Z"},{"id":"3aafba02-9807-5977-8b42-ec02fd8dee5e","name":"Palo Alto MidnightEclipse APR 2024","description":"Unit 42. (2024, April 12). Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 . Retrieved January 15, 2025.","url":"https://unit42.paloaltonetworks.com/cve-2024-3400/","source":"MITRE","title":"Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400","authors":"Unit 42","date_accessed":"2025-01-15T00:00:00Z","date_published":"2024-04-12T00:00:00Z","owner_name":null,"tidal_id":"1d496191-f1bb-5fb0-a94b-4430ae78d2d1","created":"2025-04-22T20:47:21.697742Z","modified":"2025-12-17T15:08:36.417388Z"},{"id":"5e1db76a-0a3e-42ce-a66c-f914fb1a3471","name":"Unit 42 DGA Feb 2019","description":"Unit 42. (2019, February 7). Threat Brief: Understanding Domain Generation Algorithms (DGA). Retrieved February 19, 2019.","url":"https://unit42.paloaltonetworks.com/threat-brief-understanding-domain-generation-algorithms-dga/","source":"MITRE","title":"Threat Brief: Understanding Domain Generation Algorithms (DGA)","authors":"Unit 42","date_accessed":"2019-02-19T00:00:00Z","date_published":"2019-02-07T00:00:00Z","owner_name":null,"tidal_id":"dccf69a9-6bde-5051-9c73-bccb85a790dc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425194Z"},{"id":"bcfe9d10-11fe-4241-8262-bce07e8a11c1","name":"Red Canary TDR ChromeLoader","description":"Red Canary. (n.d.). Threat: ChromeLoader. Retrieved September 26, 2024.","url":"https://redcanary.com/threat-detection-report/threats/chromeloader/","source":"Tidal Cyber","title":"Threat: ChromeLoader","authors":"Red Canary","date_accessed":"2024-09-26T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"9045a142-9b92-5b27-b7f2-78bb1158e1db","created":"2024-09-27T16:59:18.678216Z","modified":"2024-09-27T16:59:19.327599Z"},{"id":"dfd2d832-a6c5-40e7-a554-5a92f05bebae","name":"Dell TG-3390","description":"Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, August 5). Threat Group-3390 Targets Organizations for Cyberespionage. Retrieved August 18, 2018.","url":"https://www.secureworks.com/research/threat-group-3390-targets-organizations-for-cyberespionage","source":"MITRE, Tidal Cyber","title":"Threat Group-3390 Targets Organizations for Cyberespionage","authors":"Dell SecureWorks Counter Threat Unit Threat Intelligence","date_accessed":"2018-08-18T00:00:00Z","date_published":"2015-08-05T00:00:00Z","owner_name":null,"tidal_id":"b7bc9eec-e1fe-5a9e-93fb-423b35535621","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.259010Z"},{"id":"5f401c82-4e16-43a1-b234-48918fe7df9f","name":"SecureWorks TG-4127","description":"SecureWorks Counter Threat Unit Threat Intelligence. (2016, June 16). Threat Group-4127 Targets Hillary Clinton Presidential Campaign. Retrieved August 3, 2016.","url":"https://www.secureworks.com/research/threat-group-4127-targets-hillary-clinton-presidential-campaign","source":"MITRE","title":"Threat Group-4127 Targets Hillary Clinton Presidential Campaign","authors":"SecureWorks Counter Threat Unit Threat Intelligence","date_accessed":"2016-08-03T00:00:00Z","date_published":"2016-06-16T00:00:00Z","owner_name":null,"tidal_id":"2d6a595c-cc0a-5773-95e4-7d0dcdf853b5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437956Z"},{"id":"8670f4ee-7491-4c37-9832-99d6f8f54ba8","name":"McAfee APT28 DDE1 Nov 2017","description":"Sherstobitoff, R., Rea, M. (2017, November 7). Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack. Retrieved November 21, 2017.","url":"https://securingtomorrow.mcafee.com/mcafee-labs/apt28-threat-group-adopts-dde-technique-nyc-attack-theme-in-latest-campaign/","source":"MITRE","title":"Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack","authors":"Sherstobitoff, R., Rea, M","date_accessed":"2017-11-21T00:00:00Z","date_published":"2017-11-07T00:00:00Z","owner_name":null,"tidal_id":"b9a94d92-4049-5100-a544-c164428cf26c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441116Z"},{"id":"5e9842ae-180f-4645-a5f5-5ddfb8b2d810","name":"Unit 42 9 15 2023","description":"Amer Elsad; Kristopher Russo; Austin Dever. (2023, September 15). Threat Group Assessment Muddled Libra (Updated). Retrieved January 1, 2024.","url":"https://unit42.paloaltonetworks.com/muddled-libra/","source":"Tidal Cyber","title":"Threat Group Assessment Muddled Libra (Updated)","authors":"Amer Elsad; Kristopher Russo; Austin Dever","date_accessed":"2024-01-01T00:00:00Z","date_published":"2023-09-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ade1a132-8c6e-5df1-8879-0e948b228141","created":"2024-05-23T19:24:36.265150Z","modified":"2024-05-23T19:24:36.479293Z"},{"id":"bcc4f7d1-5cce-47eb-8182-cfe0ff79739a","name":"Unit 42 May 16 2025","description":"Amer Elsad; Kristopher Russo; Austin Dever. (2025, May 16). Threat Group Assessment Muddled Libra (Updated May 16, 2025). Retrieved June 3, 2025.","url":"https://unit42.paloaltonetworks.com/muddled-libra/","source":"Tidal Cyber","title":"Threat Group Assessment Muddled Libra (Updated May 16, 2025)","authors":"Amer Elsad; Kristopher Russo; Austin Dever","date_accessed":"2025-06-03T00:00:00Z","date_published":"2025-05-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f1cf96bf-9736-5abb-89a8-34e1e036d110","created":"2025-06-10T15:50:13.578544Z","modified":"2025-06-10T15:50:14.255332Z"},{"id":"2e91f690-86d2-51c4-9cae-c2dabfed7cc2","name":"Intel471 Medusa Ransomware May 2025","description":"Intel471. (2025, May 14). Threat hunting case study: Medusa ransomware. Retrieved October 15, 2025.","url":"https://www.intel471.com/blog/threat-hunting-case-study-medusa-ransomware","source":"MITRE","title":"Threat hunting case study: Medusa ransomware","authors":"Intel471","date_accessed":"2025-10-15T00:00:00Z","date_published":"2025-05-14T00:00:00Z","owner_name":null,"tidal_id":"4b14c8b5-8a8f-5b2c-9fdf-a8e0fb15856c","created":"2025-10-29T21:08:48.166721Z","modified":"2025-12-17T15:08:36.437320Z"},{"id":"c113cde7-5dd5-45e9-af16-3ab6ed0b1728","name":"Awake Security Avaddon","description":"Gahlot, A. (n.d.). Threat Hunting for Avaddon Ransomware. Retrieved August 19, 2021.","url":"https://awakesecurity.com/blog/threat-hunting-for-avaddon-ransomware/","source":"MITRE","title":"Threat Hunting for Avaddon Ransomware","authors":"Gahlot, A","date_accessed":"2021-08-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"345e66c2-11d6-5fd2-b4db-ee2f166eb591","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418771Z"},{"id":"fa3762ce-3e60-4991-b464-12601d2a6912","name":"Awake Security C2 Cloud","description":"Gary Golomb and Tory Kei. (n.d.). Threat Hunting Series: Detecting Command & Control in the Cloud. Retrieved May 27, 2022.","url":"https://awakesecurity.com/blog/threat-hunting-series-detecting-command-control-in-the-cloud/","source":"MITRE","title":"Threat Hunting Series: Detecting Command & Control in the Cloud","authors":"Gary Golomb and Tory Kei","date_accessed":"2022-05-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3ffc6080-31b3-526a-ab16-c1d1b38bbb18","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428189Z"},{"id":"b12e0288-48cd-46ec-8305-0f4d050782f2","name":"Detecting Command & Control in the Cloud","description":"Gary Golomb. (n.d.). Threat Hunting Series: Detecting Command & Control in the Cloud. Retrieved July 8, 2022.","url":"https://awakesecurity.com/blog/threat-hunting-series-detecting-command-control-in-the-cloud/","source":"MITRE","title":"Threat Hunting Series: Detecting Command & Control in the Cloud","authors":"Gary Golomb","date_accessed":"2022-07-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7bedd486-ef0f-50bd-ab06-17e540aa862b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424111Z"},{"id":"9399efb7-e91c-4acb-8b0f-6cde20592198","name":"redpiranha.net March 17 2025","description":"redpiranha.net. (2025, March 17). Threat Intelligence Report March 11 - March 17 2025. Retrieved April 4, 2025.","url":"https://redpiranha.net/news/threat-intelligence-report-march-11-march-17-2025","source":"Tidal Cyber","title":"Threat Intelligence Report March 11 - March 17 2025","authors":"redpiranha.net","date_accessed":"2025-04-04T00:00:00Z","date_published":"2025-03-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f0d252f1-0aee-50a2-b328-88670c8e639c","created":"2025-04-08T16:38:25.910450Z","modified":"2025-04-08T16:38:26.411514Z"},{"id":"43fab719-e348-4902-8df3-8807765b95f0","name":"Threat Matrix for Kubernetes","description":"Weizman, Y. (2020, April 2). Threat Matrix for Kubernetes. Retrieved March 30, 2021.","url":"https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/","source":"MITRE","title":"Threat Matrix for Kubernetes","authors":"Weizman, Y","date_accessed":"2021-03-30T00:00:00Z","date_published":"2020-04-02T00:00:00Z","owner_name":null,"tidal_id":"94b83f90-5644-5b60-825e-feead3e8376d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425154Z"},{"id":"b741fe9a-4b08-44b9-b6e7-5988eee486a3","name":"SecureWorks BRONZE MOHAWK n.d.","description":"SecureWorks. (n.d.). Threat Profile - BRONZE MOHAWK. Retrieved August 24, 2021.","url":"https://www.secureworks.com/research/threat-profiles/bronze-mohawk","source":"MITRE","title":"Threat Profile - BRONZE MOHAWK","authors":"SecureWorks","date_accessed":"2021-08-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8e45c281-5b42-5e36-aec5-b8addbb5a23c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438458Z"},{"id":"18a56020-b2ff-480e-8c7b-995e9829ed34","name":"Blackpoint Cyber Qilin August 2024","description":"Blackpoint Cyber. (2024, August 1). Threat Profile: Qilin Ransomware. Retrieved September 12, 2025.","url":"https://blackpointcyber.com/wp-content/uploads/2024/08/Qilin-Ransomware-Threat-Profile_Adversary-Pursuit-Group-Blackpoint-Cyber_2024Q3.pdf","source":"Tidal Cyber","title":"Threat Profile: Qilin Ransomware","authors":"Blackpoint Cyber","date_accessed":"2025-09-12T12:00:00Z","date_published":"2024-08-01T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8090aa95-5765-5b0d-867a-576d1aa49fb4","created":"2025-09-15T19:13:22.342751Z","modified":"2025-09-15T19:13:22.506042Z"},{"id":"34a23b22-2d39-47cc-a1e9-47f7f490dcbd","name":"ESET T3 Threat Report 2021","description":"ESET. (2022, February). THREAT REPORT T3 2021. Retrieved February 10, 2022.","url":"https://www.welivesecurity.com/wp-content/uploads/2022/02/eset_threat_report_t32021.pdf","source":"MITRE","title":"THREAT REPORT T3 2021","authors":"ESET","date_accessed":"2022-02-10T00:00:00Z","date_published":"2022-02-01T00:00:00Z","owner_name":null,"tidal_id":"525c8734-c216-5a8b-86cc-fb68e84789c7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441195Z"},{"id":"314a9db4-8a16-4732-aa23-b24b38897943","name":"Securonix January 05 2026","description":"None Identified. (2026, January 5). Threat Research: PHALT#BLYX: Fake BSODs and Trusted Build Tools - Securonix. Retrieved January 12, 2026.","url":"https://www.securonix.com/blog/analyzing-phaltblyx-how-fake-bsods-and-trusted-build-tools-are-used-to-construct-a-malware-infection/","source":"Tidal Cyber","title":"Threat Research: PHALT#BLYX: Fake BSODs and Trusted Build Tools - Securonix","authors":"None Identified","date_accessed":"2026-01-12T12:00:00Z","date_published":"2026-01-05T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"52082cd7-43b5-5f21-a313-7afb871df3ab","created":"2026-01-14T13:29:41.713884Z","modified":"2026-01-14T13:29:41.871346Z"},{"id":"21b7a7c7-55a2-4235-ba11-d34ba68d1bf5","name":"BlackBerry Amadey 2020","description":"Kasuya, M. (2020, January 8). Threat Spotlight: Amadey Bot Targets Non-Russian Users. Retrieved July 14, 2022.","url":"https://blogs.blackberry.com/en/2020/01/threat-spotlight-amadey-bot","source":"MITRE","title":"Threat Spotlight: Amadey Bot Targets Non-Russian Users","authors":"Kasuya, M","date_accessed":"2022-07-14T00:00:00Z","date_published":"2020-01-08T00:00:00Z","owner_name":null,"tidal_id":"b98b2b80-c3b7-52c8-9207-2fa2316bed43","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416671Z"},{"id":"0b10d7d4-9c18-4fd8-933a-b46e41d618ab","name":"CiscoAngler","description":"Nick Biasini. (2015, March 3). Threat Spotlight: Angler Lurking in the Domain Shadows. Retrieved March 6, 2017.","url":"https://blogs.cisco.com/security/talos/angler-domain-shadowing","source":"MITRE","title":"Threat Spotlight: Angler Lurking in the Domain Shadows","authors":"Nick Biasini","date_accessed":"2017-03-06T00:00:00Z","date_published":"2015-03-03T00:00:00Z","owner_name":null,"tidal_id":"5f6a12e3-e37e-5c4f-85a5-6897a448b8c0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434304Z"},{"id":"dc98c7ce-0a3f-5f35-9885-6c1c73e5858d","name":"Talos IPFS 2022","description":"Edmund Brumaghin. (2022, November 9). Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns. Retrieved March 8, 2023.","url":"https://blog.talosintelligence.com/ipfs-abuse/","source":"MITRE","title":"Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns","authors":"Edmund Brumaghin","date_accessed":"2023-03-08T00:00:00Z","date_published":"2022-11-09T00:00:00Z","owner_name":null,"tidal_id":"0e4ae0f3-8092-5bb3-9ead-ebc9c0d4cf84","created":"2023-05-26T01:21:04.740850Z","modified":"2025-12-17T15:08:36.428273Z"},{"id":"b9201737-ef72-46d4-8e86-89fee5b98aa8","name":"Cisco Group 72","description":"Esler, J., Lee, M., and Williams, C. (2014, October 14). Threat Spotlight: Group 72. Retrieved January 14, 2016.","url":"http://blogs.cisco.com/security/talos/threat-spotlight-group-72","source":"MITRE","title":"Threat Spotlight: Group 72","authors":"Esler, J., Lee, M., and Williams, C","date_accessed":"2016-01-14T00:00:00Z","date_published":"2014-10-14T00:00:00Z","owner_name":null,"tidal_id":"615724f4-fc53-5be0-b470-757b8c9f1477","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439219Z"},{"id":"41c20013-71b3-4957-98f0-fb919014c93e","name":"Talos ZxShell Oct 2014","description":"Allievi, A., et al. (2014, October 28). Threat Spotlight: Group 72, Opening the ZxShell. Retrieved September 24, 2019.","url":"https://blogs.cisco.com/security/talos/opening-zxshell","source":"MITRE","title":"Threat Spotlight: Group 72, Opening the ZxShell","authors":"Allievi, A., et al","date_accessed":"2019-09-24T00:00:00Z","date_published":"2014-10-28T00:00:00Z","owner_name":null,"tidal_id":"2d7f38df-bca7-5868-bb33-edeab4a578d5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421686Z"},{"id":"fcf4abe4-5ea9-555c-a5cf-2104844e93df","name":"RELIAQUEST","description":"RELIAQUEST THREAT RESEARCH TEAM. (2025, April 11). Threat Spotlight: Hijacked and Hidden: New Backdoor and Persistence Technique. Retrieved June 27, 2025.","url":"https://reliaquest.com/blog/threat-spotlight-hijacked-and-hidden-new-backdoor-and-persistence-technique/","source":"MITRE","title":"Threat Spotlight: Hijacked and Hidden: New Backdoor and Persistence Technique","authors":"RELIAQUEST THREAT RESEARCH TEAM","date_accessed":"2025-06-27T00:00:00Z","date_published":"2025-04-11T00:00:00Z","owner_name":null,"tidal_id":"b8683ae1-3b4f-52ca-9a61-f885b15f5439","created":"2025-10-29T21:08:48.166340Z","modified":"2025-12-17T15:08:36.434056Z"},{"id":"8bee2689-dfd8-45b2-b8dd-e87ab3ade0ec","name":"Infinitum IT LockBit 3.0","description":"Infinitum IT. (n.d.). Threat Spotlight: Lockbit Black 3.0 Ransomware. Retrieved May 19, 2023.","url":"https://raw.githubusercontent.com/whichbuffer/Lockbit-Black-3.0/main/Threat%20Spotlight%20Lockbit%20Black%203.0%20Ransomware.pdf","source":"Tidal Cyber","title":"Threat Spotlight: Lockbit Black 3.0 Ransomware","authors":"Infinitum IT","date_accessed":"2023-05-19T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"47f4899d-a4f6-56d8-8dea-c4b39991784f","created":"2023-08-18T18:56:13.939285Z","modified":"2023-08-18T18:56:14.067788Z"},{"id":"d01a6573-49f4-415b-a778-778d08255afd","name":"ReliaQuest December 09 2025","description":"None Identified. (2025, December 9). Threat Spotlight: Storm-0249 Moves from Mass Phishing to Precision EDR Exploitation. Retrieved December 15, 2025.","url":"https://reliaquest.com/blog/threat-spotlight-storm-0249-precision-endpoint-exploitation/","source":"Tidal Cyber","title":"Threat Spotlight: Storm-0249 Moves from Mass Phishing to Precision EDR Exploitation","authors":"None Identified","date_accessed":"2025-12-15T12:00:00Z","date_published":"2025-12-09T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bef481ca-a848-5604-b40e-908b37775cd8","created":"2025-12-17T14:17:43.255310Z","modified":"2025-12-17T14:17:43.395570Z"},{"id":"309066ba-5bcb-5960-97e1-738ea8891175","name":"BlackBerry WhisperGate 2022","description":"BlackBerry Research and Intelligence Team. (2022, February 3). Threat Spotlight: WhisperGate Wiper Wreaks Havoc in Ukraine. Retrieved March 18, 2025.","url":"https://blogs.blackberry.com/en/2022/02/threat-spotlight-whispergate-wiper-wreaks-havoc-in-ukraine","source":"MITRE","title":"Threat Spotlight: WhisperGate Wiper Wreaks Havoc in Ukraine","authors":"BlackBerry Research and Intelligence Team","date_accessed":"2025-03-18T00:00:00Z","date_published":"2022-02-03T00:00:00Z","owner_name":null,"tidal_id":"de3842b0-149a-5817-86ea-3124764d3b24","created":"2025-04-22T20:47:17.971116Z","modified":"2025-12-17T15:08:36.433389Z"},{"id":"08186ff9-6ca5-4c09-b5e7-b883eb15fdba","name":"BlackBerry SystemBC June 10 2021","description":"The BlackBerry Research & Intelligence Team. (2021, June 10). Threat Thursday: SystemBC – a RAT in the Pipeline. Retrieved September 21, 2023.","url":"https://blogs.blackberry.com/en/2021/06/threat-thursday-systembc-a-rat-in-the-pipeline","source":"Tidal Cyber","title":"Threat Thursday: SystemBC – a RAT in the Pipeline","authors":"The BlackBerry Research & Intelligence Team","date_accessed":"2023-09-21T00:00:00Z","date_published":"2021-06-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4d407f53-ad7b-5f4a-80fa-05afa251e8b0","created":"2023-09-22T15:01:25.002197Z","modified":"2023-09-22T15:01:25.134009Z"},{"id":"d702653f-a9da-4a36-8f84-97caeb445266","name":"DOJ North Korea Indictment Feb 2021","description":"Department of Justice. (2021, February 17). Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe. Retrieved June 9, 2021.","url":"https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and","source":"MITRE","title":"Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe","authors":"Department of Justice","date_accessed":"2021-06-09T00:00:00Z","date_published":"2021-02-17T00:00:00Z","owner_name":null,"tidal_id":"6e5cb294-9e33-5077-a196-d49b083109a4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438292Z"},{"id":"482a6946-b663-4789-a31f-83fb2132118d","name":"Symantec Thrip June 2018","description":"Security Response Attack Investigation Team. (2018, June 19). Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies. Retrieved July 10, 2018.","url":"https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets","source":"MITRE, Tidal Cyber","title":"Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies","authors":"Security Response Attack Investigation Team","date_accessed":"2018-07-10T00:00:00Z","date_published":"2018-06-19T00:00:00Z","owner_name":null,"tidal_id":"dd185210-90a6-5130-ab36-4afe09270af9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.280212Z"},{"id":"585827a8-1f03-439d-b66e-ad5290117c1b","name":"FireEye Bootkits","description":"Andonov, D., et al. (2015, December 7). Thriving Beyond The Operating System: Financial Threat Group Targets Volume Boot Record. Retrieved May 13, 2016.","url":"https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html","source":"MITRE","title":"Thriving Beyond The Operating System: Financial Threat Group Targets Volume Boot Record","authors":"Andonov, D., et al","date_accessed":"2016-05-13T00:00:00Z","date_published":"2015-12-07T00:00:00Z","owner_name":null,"tidal_id":"f93d62b9-8e60-566a-acf9-9394dd763d5b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421616Z"},{"id":"6ab2cfa1-230f-498e-8049-fcdd2f7296dd","name":"SpecterOps AWS Traffic Mirroring","description":"Luke Paine. (2020, March 11). Through the Looking Glass — Part 1. Retrieved March 17, 2022.","url":"https://posts.specterops.io/through-the-looking-glass-part-1-f539ae308512","source":"MITRE","title":"Through the Looking Glass — Part 1","authors":"Luke Paine","date_accessed":"2022-03-17T00:00:00Z","date_published":"2020-03-11T00:00:00Z","owner_name":null,"tidal_id":"68b7b9bb-6cc0-5430-9890-a085ac4b5cb9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427368Z"},{"id":"1be27354-1326-4568-b26a-d0034acecba2","name":"Ossmann Star Feb 2011","description":"Michael Ossmann. (2011, February 17). Throwing Star LAN Tap. Retrieved March 30, 2018.","url":"https://ossmann.blogspot.com/2011/02/throwing-star-lan-tap.html","source":"MITRE","title":"Throwing Star LAN Tap","authors":"Michael Ossmann","date_accessed":"2018-03-30T00:00:00Z","date_published":"2011-02-17T00:00:00Z","owner_name":null,"tidal_id":"610486d7-76aa-505b-9932-fce1d55842f4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435098Z"},{"id":"c049ac17-1fa9-42ff-9220-1ed40890dc77","name":"Trend Micro April 05 2022","description":"Trend Micro. (2022, April 5). Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload. Retrieved May 7, 2023.","url":"https://www.trendmicro.com/de_de/research/22/d/Thwarting-Loaders-From-SocGholish-to-BLISTERs-LockBit-Payload.html","source":"Tidal Cyber","title":"Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload","authors":"Trend Micro","date_accessed":"2023-05-07T00:00:00Z","date_published":"2022-04-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8eb70d12-1542-5ca8-a723-daecebfd4a73","created":"2024-06-13T20:10:14.608912Z","modified":"2024-06-13T20:10:14.797084Z"},{"id":"a4e5bd7e-3fb9-54d8-b557-9f41129cca70","name":"trendmicro_tianyspy_0122","description":"Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January","url":"https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html","source":"Mobile","title":"TianySpy Malware Uses Smishing Disguised as Message From Telco","authors":"Trend Micro","date_accessed":"1978-01-01T00:00:00Z","date_published":"2022-01-25T00:00:00Z","owner_name":null,"tidal_id":"b66298a0-b998-597a-877e-7d3db5f64d27","created":"2026-01-28T13:08:10.042439Z","modified":"2026-01-28T13:08:10.042442Z"},{"id":"3e29cacc-2c05-4f35-8dd1-948f8aee6713","name":"Symantec Tick Apr 2016","description":"DiMaggio, J. (2016, April 28). Tick cyberespionage group zeros in on Japan. Retrieved July 16, 2018.","url":"https://www.symantec.com/connect/blogs/tick-cyberespionage-group-zeros-japan","source":"MITRE","title":"Tick cyberespionage group zeros in on Japan","authors":"DiMaggio, J","date_accessed":"2018-07-16T00:00:00Z","date_published":"2016-04-28T00:00:00Z","owner_name":null,"tidal_id":"1083119e-5d2f-535c-a1bd-3e4e96b5e4ce","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438342Z"},{"id":"e1725230-4f6c-47c5-8e30-90dfb01a75d7","name":"TightVNC Software Project Page","description":"TightVNC Software. (n.d.). TightVNC Software. Retrieved July 10, 2023.","url":"https://www.tightvnc.com/","source":"Tidal Cyber","title":"TightVNC Software","authors":"TightVNC Software","date_accessed":"2023-07-10T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"fe02e1d6-4df9-5679-a333-fc2744f8ad93","created":"2023-07-14T12:56:33.162529Z","modified":"2023-07-14T12:56:33.272741Z"},{"id":"190c2ec5-ed70-5281-95b8-9036ad333cd4","name":"Zscaler TikTok Spyware","description":"S. Desai. (2020, September 8). TikTok Spyware. Retrieved January","url":"https://www.zscaler.com/blogs/security-research/tiktok-spyware","source":"Mobile","title":"TikTok Spyware","authors":"S. Desai","date_accessed":"1978-01-01T00:00:00Z","date_published":"2020-09-08T00:00:00Z","owner_name":null,"tidal_id":"590bfa80-fc5c-513e-93cc-8a24d46601ca","created":"2026-01-28T13:08:10.041696Z","modified":"2026-01-28T13:08:10.041699Z"},{"id":"cd369bf9-80a8-426f-a0aa-c9745b40696c","name":"AnyRun TimeBomb","description":"Malicious History. (2020, September 17). Time Bombs: Malware With Delayed Execution. Retrieved April 22, 2021.","url":"https://any.run/cybersecurity-blog/time-bombs-malware-with-delayed-execution/","source":"MITRE","title":"Time Bombs: Malware With Delayed Execution","authors":"Malicious History","date_accessed":"2021-04-22T00:00:00Z","date_published":"2020-09-17T00:00:00Z","owner_name":null,"tidal_id":"4952ddd9-6999-58c9-9520-71a9c54c90d1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436493Z"},{"id":"cf7c1db8-6282-4ccd-9609-5a012faf70d6","name":"Microsoft TimeProvider","description":"Microsoft. (n.d.). Time Provider. Retrieved March 26, 2018.","url":"https://msdn.microsoft.com/library/windows/desktop/ms725475.aspx","source":"MITRE","title":"Time Provider","authors":"Microsoft","date_accessed":"2018-03-26T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e85c52cc-2f37-5928-aa4f-61e0b510114e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426002Z"},{"id":"a9513253-630f-5535-a439-cf7655f4698b","name":"API","description":"Vishavjit Singh. (2023, June 22). TIMESTOMPING EXPLAINED ON API LEVEL. Retrieved June 20, 2024.","url":"https://medium.com/@vishavjitsingh.csi/timestomping-explained-on-api-level-f0c219cf3dc9","source":"MITRE","title":"TIMESTOMPING EXPLAINED ON API LEVEL","authors":"Vishavjit Singh","date_accessed":"2024-06-20T00:00:00Z","date_published":"2023-06-22T00:00:00Z","owner_name":null,"tidal_id":"60f4961f-4bb5-510d-afc5-fa8e360454f1","created":"2024-10-31T16:28:36.746795Z","modified":"2025-04-22T20:47:31.008419Z"},{"id":"94cdbd73-a31a-4ec3-aa36-de3ea077c1c7","name":"Talos TinyTurla September 2021","description":"Cisco Talos. (2021, September 21). TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines. Retrieved December 2, 2021.","url":"https://blog.talosintelligence.com/2021/09/tinyturla.html","source":"MITRE","title":"TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines","authors":"Cisco Talos","date_accessed":"2021-12-02T00:00:00Z","date_published":"2021-09-21T00:00:00Z","owner_name":null,"tidal_id":"5694f854-0084-572b-8cdd-72cda3da2ab8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417529Z"},{"id":"d7f2097f-20f8-55f1-a5e0-78cb2d74aabb","name":"CISA AA21-201A Pipeline Intrusion July 2021","description":"Department of Justice (DOJ), DHS Cybersecurity & Infrastructure Security Agency (CISA) 2021, July 20 Chinese Gas Pipeline Intrusion Campaign,. (2011). to 2013. Retrieved 2021/10/08","url":"https://us-cert.cisa.gov/sites/default/files/publications/AA21-201A_Chinese_Gas_Pipeline_Intrusion_Campaign_2011_to_2013%20(1).pdf","source":"ICS","title":"to 2013","authors":"Department of Justice (DOJ), DHS Cybersecurity & Infrastructure Security Agency (CISA) 2021, July 20 Chinese Gas Pipeline Intrusion Campaign,","date_accessed":"2021-01-01T00:00:00Z","date_published":"2011-01-01T00:00:00Z","owner_name":null,"tidal_id":"a353c94c-be59-5a3c-afac-268a76ecbde6","created":"2026-01-28T13:08:18.176707Z","modified":"2026-01-28T13:08:18.176710Z"},{"id":"0b0042cc-bd54-4944-b09a-e028bf6b2c60","name":"Google Cloud Blog October 20 2025","description":"None Identified. (2025, October 20). To Be (A Robot) or Not to Be: New Malware Attributed to Russia State-Sponsored COLDRIVER | Google Cloud Blog. Retrieved October 21, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/new-malware-russia-coldriver","source":"Tidal Cyber","title":"To Be (A Robot) or Not to Be: New Malware Attributed to Russia State-Sponsored COLDRIVER | Google Cloud Blog","authors":"None Identified","date_accessed":"2025-10-21T12:00:00Z","date_published":"2025-10-20T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"70209f4a-ac48-5c75-a9b3-c029d6b44f82","created":"2025-10-24T16:13:06.182626Z","modified":"2025-10-24T16:13:06.318351Z"},{"id":"a7ff9564-7549-448a-a83a-7ed51dca56d4","name":"Kroll March 5 2024","description":"Keith Wojcieszek; George Glass; Dave Truman. (2024, March 5). TODDLERSHARK ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant. Retrieved August 25, 2024.","url":"https://www.kroll.com/en/insights/publications/cyber/screenconnect-vulnerability-exploited-to-deploy-babyshark","source":"Tidal Cyber","title":"TODDLERSHARK ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant","authors":"Keith Wojcieszek; George Glass; Dave Truman","date_accessed":"2024-08-25T00:00:00Z","date_published":"2024-03-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"654c0eea-2ac7-568c-bf45-ede4ed8d890b","created":"2025-02-03T21:08:26.308343Z","modified":"2025-02-03T21:08:26.669596Z"},{"id":"889c7685-43ce-4156-a142-4b4605d8fec9","name":"SecureList ToddyCat November 21 2025","description":"None Identified. (2025, November 21). ToddyCat APT's new tools and techniques | Securelist. Retrieved November 21, 2025.","url":"https://securelist.com/toddycat-apt-steals-email-data-from-outlook/118044/","source":"Tidal Cyber","title":"ToddyCat APT's new tools and techniques | Securelist","authors":"None Identified","date_accessed":"2025-11-21T12:00:00Z","date_published":"2025-11-21T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"87ff1bb2-9d5a-53b9-a0ed-af6fa2a0d07a","created":"2025-12-10T14:13:40.724915Z","modified":"2025-12-10T14:13:40.893871Z"},{"id":"dbdaf320-eada-5bbb-95ab-aaa987ed7960","name":"Kaspersky ToddyCat Check Logs October 2023","description":"Dedola, G. et al. (2023, October 12). ToddyCat: Keep calm and check logs. Retrieved January 3, 2024.","url":"https://securelist.com/toddycat-keep-calm-and-check-logs/110696/","source":"MITRE","title":"ToddyCat: Keep calm and check logs","authors":"Dedola, G. et al","date_accessed":"2024-01-03T00:00:00Z","date_published":"2023-10-12T00:00:00Z","owner_name":null,"tidal_id":"64a14507-3b98-5a91-905d-0d997609b15b","created":"2024-04-25T13:28:45.646084Z","modified":"2025-12-17T15:08:36.418079Z"},{"id":"92e39558-cd2c-54c4-8930-aafdd2f14bca","name":"Mandiant_UNC2165","description":"Mandiant Intelligence. (2022, June 2). To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions. Retrieved July 29, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/unc2165-shifts-to-evade-sanctions/","source":"MITRE","title":"To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions","authors":"Mandiant Intelligence","date_accessed":"2024-07-29T00:00:00Z","date_published":"2022-06-02T00:00:00Z","owner_name":null,"tidal_id":"5b8c6846-2260-5934-a503-d33e67cee354","created":"2024-10-31T16:28:28.608291Z","modified":"2025-12-17T15:08:36.437288Z"},{"id":"243deb44-4d47-4c41-bd5d-262c4319cce5","name":"Pentestlab Token Manipulation","description":"netbiosX. (2017, April 3). Token Manipulation. Retrieved April 21, 2017.","url":"https://pentestlab.blog/2017/04/03/token-manipulation/","source":"MITRE","title":"Token Manipulation","authors":"netbiosX","date_accessed":"2017-04-21T00:00:00Z","date_published":"2017-04-03T00:00:00Z","owner_name":null,"tidal_id":"a3f1e294-8a74-5d6f-b741-0f95a07b00d6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435445Z"},{"id":"e254e336-2e3e-5bea-a9e9-0f42f333b894","name":"Token tactics","description":"Microsoft Incident Response. (2022, November 16). Token tactics: How to prevent, detect, and respond to cloud token theft. Retrieved December 26, 2023.","url":"https://www.microsoft.com/en-us/security/blog/2022/11/16/token-tactics-how-to-prevent-detect-and-respond-to-cloud-token-theft/","source":"MITRE","title":"Token tactics: How to prevent, detect, and respond to cloud token theft","authors":"Microsoft Incident Response","date_accessed":"2023-12-26T00:00:00Z","date_published":"2022-11-16T00:00:00Z","owner_name":null,"tidal_id":"fccb5a7f-3f83-581e-a2ae-d1f92e043e65","created":"2024-04-25T13:28:29.026244Z","modified":"2025-12-17T15:08:36.423928Z"},{"id":"76b99581-e94d-4e51-8110-80557474048e","name":"Langer Stuxnet","description":"Ralph Langner. (2013, November). To Kill a Centrifuge: A Technical Analysis of What Stuxnet's Creators Tried to Achieve. Retrieved December 7, 2020.","url":"https://www.langner.com/wp-content/uploads/2017/03/to-kill-a-centrifuge.pdf","source":"MITRE","title":"To Kill a Centrifuge: A Technical Analysis of What Stuxnet's Creators Tried to Achieve","authors":"Ralph Langner","date_accessed":"2020-12-07T00:00:00Z","date_published":"2013-11-01T00:00:00Z","owner_name":null,"tidal_id":"6ce046f5-a52f-542a-9bc5-500d589fce10","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416781Z"},{"id":"c54f0cac-1779-5762-8f2b-1dc2720d5a27","name":"Stuxnet - Langner - 201311","description":"Ralph Langner. (2013, November). To Kill a Centrifuge: A Technical Analysis of What Stuxnet's Creators Tried to Achieve. Retrieved March","url":"https://www.langner.com/wp-content/uploads/2017/03/to-kill-a-centrifuge.pdf","source":"ICS","title":"To Kill a Centrifuge: A Technical Analysis of What Stuxnet's Creators Tried to Achieve","authors":"Ralph Langner","date_accessed":"1978-03-01T00:00:00Z","date_published":"2013-11-01T00:00:00Z","owner_name":null,"tidal_id":"1bf1b745-10cf-55a4-8ff7-c5600be724dd","created":"2026-01-28T13:08:18.178202Z","modified":"2026-01-28T13:08:18.178205Z"},{"id":"f421ceb3-f21a-54fb-8e33-442bd9423481","name":"Langer Stuxnet Analysis Nov 2013","description":"Ralph Langner. (2013, November). To Kill a Centrifuge: A Technical Analysis of What Stuxnet's Creators Tried to Achieve. Retrieved March","url":"https://www.langner.com/wp-content/uploads/2017/03/to-kill-a-centrifuge.pdf","source":"ICS","title":"To Kill a Centrifuge: A Technical Analysis of What Stuxnet's Creators Tried to Achieve","authors":"Ralph Langner","date_accessed":"1978-03-01T00:00:00Z","date_published":"2013-11-01T00:00:00Z","owner_name":null,"tidal_id":"7188d1f2-ace7-5736-8eb8-d72246eed5fd","created":"2026-01-28T13:08:18.175593Z","modified":"2026-01-28T13:08:18.175596Z"},{"id":"79cc4424-a664-5182-8e9a-6cb7d3f3a703","name":"Tom Fakterman August 2019","description":"Tom Fakterman 2019, August 05 Sodinokibi: The Crown Prince of Ransomware. Retrieved 2021/04/12","url":"https://www.cybereason.com/blog/the-sodinokibi-ransomware-attack","source":"ICS","title":"Tom Fakterman August 2019","authors":"","date_accessed":"2021-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"587c287c-d1c0-5911-a51a-fcc2d12f703a","created":"2026-01-28T13:08:18.179329Z","modified":"2026-01-28T13:08:18.179332Z"},{"id":"140e6b01-6b98-4f82-9455-0c84b3856b86","name":"TrendMicro Tonto Team October 2020","description":"Daniel Lughi, Jaromir Horejsi. (2020, October 2). Tonto Team - Exploring the TTPs of an advanced threat actor operating a large infrastructure. Retrieved October 17, 2021.","url":"https://vb2020.vblocalhost.com/uploads/VB2020-06.pdf","source":"MITRE","title":"Tonto Team - Exploring the TTPs of an advanced threat actor operating a large infrastructure","authors":"Daniel Lughi, Jaromir Horejsi","date_accessed":"2021-10-17T00:00:00Z","date_published":"2020-10-02T00:00:00Z","owner_name":null,"tidal_id":"b484600f-9080-5e06-9298-536dd65cc0cb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439093Z"},{"id":"55290507-e007-4366-9116-bbad364c14f3","name":"Google Israel-Hamas War February 14 2024","description":"Sandra Joyce, Shane Huntley. (2024, February 14). Tool of First Resort: Israel-Hamas War in Cyber. Retrieved August 30, 2024.","url":"https://services.google.com/fh/files/misc/tool-of-first-resort-israel-hamas-war-cyber.pdf","source":"Tidal Cyber","title":"Tool of First Resort: Israel-Hamas War in Cyber","authors":"Sandra Joyce, Shane Huntley","date_accessed":"2024-08-30T00:00:00Z","date_published":"2024-02-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b3a0ec7c-1030-5520-abda-a53a54734099","created":"2024-08-30T18:11:24.258564Z","modified":"2024-08-30T18:11:24.599159Z"},{"id":"5adee7b6-feba-5954-98d8-62d7c756a591","name":"ESET ToolShell JUL 2025","description":"ESET Research. (2025, July 24). ToolShell: An all-you-can-eat buffet for threat actors. Retrieved October 15, 2025.","url":"https://www.welivesecurity.com/en/eset-research/toolshell-an-all-you-can-eat-buffet-for-threat-actors/","source":"MITRE","title":"ToolShell: An all-you-can-eat buffet for threat actors","authors":"ESET Research","date_accessed":"2025-10-15T00:00:00Z","date_published":"2025-07-24T00:00:00Z","owner_name":null,"tidal_id":"a9aebddc-8f50-5699-80b9-c03fb3cdf6c3","created":"2025-10-29T21:08:48.167225Z","modified":"2025-12-17T15:08:36.439303Z"},{"id":"99e2709e-a32a-4fbf-a20a-ffcdd8befdc8","name":"NorthSec 2015 GData Uroburos Tools","description":"Rascagneres, P. (2015, May). Tools used by the Uroburos actors. Retrieved August 18, 2016.","url":"https://docplayer.net/101655589-Tools-used-by-the-uroburos-actors.html","source":"MITRE","title":"Tools used by the Uroburos actors","authors":"Rascagneres, P","date_accessed":"2016-08-18T00:00:00Z","date_published":"2015-05-01T00:00:00Z","owner_name":null,"tidal_id":"7a5d25c5-2035-5a21-a616-465b6406bba7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421893Z"},{"id":"65b7db0a-1aeb-545b-af65-b40d043f3502","name":"TrustedSec OOB Communications","description":"Tyler Hudak. (2022, December 29). To OOB, or Not to OOB?: Why Out-of-Band Communications are Essential for Incident Response. Retrieved August 30, 2024.","url":"https://trustedsec.com/blog/to-oob-or-not-to-oob-why-out-of-band-communications-are-essential-for-incident-response","source":"MITRE","title":"To OOB, or Not to OOB?: Why Out-of-Band Communications are Essential for Incident Response","authors":"Tyler Hudak","date_accessed":"2024-08-30T00:00:00Z","date_published":"2022-12-29T00:00:00Z","owner_name":null,"tidal_id":"b8dd89a4-6909-5abe-b909-2f0279d295cf","created":"2024-10-31T16:28:17.160653Z","modified":"2025-12-17T15:08:36.415891Z"},{"id":"512974b7-b464-52af-909a-2cb880b524e5","name":"Cider Security Top 10 CICD Security Risks","description":"Daniel Krivelevich and Omer Gil. (n.d.). Top 10 CI/CD Security Risks. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20220316130828/https://www.cidersecurity.io/top-10-cicd-security-risks/","source":"MITRE","title":"Top 10 CI/CD Security Risks","authors":"Daniel Krivelevich and Omer Gil","date_accessed":"2024-11-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b03554db-5e5d-5f7e-aedd-8a81ec823db6","created":"2024-04-25T13:28:37.545580Z","modified":"2025-12-17T15:08:36.432309Z"},{"id":"a9d0570f-e35e-57b3-98f4-f1f892201941","name":"OWASP","description":"OWASP. (n.d.). Top 10 Web Application Security Risks. Retrieved 2020/09/25","url":"https://owasp.org/www-project-top-ten/","source":"ICS","title":"Top 10 Web Application Security Risks","authors":"OWASP","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"42e05216-726e-5586-82ec-382a554daaed","created":"2026-01-28T13:08:18.180447Z","modified":"2026-01-28T13:08:18.180450Z"},{"id":"7081f33b-3c07-58e4-a21b-75e3d2c263a8","name":"Sentinel Labs Top Tier Target 2025","description":"Tom Hegel, Aleksandar Milenkoski & Jim Walter. (2025, April 28). Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries. Retrieved May 22, 2025.","url":"https://www.sentinelone.com/labs/top-tier-target-what-it-takes-to-defend-a-cybersecurity-company-from-todays-adversaries/","source":"MITRE","title":"Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries","authors":"Tom Hegel, Aleksandar Milenkoski & Jim Walter","date_accessed":"2025-05-22T00:00:00Z","date_published":"2025-04-28T00:00:00Z","owner_name":null,"tidal_id":"c8c145db-c4d0-5ca4-bd59-031149bbc5c5","created":"2025-10-29T21:08:48.166153Z","modified":"2025-12-17T15:08:36.433162Z"},{"id":"8eb79355-06c6-427c-9b2f-7f8768e115ce","name":"Attack.mitre.org January 16 2018","description":"Attack.mitre.org. (2018, January 16). Tor. Retrieved December 19, 2024.","url":"https://attack.mitre.org/software/S0183/","source":"Tidal Cyber","title":"Tor","authors":"Attack.mitre.org","date_accessed":"2024-12-19T00:00:00Z","date_published":"2018-01-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"30ea07d9-f59b-535f-8a35-19c823bc06b5","created":"2025-04-11T15:06:19.430556Z","modified":"2025-04-11T15:06:19.745902Z"},{"id":"ffb6a26d-2da9-4cce-bb2d-5280e9cc16b4","name":"Dingledine Tor The Second-Generation Onion Router","description":"Roger Dingledine, Nick Mathewson and Paul Syverson. (2004). Tor: The Second-Generation Onion Router. Retrieved December 21, 2017.","url":"http://www.dtic.mil/dtic/tr/fulltext/u2/a465464.pdf","source":"MITRE","title":"Tor: The Second-Generation Onion Router","authors":"Roger Dingledine, Nick Mathewson and Paul Syverson","date_accessed":"2017-12-21T00:00:00Z","date_published":"2004-01-01T00:00:00Z","owner_name":null,"tidal_id":"bde00d1c-03c2-5c78-943c-327478ae9b69","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423477Z"},{"id":"2565fe82-5082-5032-8424-03ce7ccb1936","name":"Symantec Tortoiseshell 2019","description":"Symantec Threat Hunter Team. (2019, September 18). Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks. Retrieved May 20, 2024.","url":"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/tortoiseshell-apt-supply-chain","source":"MITRE","title":"Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks","authors":"Symantec Threat Hunter Team","date_accessed":"2024-05-20T00:00:00Z","date_published":"2019-09-18T00:00:00Z","owner_name":null,"tidal_id":"ac61e697-a372-5f00-ac6b-2d499f4696d3","created":"2024-10-31T16:28:29.514331Z","modified":"2025-12-17T15:08:36.438947Z"},{"id":"25d8bac0-9187-45db-ad96-c7bce20cef00","name":"FireEye FIN7 Shim Databases","description":"Erickson, J., McWhirt, M., Palombo, D. (2017, May 3). To SDB, Or Not To SDB: FIN7 Leveraging Shim Databases for Persistence. Retrieved July 18, 2017.","url":"https://www.fireeye.com/blog/threat-research/2017/05/fin7-shim-databases-persistence.html","source":"MITRE","title":"To SDB, Or Not To SDB: FIN7 Leveraging Shim Databases for Persistence","authors":"Erickson, J., McWhirt, M., Palombo, D","date_accessed":"2017-07-18T00:00:00Z","date_published":"2017-05-03T00:00:00Z","owner_name":null,"tidal_id":"048186af-f6bd-51ce-ac1b-0f2375514ea9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437396Z"},{"id":"85040d41-b786-5b63-a510-976bc35e8fce","name":"ESET Turla Lunar toolset May 2024","description":"Jurčacko, F. (2024, May 15). To the Moon and back(doors): Lunar landing in diplomatic missions. Retrieved June 26, 2024.","url":"https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/","source":"MITRE","title":"To the Moon and back(doors): Lunar landing in diplomatic missions","authors":"Jurčacko, F","date_accessed":"2024-06-26T00:00:00Z","date_published":"2024-05-15T00:00:00Z","owner_name":null,"tidal_id":"937b085d-95be-5425-84df-8cc2e4c3bc64","created":"2024-10-31T16:28:33.276127Z","modified":"2025-12-17T15:08:36.419221Z"},{"id":"57904909-0aa2-4758-b61b-8a4593c635b0","name":"Wikimedia Foundation Inc. January 15 2004","description":"Wikimedia Foundation Inc.. (2004, January 15). touch (command) - Wikipedia. Retrieved December 19, 2024.","url":"https://en.wikipedia.org/wiki/Touch_(command)","source":"Tidal Cyber","title":"touch (command) - Wikipedia","authors":"Wikimedia Foundation Inc.","date_accessed":"2024-12-19T00:00:00Z","date_published":"2004-01-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b8c1a079-2d99-5506-b51f-507b46fa3e70","created":"2025-04-11T15:06:16.609027Z","modified":"2025-04-11T15:06:16.778954Z"},{"id":"943cf346-e967-42de-85de-d9bb2b7ed504","name":"Tox Homepage","description":"Tox. (n.d.). Tox. Retrieved December 19, 2024.","url":"https://tox.chat/","source":"Tidal Cyber","title":"Tox","authors":"Tox","date_accessed":"2024-12-19T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"f6d29115-dde6-53e4-bbd7-f9442754d4a2","created":"2025-04-11T15:06:24.435050Z","modified":"2025-04-11T15:06:24.602787Z"},{"id":"53d1f9b0-855f-4478-9e13-a15f2dcdec9f","name":"Intezer December 19 2025","description":"Nicole Fishbein, HubSpot, Inc.. (2025, December 19). Tracing a Paper Werewolf campaign through AI-generated decoys and Excel XLLs - Intezer. Retrieved December 24, 2025.","url":"https://intezer.com/blog/tracing-a-paper-werewolf-campaign-through-ai-generated-decoys-and-excel-xlls/","source":"Tidal Cyber","title":"Tracing a Paper Werewolf campaign through AI-generated decoys and Excel XLLs - Intezer","authors":"Nicole Fishbein, HubSpot, Inc.","date_accessed":"2025-12-24T12:00:00Z","date_published":"2025-12-19T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2f022ad3-7242-5f25-86af-ddb85b873a5e","created":"2025-12-29T17:39:48.861378Z","modified":"2025-12-29T17:39:48.995029Z"},{"id":"2d1182a9-ac2c-5759-82ee-6a8cc6e23d93","name":"Krebs-Triada June 2019","description":"Krebs, B. (2019, June 25). Tracing the Supply Chain Attack on Android. Retrieved July","url":"https://krebsonsecurity.com/2019/06/tracing-the-supply-chain-attack-on-android-2/","source":"Mobile","title":"Tracing the Supply Chain Attack on Android","authors":"Krebs, B","date_accessed":"1978-07-01T00:00:00Z","date_published":"2019-06-25T00:00:00Z","owner_name":null,"tidal_id":"21676f9f-9131-54ed-ab4e-d2b0342d7aef","created":"2026-01-28T13:08:10.047665Z","modified":"2026-01-28T13:08:10.047668Z"},{"id":"f0e368f1-3347-41ef-91fb-995c3cb07707","name":"LOLBAS Tracker","description":"LOLBAS. (n.d.). Tracker.exe. Retrieved July 31, 2019.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Tracker/","source":"MITRE","title":"Tracker.exe","authors":"LOLBAS","date_accessed":"2019-07-31T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"0d7a78db-dddb-53ed-9118-23a890efd60e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436831Z"},{"id":"8fe09ef1-f72e-5261-b79f-5d41fad51eac","name":"BushidoToken Akira 2023","description":"Will Thomas. (2023, September 15). Tracking Adversaries: Akira, another descendent of Conti. Retrieved February 21, 2024.","url":"https://blog.bushidotoken.net/2023/09/tracking-adversaries-akira-another.html","source":"MITRE","title":"Tracking Adversaries: Akira, another descendent of Conti","authors":"Will Thomas","date_accessed":"2024-02-21T00:00:00Z","date_published":"2023-09-15T00:00:00Z","owner_name":null,"tidal_id":"e9965763-a682-51ce-a4cc-1dc57f5315a0","created":"2024-04-25T13:28:44.371124Z","modified":"2025-12-17T15:08:36.438517Z"},{"id":"621a8320-0e3c-444f-b82a-7fd4fdf9fb67","name":"BushidoToken Scattered Spider August 16 2023","description":"BushidoToken. (2023, August 16). Tracking Adversaries: Scattered Spider, the BlackCat affiliate. Retrieved September 14, 2023.","url":"https://blog.bushidotoken.net/2023/08/tracking-adversaries-scattered-spider.html","source":"Tidal Cyber","title":"Tracking Adversaries: Scattered Spider, the BlackCat affiliate","authors":"BushidoToken","date_accessed":"2023-09-14T00:00:00Z","date_published":"2023-08-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4ef963f5-72bb-55e5-bee6-036f926ab67a","created":"2023-09-14T20:17:58.246099Z","modified":"2023-09-14T20:17:58.347326Z"},{"id":"a0fda9ef-31d3-529b-a0f2-342ac6fa23cd","name":"BushidoToken Qilin RaaS JUN 2024","description":"Thomas, W. (2024, June 12). Tracking Adversaries: The Qilin RaaS. Retrieved September 26, 2025.","url":"https://blog.bushidotoken.net/2024/06/tracking-adversaries-qilin-raas.html","source":"MITRE","title":"Tracking Adversaries: The Qilin RaaS","authors":"Thomas, W","date_accessed":"2025-09-26T00:00:00Z","date_published":"2024-06-12T00:00:00Z","owner_name":null,"tidal_id":"0e05a078-6268-5263-b697-3fd7f5814d22","created":"2025-10-29T21:08:48.165305Z","modified":"2025-12-17T15:08:36.422051Z"},{"id":"c0a167f6-c8ab-563f-9d2b-617b2420e096","name":"WeLiveSecurity AdDisplayAshas","description":"L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October","url":"https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/","source":"Mobile","title":"Tracking down the developer of Android adware affecting millions of users","authors":"L. Stefanko","date_accessed":"1978-10-01T00:00:00Z","date_published":"2019-10-24T00:00:00Z","owner_name":null,"tidal_id":"01b802da-f7d1-587f-9958-205ef0abc49f","created":"2026-01-28T13:08:10.042389Z","modified":"2026-01-28T13:08:10.042392Z"},{"id":"5d5ca6a4-5e2f-4679-9040-b68d524778ff","name":"Lateral Movement Payne","description":"Payne, J. (2015, November 26). Tracking Lateral Movement Part One - Special Groups and Specific Service Accounts. Retrieved February 1, 2016.","url":"https://docs.microsoft.com/en-us/archive/blogs/jepayne/tracking-lateral-movement-part-one-special-groups-and-specific-service-accounts","source":"MITRE","title":"Tracking Lateral Movement Part One - Special Groups and Specific Service Accounts","authors":"Payne, J","date_accessed":"2016-02-01T00:00:00Z","date_published":"2015-11-26T00:00:00Z","owner_name":null,"tidal_id":"387d64f2-842f-58a4-81b4-92ab164d7f78","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429347Z"},{"id":"bff5dbfe-d080-46c1-82b7-272e03d2aa8c","name":"Unit 42 KerrDown February 2019","description":"Ray, V. and Hayashi, K. (2019, February 1). Tracking OceanLotus’ new Downloader, KerrDown. Retrieved October 1, 2021.","url":"https://unit42.paloaltonetworks.com/tracking-oceanlotus-new-downloader-kerrdown/","source":"MITRE","title":"Tracking OceanLotus’ new Downloader, KerrDown","authors":"Ray, V. and Hayashi, K","date_accessed":"2021-10-01T00:00:00Z","date_published":"2019-02-01T00:00:00Z","owner_name":null,"tidal_id":"281119a7-5890-5112-86e2-0a0bdb87edcf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420190Z"},{"id":"2987f12f-0050-4982-b14b-811361b534a0","name":"CYFIRMA 08 08 2025","description":"CYFIRMA. (2025, August 8). TRACKING RANSOMWARE : JULY 2025 - CYFIRMA. Retrieved September 29, 2025.","url":"https://www.cyfirma.com/research/tracking-ransomware-july-2025/","source":"Tidal Cyber","title":"TRACKING RANSOMWARE : JULY 2025 - CYFIRMA","authors":"CYFIRMA","date_accessed":"2025-09-29T12:00:00Z","date_published":"2025-08-08T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"07f849e1-4c16-558a-bce5-adbaf446134b","created":"2025-10-07T14:06:54.914648Z","modified":"2025-10-07T14:06:55.049210Z"},{"id":"d6b52135-6bb2-4e37-8f94-1e1d6354bdfd","name":"Trend Micro TeamTNT","description":"Fiser, D. Oliveira, A. (n.d.). Tracking the Activities of TeamTNT A Closer Look at a Cloud-Focused Malicious Actor Group. Retrieved September 22, 2021.","url":"https://documents.trendmicro.com/assets/white_papers/wp-tracking-the-activities-of-teamTNT.pdf","source":"MITRE","title":"Tracking the Activities of TeamTNT A Closer Look at a Cloud-Focused Malicious Actor Group","authors":"Fiser, D. Oliveira, A","date_accessed":"2021-09-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"aa977fa6-1067-570c-a0b4-832ca6425490","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437671Z"},{"id":"14855034-494e-477d-8c91-fc534fd7790d","name":"Okta HAR Files Incident Notice","description":"David Bradbury. (2023, October 20). Tracking Unauthorized Access to Okta's Support System. Retrieved December 19, 2023.","url":"https://sec.okta.com/articles/2023/10/tracking-unauthorized-access-oktas-support-system","source":"Tidal Cyber","title":"Tracking Unauthorized Access to Okta's Support System","authors":"David Bradbury","date_accessed":"2023-12-19T00:00:00Z","date_published":"2023-10-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"dbf3f081-4ce8-527a-9185-61cf0f15f643","created":"2024-06-13T20:10:44.867314Z","modified":"2024-06-13T20:10:45.202341Z"},{"id":"97eac0f2-d528-4f7c-8425-7531eae4fc39","name":"SANS Windshift August 2018","description":"Karim, T. (2018, August). TRAILS OF WINDSHIFT. Retrieved November 17, 2024.","url":"https://www.scribd.com/document/661837258/WINDSHIFT-summit-archive-1554718868","source":"MITRE","title":"TRAILS OF WINDSHIFT","authors":"Karim, T","date_accessed":"2024-11-17T00:00:00Z","date_published":"2018-08-01T00:00:00Z","owner_name":null,"tidal_id":"c768bc75-3826-54a2-9944-5fec1a11b330","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416980Z"},{"id":"f7f2eecc-19e6-4d93-8a53-91afea2f242e","name":"Microsoft TxF","description":"Microsoft. (n.d.). Transactional NTFS (TxF). Retrieved December 20, 2017.","url":"https://msdn.microsoft.com/library/windows/desktop/bb968806.aspx","source":"MITRE","title":"Transactional NTFS (TxF)","authors":"Microsoft","date_accessed":"2017-12-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f5fd4908-028c-5406-b09e-7452b87c2ef0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431123Z"},{"id":"9b492a2f-1326-4733-9c0e-a9454bf7fabb","name":"Rclone-mega-extortion_05_2021","description":"Justin Schoenfeld, Aaron Didier. (2021, May 4). Transferring leverage in a ransomware attack. Retrieved July 14, 2022.","url":"https://redcanary.com/blog/rclone-mega-extortion/","source":"MITRE","title":"Transferring leverage in a ransomware attack","authors":"Justin Schoenfeld, Aaron Didier","date_accessed":"2022-07-14T00:00:00Z","date_published":"2021-05-04T00:00:00Z","owner_name":null,"tidal_id":"30b1a5ab-c011-50de-b62b-32b3b5745ef2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427428Z"},{"id":"99e48516-f918-477c-b85e-4ad894cc031f","name":"JScrip May 2018","description":"Microsoft. (2018, May 31). Translating to JScript. Retrieved June 23, 2020.","url":"https://docs.microsoft.com/windows/win32/com/translating-to-jscript","source":"MITRE","title":"Translating to JScript","authors":"Microsoft","date_accessed":"2020-06-23T00:00:00Z","date_published":"2018-05-31T00:00:00Z","owner_name":null,"tidal_id":"40331355-ce94-542d-a3f3-be86a405c13a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424872Z"},{"id":"be1e3092-1981-457b-ae76-b55b057e1d73","name":"tt_obliqueRAT","description":"Malhotra, A., McKay, K. et al. (2021, May 13). Transparent Tribe APT expands its Windows malware arsenal . Retrieved July 29, 2022.","url":"https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html","source":"MITRE","title":"Transparent Tribe APT expands its Windows malware arsenal","authors":"Malhotra, A., McKay, K. et al","date_accessed":"2022-07-29T00:00:00Z","date_published":"2021-05-13T00:00:00Z","owner_name":null,"tidal_id":"fe8a820d-9685-5f19-8dcb-0d65aa03a52c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428460Z"},{"id":"5d58c285-bc7d-4a8a-a96a-ac7118c1089d","name":"Talos Transparent Tribe May 2021","description":"Malhotra, A. et al. (2021, May 13). Transparent Tribe APT expands its Windows malware arsenal. Retrieved September 2, 2021.","url":"https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html","source":"MITRE, Tidal Cyber","title":"Transparent Tribe APT expands its Windows malware arsenal","authors":"Malhotra, A. et al","date_accessed":"2021-09-02T00:00:00Z","date_published":"2021-05-13T00:00:00Z","owner_name":null,"tidal_id":"908396b8-1341-5081-a503-b06389390d4e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.259063Z"},{"id":"acb10fb6-608f-44d3-9faf-7e577b0e2786","name":"Cisco Talos Transparent Tribe Education Campaign July 2022","description":"N. Baisini. (2022, July 13). Transparent Tribe begins targeting education sector in latest campaign. Retrieved September 22, 2022.","url":"https://blog.talosintelligence.com/2022/07/transparent-tribe-targets-education.html","source":"MITRE","title":"Transparent Tribe begins targeting education sector in latest campaign","authors":"N. Baisini","date_accessed":"2022-09-22T00:00:00Z","date_published":"2022-07-13T00:00:00Z","owner_name":null,"tidal_id":"4a4d6af1-effb-5cbe-870f-4e1997b3c25b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439496Z"},{"id":"9bdda422-dbf7-4b70-a7b1-9e3ad658c239","name":"tt_httrack_fake_domains","description":"Malhotra, A., Thattil, J. et al. (2022, March 29). Transparent Tribe campaign uses new bespoke malware to target Indian government officials . Retrieved September 6, 2022.","url":"https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html","source":"MITRE","title":"Transparent Tribe campaign uses new bespoke malware to target Indian government officials","authors":"Malhotra, A., Thattil, J. et al","date_accessed":"2022-09-06T00:00:00Z","date_published":"2022-03-29T00:00:00Z","owner_name":null,"tidal_id":"b9ee1db5-fda9-5402-96f1-5a0ed9e712ea","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428467Z"},{"id":"42c7faa2-f664-4e4a-9d23-93c88a09da5b","name":"Kaspersky Transparent Tribe August 2020","description":"Dedola, G. (2020, August 20). Transparent Tribe: Evolution analysis, part 1. Retrieved September 2, 2021.","url":"https://securelist.com/transparent-tribe-part-1/98127/","source":"MITRE, Tidal Cyber","title":"Transparent Tribe: Evolution analysis, part 1","authors":"Dedola, G","date_accessed":"2021-09-02T00:00:00Z","date_published":"2020-08-20T00:00:00Z","owner_name":null,"tidal_id":"53e0c139-977f-5156-9a02-3d393e738ae2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.257996Z"},{"id":"0db470b1-ab22-4b67-a858-472e4de7c6f0","name":"Securelist Trasparent Tribe 2020","description":"Dedola, G. (2020, August 20). Transparent Tribe: Evolution analysis, part 1. Retrieved April 1, 2021.","url":"https://securelist.com/transparent-tribe-part-1/98127/","source":"MITRE","title":"Transparent Tribe: Evolution analysis, part 1","authors":"Dedola, G","date_accessed":"2021-04-01T00:00:00Z","date_published":"2020-08-20T00:00:00Z","owner_name":null,"tidal_id":"357673a2-aae6-57ef-81a7-2ba499916859","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434552Z"},{"id":"ed23d5f4-4bae-4184-8259-e8356807f1fe","name":"KPMG Transparent Tribe January 2026","description":"KPMG. (2026, January 1). Transparent Tribe - Weaponized LNK Files for Cross-Border Espionage. Retrieved January 20, 2026.","url":"https://assets.kpmg.com/content/dam/kpmgsites/in/pdf/2026/01/kpmg-ctip-transparent-tribe-13-jan-2026.pdf.coredownload.inline.pdf","source":"Tidal Cyber","title":"Transparent Tribe - Weaponized LNK Files for Cross-Border Espionage","authors":"KPMG","date_accessed":"2026-01-20T12:00:00Z","date_published":"2026-01-01T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5f457b28-abce-57e4-8e5b-36640fef47fb","created":"2026-01-23T20:29:36.268538Z","modified":"2026-01-23T20:29:36.400766Z"},{"id":"16ae3e7e-5f0d-4ca9-8453-be960b2111b6","name":"Microsoft TransportAgent Jun 2016","description":"Microsoft. (2016, June 1). Transport agents. Retrieved June 24, 2019.","url":"https://docs.microsoft.com/en-us/exchange/transport-agents-exchange-2013-help","source":"MITRE","title":"Transport agents","authors":"Microsoft","date_accessed":"2019-06-24T00:00:00Z","date_published":"2016-06-01T00:00:00Z","owner_name":null,"tidal_id":"f1cf1600-57f8-5d12-bf33-409e50eaa7cf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427526Z"},{"id":"143462e1-b7e8-4e18-9cb1-6f4f3969e891","name":"Trap Manual","description":"ss64. (n.d.). trap. Retrieved May 21, 2019.","url":"https://ss64.com/bash/trap.html","source":"MITRE","title":"trap","authors":"ss64","date_accessed":"2019-05-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"388077c7-0c17-5c8a-9422-20bad9433137","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430318Z"},{"id":"6d4c6c52-38ae-52f5-b438-edeceed446a5","name":"Red Canary Netwire Linux 2022","description":"TONY LAMBERT. (2022, June 7). Trapping the Netwire RAT on Linux. Retrieved September 28, 2023.","url":"https://redcanary.com/blog/netwire-remote-access-trojan-on-linux/","source":"MITRE","title":"Trapping the Netwire RAT on Linux","authors":"TONY LAMBERT","date_accessed":"2023-09-28T00:00:00Z","date_published":"2022-06-07T00:00:00Z","owner_name":null,"tidal_id":"da37e051-c9d9-5843-9667-d1fd1befe2ab","created":"2023-11-07T00:36:08.665442Z","modified":"2025-12-17T15:08:36.435599Z"},{"id":"24cf5471-f327-4407-b32f-055537f3495e","name":"Cyberciti Trap Statements","description":"Cyberciti. (2016, March 29). Trap statement. Retrieved May 21, 2019.","url":"https://bash.cyberciti.biz/guide/Trap_statement","source":"MITRE","title":"Trap statement","authors":"Cyberciti","date_accessed":"2019-05-21T00:00:00Z","date_published":"2016-03-29T00:00:00Z","owner_name":null,"tidal_id":"39751132-c851-59ff-a8b4-656abdfd030d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430325Z"},{"id":"144bf4cb-ff31-5fc5-8643-7f59d503d1e4","name":"US Dept. of Treasury Salt Typhoon JAN 2025","description":"US Department of Treasury. (2025, January 17). Treasury Sanctions Company Associated with Salt Typhoon and Hacker Associated with Treasury Compromise. Retrieved February 24, 2025.","url":"https://home.treasury.gov/news/press-releases/jy2792","source":"MITRE","title":"Treasury Sanctions Company Associated with Salt Typhoon and Hacker Associated with Treasury Compromise","authors":"US Department of Treasury","date_accessed":"2025-02-24T00:00:00Z","date_published":"2025-01-17T00:00:00Z","owner_name":null,"tidal_id":"66897908-a35f-5266-852b-bae9bf3d895f","created":"2025-04-22T20:47:22.973158Z","modified":"2025-12-17T15:08:36.439206Z"},{"id":"0c8ff80a-6b1d-4212-aa40-99aeef04ce05","name":"Dept. of Treasury Iran Sanctions September 2020","description":"Dept. of Treasury. (2020, September 17). Treasury Sanctions Cyber Actors Backed by Iranian Intelligence. Retrieved December 10, 2020.","url":"https://home.treasury.gov/news/press-releases/sm1127","source":"MITRE","title":"Treasury Sanctions Cyber Actors Backed by Iranian Intelligence","authors":"Dept. of Treasury","date_accessed":"2020-12-10T00:00:00Z","date_published":"2020-09-17T00:00:00Z","owner_name":null,"tidal_id":"4e559836-c78e-5075-a6bd-f414650a402b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438230Z"},{"id":"074a52c4-26d9-4083-9349-c14e2639c1bc","name":"Treasury EvilCorp Dec 2019","description":"U.S. Department of Treasury. (2019, December 5). Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware. Retrieved September 15, 2021.","url":"https://home.treasury.gov/news/press-releases/sm845","source":"MITRE","title":"Treasury Sanctions Evil Corp, the Russia-Based Cybercriminal Group Behind Dridex Malware","authors":"U.S. Department of Treasury","date_accessed":"2021-09-15T00:00:00Z","date_published":"2019-12-05T00:00:00Z","owner_name":null,"tidal_id":"72af95ad-b89c-536e-96c9-74f1681705ff","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422315Z"},{"id":"54977bb2-2929-41d7-bdea-06d39dc76174","name":"Treasury North Korean Cyber Groups September 2019","description":"US Treasury . (2019, September 13). Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups. Retrieved September 29, 2021.","url":"https://home.treasury.gov/news/press-releases/sm774","source":"MITRE","title":"Treasury Sanctions North Korean State-Sponsored Malicious Cyber Groups","authors":"US Treasury","date_accessed":"2021-09-29T00:00:00Z","date_published":"2019-09-13T00:00:00Z","owner_name":null,"tidal_id":"3bfb8d48-0f7d-59fa-b0e3-426de6991343","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437613Z"},{"id":"5590bb5c-d9d1-480c-bb69-1944c1cf2431","name":"Mandiant APT29 Trello","description":"Wolfram, J. et al. (2022, April 28). Trello From the Other Side: Tracking APT29 Phishing Campaigns. Retrieved August 3, 2022.","url":"https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns","source":"MITRE","title":"Trello From the Other Side: Tracking APT29 Phishing Campaigns","authors":"Wolfram, J. et al","date_accessed":"2022-08-03T00:00:00Z","date_published":"2022-04-28T00:00:00Z","owner_name":null,"tidal_id":"e24c4df6-8ebf-59c8-a78c-3c9020fd05bd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442691Z"},{"id":"5643a6d5-a660-4416-a4d9-6fd4d0da74ef","name":"Mandiant Trending Evil Q1 2022","description":"Mandiant. (n.d.). Trending Evil Q1 2022. Retrieved May 18, 2023.","url":"https://experience.mandiant.com/trending-evil/p/1","source":"Tidal Cyber","title":"Trending Evil Q1 2022","authors":"Mandiant","date_accessed":"2023-05-18T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"7c6701e5-d789-5662-827f-45051487638c","created":"2024-06-13T20:10:26.503597Z","modified":"2024-06-13T20:10:26.698365Z"},{"id":"6405be5d-3eba-579e-a2c1-d4b0637d9354","name":"Trend Micro April 2016","description":"Trend Micro 2016, April 27 Malware Discovered in German Nuclear Power Plant. Retrieved 2019/10/14","url":"https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/malware-discovered-in-german-nuclear-power-plant","source":"ICS","title":"Trend Micro April 2016","authors":"","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9940485d-b4f1-55fa-adab-7a1d4b484eb8","created":"2026-01-28T13:08:18.178117Z","modified":"2026-01-28T13:08:18.178120Z"},{"id":"1c21c911-11db-560c-b623-5937dc478b74","name":"Trend Micro - Int SP","description":"Trend Micro. (n.d.). Retrieved February 16, 2024.","url":"https://www.trendmicro.com/en_us/research.html","source":"MITRE","title":"Trend Micro - Int SP","authors":"","date_accessed":"2024-02-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4454d931-49d3-5a0a-8bf7-c9da81c5e759","created":"2024-04-25T13:28:38.156223Z","modified":"2025-12-17T15:08:36.432975Z"},{"id":"f34fcf1f-370e-4b6e-9cc4-7ee4075faf6e","name":"Malicious Chrome Extension Numbers","description":"Jagpal, N., et al. (2015, August). Trends and Lessons from Three Years Fighting Malicious Extensions. Retrieved November 17, 2017.","url":"https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43824.pdf","source":"MITRE","title":"Trends and Lessons from Three Years Fighting Malicious Extensions","authors":"Jagpal, N., et al","date_accessed":"2017-11-17T00:00:00Z","date_published":"2015-08-01T00:00:00Z","owner_name":null,"tidal_id":"c59f73bc-8c72-53d8-9997-1ee6d2147652","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426480Z"},{"id":"52f4a421-4a51-5b21-95dc-76a9d15bfdaf","name":"Kaspersky Triada March 2016","description":"Snow, J. (2016, March 3). Triada: organized crime on Android. Retrieved July","url":"https://www.kaspersky.com/blog/triada-trojan/11481/","source":"Mobile","title":"Triada: organized crime on Android","authors":"Snow, J","date_accessed":"1978-07-01T00:00:00Z","date_published":"2016-03-03T00:00:00Z","owner_name":null,"tidal_id":"aa914f1a-b204-5e6a-8d46-c0437715fa9a","created":"2026-01-28T13:08:10.042152Z","modified":"2026-01-28T13:08:10.042163Z"},{"id":"3c4857e0-0318-435f-9459-bd57d83e84fe","name":"Triage 23893f035f8564dfea5030b9fdd54120d96072bb","description":"tria.ge. (n.d.). Triage 23893f035f8564dfea5030b9fdd54120d96072bb. Retrieved October 20, 2023.","url":"https://tria.ge/230726-q34mlacc72","source":"Tidal Cyber","title":"Triage 23893f035f8564dfea5030b9fdd54120d96072bb","authors":"tria.ge","date_accessed":"2023-10-20T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"a2074b78-1fd9-5a8e-9ba6-f2142d96c537","created":"2024-01-26T18:00:33.215995Z","modified":"2024-01-26T18:00:33.354727Z"},{"id":"fd9800c3-c556-4804-a4ea-f31c2b198dcf","name":"Triage e82c11612c0870e8175eafa8c9c5f9151d0b80d7","description":"tria.ge. (n.d.). Triage e82c11612c0870e8175eafa8c9c5f9151d0b80d7. Retrieved October 20, 2023.","url":"https://tria.ge/231004-q6y7aaeb22","source":"Tidal Cyber","title":"Triage e82c11612c0870e8175eafa8c9c5f9151d0b80d7","authors":"tria.ge","date_accessed":"2023-10-20T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"447f63dd-fce0-57ea-b105-71244d0d9613","created":"2024-01-26T18:00:33.603065Z","modified":"2024-01-26T18:00:33.764423Z"},{"id":"853d719f-f41d-49e4-8752-7c0e3f7090df","name":"Huntress December 22 2025","description":"None Identified. (2025, December 22). Trial, Error, and Typos: Why Some Malware Attacks Aren't as 'Sophisticated' as You Think | Huntress. Retrieved December 24, 2025.","url":"https://www.huntress.com/blog/trial-error-typos-malware-attacks-sophisticated","source":"Tidal Cyber","title":"Trial, Error, and Typos: Why Some Malware Attacks Aren't as 'Sophisticated' as You Think | Huntress","authors":"None Identified","date_accessed":"2025-12-24T12:00:00Z","date_published":"2025-12-22T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2be14d59-4200-5ec6-9aa2-457eedd0d3af","created":"2025-12-29T17:39:49.925548Z","modified":"2025-12-29T17:39:50.086036Z"},{"id":"84ffd130-97b9-4bbf-bc3e-42accdf248ce","name":"exatrack bpf filters passive backdoors","description":"ExaTrack. (2022, May 11). Tricephalic Hellkeeper: a tale of a passive backdoor. Retrieved October 18, 2022.","url":"https://exatrack.com/public/Tricephalic_Hellkeeper.pdf","source":"MITRE","title":"Tricephalic Hellkeeper: a tale of a passive backdoor","authors":"ExaTrack","date_accessed":"2022-10-18T00:00:00Z","date_published":"2022-05-11T00:00:00Z","owner_name":null,"tidal_id":"777450fe-46b7-5e60-9b46-7d243b109aa6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423640Z"},{"id":"4d6d258f-a57f-4cfd-880a-1ecd98e26d9f","name":"Malwarebytes TrickBot Sep 2019","description":"Umawing, J. (2019, September 3). TrickBot adds new trick to its arsenal: tampering with trusted texts. Retrieved June 15, 2020.","url":"https://blog.malwarebytes.com/trojans/2019/09/trickbot-adds-new-trick-to-its-arsenal-tampering-with-trusted-texts/","source":"MITRE","title":"TrickBot adds new trick to its arsenal: tampering with trusted texts","authors":"Umawing, J","date_accessed":"2020-06-15T00:00:00Z","date_published":"2019-09-03T00:00:00Z","owner_name":null,"tidal_id":"de212792-b2e0-5634-a07f-77e61bd5d0b8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441886Z"},{"id":"c402888a-ccd1-4cbc-856c-ff0bdcb8b30b","name":"TrendMicro Trickbot Feb 2019","description":"Llimos, N., Pascual, C.. (2019, February 12). Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire. Retrieved March 12, 2019.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/trickbot-adds-remote-application-credential-grabbing-capabilities-to-its-repertoire/","source":"MITRE","title":"Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire","authors":"Llimos, N., Pascual, C.","date_accessed":"2019-03-12T00:00:00Z","date_published":"2019-02-12T00:00:00Z","owner_name":null,"tidal_id":"c8978ffd-351d-574b-8909-8e35204e7bb4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416421Z"},{"id":"ad72e27f-ae4f-425a-a4ef-c76a20382691","name":"Eclypsium Trickboot December 2020","description":"Eclypsium, Advanced Intelligence. (2020, December 1). TRICKBOT NOW OFFERS ‘TRICKBOOT’: PERSIST, BRICK, PROFIT. Retrieved March 15, 2021.","url":"https://eclypsium.com/wp-content/uploads/2020/12/TrickBot-Now-Offers-TrickBoot-Persist-Brick-Profit.pdf","source":"MITRE","title":"TRICKBOT NOW OFFERS ‘TRICKBOOT’: PERSIST, BRICK, PROFIT","authors":"Eclypsium, Advanced Intelligence","date_accessed":"2021-03-15T00:00:00Z","date_published":"2020-12-01T00:00:00Z","owner_name":null,"tidal_id":"a3522b9d-be1b-5b53-b613-20fdf9a20d90","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439683Z"},{"id":"e5bf330b-b11f-557b-8141-78e85b0ffd94","name":"SecurityIntelligence TrickMo","description":"P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April","url":"https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/","source":"Mobile","title":"TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany","authors":"P. Asinovsky","date_accessed":"1978-04-01T00:00:00Z","date_published":"2020-03-24T00:00:00Z","owner_name":null,"tidal_id":"96095fbd-aba2-59dc-8e24-849a1787aeae","created":"2026-01-28T13:08:10.039201Z","modified":"2026-01-28T13:08:10.039204Z"},{"id":"d796e773-7335-549f-a79b-a2961f85a8ec","name":"IBM X-Force ITG23 Oct 2021","description":"Villadsen, O., et al. (2021, October 13). Trickbot Rising - Gang Doubles Down on Infection Efforts to Amass Network Footholds. Retrieved June 15, 2023.","url":"https://securityintelligence.com/posts/trickbot-gang-doubles-down-enterprise-infection/","source":"MITRE","title":"Trickbot Rising - Gang Doubles Down on Infection Efforts to Amass Network Footholds","authors":"Villadsen, O., et al","date_accessed":"2023-06-15T00:00:00Z","date_published":"2021-10-13T00:00:00Z","owner_name":null,"tidal_id":"d566824e-9d69-56af-b640-5efb484d92d8","created":"2023-11-07T00:36:14.063667Z","modified":"2025-12-17T15:08:36.437351Z"},{"id":"5504d906-579e-4b1c-8864-d811b67a25f8","name":"Trend Micro Trickbot Nov 2018","description":"Anthony, N., Pascual, C.. (2018, November 1). Trickbot Shows Off New Trick: Password Grabber Module. Retrieved November 16, 2018.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/trickbot-shows-off-new-trick-password-grabber-module/","source":"MITRE","title":"Trickbot Shows Off New Trick: Password Grabber Module","authors":"Anthony, N., Pascual, C.","date_accessed":"2018-11-16T00:00:00Z","date_published":"2018-11-01T00:00:00Z","owner_name":null,"tidal_id":"2ecd6ec0-3d14-5e73-a984-f4d9294f65be","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440939Z"},{"id":"f5441718-3c0d-4b26-863c-24df1130b090","name":"Joe Sec Trickbot","description":"Joe Security. (2020, July 13). TrickBot's new API-Hammering explained. Retrieved September 30, 2021.","url":"https://www.joesecurity.org/blog/498839998833561473","source":"MITRE","title":"TrickBot's new API-Hammering explained","authors":"Joe Security","date_accessed":"2021-09-30T00:00:00Z","date_published":"2020-07-13T00:00:00Z","owner_name":null,"tidal_id":"86523c5f-6f81-5a05-aef9-b2fd180bbbf9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433138Z"},{"id":"a5dc1702-1930-463a-a581-74cc13e66ba5","name":"Fortinet TrickBot","description":"Bacurio Jr., F. and Salvio, J. (2018, April 9). Trickbot’s New Reconnaissance Plugin. Retrieved February 14, 2019.","url":"https://www.fortinet.com/blog/threat-research/trickbot-s-new-reconnaissance-plugin.html","source":"MITRE","title":"Trickbot’s New Reconnaissance Plugin","authors":"Bacurio Jr., F. and Salvio, J","date_accessed":"2019-02-14T00:00:00Z","date_published":"2018-04-09T00:00:00Z","owner_name":null,"tidal_id":"e84dcabb-a495-5867-b90e-d70b670ff9a5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442195Z"},{"id":"0484ddd0-5402-4300-99d4-4504591dddc0","name":"Trickbot VNC module July 2021","description":"Ionut Illascu. (2021, July 14). Trickbot updates its VNC module for high-value targets. Retrieved September 10, 2021.","url":"https://www.bleepingcomputer.com/news/security/trickbot-updates-its-vnc-module-for-high-value-targets/","source":"MITRE","title":"Trickbot updates its VNC module for high-value targets","authors":"Ionut Illascu","date_accessed":"2021-09-10T00:00:00Z","date_published":"2021-07-14T00:00:00Z","owner_name":null,"tidal_id":"6c93e649-b975-5895-ade3-00babe3b14c0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441486Z"},{"id":"839c02d1-58ec-4e25-a981-0276dbb1acc8","name":"Fidelis TrickBot Oct 2016","description":"Reaves, J. (2016, October 15). TrickBot: We Missed you, Dyre. Retrieved August 2, 2018.","url":"https://www.fidelissecurity.com/threatgeek/2016/10/trickbot-we-missed-you-dyre","source":"MITRE","title":"TrickBot: We Missed you, Dyre","authors":"Reaves, J","date_accessed":"2018-08-02T00:00:00Z","date_published":"2016-10-15T00:00:00Z","owner_name":null,"tidal_id":"9572d8d3-7ce9-59de-9fef-58f2cfd8a2cf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416435Z"},{"id":"04028685-b2e0-4faf-8c9d-36d1b07f09fc","name":"Bromium Ursnif Mar 2017","description":"Holland, A. (2019, March 7). Tricks and COMfoolery: How Ursnif Evades Detection. Retrieved June 10, 2019.","url":"https://www.bromium.com/how-ursnif-evades-detection/","source":"MITRE","title":"Tricks and COMfoolery: How Ursnif Evades Detection","authors":"Holland, A","date_accessed":"2019-06-10T00:00:00Z","date_published":"2019-03-07T00:00:00Z","owner_name":null,"tidal_id":"4f9607cb-1a69-5944-b5c2-991af939eaf4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440507Z"},{"id":"092aec63-aea0-4bc9-9c05-add89b4233ff","name":"IBM TrickBot Nov 2016","description":"Keshet, L. (2016, November 09). Tricks of the Trade: A Deeper Look Into TrickBot’s Machinations. Retrieved August 2, 2018.","url":"https://securityintelligence.com/tricks-of-the-trade-a-deeper-look-into-trickbots-machinations/","source":"MITRE","title":"Tricks of the Trade: A Deeper Look Into TrickBot’s Machinations","authors":"Keshet, L","date_accessed":"2018-08-02T00:00:00Z","date_published":"2016-11-09T00:00:00Z","owner_name":null,"tidal_id":"b521b4ef-09e9-57ff-9213-0b8af9bf5e42","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416414Z"},{"id":"621f1c52-5f34-4293-a507-b58c4084a19b","name":"TrendMictro Phishing","description":"Babon, P. (2020, September 3). Tricky 'Forms' of Phishing. Retrieved October 20, 2020.","url":"https://www.trendmicro.com/en_us/research/20/i/tricky-forms-of-phishing.html","source":"MITRE","title":"Tricky 'Forms' of Phishing","authors":"Babon, P","date_accessed":"2020-10-20T00:00:00Z","date_published":"2020-09-03T00:00:00Z","owner_name":null,"tidal_id":"8617503c-fce8-5002-beb0-cb766634d060","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426838Z"},{"id":"aadbd0a8-00f2-404b-8d02-6d36292726da","name":"Trimarc Detecting Password Spraying","description":"Metcalf, S. (2018, May 6). Trimarc Research: Detecting Password Spraying with Security Event Auditing. Retrieved January 16, 2019.","url":"https://www.trimarcsecurity.com/single-post/2018/05/06/Trimarc-Research-Detecting-Password-Spraying-with-Security-Event-Auditing","source":"MITRE","title":"Trimarc Research: Detecting Password Spraying with Security Event Auditing","authors":"Metcalf, S","date_accessed":"2019-01-16T00:00:00Z","date_published":"2018-05-06T00:00:00Z","owner_name":null,"tidal_id":"db560631-b134-5b64-bdf3-d0f117d3b3f8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430767Z"},{"id":"122235f3-5dc5-5c47-ad19-0c28383d6396","name":"Bitdefender - Triout 2018","description":"L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January","url":"https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/","source":"Mobile","title":"Triout – Spyware Framework for Android with Extensive Surveillance Capabilities","authors":"L. Arsene, C. Ochinca","date_accessed":"1978-01-01T00:00:00Z","date_published":"2018-08-20T00:00:00Z","owner_name":null,"tidal_id":"ca595a87-54e9-5254-aea8-8f69c9898656","created":"2026-01-28T13:08:10.040956Z","modified":"2026-01-28T13:08:10.040960Z"},{"id":"672743fe-f83a-507e-bd38-2315d7a062e0","name":"Emotet Deploys TrickBot","description":"Cybereason Nocturnus. (n.d.). Triple Threat: Emotet Deploys TrickBot to Steal Data & Spread Ryuk. Retrieved November 28, 2023.","url":"https://www.cybereason.com/blog/research/triple-threat-emotet-deploys-trickbot-to-steal-data-spread-ryuk-ransomware#:~:text=TrickBot%20uses%20a%20hidden%20VNC,desktop%20without%20the%20victim%20noticing","source":"MITRE","title":"Triple Threat: Emotet Deploys TrickBot to Steal Data & Spread Ryuk","authors":"Cybereason Nocturnus","date_accessed":"2023-11-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1c0a8c8a-0a68-5ba1-84cc-63e0847b5246","created":"2024-04-25T13:28:53.518123Z","modified":"2025-12-17T15:08:36.442869Z"},{"id":"7659f7bc-2059-4a4d-a12c-17ccd99b737a","name":"Dragos TRISIS","description":"Dragos. (2017, December 13). TRISIS Malware Analysis of Safety System Targeted Malware. Retrieved January 6, 2021.","url":"https://www.dragos.com/wp-content/uploads/TRISIS-01.pdf","source":"MITRE","title":"TRISIS Malware Analysis of Safety System Targeted Malware","authors":"Dragos","date_accessed":"2021-01-06T00:00:00Z","date_published":"2017-12-13T00:00:00Z","owner_name":null,"tidal_id":"284c3799-de4b-5872-8c1e-fd4687a72561","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420449Z"},{"id":"07adee5d-516f-504a-8658-2c46f1f11053","name":"MDudek-ICS","description":"MDudek-ICS. (n.d.). TRISIS-TRITON-HATMAN. Retrieved 2019/11/03","url":"https://github.com/MDudek-ICS/TRISIS-TRITON-HATMAN/tree/master/decompiled_code/library","source":"ICS","title":"TRISIS-TRITON-HATMAN","authors":"MDudek-ICS","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7d9cd001-02a3-5e0c-a908-03f9c793a1c8","created":"2026-01-28T13:08:18.180066Z","modified":"2026-01-28T13:08:18.180069Z"},{"id":"49c97b85-ca22-400a-9dc4-6290cc117f04","name":"FireEye TRITON 2019","description":"Miller, S, et al. (2019, April 10). TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping. Retrieved April 16, 2019.","url":"https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html","source":"MITRE","title":"TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping","authors":"Miller, S, et al","date_accessed":"2019-04-16T00:00:00Z","date_published":"2019-04-10T00:00:00Z","owner_name":null,"tidal_id":"4bb5dbe7-6eba-5cff-9ec5-689484437270","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439258Z"},{"id":"491783dc-7a6b-42a6-b923-c4439117e7e4","name":"FireEye TEMP.Veles JSON April 2019","description":"Miller, S., et al. (2019, April 10). TRITON Appendix C. Retrieved April 29, 2019.","url":"https://www.fireeye.com/content/dam/fireeye-www/blog/files/TRITON_Appendix_C.html","source":"MITRE","title":"TRITON Appendix C","authors":"Miller, S., et al","date_accessed":"2019-04-29T00:00:00Z","date_published":"2019-04-10T00:00:00Z","owner_name":null,"tidal_id":"bd733854-93f6-5d1b-a007-1a739cfa4d32","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439430Z"},{"id":"e41151fa-ea11-43ca-9689-c65aae63a8d2","name":"FireEye TEMP.Veles 2018","description":"FireEye Intelligence . (2018, October 23). TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers. Retrieved April 16, 2019.","url":"https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html","source":"MITRE","title":"TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers","authors":"FireEye Intelligence","date_accessed":"2019-04-16T00:00:00Z","date_published":"2018-10-23T00:00:00Z","owner_name":null,"tidal_id":"c2474f8a-75d1-525f-becf-89a55848296b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420456Z"},{"id":"4f3d7a08-2cf5-49ed-8bcd-6df180f3d194","name":"Palo Alto MoonWind March 2017","description":"Miller-Osborn, J. and Grunzweig, J.. (2017, March 30). Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations. Retrieved March 30, 2017.","url":"http://researchcenter.paloaltonetworks.com/2017/03/unit42-trochilus-rat-new-moonwind-rat-used-attack-thai-utility-organizations/","source":"MITRE","title":"Trochilus and New MoonWind RATs Used In Attack Against Thai Organizations","authors":"Miller-Osborn, J. and Grunzweig, J.","date_accessed":"2017-03-30T00:00:00Z","date_published":"2017-03-30T00:00:00Z","owner_name":null,"tidal_id":"9041ede1-df55-5da1-8bf1-28ea194e5831","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420741Z"},{"id":"8a5227e5-9b69-5b37-bb1b-e19344f6a92b","name":"Acronis XLoader 2021","description":"Acronis. (2021, November 26). Trojan-as-a-service: From Formbook to XLoader. Retrieved March 11, 2025.","url":"https://www.acronis.com/en-us/cyber-protection-center/posts/trojan-as-a-service-from-formbook-to-xloader/","source":"MITRE","title":"Trojan-as-a-service: From Formbook to XLoader","authors":"Acronis","date_accessed":"2025-03-11T00:00:00Z","date_published":"2021-11-26T00:00:00Z","owner_name":null,"tidal_id":"359c5e51-8885-5f55-a813-02aecea119a8","created":"2025-04-22T20:47:28.077318Z","modified":"2025-12-17T15:08:36.420699Z"},{"id":"7952f365-1284-4461-8bc3-d8e20e38e1ba","name":"CyberESI GTALK","description":"CyberESI. (2011). TROJAN.GTALK. Retrieved September 12, 2024.","url":"https://web.archive.org/web/20141226203328/http://www.cyberengineeringservices.com/2011/12/15/trojan-gtalk/","source":"MITRE","title":"TROJAN.GTALK","authors":"CyberESI","date_accessed":"2024-09-12T00:00:00Z","date_published":"2011-01-01T00:00:00Z","owner_name":null,"tidal_id":"bd1de749-ec2c-5829-99ff-55817d71af3a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442636Z"},{"id":"2f99e508-6d0c-4590-8156-cdcadeef8ed9","name":"Symantec Hydraq Jan 2010","description":"Lelli, A. (2010, January 11). Trojan.Hydraq. Retrieved February 20, 2018.","url":"https://www.symantec.com/security_response/writeup.jsp?docid=2010-011114-1830-99","source":"MITRE","title":"Trojan.Hydraq","authors":"Lelli, A","date_accessed":"2018-02-20T00:00:00Z","date_published":"2010-01-11T00:00:00Z","owner_name":null,"tidal_id":"8ce6b75d-6b51-51aa-b6dd-bab30bb99517","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440048Z"},{"id":"f3461ec0-cd2d-50ce-9f7f-7a96ca88a116","name":"Mandiant Trojanized Windows 10","description":"Mandiant Intelligence. (2022, December 15). Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government. Retrieved September 26, 2025.","url":"https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government","source":"MITRE","title":"Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government","authors":"Mandiant Intelligence","date_accessed":"2025-09-26T00:00:00Z","date_published":"2022-12-15T00:00:00Z","owner_name":null,"tidal_id":"5bfab513-6102-5c47-a758-388a4d80ba62","created":"2025-10-29T21:08:48.165732Z","modified":"2025-12-17T15:08:36.426328Z"},{"id":"d6fb6b97-042c-4a66-a2ba-31c13f96a144","name":"Symantec Security Center Trojan.Kwampirs","description":"Moench, B. and Aboud, E. (2016, August 23). Trojan.Kwampirs. Retrieved May 10, 2018.","url":"https://www.symantec.com/security-center/writeup/2016-081923-2700-99","source":"MITRE","title":"Trojan.Kwampirs","authors":"Moench, B. and Aboud, E","date_accessed":"2018-05-10T00:00:00Z","date_published":"2016-08-23T00:00:00Z","owner_name":null,"tidal_id":"52460987-94cd-5a81-ba78-9e2ded26f976","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441743Z"},{"id":"dc3c16b3-e06b-4b56-b6bd-b98a0b39df3b","name":"Symantec Naid June 2012","description":"Neville, A. (2012, June 15). Trojan.Naid. Retrieved February 22, 2018.","url":"https://www.symantec.com/security_response/writeup.jsp?docid=2012-061518-4639-99","source":"MITRE","title":"Trojan.Naid","authors":"Neville, A","date_accessed":"2018-02-22T00:00:00Z","date_published":"2012-06-15T00:00:00Z","owner_name":null,"tidal_id":"f3f71a62-b625-5d24-b1b9-654da7f5a6fb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418198Z"},{"id":"c8135017-43c5-4bde-946e-141684c29b7a","name":"Symantec Pasam May 2012","description":"Mullaney, C. & Honda, H. (2012, May 4). Trojan.Pasam. Retrieved February 22, 2018.","url":"https://www.symantec.com/security_response/writeup.jsp?docid=2012-050412-4128-99","source":"MITRE","title":"Trojan.Pasam","authors":"Mullaney, C. & Honda, H","date_accessed":"2018-02-22T00:00:00Z","date_published":"2012-05-04T00:00:00Z","owner_name":null,"tidal_id":"75f7abda-a863-5e3f-941f-45bd6822df75","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422149Z"},{"id":"2b0c16e3-9ea0-455e-ae01-18d9b388fea6","name":"Microsoft TrojanSpy:Win32/Ursnif.gen!I Sept 2017","description":"Microsoft. (2017, September 15). TrojanSpy:Win32/Ursnif.gen!I. Retrieved December 18, 2017.","url":"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanSpy:Win32/Ursnif.gen!I&threatId=-2147336918","source":"MITRE","title":"TrojanSpy:Win32/Ursnif.gen!I","authors":"Microsoft","date_accessed":"2017-12-18T00:00:00Z","date_published":"2017-09-15T00:00:00Z","owner_name":null,"tidal_id":"d2923a39-243a-5458-996f-ea438200bed9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430575Z"},{"id":"9df2b407-df20-403b-ba1b-a681b9c74c7e","name":"Symantec Ushedix June 2008","description":"Symantec. (2008, June 28). Trojan.Ushedix. Retrieved December 18, 2017.","url":"https://www.symantec.com/security_response/writeup.jsp?docid=2008-062807-2501-99&tabid=2","source":"MITRE","title":"Trojan.Ushedix","authors":"Symantec","date_accessed":"2017-12-18T00:00:00Z","date_published":"2008-06-28T00:00:00Z","owner_name":null,"tidal_id":"f7c7f162-a6e6-50a5-9446-360acdc2dc18","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430306Z"},{"id":"8f5ba106-267a-4f9e-9498-04e27f509c5e","name":"Symantec Volgmer Aug 2014","description":"Yagi, J. (2014, August 24). Trojan.Volgmer. Retrieved July 16, 2018.","url":"https://web.archive.org/web/20181126143456/https://www.symantec.com/security-center/writeup/2014-081811-3237-99?tabid=2","source":"MITRE","title":"Trojan.Volgmer","authors":"Yagi, J","date_accessed":"2018-07-16T00:00:00Z","date_published":"2014-08-24T00:00:00Z","owner_name":null,"tidal_id":"3de7482e-07d3-54d9-889d-015dbb52589a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418225Z"},{"id":"e4ed8915-8f1e-47a0-ad99-075c66fa9cd3","name":"FSecure Lokibot November 2019","description":"Kazem, M. (2019, November 25). Trojan:W32/Lokibot. Retrieved May 15, 2020.","url":"https://www.f-secure.com/v-descs/trojan_w32_lokibot.shtml","source":"MITRE","title":"Trojan:W32/Lokibot","authors":"Kazem, M","date_accessed":"2020-05-15T00:00:00Z","date_published":"2019-11-25T00:00:00Z","owner_name":null,"tidal_id":"f711a81f-27ba-5a6d-8f0e-1610b3ad8fcc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441393Z"},{"id":"3abe861b-0e3b-458a-98cf-38450058b4a5","name":"Microsoft Totbrick Oct 2017","description":"Pornasdoro, A. (2017, October 12). Trojan:Win32/Totbrick. Retrieved September 14, 2018.","url":"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/Totbrick","source":"MITRE","title":"Trojan:Win32/Totbrick","authors":"Pornasdoro, A","date_accessed":"2018-09-14T00:00:00Z","date_published":"2017-10-12T00:00:00Z","owner_name":null,"tidal_id":"5637b165-ec0a-5d7a-b360-0be24895c435","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416428Z"},{"id":"8a4583fe-cf73-47ba-a4ea-3e5ef1eb51b6","name":"Ciubotariu 2014","description":"Ciubotariu, M. (2014, January 23). Trojan.Zeroaccess.C Hidden in NTFS EA. Retrieved December 2, 2014.","url":"http://www.symantec.com/connect/blogs/trojanzeroaccessc-hidden-ntfs-ea","source":"MITRE","title":"Trojan.Zeroaccess.C Hidden in NTFS EA","authors":"Ciubotariu, M","date_accessed":"2014-12-02T00:00:00Z","date_published":"2014-01-23T00:00:00Z","owner_name":null,"tidal_id":"5dd718db-48e2-5821-9941-58de32bc88ab","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442838Z"},{"id":"5d9e974f-07f8-48e4-96b6-632ecb31465d","name":"TrendMicro TROJ-FAKEAV OCT 2012","description":"Sioting, S. (2012, October 8). TROJ_FAKEAV.GZD. Retrieved August 8, 2018.","url":"https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_fakeav.gzd","source":"MITRE","title":"TROJ_FAKEAV.GZD","authors":"Sioting, S","date_accessed":"2018-08-08T00:00:00Z","date_published":"2012-10-08T00:00:00Z","owner_name":null,"tidal_id":"2c1a91a9-4c9d-5f2b-86c3-04a96adf11c0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430735Z"},{"id":"c3790ad6-704a-4076-8729-61b5df9d7983","name":"troj_zegost","description":"Trend Micro. (2012, October 9). TROJ_ZEGOST. Retrieved September 2, 2021.","url":"https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_zegost","source":"MITRE","title":"TROJ_ZEGOST","authors":"Trend Micro","date_accessed":"2021-09-02T00:00:00Z","date_published":"2012-10-09T00:00:00Z","owner_name":null,"tidal_id":"132c2f5b-3cb2-5a6b-9fdc-1fe92a76ce90","created":"2022-12-14T20:06:32.013016Z","modified":"2025-04-22T20:47:10.432663Z"},{"id":"6c4b92ae-93d4-5851-9cbb-c98e6603b870","name":"ASEC Troll Stealer 2024","description":"AhnLab ASEC. (2024, February 16). TrollAgent That Infects Systems Upon Security Program Installation Process (Kimsuky Group). Retrieved January 17, 2025.","url":"https://asec.ahnlab.com/en/61934/","source":"MITRE","title":"TrollAgent That Infects Systems Upon Security Program Installation Process (Kimsuky Group)","authors":"AhnLab ASEC","date_accessed":"2025-01-17T00:00:00Z","date_published":"2024-02-16T00:00:00Z","owner_name":null,"tidal_id":"1575b33d-ad8a-533e-9548-eeffc7dffc24","created":"2025-04-22T20:47:29.714116Z","modified":"2025-12-17T15:08:36.440062Z"},{"id":"4fbc1df0-f174-4461-817d-0baf6e947ba1","name":"TrendMicro Tropic Trooper May 2020","description":"Chen, J.. (2020, May 12). Tropic Trooper’s Back: USBferry Attack Targets Air gapped Environments. Retrieved May 20, 2020.","url":"https://documents.trendmicro.com/assets/Tech-Brief-Tropic-Trooper-s-Back-USBferry-Attack-Targets-Air-gapped-Environments.pdf","source":"MITRE, Tidal Cyber","title":"Tropic Trooper’s Back: USBferry Attack Targets Air gapped Environments","authors":"Chen, J.","date_accessed":"2020-05-20T00:00:00Z","date_published":"2020-05-12T00:00:00Z","owner_name":null,"tidal_id":"a3df1fbb-f30f-5487-9776-554af0c1da52","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.260019Z"},{"id":"5d69d122-13bc-45c4-95ab-68283a21b699","name":"TrendMicro Tropic Trooper Mar 2018","description":"Horejsi, J., et al. (2018, March 14). Tropic Trooper’s New Strategy. Retrieved November 9, 2018.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/","source":"MITRE, Tidal Cyber","title":"Tropic Trooper’s New Strategy","authors":"Horejsi, J., et al","date_accessed":"2018-11-09T00:00:00Z","date_published":"2018-03-14T00:00:00Z","owner_name":null,"tidal_id":"82543f62-85aa-5015-b2ac-bc99407d566c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279319Z"},{"id":"cad84e3d-9506-44f8-bdd9-d090e6ce9b06","name":"Unit 42 Tropic Trooper Nov 2016","description":"Ray, V. (2016, November 22). Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy. Retrieved November 9, 2018.","url":"https://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/","source":"MITRE","title":"Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy","authors":"Ray, V","date_accessed":"2018-11-09T00:00:00Z","date_published":"2016-11-22T00:00:00Z","owner_name":null,"tidal_id":"13a93558-a2ee-57dd-a998-cc0006a6060d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438738Z"},{"id":"47524b17-1acd-44b1-8de5-168369fa9455","name":"paloalto Tropic Trooper 2016","description":"Ray, V., et al. (2016, November 22). Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy. Retrieved December 18, 2020.","url":"https://unit42.paloaltonetworks.com/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/","source":"MITRE","title":"Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy","authors":"Ray, V., et al","date_accessed":"2020-12-18T00:00:00Z","date_published":"2016-11-22T00:00:00Z","owner_name":null,"tidal_id":"4f448bda-f91a-569e-90e0-be648558144d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426247Z"},{"id":"fb9ad2ce-c6bc-584b-b42e-0e7c23e5d6cc","name":"Microsoft Conditional Access Policy Changes","description":"Microsoft. (2023, October 23). Troubleshooting Conditional Access policy changes. Retrieved January 2, 2024.","url":"https://learn.microsoft.com/en-us/entra/identity/conditional-access/troubleshoot-policy-changes-audit-log","source":"MITRE","title":"Troubleshooting Conditional Access policy changes","authors":"Microsoft","date_accessed":"2024-01-02T00:00:00Z","date_published":"2023-10-23T00:00:00Z","owner_name":null,"tidal_id":"29c0c423-b530-5216-b914-aab356bf4582","created":"2024-04-25T13:28:51.007256Z","modified":"2025-04-22T20:47:30.180996Z"},{"id":"324a563f-55ee-49e9-9fc7-2b8e35f36875","name":"GitHub truffleHog","description":"Dylan Ayrey. (2016, December 31). truffleHog. Retrieved October 19, 2020.","url":"https://github.com/dxa4481/truffleHog","source":"MITRE","title":"truffleHog","authors":"Dylan Ayrey","date_accessed":"2020-10-19T00:00:00Z","date_published":"2016-12-31T00:00:00Z","owner_name":null,"tidal_id":"5facb799-854c-5bb5-80ae-5743781060d4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429520Z"},{"id":"9d99fe5f-b4a1-5db2-b8ee-76e30cef45be","name":"N/A","description":"N/A. (n.d.). Trusted Platform Module (TPM) Summary. Retrieved 2020/09/25","url":"https://www.trustedcomputinggroup.org/wp-content/uploads/Trusted-Platform-Module-Summary_04292008.pdf","source":"ICS","title":"Trusted Platform Module (TPM) Summary","authors":"N/A","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2dd3d9c8-004c-5afe-a129-2000a03a635e","created":"2026-01-28T13:08:18.179033Z","modified":"2026-01-28T13:08:18.179036Z"},{"id":"51a2a2fd-7828-449d-aab5-dbcf5d37f020","name":"TCG Trusted Platform Module","description":"Trusted Computing Group. (2008, April 29). Trusted Platform Module (TPM) Summary. Retrieved June 8, 2016.","url":"http://www.trustedcomputinggroup.org/wp-content/uploads/Trusted-Platform-Module-Summary_04292008.pdf","source":"MITRE","title":"Trusted Platform Module (TPM) Summary","authors":"Trusted Computing Group","date_accessed":"2016-06-08T00:00:00Z","date_published":"2008-04-29T00:00:00Z","owner_name":null,"tidal_id":"03878cba-9b2f-5b86-934e-a53e159c0d6e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415586Z"},{"id":"e6bfc6a8-9eea-4c65-9c2b-04749da72a92","name":"Microsoft Trusts","description":"Microsoft. (2009, October 7). Trust Technologies. Retrieved February 14, 2019.","url":"https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc759554(v=ws.10)","source":"MITRE","title":"Trust Technologies","authors":"Microsoft","date_accessed":"2019-02-14T00:00:00Z","date_published":"2009-10-07T00:00:00Z","owner_name":null,"tidal_id":"af3226e8-aff8-5931-a954-fb2954407978","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431337Z"},{"id":"64f94126-de4c-4204-8409-d26804f32cff","name":"SSHjack Blackhat","description":"Adam Boileau. (2005, August 5). Trust Transience: Post Intrusion SSH Hijacking. Retrieved December 19, 2017.","url":"https://www.blackhat.com/presentations/bh-usa-05/bh-us-05-boileau.pdf","source":"MITRE","title":"Trust Transience: Post Intrusion SSH Hijacking","authors":"Adam Boileau","date_accessed":"2017-12-19T00:00:00Z","date_published":"2005-08-05T00:00:00Z","owner_name":null,"tidal_id":"ef249d10-0775-5b59-b195-fabaacd07130","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429216Z"},{"id":"962eb2df-3c54-461c-a40c-123dec2e457e","name":"Trust Blog December 30 2025","description":"Trust Wallet. (2025, December 30). Trust Wallet Browser Extension v2.68 Incident: An Update to Our Community | Trust. Retrieved January 5, 2026.","url":"https://trustwallet.com/blog/announcements/trust-wallet-browser-extension-v268-incident-community-update","source":"Tidal Cyber","title":"Trust Wallet Browser Extension v2.68 Incident: An Update to Our Community | Trust","authors":"Trust Wallet","date_accessed":"2026-01-05T12:00:00Z","date_published":"2025-12-30T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"cb4fd64c-a0cf-5ee6-a7b3-8d4606a013c5","created":"2026-01-06T18:03:35.191508Z","modified":"2026-01-06T18:03:35.326038Z"},{"id":"d6419764-f203-4089-8b38-860c442238e7","name":"Trend Micro Totbrick Oct 2016","description":"Antazo, F. (2016, October 31). TSPY_TRICKLOAD.N. Retrieved September 14, 2018.","url":"https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/tspy_trickload.n","source":"MITRE","title":"TSPY_TRICKLOAD.N","authors":"Antazo, F","date_accessed":"2018-09-14T00:00:00Z","date_published":"2016-10-31T00:00:00Z","owner_name":null,"tidal_id":"3f774939-623b-5091-84b6-27d5fa4833f3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416406Z"},{"id":"3146c9c9-9836-4ce5-afe6-ef8f7b4a7b9d","name":"Ttdinject.exe - LOLBAS Project","description":"LOLBAS. (2020, May 12). Ttdinject.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Ttdinject/","source":"Tidal Cyber","title":"Ttdinject.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-05-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8a87d2d3-5567-5d17-9de2-cb69f26acecb","created":"2024-01-12T14:47:04.275425Z","modified":"2024-01-12T14:47:04.467951Z"},{"id":"f3e60cae-3225-4800-bc15-cb46ff715061","name":"ttint_rat","description":"Tu, L. Ma, Y. Ye, G. (2020, October 1). Ttint: An IoT Remote Access Trojan spread through 2 0-day vulnerabilities. Retrieved October 28, 2021.","url":"https://blog.netlab.360.com/ttint-an-iot-remote-control-trojan-spread-through-2-0-day-vulnerabilities/","source":"MITRE","title":"Ttint: An IoT Remote Access Trojan spread through 2 0-day vulnerabilities","authors":"Tu, L. Ma, Y. Ye, G","date_accessed":"2021-10-28T00:00:00Z","date_published":"2020-10-01T00:00:00Z","owner_name":null,"tidal_id":"9387eb09-566d-540f-820f-e781323b05b9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423956Z"},{"id":"de5a3cdd-2169-5d1c-b78a-e5fbdf55a71c","name":"Picus BlackByte 2022","description":"Huseyin Can Yuceel. (2022, February 21). TTPs used by BlackByte Ransomware Targeting Critical Infrastructure. Retrieved December 16, 2024.","url":"https://www.picussecurity.com/resource/ttps-used-by-blackbyte-ransomware-targeting-critical-infrastructure","source":"MITRE","title":"TTPs used by BlackByte Ransomware Targeting Critical Infrastructure","authors":"Huseyin Can Yuceel","date_accessed":"2024-12-16T00:00:00Z","date_published":"2022-02-21T00:00:00Z","owner_name":null,"tidal_id":"5c2cb49b-1b37-5ea4-ae21-8388ce1a0a37","created":"2025-04-22T20:47:22.660490Z","modified":"2025-12-17T15:08:36.439080Z"},{"id":"7c88a77e-034e-4847-8bd7-1be3a684a158","name":"Tttracer.exe - LOLBAS Project","description":"LOLBAS. (2019, November 5). Tttracer.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Tttracer/","source":"Tidal Cyber","title":"Tttracer.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2019-11-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"15d68478-4d51-5462-941a-edcac8552b76","created":"2024-01-12T14:47:04.649979Z","modified":"2024-01-12T14:47:04.827093Z"},{"id":"43773784-92b8-4722-806c-4b1fc4278bb0","name":"Invincea XTunnel","description":"Belcher, P.. (2016, July 28). Tunnel of Gov: DNC Hack and the Russian XTunnel. Retrieved August 3, 2016.","url":"https://www.invincea.com/2016/07/tunnel-of-gov-dnc-hack-and-the-russian-xtunnel/","source":"MITRE","title":"Tunnel of Gov: DNC Hack and the Russian XTunnel","authors":"Belcher, P.","date_accessed":"2016-08-03T00:00:00Z","date_published":"2016-07-28T00:00:00Z","owner_name":null,"tidal_id":"79a88739-0a11-5fc4-9361-b830ca1c357c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419543Z"},{"id":"4fc8c559-c2a1-4834-914f-c66621b117c3","name":"Sysadmins of the North April 28 2015","description":"Jan reilink. (2015, April 28). Tunnel RDP through SSH & PuTTY. Retrieved May 25, 2023.","url":"https://www.saotn.org/tunnel-rdp-through-ssh/","source":"Tidal Cyber","title":"Tunnel RDP through SSH & PuTTY","authors":"Jan reilink","date_accessed":"2023-05-25T00:00:00Z","date_published":"2015-04-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fb6e2d66-8952-567f-8d19-00566442e660","created":"2024-06-13T20:10:31.876017Z","modified":"2024-06-13T20:10:32.067725Z"},{"id":"a386b614-a808-42cf-be23-658f71b31560","name":"ThreatGeek Derusbi Converge","description":"Fidelis Threat Research Team. (2016, May 2). Turbo Twist: Two 64-bit Derusbi Strains Converge. Retrieved August 16, 2018.","url":"https://www.fidelissecurity.com/threatgeek/threat-intelligence/turbo-twist-two-64-bit-derusbi-strains-converge","source":"MITRE","title":"Turbo Twist: Two 64-bit Derusbi Strains Converge","authors":"Fidelis Threat Research Team","date_accessed":"2018-08-16T00:00:00Z","date_published":"2016-05-02T00:00:00Z","owner_name":null,"tidal_id":"5cde2086-1ed8-5e0e-8998-94ee5b6774b3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441648Z"},{"id":"cf84498c-110e-5f94-ace8-059703615654","name":"Hunt Sea Turtle 2024","description":"Hunt & Hackett Research Team. (2024, January 5). Turkish espionage campaigns in the Netherlands. Retrieved November 20, 2024.","url":"https://www.huntandhackett.com/blog/turkish-espionage-campaigns","source":"MITRE","title":"Turkish espionage campaigns in the Netherlands","authors":"Hunt & Hackett Research Team","date_accessed":"2024-11-20T00:00:00Z","date_published":"2024-01-05T00:00:00Z","owner_name":null,"tidal_id":"a0e5cebb-9b63-5b66-b3a4-ecc7b1140b1c","created":"2025-04-22T20:47:24.066727Z","modified":"2025-12-17T15:08:36.439157Z"},{"id":"d8f43a52-a59e-5567-8259-821b1b6bde43","name":"Mandiant Suspected Turla Campaign February 2023","description":"Hawley, S. et al. (2023, February 2). Turla: A Galaxy of Opportunity. Retrieved May 15, 2023.","url":"https://www.mandiant.com/resources/blog/turla-galaxy-opportunity","source":"MITRE","title":"Turla: A Galaxy of Opportunity","authors":"Hawley, S. et al","date_accessed":"2023-05-15T00:00:00Z","date_published":"2023-02-02T00:00:00Z","owner_name":null,"tidal_id":"36141fa5-7f19-54ce-9f8a-d68cc9ea8945","created":"2023-11-07T00:36:10.392243Z","modified":"2025-12-17T15:08:36.416846Z"},{"id":"8b2f40f5-7dca-4edf-8314-a8f5bc4831b8","name":"ESET Crutch December 2020","description":"Faou, M. (2020, December 2). Turla Crutch: Keeping the “back door” open. Retrieved December 4, 2020.","url":"https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/","source":"MITRE","title":"Turla Crutch: Keeping the “back door” open","authors":"Faou, M","date_accessed":"2020-12-04T00:00:00Z","date_published":"2020-12-02T00:00:00Z","owner_name":null,"tidal_id":"a97fd26a-3cab-59b0-bce3-14d2ddb794c2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419683Z"},{"id":"679aa333-572c-44ba-b94a-606f168d1ed2","name":"ESET LightNeuron May 2019","description":"Faou, M. (2019, May). Turla LightNeuron: One email away from remote code execution. Retrieved June 24, 2019.","url":"https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf","source":"MITRE","title":"Turla LightNeuron: One email away from remote code execution","authors":"Faou, M","date_accessed":"2019-06-24T00:00:00Z","date_published":"2019-05-01T00:00:00Z","owner_name":null,"tidal_id":"7d0b0a4b-1a7a-5672-97c6-55b3a101d68d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419395Z"},{"id":"d683b8a2-7f90-4ae3-b763-c25fd701dbf6","name":"ESET Turla Mosquito May 2018","description":"ESET Research. (2018, May 22). Turla Mosquito: A shift towards more generic tools. Retrieved July 3, 2018.","url":"https://www.welivesecurity.com/2018/05/22/turla-mosquito-shift-towards-generic-tools/","source":"MITRE","title":"Turla Mosquito: A shift towards more generic tools","authors":"ESET Research","date_accessed":"2018-07-03T00:00:00Z","date_published":"2018-05-22T00:00:00Z","owner_name":null,"tidal_id":"3ef21d2c-54bf-5e93-b197-d6f09f48b449","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440805Z"},{"id":"e725fb9d-65b9-4e3f-9930-13c2c74b7fa4","name":"ESET Turla August 2018","description":"ESET. (2018, August). Turla Outlook Backdoor: Analysis of an unusual Turla backdoor. Retrieved March 11, 2019.","url":"https://www.welivesecurity.com/wp-content/uploads/2018/08/Eset-Turla-Outlook-Backdoor.pdf","source":"MITRE","title":"Turla Outlook Backdoor: Analysis of an unusual Turla backdoor","authors":"ESET","date_accessed":"2019-03-11T00:00:00Z","date_published":"2018-08-01T00:00:00Z","owner_name":null,"tidal_id":"81dd6991-fb5a-580e-8b34-48091bd5a8cd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441461Z"},{"id":"680f2a0b-f69d-48bd-93ed-20ee2f79e3f7","name":"Accenture HyperStack October 2020","description":"Accenture. (2020, October). Turla uses HyperStack, Carbon, and Kazuar to compromise government entity. Retrieved December 2, 2020.","url":"https://www.accenture.com/us-en/blogs/cyber-defense/turla-belugasturgeon-compromises-government-entity","source":"MITRE","title":"Turla uses HyperStack, Carbon, and Kazuar to compromise government entity","authors":"Accenture","date_accessed":"2020-12-02T00:00:00Z","date_published":"2020-10-01T00:00:00Z","owner_name":null,"tidal_id":"64d1980a-f023-5e51-b881-70590f5b153b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417572Z"},{"id":"dfd28a01-56ba-4c0c-9742-d8b1db49df06","name":"Gmail Delegation","description":"Google. (n.d.). Turn Gmail delegation on or off. Retrieved April 1, 2022.","url":"https://support.google.com/a/answer/7223765?hl=en","source":"MITRE","title":"Turn Gmail delegation on or off","authors":"Google","date_accessed":"2022-04-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1757640a-79ff-5d3f-a44c-cac14bd4a824","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435916Z"},{"id":"3dc4b69c-8cae-4489-8df2-5f55419fb3b1","name":"Google Cloud Privilege Escalation","description":"Chris Moberly. (2020, February 12). Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments. Retrieved April 1, 2022.","url":"https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/","source":"MITRE","title":"Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments","authors":"Chris Moberly","date_accessed":"2022-04-01T00:00:00Z","date_published":"2020-02-12T00:00:00Z","owner_name":null,"tidal_id":"2ba1dc9f-9fdc-5b75-8d2c-cbd6416690fb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430871Z"},{"id":"3006af23-b802-400f-841d-7eea7d748d28","name":"SSH in Windows","description":"Microsoft. (2020, May 19). Tutorial: SSH in Windows Terminal. Retrieved July 26, 2021.","url":"https://docs.microsoft.com/en-us/windows/terminal/tutorials/ssh","source":"MITRE","title":"Tutorial: SSH in Windows Terminal","authors":"Microsoft","date_accessed":"2021-07-26T00:00:00Z","date_published":"2020-05-19T00:00:00Z","owner_name":null,"tidal_id":"327f0f6e-b442-5755-bb8a-a5a76a044c00","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434914Z"},{"id":"2d49cd9a-65d4-533f-bc48-6f95d31f45d8","name":"Beckhoff","description":"Beckhoff. (n.d.). TwinCAT 3 Source Control: Project Files. Retrieved 2019/11/21","url":"https://infosys.beckhoff.com/english.php?content=../content/1033/tc3_sourcecontrol/18014398915785483.html&id=","source":"ICS","title":"TwinCAT 3 Source Control: Project Files","authors":"Beckhoff","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f1cfc773-d0f8-58ac-8239-184c87c897ae","created":"2026-01-28T13:08:18.178278Z","modified":"2026-01-28T13:08:18.178281Z"},{"id":"87c9f8e4-f8d1-4f19-86ca-6fd18a33890b","name":"Microsoft NEODYMIUM Dec 2016","description":"Microsoft. (2016, December 14). Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe. Retrieved November 27, 2017.","url":"https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/","source":"MITRE, Tidal Cyber","title":"Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe","authors":"Microsoft","date_accessed":"2017-11-27T00:00:00Z","date_published":"2016-12-14T00:00:00Z","owner_name":null,"tidal_id":"3f5f2cc8-ee10-5286-bf58-d2184a373f97","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.259679Z"},{"id":"7d701a8e-6816-5112-ac16-b36e71d7c5db","name":"Twitter Richard WMIC","description":"Ackroyd, R. (2023, March 24). Twitter. Retrieved September 12, 2024.","url":"https://x.com/rfackroyd/status/1639136000755765254","source":"MITRE","title":"Twitter","authors":"Ackroyd, R","date_accessed":"2024-09-12T00:00:00Z","date_published":"2023-03-24T00:00:00Z","owner_name":null,"tidal_id":"ef695b71-042b-54de-a392-d55b9256dedc","created":"2023-05-26T01:21:10.163402Z","modified":"2025-12-17T15:08:36.435228Z"},{"id":"0f133f2c-3b02-4b3b-a960-ef6a7862cf8f","name":"Twitter Nick Carr APT10","description":"Carr, N.. (2017, April 6). Retrieved September 12, 2024.","url":"https://x.com/ItsReallyNick/status/850105140589633536","source":"MITRE","title":"Twitter Nick Carr APT10","authors":"","date_accessed":"2024-09-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7c94b070-93a8-5aa0-a62f-714ac6ef30ee","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417124Z"},{"id":"42fe94f5-bc4c-4b0b-9c35-0bc32cbc5d79","name":"Crowdstrike KRYPTONITE PANDA August 2018","description":"Adam Kozy. (2018, August 30). Two Birds, One Stone Panda. Retrieved August 24, 2021.","url":"https://www.crowdstrike.com/blog/two-birds-one-stone-panda/","source":"MITRE","title":"Two Birds, One Stone Panda","authors":"Adam Kozy","date_accessed":"2021-08-24T00:00:00Z","date_published":"2018-08-30T00:00:00Z","owner_name":null,"tidal_id":"8b765f1d-785d-5301-9157-af10b69a0d39","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438432Z"},{"id":"a797397b-2af7-58b9-b66a-5ded260659f0","name":"Two New Monero Malware Attacks Target Windows and Android Users","description":"Douglas Bonderud. (2018, September 17). Two New Monero Malware Attacks Target Windows and Android Users. Retrieved June 5, 2023.","url":"https://securityintelligence.com/news/two-new-monero-malware-attacks-target-windows-and-android-users/","source":"MITRE","title":"Two New Monero Malware Attacks Target Windows and Android Users","authors":"Douglas Bonderud","date_accessed":"2023-06-05T00:00:00Z","date_published":"2018-09-17T00:00:00Z","owner_name":null,"tidal_id":"45b182c6-86b8-5603-be48-45e1b4c36079","created":"2023-11-07T00:36:08.950112Z","modified":"2025-12-17T15:08:36.436033Z"},{"id":"9ee58ce9-b201-4494-a071-7a82571e05fd","name":"Anonymous Sudan Indictment October 16 2024","description":"U.S. Attorney's Office Central District of California. (2024, October 16). Two Sudanese Nationals Indicted for Alleged Role in Anonymous Sudan Cyberattacks. Retrieved October 18, 2024.","url":"https://www.justice.gov/usao-cdca/pr/two-sudanese-nationals-indicted-alleged-role-anonymous-sudan-cyberattacks-hospitals","source":"Tidal Cyber","title":"Two Sudanese Nationals Indicted for Alleged Role in Anonymous Sudan Cyberattacks","authors":"U.S. Attorney's Office Central District of California","date_accessed":"2024-10-18T00:00:00Z","date_published":"2024-10-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fef92646-b8c9-5ede-aacc-c360bf07e5bc","created":"2024-10-18T13:25:16.793057Z","modified":"2024-10-18T13:25:17.223910Z"},{"id":"f02b8fe5-f0e4-5e67-9453-f7bbcae8af70","name":"Computerworld-iPhoneCracking","description":"Lucas Mearian. (2018, May 9). Two vendors now sell iPhone cracking technology – and police are buying. Retrieved November","url":"https://www.techcentral.ie/two-vendors-now-sell-iphone-cracking-technology-police-buying/","source":"Mobile","title":"Two vendors now sell iPhone cracking technology – and police are buying","authors":"Lucas Mearian","date_accessed":"1978-11-01T00:00:00Z","date_published":"2018-05-09T00:00:00Z","owner_name":null,"tidal_id":"35ccfac5-8676-5ee4-8676-ede923df12ca","created":"2026-01-28T13:08:10.044327Z","modified":"2026-01-28T13:08:10.044330Z"},{"id":"d92f22a7-7753-47da-a850-00c073b5fd27","name":"Trend Micro Pawn Storm April 2017","description":"Hacquebord, F.. (2017, April 25). Two Years of Pawn Storm: Examining an Increasingly Relevant Threat. Retrieved May 3, 2017.","url":"https://documents.trendmicro.com/assets/wp/wp-two-years-of-pawn-storm.pdf","source":"MITRE","title":"Two Years of Pawn Storm: Examining an Increasingly Relevant Threat","authors":"Hacquebord, F.","date_accessed":"2017-05-03T00:00:00Z","date_published":"2017-04-25T00:00:00Z","owner_name":null,"tidal_id":"0711d316-e489-5fab-ae0e-cbf0c1f1bcd7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442119Z"},{"id":"32298444-284a-4991-ba3b-a80bd62be903","name":"Tyler McLellan UNC2190 September 26 2024","description":"tylabs. (2024, September 26). Tyler McLellan UNC2190 Tweet. Retrieved October 3, 2024.","url":"https://x.com/tylabs/status/1839392050086908022","source":"Tidal Cyber","title":"Tyler McLellan UNC2190 Tweet","authors":"tylabs","date_accessed":"2024-10-03T00:00:00Z","date_published":"2024-09-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"56af6426-a780-547d-a880-70efc944efc7","created":"2024-10-04T20:31:31.439950Z","modified":"2024-10-04T20:31:31.625457Z"},{"id":"d82e5170-b9be-5a60-a2a1-8df658740639","name":"CERT-UA WinterVivern 2023","description":"CERT-UA. (2023, February 1). UAC-0114 aka Winter Vivern to target Ukrainian and Polish GOV entities (CERT-UA#5909). Retrieved July 29, 2024.","url":"https://cert.gov.ua/article/3761104","source":"MITRE","title":"UAC-0114 aka Winter Vivern to target Ukrainian and Polish GOV entities (CERT-UA#5909)","authors":"CERT-UA","date_accessed":"2024-07-29T00:00:00Z","date_published":"2023-02-01T00:00:00Z","owner_name":null,"tidal_id":"87a56a04-ccbe-5091-80b5-5b5275242a8d","created":"2024-10-31T16:28:30.117232Z","modified":"2025-12-17T15:08:36.439336Z"},{"id":"a49c5870-2a48-4cd7-8b4e-e80c5414f565","name":"Almond COR_PROFILER Apr 2019","description":"Almond. (2019, April 30). UAC bypass via elevated .NET applications. Retrieved June 24, 2020.","url":"https://offsec.almond.consulting/UAC-bypass-dotnet.html","source":"MITRE","title":"UAC bypass via elevated .NET applications","authors":"Almond","date_accessed":"2020-06-24T00:00:00Z","date_published":"2019-04-30T00:00:00Z","owner_name":null,"tidal_id":"98779bc2-c915-5dac-8a1e-1e230b4f2951","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436987Z"},{"id":"7006d59d-3b61-4030-a680-5dac52133722","name":"Github UACMe","description":"UACME Project. (2016, June 16). UACMe. Retrieved July 26, 2016.","url":"https://github.com/hfiref0x/UACME","source":"MITRE","title":"UACMe","authors":"UACME Project","date_accessed":"2016-07-26T00:00:00Z","date_published":"2016-06-16T00:00:00Z","owner_name":null,"tidal_id":"e8e028cf-6f66-5564-b32f-1d716395b8f7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416240Z"},{"id":"74959041-08ca-41fc-8ceb-675f1fefd765","name":"Cisco Talos Blog January 08 2026","description":"Asheer Malhotra. (2026, January 8). UAT-7290 targets high value telecommunications infrastructure in South Asia. Retrieved January 12, 2026.","url":"https://blog.talosintelligence.com/uat-7290/","source":"Tidal Cyber","title":"UAT-7290 targets high value telecommunications infrastructure in South Asia","authors":"Asheer Malhotra","date_accessed":"2026-01-12T12:00:00Z","date_published":"2026-01-08T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"154605fc-cdef-56f2-8d2e-942139ab7468","created":"2026-01-14T13:29:45.193008Z","modified":"2026-01-14T13:29:45.370095Z"},{"id":"d2d2ef04-150e-445d-811e-e0174dfc3d10","name":"Cisco Talos Blog October 02 2025 10 02 2025","description":"Joey Chen. (2025, October 2). UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud. Retrieved October 3, 2025.","url":"https://blog.talosintelligence.com/uat-8099-chinese-speaking-cybercrime-group-seo-fraud/","source":"Tidal Cyber","title":"UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud","authors":"Joey Chen","date_accessed":"2025-10-03T12:00:00Z","date_published":"2025-10-02T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ae623aa6-7ae3-5958-8fab-78b301d300ea","created":"2025-10-07T14:06:56.258632Z","modified":"2025-10-07T14:06:56.388011Z"},{"id":"1ef07f79-df28-441c-b4f6-b4e396a01353","name":"Cisco Talos Blog December 17 2025","description":"Cisco Talos. (2025, December 17). UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager. Retrieved December 19, 2025.","url":"https://blog.talosintelligence.com/uat-9686/","source":"Tidal Cyber","title":"UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager","authors":"Cisco Talos","date_accessed":"2025-12-19T12:00:00Z","date_published":"2025-12-17T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9d86e4ae-a783-5ee4-a3d1-80483a24ab03","created":"2025-12-24T14:56:04.568832Z","modified":"2025-12-24T14:56:04.698969Z"},{"id":"f117cfa5-1bad-43ae-9eaa-3b9123061f93","name":"ZScaler SEO","description":"Wang, J. (2018, October 17). Ubiquitous SEO Poisoning URLs. Retrieved September 30, 2022.","url":"https://www.zscaler.com/blogs/security-research/ubiquitous-seo-poisoning-urls-0","source":"MITRE","title":"Ubiquitous SEO Poisoning URLs","authors":"Wang, J","date_accessed":"2022-09-30T00:00:00Z","date_published":"2018-10-17T00:00:00Z","owner_name":null,"tidal_id":"3f16042b-1dd5-583a-a6c9-18b5a83fc730","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435814Z"},{"id":"235a1129-2f35-4861-90b8-1f761d89b0f9","name":"PaloAlto UBoatRAT Nov 2017","description":"Hayashi, K. (2017, November 28). UBoatRAT Navigates East Asia. Retrieved January 12, 2018.","url":"https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/","source":"MITRE","title":"UBoatRAT Navigates East Asia","authors":"Hayashi, K","date_accessed":"2018-01-12T00:00:00Z","date_published":"2017-11-28T00:00:00Z","owner_name":null,"tidal_id":"1da8c192-902d-5490-9793-e096dd4e6caa","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418588Z"},{"id":"f7eeed3f-485b-4130-a10b-e19045e97a2d","name":"Fortinet Blog December 04 2025","description":"None Identified. (2025, December 4). UDPGangster Campaigns Target Multiple Countries | FortiGuard Labs. Retrieved December 5, 2025.","url":"https://www.fortinet.com/blog/threat-research/udpgangster-campaigns-target-multiple-countries","source":"Tidal Cyber","title":"UDPGangster Campaigns Target Multiple Countries | FortiGuard Labs","authors":"None Identified","date_accessed":"2025-12-05T12:00:00Z","date_published":"2025-12-04T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"04ec7d0b-c125-54fe-a947-d1b292fdc56f","created":"2025-12-10T14:13:47.210455Z","modified":"2025-12-10T14:13:47.364291Z"},{"id":"cbd04512-c8a8-54ad-9417-6d3b2d390912","name":"UIPPasteboard","description":"Apple Developer. (n.d.). UIPasteboard. Retrieved April","url":"https://developer.apple.com/documentation/uikit/uipasteboard","source":"Mobile","title":"UIPasteboard","authors":"Apple Developer","date_accessed":"1978-04-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"845deb15-2171-567a-beec-23af7e9faf3e","created":"2026-01-28T13:08:10.045672Z","modified":"2026-01-28T13:08:10.045675Z"},{"id":"f49e6780-8caa-4c3c-8d68-47a2cc4319a1","name":"UK NSCS Russia SolarWinds April 2021","description":"UK NCSC. (2021, April 15). UK and US call out Russia for SolarWinds compromise. Retrieved April 16, 2021.","url":"https://www.ncsc.gov.uk/news/uk-and-us-call-out-russia-for-solarwinds-compromise","source":"MITRE","title":"UK and US call out Russia for SolarWinds compromise","authors":"UK NCSC","date_accessed":"2021-04-16T00:00:00Z","date_published":"2021-04-15T00:00:00Z","owner_name":null,"tidal_id":"efd3df5c-2a6d-53d0-941f-8e2c093bb82d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437568Z"},{"id":"7fe5a605-c33e-4d3d-b787-2d1f649bee53","name":"UK Gov Malign RIS Activity April 2021","description":"UK Gov. (2021, April 15). UK and US expose global campaign of malign activity by Russian intelligence services . Retrieved April 16, 2021.","url":"https://www.gov.uk/government/news/russia-uk-and-us-expose-global-campaigns-of-malign-activity-by-russian-intelligence-services","source":"MITRE","title":"UK and US expose global campaign of malign activity by Russian intelligence services","authors":"UK Gov","date_accessed":"2021-04-16T00:00:00Z","date_published":"2021-04-15T00:00:00Z","owner_name":null,"tidal_id":"706b98a1-df33-568b-a6f9-ca6104d95ed3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438148Z"},{"id":"ffbd83d7-9d4f-42b9-adc0-eb144045aef2","name":"UK Gov UK Exposes Russia SolarWinds April 2021","description":"UK Gov. (2021, April 15). UK exposes Russian involvement in SolarWinds cyber compromise . Retrieved April 16, 2021.","url":"https://www.gov.uk/government/news/russia-uk-exposes-russian-involvement-in-solarwinds-cyber-compromise","source":"MITRE","title":"UK exposes Russian involvement in SolarWinds cyber compromise","authors":"UK Gov","date_accessed":"2021-04-16T00:00:00Z","date_published":"2021-04-15T00:00:00Z","owner_name":null,"tidal_id":"91def914-80a7-5cf9-97b9-91fafab587ec","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438154Z"},{"id":"93053f1b-917c-4573-ba20-99fcaa16a2dd","name":"UK NCSC Olympic Attacks October 2020","description":"UK NCSC. (2020, October 19). UK exposes series of Russian cyber attacks against Olympic and Paralympic Games . Retrieved November 30, 2020.","url":"https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games","source":"MITRE","title":"UK exposes series of Russian cyber attacks against Olympic and Paralympic Games","authors":"UK NCSC","date_accessed":"2020-11-30T00:00:00Z","date_published":"2020-10-19T00:00:00Z","owner_name":null,"tidal_id":"e57f8025-1202-5350-a91b-f702151615fb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437832Z"},{"id":"db17cc3d-9cd3-4faa-9de9-3b8fbec909c3","name":"Cisco Ukraine Wipers January 2022","description":"Biasini, N. et al.. (2022, January 21). Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation. Retrieved March 14, 2022.","url":"https://blog.talosintelligence.com/2022/01/ukraine-campaign-delivers-defacement.html","source":"MITRE","title":"Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation","authors":"Biasini, N. et al.","date_accessed":"2022-03-14T00:00:00Z","date_published":"2022-01-21T00:00:00Z","owner_name":null,"tidal_id":"67031c19-e079-5565-94a7-28d1024ba9f7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439873Z"},{"id":"3ed4cd00-3387-4b80-bda8-0a190dc6353c","name":"Symantec Ukraine Wipers February 2022","description":"Symantec Threat Hunter Team. (2022, February 24). Ukraine: Disk-wiping Attacks Precede Russian Invasion. Retrieved March 25, 2022.","url":"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia","source":"MITRE","title":"Ukraine: Disk-wiping Attacks Precede Russian Invasion","authors":"Symantec Threat Hunter Team","date_accessed":"2022-03-25T00:00:00Z","date_published":"2022-02-24T00:00:00Z","owner_name":null,"tidal_id":"4ad71557-4647-5228-aa90-5713f31471b4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420804Z"},{"id":"602c7372-f76a-5025-9a6c-dbff23d35b8f","name":"Dragos Crashoverride 2019","description":"Joe Slowik. (2019, August 15). CRASHOVERRIDE: Reassessing the. (2016). Ukraine Electric Power Event as a Protection-Focused Attack. Retrieved October","url":"https://dragos.com/wp-content/uploads/CRASHOVERRIDE.pdf","source":"ICS","title":"Ukraine Electric Power Event as a Protection-Focused Attack","authors":"Joe Slowik. (2019, August 15). CRASHOVERRIDE: Reassessing the","date_accessed":"1978-10-01T00:00:00Z","date_published":"2016-01-01T00:00:00Z","owner_name":null,"tidal_id":"c118a86e-ac49-5dbe-b665-b17295fcecc1","created":"2026-01-28T13:08:18.175416Z","modified":"2026-01-28T13:08:18.175419Z"},{"id":"c565b025-df74-40a9-9535-b630ca06f777","name":"Bleepingcomputer Gamardeon FSB November 2021","description":"Toulas, B. (2018, November 4). Ukraine links members of Gamaredon hacker group to Russian FSB. Retrieved April 15, 2022.","url":"https://www.bleepingcomputer.com/news/security/ukraine-links-members-of-gamaredon-hacker-group-to-russian-fsb/","source":"MITRE","title":"Ukraine links members of Gamaredon hacker group to Russian FSB","authors":"Toulas, B","date_accessed":"2022-04-15T00:00:00Z","date_published":"2018-11-04T00:00:00Z","owner_name":null,"tidal_id":"7e40a4c6-05a4-5991-bb66-079c2c5682cf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439131Z"},{"id":"95c6ad1d-df16-5dd3-a6ef-75c1247ec5e0","name":"Leonard TAG 2023","description":"Billy Leonard. (2023, April 19). Ukraine remains Russia’s biggest cyber focus in 2023. Retrieved March 1, 2024.","url":"https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023/","source":"MITRE","title":"Ukraine remains Russia’s biggest cyber focus in 2023","authors":"Billy Leonard","date_accessed":"2024-03-01T00:00:00Z","date_published":"2023-04-19T00:00:00Z","owner_name":null,"tidal_id":"43be8f5b-4a6a-5d26-8f25-bff417854832","created":"2024-04-25T13:28:44.016744Z","modified":"2025-12-17T15:08:36.437768Z"},{"id":"08b6d849-2837-4af9-bb8a-e0425e6a02e4","name":"Symantec Ukraine Targeting October 29 2025","description":"None Identified. (2025, October 29). Ukrainian Organizations Still Heavily Targeted by Russian Attacks | SECURITY.COM. Retrieved November 21, 2025.","url":"https://www.security.com/threat-intelligence/ukraine-russia-attacks","source":"Tidal Cyber","title":"Ukrainian Organizations Still Heavily Targeted by Russian Attacks | SECURITY.COM","authors":"None Identified","date_accessed":"2025-11-21T12:00:00Z","date_published":"2025-10-29T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9786dae6-43d9-5921-a5d6-4011a68d5b68","created":"2025-12-10T14:13:41.648950Z","modified":"2025-12-10T14:13:41.806411Z"},{"id":"2b25969b-2f0b-4204-9277-596e80c4e626","name":"Qualys Hermetic Wiper March 2022","description":"Dani, M. (2022, March 1). Ukrainian Targets Hit by HermeticWiper, New Datawiper Malware. Retrieved March 25, 2022.","url":"https://blog.qualys.com/vulnerabilities-threat-research/2022/03/01/ukrainian-targets-hit-by-hermeticwiper-new-datawiper-malware","source":"MITRE","title":"Ukrainian Targets Hit by HermeticWiper, New Datawiper Malware","authors":"Dani, M","date_accessed":"2022-03-25T00:00:00Z","date_published":"2022-03-01T00:00:00Z","owner_name":null,"tidal_id":"ebb523d6-5d8b-5898-b5d6-823ee3ec6553","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420783Z"},{"id":"a2fa7fb8-ddba-44cf-878f-448fb2aa6149","name":"GitHub Ultimate AppLocker Bypass List","description":"Moe, O. (2018, March 1). Ultimate AppLocker Bypass List. Retrieved April 10, 2018.","url":"https://github.com/api0cradle/UltimateAppLockerByPassList","source":"MITRE","title":"Ultimate AppLocker Bypass List","authors":"Moe, O","date_accessed":"2018-04-10T00:00:00Z","date_published":"2018-03-01T00:00:00Z","owner_name":null,"tidal_id":"a329c713-df03-51fb-83ba-f70aea4da4ba","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429196Z"},{"id":"2a3aa456-65ae-53f0-8214-038070cffe29","name":"Wiz Ultralytics AI Library Hijack 2024","description":"Wiz Threat Research. (2024, December 9). Ultralytics AI Library Hacked via GitHub for Cryptomining. Retrieved May 22, 2025.","url":"https://www.wiz.io/blog/ultralytics-ai-library-hacked-via-github-for-cryptomining","source":"MITRE","title":"Ultralytics AI Library Hacked via GitHub for Cryptomining","authors":"Wiz Threat Research","date_accessed":"2025-05-22T00:00:00Z","date_published":"2024-12-09T00:00:00Z","owner_name":null,"tidal_id":"86965496-816d-5466-b957-06d343406094","created":"2025-10-29T21:08:48.166064Z","modified":"2025-12-17T15:08:36.431318Z"},{"id":"11356457-f1cb-45c7-91a0-391639117cff","name":"uname - Linux man page","description":"die.net. (n.d.). uname - Linux man page. Retrieved December 19, 2024.","url":"https://linux.die.net/man/1/uname","source":"Tidal Cyber","title":"uname - Linux man page","authors":"die.net","date_accessed":"2024-12-19T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"1a3caa6d-8298-59e0-8ce5-4a7b05989a28","created":"2025-04-11T15:06:24.762568Z","modified":"2025-04-11T15:06:24.928811Z"},{"id":"343dab24-9d2e-4269-ab54-3dba4d684a9c","name":"Google Cloud Blog November 10 2025","description":"None Identified. (2025, November 10). Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 | Google Cloud Blog. Retrieved November 13, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480","source":"Tidal Cyber","title":"Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 | Google Cloud Blog","authors":"None Identified","date_accessed":"2025-11-13T12:00:00Z","date_published":"2025-11-10T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"869868d6-46ee-50ae-b17d-989b97414adc","created":"2025-11-19T17:44:50.292100Z","modified":"2025-11-19T17:44:50.436542Z"},{"id":"742d095c-9bd1-4f4a-8bc6-16db6d15a9f4","name":"Okta HAR Files RCA","description":"David Bradbury. (2023, November 3). Unauthorized Access to Okta's Support Case Management System: Root Cause and Remediation. Retrieved December 19, 2023.","url":"https://sec.okta.com/articles/2023/11/unauthorized-access-oktas-support-case-management-system-root-cause","source":"Tidal Cyber","title":"Unauthorized Access to Okta's Support Case Management System: Root Cause and Remediation","authors":"David Bradbury","date_accessed":"2023-12-19T00:00:00Z","date_published":"2023-11-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b842dfa3-59eb-570b-8abd-8e360e6e37fb","created":"2024-06-13T20:10:45.592947Z","modified":"2024-06-13T20:10:45.787780Z"},{"id":"93716db0-6f88-425c-af00-ed2e941214d3","name":"UCF STIG Symbolic Links","description":"UCF. (n.d.). Unauthorized accounts must not have the Create symbolic links user right.. Retrieved December 18, 2017.","url":"https://www.stigviewer.com/stig/windows_server_2008_r2_member_server/2015-06-25/finding/V-26482","source":"MITRE","title":"Unauthorized accounts must not have the Create symbolic links user right.","authors":"UCF","date_accessed":"2017-12-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"58b5af66-d2c7-5da2-a61a-111970cea9a5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416065Z"},{"id":"a9b00314-5a02-4fa8-9d34-27f05a71ff3c","name":"G DATA CyberDefense AG March 20 2025","description":"Timo Scholz-Fritsch. (2025, March 20). Unboxing Anubis Exploring the Stealthy Tactics of FIN7's Latest Backdoor. Retrieved April 7, 2025.","url":"https://www.gdatasoftware.com/blog/2025/03/38161-analysis-fin7-anubis-backdoor","source":"Tidal Cyber","title":"Unboxing Anubis Exploring the Stealthy Tactics of FIN7's Latest Backdoor","authors":"Timo Scholz-Fritsch","date_accessed":"2025-04-07T00:00:00Z","date_published":"2025-03-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8c370a9c-bbae-52d3-8510-074252f71a5a","created":"2025-04-08T16:38:27.242593Z","modified":"2025-04-08T16:38:27.445974Z"},{"id":"832aeb46-b248-43e8-9157-a2f56bcd1806","name":"FireEye FiveHands April 2021","description":"McLellan, T. and Moore, J. et al. (2021, April 29). UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat. Retrieved June 2, 2021.","url":"https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html","source":"MITRE","title":"UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat","authors":"McLellan, T. and Moore, J. et al","date_accessed":"2021-06-02T00:00:00Z","date_published":"2021-04-29T00:00:00Z","owner_name":null,"tidal_id":"3e377ef2-dff3-55f0-a44f-bd1d0f12e062","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418016Z"},{"id":"452ca091-42b1-5bef-8a01-921c1f46bbee","name":"Mandiant APT29 Eye Spy Email Nov 22","description":"Mandiant. (2022, May 2). UNC3524: Eye Spy on Your Email. Retrieved August 17, 2023.","url":"https://www.mandiant.com/resources/blog/unc3524-eye-spy-email","source":"MITRE","title":"UNC3524: Eye Spy on Your Email","authors":"Mandiant","date_accessed":"2023-08-17T00:00:00Z","date_published":"2022-05-02T00:00:00Z","owner_name":null,"tidal_id":"d1380358-0e7e-53c6-b1fc-eb6550c01447","created":"2023-11-07T00:36:13.021307Z","modified":"2025-12-17T15:08:36.418190Z"},{"id":"161423a2-165d-448f-90e9-0c53e319a125","name":"Google Cloud June 13 2024","description":"Mandiant. (2024, June 13). UNC3944 Targets SaaS Applications . Retrieved June 17, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/unc3944-targets-saas-applications","source":"Tidal Cyber","title":"UNC3944 Targets SaaS Applications","authors":"Mandiant","date_accessed":"2024-06-17T00:00:00Z","date_published":"2024-06-13T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3dc6ed6d-2114-5521-bed3-77330420e7ea","created":"2024-06-24T14:58:43.174838Z","modified":"2024-06-24T14:58:43.539114Z"},{"id":"f15eb339-4350-4be2-8560-41236f78e132","name":"QuoIntelligence January 22 2024","description":"QuoINT. (2024, January 22). UNC5221 Unreported and Undetected WIREFIRE Web Shell Variant. Retrieved December 12, 2024.","url":"https://quointelligence.eu/2024/01/unc5221-unreported-and-undetected-wirefire-web-shell-variant/","source":"Tidal Cyber","title":"UNC5221 Unreported and Undetected WIREFIRE Web Shell Variant","authors":"QuoINT","date_accessed":"2024-12-12T00:00:00Z","date_published":"2024-01-22T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b5371a24-54e4-5de0-8cc8-4393b0c4fb82","created":"2025-04-11T15:05:59.795832Z","modified":"2025-04-11T15:05:59.956342Z"},{"id":"d0db0aca-a145-545a-8834-abf582f6005b","name":"Google Cloud Threat Intelligence UNC5537 Snowflake 2024","description":"Mandiant. (2024, June 10). UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion. Retrieved May 22, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion","source":"MITRE","title":"UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion","authors":"Mandiant","date_accessed":"2025-05-22T00:00:00Z","date_published":"2024-06-10T00:00:00Z","owner_name":null,"tidal_id":"2120a2c4-a5df-5d09-aa78-ffd51fd0f11b","created":"2025-10-29T21:08:48.165746Z","modified":"2025-12-17T15:08:36.426399Z"},{"id":"0afe3662-b55c-4189-9c9a-2be55a9b6a70","name":"Google Cloud June 10 2024","description":"Mandiant. (2024, June 10). UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion . Retrieved June 13, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion","source":"Tidal Cyber","title":"UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion","authors":"Mandiant","date_accessed":"2024-06-13T00:00:00Z","date_published":"2024-06-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"23761556-200d-542e-9f45-2533582f5519","created":"2024-06-13T20:11:07.191753Z","modified":"2024-06-13T20:11:07.379084Z"},{"id":"cef19ceb-179f-4d49-acba-5ce40ab9f65e","name":"Mandiant UNC961 March 23 2023","description":"Ryan Tomcik, Rufus Brown, Josh Fleischer. (2023, March 23). UNC961 in the Multiverse of Mandiant: Three Encounters with a Financially Motivated Threat Actor. Retrieved November 1, 2023.","url":"https://www.mandiant.com/resources/blog/unc961-multiverse-financially-motivated","source":"Tidal Cyber","title":"UNC961 in the Multiverse of Mandiant: Three Encounters with a Financially Motivated Threat Actor","authors":"Ryan Tomcik, Rufus Brown, Josh Fleischer","date_accessed":"2023-11-01T00:00:00Z","date_published":"2023-03-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bf4ba9c0-a740-5ff5-96f3-fdf3ca8de209","created":"2024-06-13T20:10:44.118730Z","modified":"2024-06-13T20:10:44.307236Z"},{"id":"84c0313a-bea1-44a7-9396-8e12437852d1","name":"Mandiant Uncharmed May 1 2024","description":"Ofir Rozmann, Asli Koksal, Adrian Hernandez, Sarah Bock, Jonathan Leathery. (2024, May 1). Uncharmed: Untangling Iran's APT42 Operations. Retrieved August 30, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations","source":"Tidal Cyber","title":"Uncharmed: Untangling Iran's APT42 Operations","authors":"Ofir Rozmann, Asli Koksal, Adrian Hernandez, Sarah Bock, Jonathan Leathery","date_accessed":"2024-08-30T00:00:00Z","date_published":"2024-05-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1b75aff1-2140-597a-b38a-6dc662ff5af1","created":"2024-08-30T18:11:25.363007Z","modified":"2024-08-30T18:11:25.862162Z"},{"id":"64b19eab-8190-5e22-89a0-f7555f9f7fa2","name":"Mandiant APT42-untangling","description":"Rozmann, O., et al. (2024, May 1). Uncharmed: Untangling Iran's APT42 Operations. Retrieved October 9, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations","source":"MITRE","title":"Uncharmed: Untangling Iran's APT42 Operations","authors":"Rozmann, O., et al","date_accessed":"2024-10-09T00:00:00Z","date_published":"2024-05-01T00:00:00Z","owner_name":null,"tidal_id":"4ec5b4b8-e0c8-5130-97c5-946936478282","created":"2025-04-22T20:47:25.101693Z","modified":"2025-12-17T15:08:36.416693Z"},{"id":"7a5d86f3-5afe-5d01-adcd-9511879207a7","name":"Mandiant APT42 Operations 2024","description":"Ofir Rozmann, Asli Koksal, Adrian Hernandez, Sarah Bock, and Jonathan Leathery. (2024, May 1). Uncharmed: Untangling Iran's APT42 Operations. Retrieved May 28, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations","source":"MITRE","title":"Uncharmed: Untangling Iran's APT42 Operations","authors":"Ofir Rozmann, Asli Koksal, Adrian Hernandez, Sarah Bock, and Jonathan Leathery","date_accessed":"2024-05-28T00:00:00Z","date_published":"2024-05-01T00:00:00Z","owner_name":null,"tidal_id":"e3a43613-e7ea-579c-9c64-8a78394a3b37","created":"2024-10-31T16:28:23.601156Z","modified":"2025-12-17T15:08:36.432431Z"},{"id":"4dfbf26d-023b-41dd-82c8-12fe18cb10e6","name":"Trend Micro DRBControl February 2020","description":"Lunghi, D. et al. (2020, February). Uncovering DRBControl. Retrieved November 12, 2021.","url":"https://documents.trendmicro.com/assets/white_papers/wp-uncovering-DRBcontrol.pdf","source":"MITRE, Tidal Cyber","title":"Uncovering DRBControl","authors":"Lunghi, D. et al","date_accessed":"2021-11-12T00:00:00Z","date_published":"2020-02-01T00:00:00Z","owner_name":null,"tidal_id":"1cf50f5e-4ce3-5ce9-952b-dd7b48eaee7b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.256863Z"},{"id":"d6da2849-cff0-408a-9f09-81a33fc88a56","name":"Checkpoint MosesStaff Nov 2021","description":"Checkpoint Research. (2021, November 15). Uncovering MosesStaff techniques: Ideology over Money. Retrieved August 11, 2022.","url":"https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/","source":"MITRE","title":"Uncovering MosesStaff techniques: Ideology over Money","authors":"Checkpoint Research","date_accessed":"2022-08-11T00:00:00Z","date_published":"2021-11-15T00:00:00Z","owner_name":null,"tidal_id":"4457c2b3-3b1e-5776-9359-51d1cf2fae7f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417536Z"},{"id":"0eede7ae-6637-4f1a-b3b8-425d585025d8","name":"Cisco Talos Blog October 27 2025","description":"Takahiro Takeda. (2025, October 27). Uncovering Qilin attack methods exposed through multiple cases. Retrieved November 5, 2025.","url":"https://blog.talosintelligence.com/uncovering-qilin-attack-methods-exposed-through-multiple-cases/","source":"Tidal Cyber","title":"Uncovering Qilin attack methods exposed through multiple cases","authors":"Takahiro Takeda","date_accessed":"2025-11-05T12:00:00Z","date_published":"2025-10-27T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0d82a776-de3c-54e9-884e-f5a89b3f7586","created":"2025-11-11T13:25:40.599151Z","modified":"2025-11-11T13:25:40.803974Z"},{"id":"503a4cd6-5cfe-4cce-b363-0cf3c8bc9feb","name":"bencane blog bashrc","description":"Benjamin Cane. (2013, September 16). Understanding a little more about /etc/profile and /etc/bashrc. Retrieved September 25, 2024.","url":"https://web.archive.org/web/20220316014323/http://bencane.com/2013/09/16/understanding-a-little-more-about-etcprofile-and-etcbashrc/","source":"MITRE","title":"Understanding a little more about /etc/profile and /etc/bashrc","authors":"Benjamin Cane","date_accessed":"2024-09-25T00:00:00Z","date_published":"2013-09-16T00:00:00Z","owner_name":null,"tidal_id":"d347ada6-3fbe-52da-ba14-c5eb2bc5ca78","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433897Z"},{"id":"f63b099d-a316-42a1-b1ce-17f11d0f3d2e","name":"Juniper DAI 2020","description":"Juniper. (2020, September 23). Understanding and Using Dynamic ARP Inspection (DAI). Retrieved October 15, 2020.","url":"https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/understanding-and-using-dai.html","source":"MITRE","title":"Understanding and Using Dynamic ARP Inspection (DAI)","authors":"Juniper","date_accessed":"2020-10-15T00:00:00Z","date_published":"2020-09-23T00:00:00Z","owner_name":null,"tidal_id":"2f2ae308-dcef-557f-93ea-02567e032751","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442740Z"},{"id":"ce1bddab-f63b-400f-ba49-0a06c4f5066a","name":"Understanding BumbleBee Loader The Delivery - VMRay 9 1 2023","description":"Emre Güler Threat Researcher. (2023, September 1). Understanding BumbleBee Loader The Delivery. Retrieved February 19, 2024.","url":"https://www.vmray.com/cyber-security-blog/understanding-bumblebee-loader-the-delivery/","source":"Tidal Cyber","title":"Understanding BumbleBee Loader The Delivery","authors":"Emre Güler Threat Researcher","date_accessed":"2024-02-19T00:00:00Z","date_published":"2023-09-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"82223520-fe73-57f4-8bcb-87d2526165fb","created":"2024-06-13T20:10:50.129038Z","modified":"2024-06-13T20:10:50.317235Z"},{"id":"b0bedc26-d075-448e-9adc-741c047a851c","name":"Understanding BumbleBee The malicious behavior - VMRay 9 1 2023","description":"Emre Güler Threat Researcher. (2023, September 1). Understanding BumbleBee The malicious behavior. Retrieved February 19, 2024.","url":"https://www.vmray.com/cyber-security-blog/understanding-bumblebee-the-malicious-behavior/","source":"Tidal Cyber","title":"Understanding BumbleBee The malicious behavior","authors":"Emre Güler Threat Researcher","date_accessed":"2024-02-19T00:00:00Z","date_published":"2023-09-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"afc63e07-4d39-5cc9-bfd4-181eb23752ff","created":"2024-06-13T20:10:49.751525Z","modified":"2024-06-13T20:10:49.942455Z"},{"id":"b23a0df2-923d-4a5d-a40c-3ae218a0be94","name":"Google Cloud IAM Policies","description":"Google Cloud. (2022, March 31). Understanding policies. Retrieved April 1, 2022.","url":"https://cloud.google.com/iam/docs/policies","source":"MITRE","title":"Understanding policies","authors":"Google Cloud","date_accessed":"2022-04-01T00:00:00Z","date_published":"2022-03-31T00:00:00Z","owner_name":null,"tidal_id":"fe69ca3d-9930-59bb-8159-64004fdf33f1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426946Z"},{"id":"a6f62986-0b62-4316-b762-021f1bb14903","name":"Juniper Traffic Mirroring","description":"Juniper. (n.d.). Understanding Port Mirroring on EX2200, EX3200, EX3300, EX4200, EX4500, EX4550, EX6200, and EX8200 Series Switches. Retrieved October 19, 2020.","url":"https://www.juniper.net/documentation/en_US/junos/topics/concept/port-mirroring-ex-series.html","source":"MITRE","title":"Understanding Port Mirroring on EX2200, EX3200, EX3300, EX4200, EX4500, EX4550, EX6200, and EX8200 Series Switches","authors":"Juniper","date_accessed":"2020-10-19T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9ee8f221-fceb-571f-81b8-cbf60e3e11d1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431556Z"},{"id":"9c03b801-2ebe-4c7b-aa29-1b7a3625964a","name":"U.S. CISA Understanding LockBit June 2023","description":"Cybersecurity and Infrastructure Security Agency. (2023, June 14). Understanding Ransomware Threat Actors: LockBit. Retrieved June 30, 2023.","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a","source":"Tidal Cyber","title":"Understanding Ransomware Threat Actors: LockBit","authors":"Cybersecurity and Infrastructure Security Agency","date_accessed":"2023-06-30T00:00:00Z","date_published":"2023-06-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3ad9d310-1d05-5af3-bbe1-816201c938a8","created":"2023-07-14T12:56:32.529565Z","modified":"2023-07-14T12:56:32.638547Z"},{"id":"44265bd3-ae1f-5826-aee9-009432f6ab46","name":"Joint Cybersecurity Advisory LockBit JUN 2023","description":"CISA et al. (2023, June 14). UNDERSTANDING RANSOMWARE THREAT ACTORS: LOCKBIT. Retrieved February 5, 2025.","url":"https://www.cisa.gov/sites/default/files/2023-06/aa23-165a_understanding_TA_LockBit_0.pdf","source":"MITRE","title":"UNDERSTANDING RANSOMWARE THREAT ACTORS: LOCKBIT","authors":"CISA et al","date_accessed":"2025-02-05T00:00:00Z","date_published":"2023-06-14T00:00:00Z","owner_name":null,"tidal_id":"87eda448-1138-5df0-b5aa-93ef8cc73b95","created":"2025-04-22T20:47:27.469668Z","modified":"2025-12-17T15:08:36.419450Z"},{"id":"84eb3d8a-f6b1-4bb5-9411-2c8da29b5946","name":"Auth0 Understanding Refresh Tokens","description":"Auth0 Inc.. (n.d.). Understanding Refresh Tokens. Retrieved November 17, 2024.","url":"https://auth0.com/learn/refresh-tokens","source":"MITRE","title":"Understanding Refresh Tokens","authors":"Auth0 Inc.","date_accessed":"2024-11-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"076d0284-156d-5f24-a526-b20d7f575679","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432302Z"},{"id":"8d08b5e2-13ed-4283-8bd2-f3d9a5d02bc5","name":"Huntress ScreenConnect 2 19 2024","description":"Team Huntress. (2024, February 19). Understanding the ConnectWise ScreenConnect CVE-2024-1709 & CVE-2024-1708 . Retrieved February 22, 2024.","url":"https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass","source":"Tidal Cyber","title":"Understanding the ConnectWise ScreenConnect CVE-2024-1709 & CVE-2024-1708","authors":"Team Huntress","date_accessed":"2024-02-22T00:00:00Z","date_published":"2024-02-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"62ab7ad2-8717-5222-a147-315d9f7edfb9","created":"2024-06-13T20:10:48.243091Z","modified":"2024-06-13T20:10:48.434107Z"},{"id":"b70d04e4-c5f9-5cb2-b896-9bd64e97369e","name":"baeldung Linux proc map 2022","description":"baeldung. (2022, April 8). Understanding the Linux /proc/id/maps File. Retrieved March 31, 2023.","url":"https://www.baeldung.com/linux/proc-id-maps","source":"MITRE","title":"Understanding the Linux /proc/id/maps File","authors":"baeldung","date_accessed":"2023-03-31T00:00:00Z","date_published":"2022-04-08T00:00:00Z","owner_name":null,"tidal_id":"e6d9fa8e-f039-5956-9264-8101bf558962","created":"2023-05-26T01:21:03.612974Z","modified":"2025-12-17T15:08:36.427157Z"},{"id":"c049d198-efd0-40e2-a675-cf099b8211b3","name":"Talos Phobos November 17 2023","description":"Guilherme Venere. (2023, November 17). Understanding the Phobos affiliate structure and activity. Retrieved March 7, 2024.","url":"https://blog.talosintelligence.com/understanding-the-phobos-affiliate-structure/","source":"Tidal Cyber","title":"Understanding the Phobos affiliate structure and activity","authors":"Guilherme Venere","date_accessed":"2024-03-07T00:00:00Z","date_published":"2023-11-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5ec3b4b5-0acb-5202-ae9b-7fef1e517541","created":"2024-03-07T21:00:46.173156Z","modified":"2024-03-07T21:00:46.343710Z"},{"id":"1bdfcce5-38d0-5528-9be8-46053d1dbdee","name":"Elastic Security Labs GOSAR 2024","description":"Jia Yu Chan, Salim Bitam, Daniel Stepanic, and Seth Goodwin. (2024, December 12). Under the SADBRIDGE with GOSAR: QUASAR Gets a Golang Rewrite. Retrieved May 22, 2025.","url":"https://www.elastic.co/security-labs/under-the-sadbridge-with-gosar","source":"MITRE","title":"Under the SADBRIDGE with GOSAR: QUASAR Gets a Golang Rewrite","authors":"Jia Yu Chan, Salim Bitam, Daniel Stepanic, and Seth Goodwin","date_accessed":"2025-05-22T00:00:00Z","date_published":"2024-12-12T00:00:00Z","owner_name":null,"tidal_id":"5cbb7f04-2b87-5a28-aa63-d673e95b7eaa","created":"2025-10-29T21:08:48.165818Z","modified":"2025-12-17T15:08:36.427328Z"},{"id":"a64f689e-2bb4-4253-86cd-545e7f633a7e","name":"Mandiant APT44 April 17 2024","description":"Gabby Roncone, Dan Black, John Wolfram, Tyler McLellan, Nick Simonian, Ryan Hall, Anton Prokopenkov, Luke Jenkins, Dan Perez, Lexie Aytes, Alden Wahlstrom. (2024, April 17). Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm. Retrieved April 17, 2024.","url":"https://cloud.google.com/blog/topics/threat-intelligence/apt44-unearthing-sandworm","source":"Tidal Cyber","title":"Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm","authors":"Gabby Roncone, Dan Black, John Wolfram, Tyler McLellan, Nick Simonian, Ryan Hall, Anton Prokopenkov, Luke Jenkins, Dan Perez, Lexie Aytes, Alden Wahlstrom","date_accessed":"2024-04-17T00:00:00Z","date_published":"2024-04-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"3aa5b5f5-c2d3-5373-b2d7-4f62bdbff75e","created":"2024-04-19T16:48:13.824824Z","modified":"2024-04-19T16:48:14.262090Z"},{"id":"59162ffd-cb95-4757-bb1e-0c2a4ad5c083","name":"FireEye KEGTAP SINGLEMALT October 2020","description":"Kimberly Goody, Jeremy Kennelly, Joshua Shilko, Steve Elovitz, Douglas Bienstock. (2020, October 28). Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser. Retrieved October 28, 2020.","url":"https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html","source":"MITRE","title":"Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser","authors":"Kimberly Goody, Jeremy Kennelly, Joshua Shilko, Steve Elovitz, Douglas Bienstock","date_accessed":"2020-10-28T00:00:00Z","date_published":"2020-10-28T00:00:00Z","owner_name":null,"tidal_id":"49db1b21-85ce-5f60-a611-ebcfd0ed3f5d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420644Z"},{"id":"681c6a57-76db-410b-82d6-4e614bcdb6e0","name":"Wikipedia UEFI","description":"Wikipedia. (2017, July 10). Unified Extensible Firmware Interface. Retrieved July 11, 2017.","url":"https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface","source":"MITRE","title":"Unified Extensible Firmware Interface","authors":"Wikipedia","date_accessed":"2017-07-11T00:00:00Z","date_published":"2017-07-10T00:00:00Z","owner_name":null,"tidal_id":"674ab895-8158-58f6-a761-bbda575f571a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425445Z"},{"id":"82c1ed0d-a41d-4212-a3ae-a1d661bede2d","name":"New DragonOK","description":"Miller-Osborn, J., Grunzweig, J.. (2015, April). Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets. Retrieved November 4, 2015.","url":"http://researchcenter.paloaltonetworks.com/2015/04/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/","source":"MITRE","title":"Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets","authors":"Miller-Osborn, J., Grunzweig, J.","date_accessed":"2015-11-04T00:00:00Z","date_published":"2015-04-01T00:00:00Z","owner_name":null,"tidal_id":"83162c96-537d-5458-9b4c-7800555175ba","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419242Z"},{"id":"bae298f0-71ac-4841-8670-1b805cc7f9dd","name":"Unit 42 December 5 2024","description":"Unit 42. (2024, December 5). Unit 42 - Latest Cyber Security Research . Retrieved December 12, 2024.","url":"https://unit42.paloaltonetworks.com/atoms/automated-libra/","source":"Tidal Cyber","title":"Unit 42 - Latest Cyber Security Research","authors":"Unit 42","date_accessed":"2024-12-12T00:00:00Z","date_published":"2024-12-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b6ba3db9-8e87-5e21-8867-b773cc970273","created":"2025-04-11T15:05:56.388326Z","modified":"2025-04-11T15:05:56.767945Z"},{"id":"399eb6af-a6d7-46c4-a38e-379e745539b3","name":"Unit 42 LinkedIn Agent Serpens June 9 2025","description":"Palo Alto Networks Unit 42. (2025, June 9). Unit 42 LinkedIn Agent Serpens June 9 2025. Retrieved June 10, 2025.","url":"https://www.linkedin.com/posts/unit42_agentserpens-charmingkitten-powerless-ugcPost-7337886287195947009-Q53x","source":"Tidal Cyber","title":"Unit 42 LinkedIn Agent Serpens June 9 2025","authors":"Palo Alto Networks Unit 42","date_accessed":"2025-06-10T00:00:00Z","date_published":"2025-06-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c5718177-854a-5ffb-8e46-a906dc7be0cb","created":"2025-06-10T15:50:22.951985Z","modified":"2025-06-10T15:50:23.123601Z"},{"id":"9923f9ff-a7b8-4058-8213-3c83c54c10a6","name":"Unit 42 Playbook Dec 2017","description":"Unit 42. (2017, December 15). Unit 42 Playbook Viewer. Retrieved December 20, 2017.","url":"https://pan-unit42.github.io/playbook_viewer/","source":"MITRE, Tidal Cyber","title":"Unit 42 Playbook Viewer","authors":"Unit 42","date_accessed":"2017-12-20T00:00:00Z","date_published":"2017-12-15T00:00:00Z","owner_name":null,"tidal_id":"9d4819a1-1f16-5699-825c-5272106c87c9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.277997Z"},{"id":"735d38da-9214-4141-86af-11eefa5c4d04","name":"Unit 42 SeaDuke 2015","description":"Grunzweig, J.. (2015, July 14). Unit 42 Technical Analysis: Seaduke. Retrieved August 3, 2016.","url":"http://researchcenter.paloaltonetworks.com/2015/07/unit-42-technical-analysis-seaduke/","source":"MITRE","title":"Unit 42 Technical Analysis: Seaduke","authors":"Grunzweig, J.","date_accessed":"2016-08-03T00:00:00Z","date_published":"2015-07-14T00:00:00Z","owner_name":null,"tidal_id":"d7dcf67f-7ecb-57dd-9390-b630b6459534","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439677Z"},{"id":"72d263e5-abfd-540c-beb6-df9cee616d1e","name":"iOS Universal Links","description":"Apple. (n.d.). Universal Links for Developers. Retrieved September","url":"https://developer.apple.com/ios/universal-links/","source":"Mobile","title":"Universal Links for Developers","authors":"Apple","date_accessed":"1978-09-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8b7c7239-306e-5923-81b9-17f117b0b4fc","created":"2026-01-28T13:08:10.046792Z","modified":"2026-01-28T13:08:10.046795Z"},{"id":"521b79fe-bb7b-52fd-a899-b73e254027a5","name":"3OHA double-fork 2022","description":"Juan Tapiador. (2022, April 11). UNIX daemonization and the double fork. Retrieved September 29, 2023.","url":"https://0xjet.github.io/3OHA/2022/04/11/post.html","source":"MITRE","title":"UNIX daemonization and the double fork","authors":"Juan Tapiador","date_accessed":"2023-09-29T00:00:00Z","date_published":"2022-04-11T00:00:00Z","owner_name":null,"tidal_id":"ff3e65e8-7060-5bdf-a04c-9d824c3863b2","created":"2023-11-07T00:36:00.272594Z","modified":"2025-12-17T15:08:36.427468Z"},{"id":"a4982787-11b3-484b-b28b-c24b51405e57","name":"Cisco Talos Blog November 13 2025","description":"Chetan Raghuprasad. (2025, November 13). Unleashing the Kraken ransomware group. Retrieved November 20, 2025.","url":"https://blog.talosintelligence.com/kraken-ransomware-group/","source":"Tidal Cyber","title":"Unleashing the Kraken ransomware group","authors":"Chetan Raghuprasad","date_accessed":"2025-11-20T12:00:00Z","date_published":"2025-11-13T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"62fbecd4-0502-504c-99da-917a711c69a6","created":"2025-12-10T14:13:39.117589Z","modified":"2025-12-10T14:13:39.328058Z"},{"id":"e7b4651b-804a-47b7-bd74-341ac0e8a7a9","name":"WhiteSnake Stealer RussianPanda July 4 2023","description":"RussianPanda. (2023, July 4). Unleashing the Viper : A Technical Analysis of WhiteSnake Stealer. Retrieved October 14, 2024.","url":"https://russianpanda.com/WhiteSnake-Stealer-Malware-Analysis","source":"Tidal Cyber","title":"Unleashing the Viper : A Technical Analysis of WhiteSnake Stealer","authors":"RussianPanda","date_accessed":"2024-10-14T00:00:00Z","date_published":"2023-07-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1741a491-1b68-503d-9e6f-5cf6d0ad9fd2","created":"2024-10-14T19:18:56.647914Z","modified":"2024-10-14T19:18:56.801592Z"},{"id":"2e7060d2-f7bc-457e-a2e6-12897d503ea6","name":"Flashpoint Anonymous Sudan Timeline","description":"Flashpoint. (2023, June 20). Unmasking Anonymous Sudan: Timeline of DDoS Attacks, Affiliations, and Motivations. Retrieved October 10, 2023.","url":"https://flashpoint.io/blog/anonymous-sudan-ddos-timeline/","source":"Tidal Cyber","title":"Unmasking Anonymous Sudan: Timeline of DDoS Attacks, Affiliations, and Motivations","authors":"Flashpoint","date_accessed":"2023-10-10T00:00:00Z","date_published":"2023-06-20T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a442c7c3-ca72-5a19-b437-fe84d72c9bc7","created":"2023-10-10T20:48:41.494254Z","modified":"2023-10-10T20:48:41.623746Z"},{"id":"f3f16141-3420-5e72-b7d0-092bbd02f064","name":"Permiso GUI-Vil 2023","description":"Ian Ahl. (2023, May 22). Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor. Retrieved August 30, 2024.","url":"https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor/","source":"MITRE","title":"Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor","authors":"Ian Ahl","date_accessed":"2024-08-30T00:00:00Z","date_published":"2023-05-22T00:00:00Z","owner_name":null,"tidal_id":"213d2a25-ea5f-51bf-b27e-720c678ba6af","created":"2024-10-31T16:28:23.451901Z","modified":"2025-12-17T15:08:36.432243Z"},{"id":"7217dae8-52c1-5ddd-80a0-3fe8719c6724","name":"Qualys LummaStealer 2024","description":"Vishwajeet Kumar, Qualys. (2024, October 20). Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA. Retrieved March 22, 2025.","url":"https://blog.qualys.com/vulnerabilities-threat-research/2024/10/20/unmasking-lumma-stealer-analyzing-deceptive-tactics-with-fake-captcha","source":"MITRE","title":"Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA","authors":"Vishwajeet Kumar, Qualys","date_accessed":"2025-03-22T00:00:00Z","date_published":"2024-10-20T00:00:00Z","owner_name":null,"tidal_id":"e9414df7-c21c-5b1d-9bee-4111e2c25b35","created":"2025-04-22T20:47:27.395517Z","modified":"2025-12-17T15:08:36.419312Z"},{"id":"e1896c15-8f19-43e4-96b0-cfd442966b28","name":"ESET MirrorFace December 14 2022","description":"Dominik Breitenbacher. (2022, December 14). Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities. Retrieved April 9, 2025.","url":"https://www.welivesecurity.com/2022/12/14/unmasking-mirrorface-operation-liberalface-targeting-japanese-political-entities/","source":"Tidal Cyber","title":"Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities","authors":"Dominik Breitenbacher","date_accessed":"2025-04-09T00:00:00Z","date_published":"2022-12-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4487372f-7afe-5783-9e8a-d78857e022ab","created":"2025-04-11T15:33:23.020814Z","modified":"2025-04-11T15:33:23.191994Z"},{"id":"1a3f22b7-8585-44b7-845a-eaa13d8a5dc1","name":"Infosecurity Magazine December 9 2024","description":"Kevin Poireault. (2024, December 9). Unmasking Termite, the Ransomware Gang Claiming the Blue Yonder Attack. Retrieved December 10, 2024.","url":"https://www.infosecurity-magazine.com/news/termite-ransomware-blue-yonder/","source":"Tidal Cyber","title":"Unmasking Termite, the Ransomware Gang Claiming the Blue Yonder Attack","authors":"Kevin Poireault","date_accessed":"2024-12-10T00:00:00Z","date_published":"2024-12-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4bccd9a4-bf76-59c0-a3bb-7055c43b9bd6","created":"2024-12-10T14:32:50.489846Z","modified":"2024-12-10T14:32:50.665594Z"},{"id":"48fa5529-a67b-585b-b5f4-5ca3300a700f","name":"CloudSEK Lumma Stealer 2024","description":"CloudSEK TRIAD. (2024, September 19). Unmasking the Danger: Lumma Stealer Malware Exploits Fake CAPTCHA Pages. Retrieved March 18, 2025.","url":"https://www.cloudsek.com/blog/unmasking-the-danger-lumma-stealer-malware-exploits-fake-captcha-pages","source":"MITRE","title":"Unmasking the Danger: Lumma Stealer Malware Exploits Fake CAPTCHA Pages","authors":"CloudSEK TRIAD","date_accessed":"2025-03-18T00:00:00Z","date_published":"2024-09-19T00:00:00Z","owner_name":null,"tidal_id":"490f2b49-e0d6-5ca3-9a03-f18faf6f9ab8","created":"2025-04-22T20:47:20.280558Z","modified":"2025-12-17T15:08:36.435695Z"},{"id":"b49a1225-233f-47e8-95e5-db092e790cd0","name":"Trend Micro September 09 2025","description":"Jacob Santos, Maristel Policarpio, Don Ovid Ladores, Junestherry Dela Cruz. (2025, September 9). Unmasking The Gentlemen Ransomware: Tactics, Techniques, and Procedures Revealed | Trend Micro (US). Retrieved October 16, 2025.","url":"https://www.trendmicro.com/en_us/research/25/i/unmasking-the-gentlemen-ransomware.html","source":"Tidal Cyber","title":"Unmasking The Gentlemen Ransomware: Tactics, Techniques, and Procedures Revealed | Trend Micro (US)","authors":"Jacob Santos, Maristel Policarpio, Don Ovid Ladores, Junestherry Dela Cruz","date_accessed":"2025-10-16T12:00:00Z","date_published":"2025-09-09T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"630e8691-a12a-5306-ae57-92524be2bdc0","created":"2025-10-17T17:09:11.161338Z","modified":"2025-10-17T17:09:11.340285Z"},{"id":"f6f629a2-2cbf-45ba-b38e-7a838022d1a4","name":"Cyber Hunters Ltd. November 4 2024","description":"Team Axon. (2024, November 4). Unmasking VEILDrive Threat Actors Exploit Microsoft Services for C2. Retrieved November 8, 2024.","url":"https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2","source":"Tidal Cyber","title":"Unmasking VEILDrive Threat Actors Exploit Microsoft Services for C2","authors":"Team Axon","date_accessed":"2024-11-08T00:00:00Z","date_published":"2024-11-04T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c9f3b6a2-a658-5842-950c-f4628613f145","created":"2024-11-08T20:32:28.921747Z","modified":"2024-11-08T20:32:29.124436Z"},{"id":"7a6a7ecd-b9c7-4371-9924-34733597556c","name":"AADInternals Azure AD On-Prem to Cloud","description":"Dr. Nestori Syynimaa. (2020, July 13). Unnoticed sidekick: Getting access to cloud as an on-prem admin. Retrieved September 28, 2022.","url":"https://o365blog.com/post/on-prem_admin/","source":"MITRE","title":"Unnoticed sidekick: Getting access to cloud as an on-prem admin","authors":"Dr. Nestori Syynimaa","date_accessed":"2022-09-28T00:00:00Z","date_published":"2020-07-13T00:00:00Z","owner_name":null,"tidal_id":"b70b4d7a-91e6-549e-a788-e2d8df5dd4a3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429704Z"},{"id":"b251ed65-a145-4053-9dc2-bf0dad83d76c","name":"Adsecurity Mimikatz Guide","description":"Metcalf, S. (2015, November 13). Unofficial Guide to Mimikatz & Command Reference. Retrieved December 23, 2015.","url":"https://adsecurity.org/?page_id=1821","source":"MITRE","title":"Unofficial Guide to Mimikatz & Command Reference","authors":"Metcalf, S","date_accessed":"2015-12-23T00:00:00Z","date_published":"2015-11-13T00:00:00Z","owner_name":null,"tidal_id":"34b403f9-b151-5643-9431-36647a7626e7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423231Z"},{"id":"684835bb-7d67-440d-82c2-5f98c3e29341","name":"InfoSec Write-ups 7 23 2023","description":"Mov Eax. (2023, July 23). Unpacking Emotet Trojan. Retrieved February 27, 2024.","url":"https://infosecwriteups.com/unpacking-emotet-trojan-dac7e6119a0a","source":"Tidal Cyber","title":"Unpacking Emotet Trojan","authors":"Mov Eax","date_accessed":"2024-02-27T00:00:00Z","date_published":"2023-07-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"63e5eafa-3e42-5720-bab9-fe68ddcc40b4","created":"2024-06-13T20:10:52.393413Z","modified":"2024-06-13T20:10:52.583648Z"},{"id":"46ee3b4e-5948-5e04-8264-8b56e0bd8e58","name":"Claroty Fuxnet 2024","description":"Team82. (2024, April 12). Unpacking the Blackjack Group's Fuxnet Malware. Retrieved September","url":"https://claroty.com/team82/research/unpacking-the-blackjack-groups-fuxnet-malware","source":"ICS","title":"Unpacking the Blackjack Group's Fuxnet Malware","authors":"Team82","date_accessed":"1978-09-01T00:00:00Z","date_published":"2024-04-12T00:00:00Z","owner_name":null,"tidal_id":"8e89c43c-963e-50c7-8dca-45825d595a07","created":"2026-01-28T13:08:18.175892Z","modified":"2026-01-28T13:08:18.175895Z"},{"id":"e1c45621-08a5-4d77-8f52-20640c966213","name":"Darktrace Salesloft Incident September 8 2025","description":"Darktrace. (2025, September 8). Unpacking the Salesloft Incident: Insights from Darktrace Observations. Retrieved September 19, 2025.","url":"https://www.darktrace.com/blog/unpacking-the-salesloft-incident-insights-from-darktrace-observations","source":"Tidal Cyber","title":"Unpacking the Salesloft Incident: Insights from Darktrace Observations","authors":"Darktrace","date_accessed":"2025-09-19T12:00:00Z","date_published":"2025-09-08T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e2d56cb7-f04c-5a31-a886-ab8e2f5fff92","created":"2025-10-07T14:06:52.976913Z","modified":"2025-10-07T14:06:53.143156Z"},{"id":"4a6cde5d-971e-4260-9ab4-777ee81d5af0","name":"Cyble Akira May 10 2023","description":"Cybleinc. (2023, May 10). Unraveling Akira Ransomware. Retrieved February 27, 2024.","url":"https://blog.cyble.com/2023/05/10/unraveling-akira-ransomware/","source":"Tidal Cyber","title":"Unraveling Akira Ransomware","authors":"Cybleinc","date_accessed":"2024-02-27T00:00:00Z","date_published":"2023-05-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d2008c8e-84d2-501e-b1e4-8f21f8532182","created":"2024-04-25T14:10:45.128911Z","modified":"2024-04-25T14:10:45.450922Z"},{"id":"2be23bfb-c6fb-455e-ae88-2ae910ccef60","name":"Kaspersky Lamberts Toolkit April 2017","description":"GREAT. (2017, April 11). Unraveling the Lamberts Toolkit. Retrieved March 21, 2022.","url":"https://securelist.com/unraveling-the-lamberts-toolkit/77990/","source":"MITRE","title":"Unraveling the Lamberts Toolkit","authors":"GREAT","date_accessed":"2022-03-21T00:00:00Z","date_published":"2017-04-11T00:00:00Z","owner_name":null,"tidal_id":"5ecf8c46-50ff-5bcc-8e89-f1e7fed1dfd7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418861Z"},{"id":"103f2b78-81ed-4096-a67a-dedaffd67e9b","name":"CrowdStrike Grim Spider May 2019","description":"John, E. and Carvey, H. (2019, May 30). Unraveling the Spiderweb: Timelining ATT&CK Artifacts Used by GRIM SPIDER. Retrieved May 12, 2020.","url":"https://www.crowdstrike.com/blog/timelining-grim-spiders-big-game-hunting-tactics/","source":"MITRE","title":"Unraveling the Spiderweb: Timelining ATT&CK Artifacts Used by GRIM SPIDER","authors":"John, E. and Carvey, H","date_accessed":"2020-05-12T00:00:00Z","date_published":"2019-05-30T00:00:00Z","owner_name":null,"tidal_id":"de3f3049-aa9b-5085-9517-1fb0e1a6bae9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437329Z"},{"id":"329e7423-e145-4390-96df-fe0744b51b19","name":"Trend Micro December 02 2025","description":"Jeffrey Francis Bonaobra, Sarah Pearl Camiling, Joe Soares, Byron Gelera, Ian Kenefick, Emmanuel Panopio. (2025, December 2). Unraveling Water Saci's New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp | Trend Micro (US). Retrieved December 5, 2025.","url":"https://www.trendmicro.com/en_us/research/25/l/water-saci.html","source":"Tidal Cyber","title":"Unraveling Water Saci's New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp | Trend Micro (US)","authors":"Jeffrey Francis Bonaobra, Sarah Pearl Camiling, Joe Soares, Byron Gelera, Ian Kenefick, Emmanuel Panopio","date_accessed":"2025-12-05T12:00:00Z","date_published":"2025-12-02T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c4cc2fad-c6fb-53c7-a125-0a6eef710530","created":"2025-12-10T14:13:45.983908Z","modified":"2025-12-10T14:13:46.138018Z"},{"id":"9ad11187-bf91-4205-98c7-c7b981e4ab6f","name":"Unregmp2.exe - LOLBAS Project","description":"LOLBAS. (2021, December 6). Unregmp2.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Unregmp2/","source":"Tidal Cyber","title":"Unregmp2.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-12-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f4793616-937d-5b7b-aad5-e84c76ee74f9","created":"2024-01-12T14:47:05.011650Z","modified":"2024-01-12T14:47:05.215444Z"},{"id":"72a3c6a7-3f4b-55a3-aed7-fd8ed0f46df2","name":"Grace-Advertisement","description":"M. Grace et al. (2012, April 16-18). Unsafe exposure analysis of mobile in-app advertisements. Retrieved November","url":"https://dl.acm.org/doi/10.1145/2185448.2185464","source":"Mobile","title":"Unsafe exposure analysis of mobile in-app advertisements","authors":"M. Grace et al","date_accessed":"1978-11-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ba878a0d-a53e-5006-b92f-c66882743575","created":"2026-01-28T13:08:10.042893Z","modified":"2026-01-28T13:08:10.042896Z"},{"id":"15465b26-99e1-4956-8c81-cda3388169b8","name":"TrendMicro Patchwork Dec 2017","description":"Lunghi, D., et al. (2017, December). Untangling the Patchwork Cyberespionage Group. Retrieved July 10, 2018.","url":"https://documents.trendmicro.com/assets/tech-brief-untangling-the-patchwork-cyberespionage-group.pdf","source":"MITRE","title":"Untangling the Patchwork Cyberespionage Group","authors":"Lunghi, D., et al","date_accessed":"2018-07-10T00:00:00Z","date_published":"2017-12-01T00:00:00Z","owner_name":null,"tidal_id":"f6c221f2-a229-5623-b085-c84e05400931","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421693Z"},{"id":"05fbfe10-4b20-5804-aeac-bbb3aeefb0a1","name":"Virus Bulletin","description":"Suguru Ishimaru, Hajime Yanagishita, Yusuke Niwa. (2023, October 5). Unveiling activities of Tropic Trooper 2023: deep analysis of Xiangoop Loader and EntryShell payload. Retrieved October 3, 2025.","url":"https://www.virusbulletin.com/conference/vb2023/abstracts/unveiling-activities-tropic-trooper-2023-deep-analysis-xiangoop-loader-and-entryshell-payload/","source":"MITRE","title":"Unveiling activities of Tropic Trooper 2023: deep analysis of Xiangoop Loader and EntryShell payload","authors":"Suguru Ishimaru, Hajime Yanagishita, Yusuke Niwa","date_accessed":"2025-10-03T00:00:00Z","date_published":"2023-10-05T00:00:00Z","owner_name":null,"tidal_id":"82cbd9e1-278a-5574-8d22-f996d64ba085","created":"2025-10-29T21:08:48.165789Z","modified":"2025-12-17T15:08:36.427088Z"},{"id":"547f1a4a-7e4a-461d-8c19-f4775cd60ac0","name":"Kaspersky Careto","description":"Kaspersky Labs. (2014, February 11). Unveiling “Careto” - The Masked APT. Retrieved July 5, 2017.","url":"https://kasperskycontenthub.com/wp-content/uploads/sites/43/vlpdfs/unveilingthemask_v1.0.pdf","source":"MITRE","title":"Unveiling “Careto” - The Masked APT","authors":"Kaspersky Labs","date_accessed":"2017-07-05T00:00:00Z","date_published":"2014-02-11T00:00:00Z","owner_name":null,"tidal_id":"fd690f08-2e27-56ff-b929-c7e404c6bd2c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429917Z"},{"id":"f0b8be1d-5174-5172-8a0d-1628ddd09092","name":"trendmicro_redcurl","description":"Tancio et al. (2024, March 6). Unveiling Earth Kapre aka RedCurl’s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence. Retrieved August 9, 2024.","url":"https://www.trendmicro.com/en_us/research/24/c/unveiling-earth-kapre-aka-redcurls-cyberespionage-tactics-with-t.html","source":"MITRE","title":"Unveiling Earth Kapre aka RedCurl’s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence","authors":"Tancio et al","date_accessed":"2024-08-09T00:00:00Z","date_published":"2024-03-06T00:00:00Z","owner_name":null,"tidal_id":"95d02cf9-41b4-5f10-befb-665cfddfe132","created":"2024-10-31T16:28:35.504645Z","modified":"2025-12-17T15:08:36.440013Z"},{"id":"cd7f7145-579d-4277-8ec9-c67e5ae00759","name":"crowdstrike.com December 19 2024","description":"crowdstrike.com. (2024, December 19). Unveiling LIMINAL PANDA - Threats to Telecom Sector . Retrieved December 23, 2024.","url":"https://www.crowdstrike.com/en-us/blog/liminal-panda-telecom-sector-threats/","source":"Tidal Cyber","title":"Unveiling LIMINAL PANDA - Threats to Telecom Sector","authors":"crowdstrike.com","date_accessed":"2024-12-23T00:00:00Z","date_published":"2024-12-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"303a1d94-cbd2-5d7a-adad-4441d790a08f","created":"2025-02-03T21:08:20.551783Z","modified":"2025-02-03T21:08:21.086461Z"},{"id":"96e199f8-1d33-574f-a507-05303db728e1","name":"NKAbuse SL","description":"KASPERSKY GERT. (2023, December 14). Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol. Retrieved February 8, 2024.","url":"https://securelist.com/unveiling-nkabuse/111512/","source":"MITRE","title":"Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol","authors":"KASPERSKY GERT","date_accessed":"2024-02-08T00:00:00Z","date_published":"2023-12-14T00:00:00Z","owner_name":null,"tidal_id":"287e8d8b-95b9-5423-b7ba-aeb2957581b1","created":"2024-04-25T13:28:49.210278Z","modified":"2025-12-17T15:08:36.421437Z"},{"id":"d4e43b2c-a858-4285-984f-f59db5c657bd","name":"Cymmetria Patchwork","description":"Cymmetria. (2016). Unveiling Patchwork - The Copy-Paste APT. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20180825085952/https:/s3-us-west-2.amazonaws.com/cymmetria-blog/public/Unveiling_Patchwork.pdf","source":"MITRE, Tidal Cyber","title":"Unveiling Patchwork - The Copy-Paste APT","authors":"Cymmetria","date_accessed":"2024-11-17T00:00:00Z","date_published":"2016-01-01T00:00:00Z","owner_name":null,"tidal_id":"f2f1a5df-c44d-533b-89b1-e5075fde6557","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.278407Z"},{"id":"ddcfe3d2-804f-52d1-bd9c-02bac8ad9023","name":"Reichert aon sedexp 2024","description":"Zachary Reichert. (2024, August 19). Unveiling \"sedexp\": A Stealthy Linux Malware Exploiting udev Rules. Retrieved September 26, 2024.","url":"https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp","source":"MITRE","title":"Unveiling \"sedexp\": A Stealthy Linux Malware Exploiting udev Rules","authors":"Zachary Reichert","date_accessed":"2024-09-26T00:00:00Z","date_published":"2024-08-19T00:00:00Z","owner_name":null,"tidal_id":"9a484a66-c68a-5283-a5cd-10a6e512bff9","created":"2024-10-31T16:28:27.388527Z","modified":"2025-12-17T15:08:36.436592Z"},{"id":"df4b99f3-1796-57b3-a352-37be5380badc","name":"Orange Residential Proxies","description":"Orange Cyberdefense. (2024, March 14). Unveiling the depths of residential proxies providers. Retrieved April 11, 2024.","url":"https://www.orangecyberdefense.com/global/blog/research/residential-proxies","source":"MITRE","title":"Unveiling the depths of residential proxies providers","authors":"Orange Cyberdefense","date_accessed":"2024-04-11T00:00:00Z","date_published":"2024-03-14T00:00:00Z","owner_name":null,"tidal_id":"1e0c6c8d-0c72-5345-b736-7498eb6cf470","created":"2024-04-25T13:28:41.119443Z","modified":"2025-12-17T15:08:36.436153Z"},{"id":"1017c4f2-9e02-50d2-88af-2928c9ed2594","name":"SekoiaBourhis_DiceLoader_Feb2024","description":"Bourhis, P., Sekoia TDR. (2024, February 1). Unveiling the intricacies of DiceLoader. Retrieved May 14, 2025.","url":"https://blog.sekoia.io/unveiling-the-intricacies-of-diceloader/","source":"MITRE","title":"Unveiling the intricacies of DiceLoader","authors":"Bourhis, P., Sekoia TDR","date_accessed":"2025-05-14T00:00:00Z","date_published":"2024-02-01T00:00:00Z","owner_name":null,"tidal_id":"a3a55143-fc7a-5a59-8815-a55dc5c3f101","created":"2025-10-29T21:08:48.167739Z","modified":"2025-12-17T15:08:36.441492Z"},{"id":"24d4a6ac-2f5a-4155-bb14-7fb68a977fce","name":"CrowdStrike.com December 04 2025","description":"None Identified. (2025, December 4). Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary. Retrieved December 5, 2025.","url":"https://www.crowdstrike.com/en-us/blog/warp-panda-cloud-threats/","source":"Tidal Cyber","title":"Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary","authors":"None Identified","date_accessed":"2025-12-05T12:00:00Z","date_published":"2025-12-04T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"be15ff86-5a3c-5bbf-86f3-71aedd11cda4","created":"2025-12-10T14:13:45.352990Z","modified":"2025-12-10T14:13:45.510775Z"},{"id":"0c017bf7-0ec7-4e45-8c20-7db284c4a51e","name":"The DFIR Report Ursnif January 2023","description":"The DFIR Report. (2023, January 9). Unwrapping Ursnifs Gifts. Retrieved May 10, 2023.","url":"https://thedfirreport.com/2023/01/09/unwrapping-ursnifs-gifts/","source":"Tidal Cyber","title":"Unwrapping Ursnifs Gifts","authors":"The DFIR Report","date_accessed":"2023-05-10T00:00:00Z","date_published":"2023-01-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0b153050-60a8-5845-860f-20a8f1329568","created":"2024-06-13T20:10:23.300617Z","modified":"2024-06-13T20:10:23.499504Z"},{"id":"2235ff2a-07b8-4198-b91d-e50739e274f4","name":"Rapid7G20Espionage","description":"Rapid7. (2013, August 26). Upcoming G20 Summit Fuels Espionage Operations. Retrieved March 6, 2017.","url":"https://blog.rapid7.com/2013/08/26/upcoming-g20-summit-fuels-espionage-operations/","source":"MITRE","title":"Upcoming G20 Summit Fuels Espionage Operations","authors":"Rapid7","date_accessed":"2017-03-06T00:00:00Z","date_published":"2013-08-26T00:00:00Z","owner_name":null,"tidal_id":"7ba58223-8842-58ec-bbc5-93e8e25c451e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431980Z"},{"id":"f26629db-c641-4b6b-abbf-b55b9cc91cf1","name":"Unit 42 BackConfig May 2020","description":"Hinchliffe, A. and Falcone, R. (2020, May 11). Updated BackConfig Malware Targeting Government and Military Organizations in South Asia. Retrieved June 17, 2020.","url":"https://unit42.paloaltonetworks.com/updated-backconfig-malware-targeting-government-and-military-organizations/","source":"MITRE","title":"Updated BackConfig Malware Targeting Government and Military Organizations in South Asia","authors":"Hinchliffe, A. and Falcone, R","date_accessed":"2020-06-17T00:00:00Z","date_published":"2020-05-11T00:00:00Z","owner_name":null,"tidal_id":"5cdf1ee2-fa61-5f2c-95ab-6493273193c9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421499Z"},{"id":"61c05edf-24aa-4399-8cdf-01d27f6595a1","name":"Secureworks Karagany July 2019","description":"Secureworks. (2019, July 24). Updated Karagany Malware Targets Energy Sector. Retrieved August 12, 2020.","url":"https://www.secureworks.com/research/updated-karagany-malware-targets-energy-sector","source":"MITRE","title":"Updated Karagany Malware Targets Energy Sector","authors":"Secureworks","date_accessed":"2020-08-12T00:00:00Z","date_published":"2019-07-24T00:00:00Z","owner_name":null,"tidal_id":"260bd00b-befe-560f-bd70-dcb8284b30a2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419944Z"},{"id":"2c85d5e5-2cb2-4af7-8c33-8aaac3360706","name":"Update.exe - LOLBAS Project","description":"LOLBAS. (2019, June 26). Update.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Update/","source":"Tidal Cyber","title":"Update.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2019-06-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"08312f48-c46c-542a-848f-5f62cc548666","created":"2024-01-12T14:47:32.042721Z","modified":"2024-01-12T14:47:32.225134Z"},{"id":"414ff729-ba51-4c5a-a4ac-027e0d3c14df","name":"GuidePoint Security INC Ransomware August 14 2024","description":"Rui Ataide, Hermes Bojaxhi. (2024, August 14). Update from the Ransomware Trenches. Retrieved October 4, 2024.","url":"https://www.guidepointsecurity.com/blog/update-from-the-ransomware-trenches/","source":"Tidal Cyber","title":"Update from the Ransomware Trenches","authors":"Rui Ataide, Hermes Bojaxhi","date_accessed":"2024-10-04T00:00:00Z","date_published":"2024-08-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"b8aa566c-5a72-5004-a4a0-38089fb5663f","created":"2024-10-04T20:31:33.072382Z","modified":"2024-10-04T20:31:33.265734Z"},{"id":"101ae1c2-1f08-4cb3-8748-554bce0b3d6f","name":"Drift Salesloft Update September 6 2025","description":"Salesloft. (2025, September 6). Update on Mandiant Drift and Salesloft Application Investigations. Retrieved September 8, 2025.","url":"https://trust.salesloft.com/?uid=Update+on+Mandiant+Drift+and+Salesloft+Application+Investigations","source":"Tidal Cyber","title":"Update on Mandiant Drift and Salesloft Application Investigations","authors":"Salesloft","date_accessed":"2025-09-08T12:00:00Z","date_published":"2025-09-06T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5734ef63-dd32-5e18-b86a-5bfcea94497d","created":"2025-09-10T16:38:49.766554Z","modified":"2025-09-10T16:38:49.943528Z"},{"id":"63a76e88-2cd1-4cfa-bd96-4c1c3eebb39b","name":"FBI SVR Update October 10 2024","description":"U.S. Federal Bureau of Investigation. (2024, October 10). Update on SVR Cyber Operations and Vulnerability Exploitation. Retrieved October 14, 2024.","url":"https://www.ic3.gov/Media/News/2024/241010.pdf","source":"Tidal Cyber","title":"Update on SVR Cyber Operations and Vulnerability Exploitation","authors":"U.S. Federal Bureau of Investigation","date_accessed":"2024-10-14T00:00:00Z","date_published":"2024-10-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d57cba65-a0b0-5adb-9393-d834961470a6","created":"2024-10-14T19:18:55.688079Z","modified":"2024-10-14T19:18:56.184408Z"},{"id":"1db3856e-d581-42e6-8038-44b0a2a2b435","name":"Microsoft - Update or Repair Federated domain","description":"Microsoft. (2020, September 14). Update or repair the settings of a federated domain in Office 365, Azure, or Intune. Retrieved December 30, 2020.","url":"https://docs.microsoft.com/en-us/office365/troubleshoot/active-directory/update-federated-domain-office-365","source":"MITRE","title":"Update or repair the settings of a federated domain in Office 365, Azure, or Intune","authors":"Microsoft","date_accessed":"2020-12-30T00:00:00Z","date_published":"2020-09-14T00:00:00Z","owner_name":null,"tidal_id":"7e7ae5a2-32a2-5325-b9f9-ba719811d9c3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426386Z"},{"id":"cf0930b2-eb12-5f17-b9f5-e2dbf9712088","name":"ATT SIM Swap Scams","description":"AT&T. (n.d.). UPDATE: Secure Your Number to Reduce SIM Swap Scams. Retrieved January","url":"https://www.research.att.com/sites/cyberaware/ni/blog/sim_swap.html","source":"Mobile","title":"UPDATE: Secure Your Number to Reduce SIM Swap Scams","authors":"AT&T","date_accessed":"1978-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c9fed1a1-f55d-5786-a725-5165163e0aed","created":"2026-01-28T13:08:10.045410Z","modified":"2026-01-28T13:08:10.045413Z"},{"id":"880c1b9e-55a1-404c-9754-1fc2ee30a72b","name":"Trendmicro Evolving ThiefQuest 2020","description":"Gabrielle Joyce Mabutas, Luis Magisa, Steven Du. (2020, July 17). Updates on Quickly-Evolving ThiefQuest macOS Malware. Retrieved April 26, 2021.","url":"https://www.trendmicro.com/en_us/research/20/g/updates-on-quickly-evolving-thiefquest-macos-malware.html","source":"MITRE","title":"Updates on Quickly-Evolving ThiefQuest macOS Malware","authors":"Gabrielle Joyce Mabutas, Luis Magisa, Steven Du","date_accessed":"2021-04-26T00:00:00Z","date_published":"2020-07-17T00:00:00Z","owner_name":null,"tidal_id":"f346f007-0f6d-5cb4-81c3-1c1f2d608482","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441505Z"},{"id":"a94e1e4a-2963-5563-a8a6-ab9f64a86476","name":"AWS Update Trail","description":"AWS. (n.d.). update-trail. Retrieved August 4, 2023.","url":"https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudtrail/update-trail.html","source":"MITRE","title":"update-trail","authors":"AWS","date_accessed":"2023-08-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e6f41623-d639-5fc1-95ff-b27a825e922e","created":"2023-11-07T00:36:07.795086Z","modified":"2025-12-17T15:08:36.434679Z"},{"id":"0b9a2bad-46e0-4bc9-acd6-1223c1b4f6bf","name":"ESET CVE-2025-8088 August 11 2025","description":"Anton Cherepanov, Peter Strýček, Damien Schaeffer. (2025, August 11). Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability. Retrieved August 11, 2025.","url":"https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/","source":"Tidal Cyber","title":"Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability","authors":"Anton Cherepanov, Peter Strýček, Damien Schaeffer","date_accessed":"2025-08-11T12:00:00Z","date_published":"2025-08-11T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fec3a70d-23c1-5f80-b5b6-a1adaf27da4c","created":"2025-08-14T15:16:00.823952Z","modified":"2025-08-14T15:16:00.979490Z"},{"id":"c89c5ca3-5f05-5a57-afc4-099ed97263fa","name":"PaloAlto-XcodeGhost","description":"Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December","url":"http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/","source":"Mobile","title":"Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps","authors":"Claud Xiao","date_accessed":"1978-12-01T00:00:00Z","date_published":"2015-09-18T00:00:00Z","owner_name":null,"tidal_id":"1b8428c4-324d-5148-a790-9137eb6c4d71","created":"2026-01-28T13:08:10.041946Z","modified":"2026-01-28T13:08:10.041951Z"},{"id":"cf88d5a8-133b-5743-8f41-ee351fa9a7e9","name":"Bitdefender Mandrake","description":"R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July","url":"https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf","source":"Mobile","title":"Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years","authors":"R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al","date_accessed":"1978-07-01T00:00:00Z","date_published":"2020-05-14T00:00:00Z","owner_name":null,"tidal_id":"3f0302bb-57c4-5f6d-bb98-e3f5be8862a2","created":"2026-01-28T13:08:10.040520Z","modified":"2026-01-28T13:08:10.040523Z"},{"id":"42d35b93-2866-46d8-b8ff-675df05db9db","name":"Unit 42 Pirpi July 2015","description":"Falcone, R., Wartell, R.. (2015, July 27). UPS: Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload. Retrieved April 23, 2019.","url":"https://unit42.paloaltonetworks.com/ups-observations-on-cve-2015-3113-prior-zero-days-and-the-pirpi-payload/","source":"MITRE","title":"UPS: Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload","authors":"Falcone, R., Wartell, R.","date_accessed":"2019-04-23T00:00:00Z","date_published":"2015-07-27T00:00:00Z","owner_name":null,"tidal_id":"5a2fe0aa-b7f0-5824-92fe-1a82cc0edc85","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431942Z"},{"id":"d6e71b45-fc91-40f4-8201-2186994ae42a","name":"PaperCut MF/NG vulnerability bulletin","description":"PaperCut. (2023, March 8). URGENT MF/NG vulnerability bulletin (March 2023) | PaperCut. Retrieved August 3, 2023.","url":"https://www.papercut.com/kb/Main/PO-1216-and-PO-1219#product-status-and-next-steps","source":"Tidal Cyber","title":"URGENT MF/NG vulnerability bulletin (March 2023) | PaperCut","authors":"PaperCut","date_accessed":"2023-08-03T00:00:00Z","date_published":"2023-03-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"220b21e7-dcd9-52a4-89f5-61288b7c9d00","created":"2023-08-04T16:40:32.753207Z","modified":"2023-08-04T16:40:33.055768Z"},{"id":"8d0aea35-c1af-5dda-a4c9-814f0e9c9334","name":"URI Use","description":"Nathan McFeters. Billy Kim Rios. Rob Carter.. (2008). URI Use and Abuse. Retrieved February 9, 2024.","url":"https://www.blackhat.com/presentations/bh-dc-08/McFeters-Rios-Carter/Presentation/bh-dc-08-mcfeters-rios-carter.pdf","source":"MITRE","title":"URI Use and Abuse","authors":"Nathan McFeters. Billy Kim Rios. Rob Carter.","date_accessed":"2024-02-09T00:00:00Z","date_published":"2008-01-01T00:00:00Z","owner_name":null,"tidal_id":"54c89acf-a47a-5183-acd3-9b4eb54730a7","created":"2024-04-25T13:28:33.451498Z","modified":"2025-12-17T15:08:36.428493Z"},{"id":"0c88fb72-6be5-4a01-af1c-553650779253","name":"Url.dll - LOLBAS Project","description":"LOLBAS. (2018, May 25). Url.dll. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Libraries/Url/","source":"Tidal Cyber","title":"Url.dll","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f235dcff-685a-549e-8d87-89e674841585","created":"2024-01-12T14:47:15.688078Z","modified":"2024-01-12T14:47:15.869620Z"},{"id":"ed4aab9c-6b94-593b-b81e-47393197ee48","name":"SCILabs Malteiro Threat Overlap 2023","description":"SCILabs. (2023, October 8). URSA/Mispadu: Overlap analysis with other threats. Retrieved March 13, 2024.","url":"https://blog.scilabs.mx/en/ursa-mispadu-overlap-analysis-with-other-threats/","source":"MITRE","title":"URSA/Mispadu: Overlap analysis with other threats","authors":"SCILabs","date_accessed":"2024-03-13T00:00:00Z","date_published":"2023-10-08T00:00:00Z","owner_name":null,"tidal_id":"5759a866-dfe2-5ef1-bdd8-7da7992709aa","created":"2024-04-25T13:28:52.647805Z","modified":"2025-12-17T15:08:36.442053Z"},{"id":"d57a2efe-8c98-491e-aecd-e051241a1779","name":"NJCCIC Ursnif Sept 2016","description":"NJCCIC. (2016, September 27). Ursnif. Retrieved September 12, 2024.","url":"https://www.cyber.nj.gov/threat-landscape/malware/trojans/ursnif","source":"MITRE","title":"Ursnif","authors":"NJCCIC","date_accessed":"2024-09-12T00:00:00Z","date_published":"2016-09-27T00:00:00Z","owner_name":null,"tidal_id":"07bf2733-3463-5c0a-a11b-8eb9b2d2ba70","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417073Z"},{"id":"d02287df-9d93-4cbe-8e59-8f4ef3debc65","name":"TrendMicro Ursnif Mar 2015","description":"Caragay, R. (2015, March 26). URSNIF: The Multifaceted Malware. Retrieved June 5, 2019.","url":"https://web.archive.org/web/20210719165945/https://www.trendmicro.com/en_us/research/15/c/ursnif-the-multifaceted-malware.html?_ga=2.165628854.808042651.1508120821-744063452.1505819992","source":"MITRE","title":"URSNIF: The Multifaceted Malware","authors":"Caragay, R","date_accessed":"2019-06-05T00:00:00Z","date_published":"2015-03-26T00:00:00Z","owner_name":null,"tidal_id":"855c04bb-713c-55bf-9398-1a6b4db4f63b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417066Z"},{"id":"f05ecd1b-7844-4920-8c3a-0b30ff126ac9","name":"Proofpoint August 29 2016","description":"Proofpoint. (2016, August 29). Ursnif Variant Dreambot Adds Tor Functionality | Proofpoint. Retrieved May 11, 2023.","url":"https://www.proofpoint.com/us/threat-insight/post/ursnif-variant-dreambot-adds-tor-functionality","source":"Tidal Cyber","title":"Ursnif Variant Dreambot Adds Tor Functionality | Proofpoint","authors":"Proofpoint","date_accessed":"2023-05-11T00:00:00Z","date_published":"2016-08-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"849d4a21-14dc-51c8-bd9a-9686f6db2b95","created":"2024-06-13T20:10:24.071878Z","modified":"2024-06-13T20:10:24.264328Z"},{"id":"d7befaea-1b35-54c3-a086-83b490f6a0a1","name":"Bleeping Computer US Cellular Hack 2022","description":"Sergiu Gatlan. (2022, January 4). UScellular discloses data breach after billing system hack. Retrieved July 1, 2024.","url":"https://www.bleepingcomputer.com/news/security/uscellular-discloses-data-breach-after-billing-system-hack/","source":"MITRE","title":"UScellular discloses data breach after billing system hack","authors":"Sergiu Gatlan","date_accessed":"2024-07-01T00:00:00Z","date_published":"2022-01-04T00:00:00Z","owner_name":null,"tidal_id":"bad2798a-c6cc-5c05-9d50-0f99359cbaba","created":"2024-10-31T16:28:25.150749Z","modified":"2025-12-17T15:08:36.434050Z"},{"id":"2d2a6f76-9531-4b35-b247-ae5da8663a92","name":"US Coast Guard Killnet August 17 2022","description":"US Coast Guard Cyber Command. (2022, August 17). US Coast Guard Cyber Command Maritime Cyber Alert 03-22. Retrieved October 9, 2023.","url":"https://www.dco.uscg.mil/Portals/9/Maritime%20Cyber%20Alert%2003-22%20KILLNET%20TLP%20WHITE.pdf","source":"Tidal Cyber","title":"US Coast Guard Cyber Command Maritime Cyber Alert 03-22","authors":"US Coast Guard Cyber Command","date_accessed":"2023-10-09T00:00:00Z","date_published":"2022-08-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0ee69ee6-6f40-5b39-bf33-147fc4028e3a","created":"2023-10-10T20:48:39.421716Z","modified":"2023-10-10T20:48:39.816594Z"},{"id":"600de668-f128-4368-8667-24ed9a9db47a","name":"USCYBERCOM SLOTHFULMEDIA October 2020","description":"USCYBERCOM. (2020, October 1). USCYBERCOM Cybersecurity Alert SLOTHFULMEDIA. Retrieved September 12, 2024.","url":"https://x.com/CNMF_CyberAlert/status/1311743710997159953","source":"MITRE","title":"USCYBERCOM Cybersecurity Alert SLOTHFULMEDIA","authors":"USCYBERCOM","date_accessed":"2024-09-12T00:00:00Z","date_published":"2020-10-01T00:00:00Z","owner_name":null,"tidal_id":"985577b9-a862-55af-a410-cc753ee1c46c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422616Z"},{"id":"81bd5579-6a8a-40d2-b7b7-5cdb879ebdf0","name":"U.S. Justice Department Hive January 2023","description":"Office of Public Affairs. (2023, January 26). U.S. Department of Justice Disrupts Hive Ransomware Variant. Retrieved June 18, 2024.","url":"https://www.justice.gov/opa/pr/us-department-justice-disrupts-hive-ransomware-variant","source":"Tidal Cyber","title":"U.S. Department of Justice Disrupts Hive Ransomware Variant","authors":"Office of Public Affairs","date_accessed":"2024-06-18T00:00:00Z","date_published":"2023-01-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bdb597c7-aed6-5a66-9ed6-457b6c21235b","created":"2024-06-24T14:58:41.187167Z","modified":"2024-06-24T14:58:41.393149Z"},{"id":"4499df4a-53c2-4f17-ac90-b99272f5f522","name":"win10_asr","description":"Microsoft. (2021, July 2). Use attack surface reduction rules to prevent malware infection. Retrieved June 24, 2021.","url":"https://docs.microsoft.com/microsoft-365/security/defender-endpoint/attack-surface-reduction","source":"MITRE","title":"Use attack surface reduction rules to prevent malware infection","authors":"Microsoft","date_accessed":"2021-06-24T00:00:00Z","date_published":"2021-07-02T00:00:00Z","owner_name":null,"tidal_id":"1bca1555-7843-51cf-b99f-728222e734cd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440885Z"},{"id":"8cfb45ec-b660-4a3a-9175-af4ea01ef473","name":"Azure AD Conditional Access Exclusions","description":"Microsoft. (2022, August 26). Use Azure AD access reviews to manage users excluded from Conditional Access policies. Retrieved August 30, 2022.","url":"https://docs.microsoft.com/en-us/azure/active-directory/governance/conditional-access-exclusion","source":"MITRE","title":"Use Azure AD access reviews to manage users excluded from Conditional Access policies","authors":"Microsoft","date_accessed":"2022-08-30T00:00:00Z","date_published":"2022-08-26T00:00:00Z","owner_name":null,"tidal_id":"044f1df1-922a-5a49-93cf-5d39cb960ef0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433703Z"},{"id":"b298b3d1-30c1-4894-b1de-be11812cde6b","name":"Docker Bind Mounts","description":"Docker. (n.d.). Use Bind Mounts. Retrieved March 30, 2021.","url":"https://docs.docker.com/storage/bind-mounts/","source":"MITRE","title":"Use Bind Mounts","authors":"Docker","date_accessed":"2021-03-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"24ea36ce-6455-55e0-9535-1f85b5fbd21a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429067Z"},{"id":"cf0bb77d-c7f7-515b-9217-ba9120cdddec","name":"Chrome Roaming Profiles","description":"Chrome Enterprise and Education Help. (n.d.). Use Chrome Browser with Roaming User Profiles. Retrieved March 28, 2023.","url":"https://support.google.com/chrome/a/answer/7349337","source":"MITRE","title":"Use Chrome Browser with Roaming User Profiles","authors":"Chrome Enterprise and Education Help","date_accessed":"2023-03-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"929fd6a0-bc72-506d-a7b0-09f4f1558990","created":"2023-05-26T01:21:06.285144Z","modified":"2025-12-17T15:08:36.430166Z"},{"id":"a1192cb3-4536-4900-93c7-a127ca06c690","name":"Ars Technica GRU indictment Jul 2018","description":"Gallagher, S. (2018, July 27). How they did it (and will likely try again): GRU hackers vs. US elections. Retrieved September 13, 2018.","url":"https://arstechnica.com/information-technology/2018/07/from-bitly-to-x-agent-how-gru-hackers-targeted-the-2016-presidential-election/","source":"MITRE","title":"US elections","authors":"Gallagher, S. (2018, July 27)","date_accessed":"2018-09-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"abc4deec-4d23-5c70-850e-f42320d730b2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437936Z"},{"id":"e5f59848-7014-487d-9bae-bed81af1b72b","name":"Remote Management MDM macOS","description":"Apple. (n.d.). Use MDM to enable Remote Management in macOS. Retrieved September 23, 2021.","url":"https://support.apple.com/en-us/HT209161","source":"MITRE","title":"Use MDM to enable Remote Management in macOS","authors":"Apple","date_accessed":"2021-09-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"807f2c30-6aaa-5d3b-8cd2-7bda5d7385b5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429666Z"},{"id":"07855a81-1b72-4361-917e-a413b0124eca","name":"Securelist Denis April 2017","description":"Shulmin, A., Yunakovsky, S. (2017, April 28). Use of DNS Tunneling for C&C Communications. Retrieved November 5, 2018.","url":"https://securelist.com/use-of-dns-tunneling-for-cc-communications/78203/","source":"MITRE","title":"Use of DNS Tunneling for C&C Communications","authors":"Shulmin, A., Yunakovsky, S","date_accessed":"2018-11-05T00:00:00Z","date_published":"2017-04-28T00:00:00Z","owner_name":null,"tidal_id":"130c4daf-6bca-52b5-988c-177f1a42b202","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439708Z"},{"id":"d561c364-6654-5080-9c68-05932f6addc6","name":"CrowdStrike-Android","description":"CrowdStrike Global Intelligence Team. (2016). Use of Fancy Bear Android Malware in Tracking of Ukrainian FIeld Artillery Units. Retrieved February","url":"https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf","source":"Mobile","title":"Use of Fancy Bear Android Malware in Tracking of Ukrainian FIeld Artillery Units","authors":"CrowdStrike Global Intelligence Team","date_accessed":"1978-02-01T00:00:00Z","date_published":"2016-01-01T00:00:00Z","owner_name":null,"tidal_id":"c811a68e-a324-5b97-aca7-7bac582bec04","created":"2026-01-28T13:08:10.040570Z","modified":"2026-01-28T13:08:10.040573Z"},{"id":"9ea922a4-42fa-5689-8e2a-3ffd23225c43","name":"Microsoft Quick Assist 2024","description":"Microsoft. (2024, September 4). Use Quick Assist to help users. Retrieved March 14, 2025.","url":"https://learn.microsoft.com/en-us/windows/client-management/client-tools/quick-assist","source":"MITRE","title":"Use Quick Assist to help users","authors":"Microsoft","date_accessed":"2025-03-14T00:00:00Z","date_published":"2024-09-04T00:00:00Z","owner_name":null,"tidal_id":"05740f55-8ed4-563b-9db8-e4c2d1eaeea4","created":"2025-04-22T20:47:31.409887Z","modified":"2025-12-17T15:08:36.423512Z"},{"id":"2eb2fb2f-0b43-4c8c-a69f-3f76a8fd90f3","name":"Microsoft UAC","description":"Microsoft. (n.d.). User Account Control. Retrieved January 18, 2018.","url":"https://msdn.microsoft.com/library/windows/desktop/dn742497.aspx","source":"MITRE","title":"User Account Control","authors":"Microsoft","date_accessed":"2018-01-18T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e647aa92-42b4-5dc8-8745-3e989caa1038","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415602Z"},{"id":"dea47af6-677a-4625-8664-adf0e6839c9f","name":"TechNet Inside UAC","description":"Russinovich, M. (2009, July). User Account Control: Inside Windows 7 User Account Control. Retrieved July 26, 2016.","url":"https://technet.microsoft.com/en-US/magazine/2009.07.uac.aspx","source":"MITRE","title":"User Account Control: Inside Windows 7 User Account Control","authors":"Russinovich, M","date_accessed":"2016-07-26T00:00:00Z","date_published":"2009-07-01T00:00:00Z","owner_name":null,"tidal_id":"b21388f6-81b8-5ed0-8ac9-af47bc61079c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425265Z"},{"id":"1827d55f-d7eb-5fd8-884f-35f0d0f16efd","name":"Mozilla User Agent","description":"MDN contributors. (2025, July 4). User-Agent header. Retrieved October 19, 2025.","url":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/User-Agent","source":"MITRE","title":"User-Agent header","authors":"MDN contributors","date_accessed":"2025-10-19T00:00:00Z","date_published":"2025-07-04T00:00:00Z","owner_name":null,"tidal_id":"6c369c41-b880-5959-957c-789f038a6d0c","created":"2025-10-29T21:08:48.166209Z","modified":"2025-12-17T15:08:36.433461Z"},{"id":"7700928b-2d27-470c-a2d9-e5c5f9a43af3","name":"User Approved Kernel Extension Pike’s","description":"Pikeralpha. (2017, August 29). User Approved Kernel Extension Loading…. Retrieved September 23, 2021.","url":"https://pikeralpha.wordpress.com/2017/08/29/user-approved-kernel-extension-loading/","source":"MITRE","title":"User Approved Kernel Extension Loading…","authors":"Pikeralpha","date_accessed":"2021-09-23T00:00:00Z","date_published":"2017-08-29T00:00:00Z","owner_name":null,"tidal_id":"d138ebbe-ed98-5783-9c7c-5af043fc902a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433118Z"},{"id":"338d008f-c0c0-59df-8a8c-ec8bd15d0be4","name":"TrendMicro-RootingMalware","description":"Jordan Pan. (2016, February 10). User Beware: Rooting Malware Found in 3rd Party App Stores. Retrieved November","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/user-beware-rooting-malware-found-in-3rd-party-app-stores/","source":"Mobile","title":"User Beware: Rooting Malware Found in 3rd Party App Stores","authors":"Jordan Pan","date_accessed":"1978-11-01T00:00:00Z","date_published":"2016-02-10T00:00:00Z","owner_name":null,"tidal_id":"55be7f50-d64e-5185-a183-dfe206263e2b","created":"2026-01-28T13:08:10.044000Z","modified":"2026-01-28T13:08:10.044003Z"},{"id":"9a0e7054-9239-43cd-8e5f-aac8b665be72","name":"Adlice Software IAT Hooks Oct 2014","description":"Tigzy. (2014, October 15). Userland Rootkits: Part 1, IAT hooks. Retrieved December 12, 2017.","url":"https://www.adlice.com/userland-rootkits-part-1-iat-hooks/","source":"MITRE","title":"Userland Rootkits: Part 1, IAT hooks","authors":"Tigzy","date_accessed":"2017-12-12T00:00:00Z","date_published":"2014-10-15T00:00:00Z","owner_name":null,"tidal_id":"df3fe88e-f1ed-548b-8073-ade5e9e8d671","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430556Z"},{"id":"e2b4b672-4828-56eb-95eb-2abfbf7f9195","name":"Linux Usermod","description":"Man7. (n.d.). Usermod. Retrieved August 5, 2024.","url":"https://www.man7.org/linux/man-pages/man8/usermod.8.html","source":"MITRE","title":"Usermod","authors":"Man7","date_accessed":"2024-08-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"632d8d2c-5c34-59cb-a804-aa5064a94fb4","created":"2024-10-31T16:28:19.645902Z","modified":"2025-12-17T15:08:36.428222Z"},{"id":"8e7b99d7-ad94-5802-a1ee-6334842e7e0b","name":"cisco_username_cmd","description":"Cisco. (2023, March 6). username - Cisco IOS Security Command Reference: Commands S to Z. Retrieved July 13, 2022.","url":"https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-cr-book/sec-cr-t2.html#wp1047035630","source":"MITRE","title":"username - Cisco IOS Security Command Reference: Commands S to Z","authors":"Cisco","date_accessed":"2022-07-13T00:00:00Z","date_published":"2023-03-06T00:00:00Z","owner_name":null,"tidal_id":"56c1e656-f573-5bc5-8a22-04ad101c26f9","created":"2023-05-26T01:21:06.499251Z","modified":"2025-12-17T15:08:36.430389Z"},{"id":"aa3846fd-a307-4be5-a487-9aa2688d5816","name":"Jamf User Password Policies","description":"Holland, J. (2016, January 25). User password policies on non AD machines. Retrieved April 5, 2018.","url":"https://www.jamf.com/jamf-nation/discussions/18574/user-password-policies-on-non-ad-machines","source":"MITRE","title":"User password policies on non AD machines","authors":"Holland, J","date_accessed":"2018-04-05T00:00:00Z","date_published":"2016-01-25T00:00:00Z","owner_name":null,"tidal_id":"4069c174-41d0-5f76-8afa-6fed1d4d4bac","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433842Z"},{"id":"f83283aa-3aaf-4ebd-8503-0d84c2c627c4","name":"MacOS Email Rules","description":"Apple. (n.d.). Use rules to manage emails you receive in Mail on Mac. Retrieved June 14, 2021.","url":"https://support.apple.com/guide/mail/use-rules-to-manage-emails-you-receive-mlhlp1017/mac","source":"MITRE","title":"Use rules to manage emails you receive in Mail on Mac","authors":"Apple","date_accessed":"2021-06-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"15508a54-a9c3-5681-a33f-18eae27609dd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424623Z"},{"id":"f45d4d73-31b5-557d-b734-f5c186a2e31c","name":"Microsoft 365 Sharing Auditing","description":"Microsoft. (2023, October 1). Use sharing auditing in the audit log. Retrieved March 4, 2024.","url":"https://learn.microsoft.com/en-us/purview/audit-log-sharing","source":"MITRE","title":"Use sharing auditing in the audit log","authors":"Microsoft","date_accessed":"2024-03-04T00:00:00Z","date_published":"2023-10-01T00:00:00Z","owner_name":null,"tidal_id":"246fdcc7-61ee-517e-9d43-dbb3483d6267","created":"2024-04-25T13:28:53.184124Z","modified":"2025-04-22T20:47:32.440327Z"},{"id":"85fe1e55-c7c5-5cbc-9594-04820cb8b8ed","name":"Docker Desktop CLI","description":"dockerdocs. (n.d.). Use the Docker Desktop CLI. Retrieved October 21, 2025.","url":"https://docs.docker.com/desktop/features/desktop-cli/","source":"MITRE","title":"Use the Docker Desktop CLI","authors":"dockerdocs","date_accessed":"2025-10-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5797df09-e16b-5227-80a4-33570f5f189e","created":"2025-10-29T21:08:48.166357Z","modified":"2025-12-17T15:08:36.434260Z"},{"id":"f26542dd-aa61-4d2a-a05a-8f9674b49f82","name":"Kickstart Apple Remote Desktop commands","description":"Apple. (n.d.). Use the kickstart command-line utility in Apple Remote Desktop. Retrieved September 23, 2021.","url":"https://support.apple.com/en-us/HT201710","source":"MITRE","title":"Use the kickstart command-line utility in Apple Remote Desktop","authors":"Apple","date_accessed":"2021-09-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c825d23f-5c62-5b73-a392-a44a899d4f5a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429672Z"},{"id":"4e7c36b9-415f-41f1-980e-251d92994eb4","name":"Microsoft Windows Event Forwarding FEB 2018","description":"Hardy, T. & Hall, J. (2018, February 15). Use Windows Event Forwarding to help with intrusion detection. Retrieved August 7, 2018.","url":"https://docs.microsoft.com/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection","source":"MITRE","title":"Use Windows Event Forwarding to help with intrusion detection","authors":"Hardy, T. & Hall, J","date_accessed":"2018-08-07T00:00:00Z","date_published":"2018-02-15T00:00:00Z","owner_name":null,"tidal_id":"0d0ac505-c447-592e-b5e3-c0ff2340e85c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426646Z"},{"id":"81dc5818-342c-5efb-90c6-425c218e130f","name":"Google Workspace Data Loss Prevention","description":"Google. (n.d.). Use Workspace DLP to prevent data loss. Retrieved March 4, 2024.","url":"https://support.google.com/a/answer/9646351","source":"MITRE","title":"Use Workspace DLP to prevent data loss","authors":"Google","date_accessed":"2024-03-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"edbe4465-edbd-5dfe-98cd-59125f9790d1","created":"2024-04-25T13:28:51.286935Z","modified":"2025-12-17T15:08:36.440735Z"},{"id":"5374ad8e-96a2-4d19-b2cf-28232fa97b52","name":"Apple ZShell","description":"Apple. (2020, January 28). Use zsh as the default shell on your Mac. Retrieved June 12, 2020.","url":"https://support.apple.com/HT208050","source":"MITRE","title":"Use zsh as the default shell on your Mac","authors":"Apple","date_accessed":"2020-06-12T00:00:00Z","date_published":"2020-01-28T00:00:00Z","owner_name":null,"tidal_id":"1a4c6953-2ac7-533c-9bf1-95fc188b6174","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433351Z"},{"id":"7f960599-a3d6-53bb-91ff-f0e6117a30ed","name":"Kuberentes ABAC","description":"Kuberenets. (n.d.). Using ABAC Authorization. Retrieved July 14, 2023.","url":"https://kubernetes.io/docs/reference/access-authn-authz/abac/","source":"MITRE","title":"Using ABAC Authorization","authors":"Kuberenets","date_accessed":"2023-07-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3728dd63-ab8f-5b50-8ee1-33e21e80ec88","created":"2023-11-07T00:36:00.435012Z","modified":"2025-12-17T15:08:36.427607Z"},{"id":"d0eacad8-a6ff-4282-8fbc-d7984ad03b56","name":"Cisco Umbrella DGA Brute Force","description":"Kasza, A. (2015, February 18). Using Algorithms to Brute Force Algorithms. Retrieved February 18, 2019.","url":"https://umbrella.cisco.com/blog/2015/02/18/at-high-noon-algorithms-do-battle/","source":"MITRE","title":"Using Algorithms to Brute Force Algorithms","authors":"Kasza, A","date_accessed":"2019-02-18T00:00:00Z","date_published":"2015-02-18T00:00:00Z","owner_name":null,"tidal_id":"0332e771-175d-5332-929f-6b0d5df7cf0f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415633Z"},{"id":"e3931ba7-24de-4283-9941-fe927a75fb5e","name":"Www.huntress.com March 13 2024","description":"Faith Stratton. (2024, March 13). Using Backup Utilities for Data Exfiltration . Retrieved October 4, 2024.","url":"https://www.huntress.com/blog/using-backup-utilities-for-data-exfiltration","source":"Tidal Cyber","title":"Using Backup Utilities for Data Exfiltration","authors":"Faith Stratton","date_accessed":"2024-10-04T00:00:00Z","date_published":"2024-03-13T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"12c3e403-b8b0-59cc-aadf-22119075b9bb","created":"2024-10-04T20:31:34.288233Z","modified":"2024-10-04T20:31:34.469456Z"},{"id":"c17cf6a0-2d19-4f43-b853-d2fe193b9957","name":"www.huntress.com March 13 2024","description":"Faith Stratton. (2024, March 13). Using Backup Utilities for Data Exfiltration. Retrieved October 4, 2024.","url":"https://www.huntress.com/blog/using-backup-utilities-for-data-exfiltration","source":"Tidal Cyber","title":"Using Backup Utilities for Data Exfiltration","authors":"Faith Stratton","date_accessed":"2024-10-04T12:00:00Z","date_published":"2024-03-13T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"001fba91-c60b-5116-aa75-2bfbf4ff3f40","created":"2026-01-23T20:29:32.699786Z","modified":"2026-01-23T20:29:32.851983Z"},{"id":"4570d19e-b70c-5d07-bd0e-879a4b986cd6","name":"Reliaquest CAPTCHA 2024","description":"Alex Capraro. (2024, December 17). Using CAPTCHA for Compromise: Hackers Flip the Script. Retrieved March 18, 2025.","url":"https://www.reliaquest.com/blog/using-captcha-for-compromise/","source":"MITRE","title":"Using CAPTCHA for Compromise: Hackers Flip the Script","authors":"Alex Capraro","date_accessed":"2025-03-18T00:00:00Z","date_published":"2024-12-17T00:00:00Z","owner_name":null,"tidal_id":"a941a7a4-1213-584c-aa33-642a802279e4","created":"2025-04-22T20:47:20.264829Z","modified":"2025-12-17T15:08:36.435683Z"},{"id":"8130e5e1-376f-4945-957a-aaf8684b361b","name":"Exploit Monday Mitigate Device Guard Bypases","description":"Graeber, M. (2016, September 8). Using Device Guard to Mitigate Against Device Guard Bypasses. Retrieved September 13, 2016.","url":"http://www.exploit-monday.com/2016/09/using-device-guard-to-mitigate-against.html","source":"MITRE","title":"Using Device Guard to Mitigate Against Device Guard Bypasses","authors":"Graeber, M","date_accessed":"2016-09-13T00:00:00Z","date_published":"2016-09-08T00:00:00Z","owner_name":null,"tidal_id":"3f655fc6-ad1b-57d5-b1c2-eb77b842dfe0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-04-22T20:47:33.352085Z"},{"id":"11c44e1e-28d8-4d45-8539-6586466a5b3c","name":"Microsoft DsAddSidHistory","description":"Microsoft. (n.d.). Using DsAddSidHistory. Retrieved November 30, 2017.","url":"https://msdn.microsoft.com/library/ms677982.aspx","source":"MITRE","title":"Using DsAddSidHistory","authors":"Microsoft","date_accessed":"2017-11-30T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1656b544-6cec-5d0e-a500-b580b13ca5ef","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425936Z"},{"id":"d114854b-50eb-5d60-896b-401df1e6cada","name":"AWS Instance Profiles","description":"AWS. (n.d.). Using instance profiles. Retrieved February 28, 2024.","url":"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html","source":"MITRE","title":"Using instance profiles","authors":"AWS","date_accessed":"2024-02-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"616e97de-650f-547d-a1ca-06e475e93357","created":"2024-04-25T13:28:38.199858Z","modified":"2025-12-17T15:08:36.433019Z"},{"id":"449cf112-535b-44af-9001-55123b342779","name":"Microsoft 365 Defender Solorigate","description":"Microsoft 365 Defender Team. (2020, December 28). Using Microsoft 365 Defender to protect against Solorigate. Retrieved January 7, 2021.","url":"https://www.microsoft.com/security/blog/2020/12/28/using-microsoft-365-defender-to-coordinate-protection-against-solorigate/","source":"MITRE","title":"Using Microsoft 365 Defender to protect against Solorigate","authors":"Microsoft 365 Defender Team","date_accessed":"2021-01-07T00:00:00Z","date_published":"2020-12-28T00:00:00Z","owner_name":null,"tidal_id":"f6696a0e-2478-5723-a5ed-5b3ae1d2c828","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436171Z"},{"id":"58112a3a-06bd-4a46-8a09-4dba5f42a04f","name":"TechNet Netsh","description":"Microsoft. (n.d.). Using Netsh. Retrieved February 13, 2017.","url":"https://technet.microsoft.com/library/bb490939.aspx","source":"MITRE","title":"Using Netsh","authors":"Microsoft","date_accessed":"2017-02-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"480aaf2b-e6e7-5146-a030-4c35ac7e0f64","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423008Z"},{"id":"663b3fd6-0dd6-45c8-afba-dc0ea6d331b5","name":"Demaske Netsh Persistence","description":"Demaske, M. (2016, September 23). USING NETSHELL TO EXECUTE EVIL DLLS AND PERSIST ON A HOST. Retrieved April 8, 2017.","url":"https://htmlpreview.github.io/?https://github.com/MatthewDemaske/blogbackup/blob/master/netshell.html","source":"MITRE","title":"USING NETSHELL TO EXECUTE EVIL DLLS AND PERSIST ON A HOST","authors":"Demaske, M","date_accessed":"2017-04-08T00:00:00Z","date_published":"2016-09-23T00:00:00Z","owner_name":null,"tidal_id":"8b18a1fd-7881-5e5f-8538-fd91fd6951fe","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434012Z"},{"id":"ad412d39-c0c5-4119-9193-0ba1309edb3f","name":"CrowdStrike Outlook Forms","description":"Parisi, T., et al. (2017, July). Using Outlook Forms for Lateral Movement and Persistence. Retrieved February 5, 2019.","url":"https://malware.news/t/using-outlook-forms-for-lateral-movement-and-persistence/13746","source":"MITRE","title":"Using Outlook Forms for Lateral Movement and Persistence","authors":"Parisi, T., et al","date_accessed":"2019-02-05T00:00:00Z","date_published":"2017-07-01T00:00:00Z","owner_name":null,"tidal_id":"63899f54-be35-5b52-8577-55ba06ea9fbe","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426811Z"},{"id":"3dc88605-64c8-495a-9e3b-e5686fd2eb03","name":"Red Hat PAM","description":"Red Hat. (n.d.). CHAPTER 2. USING PLUGGABLE AUTHENTICATION MODULES (PAM). Retrieved June 25, 2020.","url":"https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_smart_cards/pluggable_authentication_modules","source":"MITRE","title":"USING PLUGGABLE AUTHENTICATION MODULES (PAM)","authors":"Red Hat. (n.d.)","date_accessed":"2020-06-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1fe1068d-1916-5980-a8c2-43a4a86dcd6a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424228Z"},{"id":"16436468-1daf-433d-bb3b-f842119594b4","name":"Varonis Power Automate Data Exfiltration","description":"Eric Saraga. (2022, February 2). Using Power Automate for Covert Data Exfiltration in Microsoft 365. Retrieved May 27, 2022.","url":"https://www.varonis.com/blog/power-automate-data-exfiltration","source":"MITRE","title":"Using Power Automate for Covert Data Exfiltration in Microsoft 365","authors":"Eric Saraga","date_accessed":"2022-05-27T00:00:00Z","date_published":"2022-02-02T00:00:00Z","owner_name":null,"tidal_id":"1ab87779-5159-54ec-b5f8-38b1aea3eb2d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433872Z"},{"id":"5861ed76-fedd-4ff9-8242-308c7206e4cb","name":"Microsoft Disable NTLM Nov 2012","description":"Microsoft. (2012, November 29). Using security policies to restrict NTLM traffic. Retrieved December 4, 2017.","url":"https://technet.microsoft.com/library/jj865668.aspx","source":"MITRE","title":"Using security policies to restrict NTLM traffic","authors":"Microsoft","date_accessed":"2017-12-04T00:00:00Z","date_published":"2012-11-29T00:00:00Z","owner_name":null,"tidal_id":"95087fa4-1f9b-5ac6-aabc-3f5d18aeb913","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416169Z"},{"id":"32a30a3f-3ed1-4def-86b1-f40bbffa1cc5","name":"Microsoft SMB Packet Signing","description":"Microsoft. (2008, September 10). Using SMB Packet Signing. Retrieved February 7, 2019.","url":"https://docs.microsoft.com/en-us/previous-versions/system-center/operations-manager-2005/cc180803(v=technet.10)","source":"MITRE","title":"Using SMB Packet Signing","authors":"Microsoft","date_accessed":"2019-02-07T00:00:00Z","date_published":"2008-09-10T00:00:00Z","owner_name":null,"tidal_id":"bb7cf9e5-b7e6-5d51-afc3-8ad1dba6865c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415758Z"},{"id":"84e1c53f-e858-4106-9c14-1b536d5b56f9","name":"TechNet Applocker vs SRP","description":"Microsoft. (2012, June 27). Using Software Restriction Policies and AppLocker Policies. Retrieved April 7, 2016.","url":"https://technet.microsoft.com/en-us/library/ee791851.aspx","source":"MITRE","title":"Using Software Restriction Policies and AppLocker Policies","authors":"Microsoft","date_accessed":"2016-04-07T00:00:00Z","date_published":"2012-06-27T00:00:00Z","owner_name":null,"tidal_id":"6e59edd7-4912-58a0-b763-8351834c062e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415470Z"},{"id":"774e6598-0926-4adb-890f-00824de07ae0","name":"Microsoft Using Software Restriction","description":"Microsoft. (2012, June 27). Using Software Restriction Policies and AppLocker Policies. Retrieved April 7, 2016.","url":"https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ee791851(v=ws.11)?redirectedfrom=MSDN","source":"MITRE","title":"Using Software Restriction Policies and AppLocker Policies","authors":"Microsoft","date_accessed":"2016-04-07T00:00:00Z","date_published":"2012-06-27T00:00:00Z","owner_name":null,"tidal_id":"3168dc05-b961-529c-ae8f-ea0367d45fe3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440410Z"},{"id":"d0ac448a-7299-4ddc-8730-be72fb840ccb","name":"OSX Keychain Schaumann","description":"Jan Schaumann. (2015, November 5). Using the OS X Keychain to store and retrieve passwords. Retrieved March 31, 2022.","url":"https://www.netmeister.org/blog/keychain-passwords.html","source":"MITRE","title":"Using the OS X Keychain to store and retrieve passwords","authors":"Jan Schaumann","date_accessed":"2022-03-31T00:00:00Z","date_published":"2015-11-05T00:00:00Z","owner_name":null,"tidal_id":"5bf3b2c1-431b-5252-9bc6-faf41136f617","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425969Z"},{"id":"0ddfa2ec-a8a5-5cf0-b1b9-7ff6890bc666","name":"AutoHotKey","description":"AutoHotkey Foundation LLC. (n.d.). Using the Program. Retrieved March 29, 2024.","url":"https://www.autohotkey.com/docs/v1/Program.htm","source":"MITRE","title":"Using the Program","authors":"AutoHotkey Foundation LLC","date_accessed":"2024-03-29T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2b8d2bd5-ee2d-5b67-a4b1-5f6449f0118c","created":"2024-04-25T13:28:33.024858Z","modified":"2025-12-17T15:08:36.428005Z"},{"id":"148bc7da-4fae-4429-96b6-aa7f50c56af8","name":"U.S. DoJ RedLine META Disruption October 29 2024","description":"Office of Public Affairs. (2024, October 29). U.S. Joins International Action Against RedLine and META Infostealers. Retrieved January 30, 2025.","url":"https://www.justice.gov/usao-wdtx/pr/us-joins-international-action-against-redline-and-meta-infostealers","source":"Tidal Cyber","title":"U.S. Joins International Action Against RedLine and META Infostealers","authors":"Office of Public Affairs","date_accessed":"2025-01-30T00:00:00Z","date_published":"2024-10-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"39e1fe5b-81b4-54ba-9ce9-c7f06c5e94c2","created":"2025-02-03T21:08:19.732057Z","modified":"2025-02-03T21:08:20.232663Z"},{"id":"69ee73c1-359f-4584-a6e7-75119d24bbf5","name":"USNYAG IranianBotnet March 2016","description":"Preet Bharara, US Attorney. (2016, March 24). Retrieved April 23, 2019.","url":"https://www.justice.gov/opa/pr/seven-iranians-working-islamic-revolutionary-guard-corps-affiliated-entities-charged","source":"MITRE","title":"USNYAG IranianBotnet March 2016","authors":"","date_accessed":"2019-04-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"0dad121e-9b3e-57b3-a854-a3a1d00b388b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424481Z"},{"id":"98bd01e9-d976-4a45-82bf-895b5ea27fb7","name":"BleepingComputer BeyondTrust December 30 2024","description":"Lawrence Abrams. (2024, December 30). US Treasury Department breached through remote support platform. Retrieved January 6, 2025.","url":"https://www.bleepingcomputer.com/news/security/us-treasury-department-breached-through-remote-support-platform/","source":"Tidal Cyber","title":"US Treasury Department breached through remote support platform","authors":"Lawrence Abrams","date_accessed":"2025-01-06T00:00:00Z","date_published":"2024-12-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ec8a4474-0d0f-5ea1-ad11-7e9f8b91af65","created":"2025-01-06T19:39:09.942553Z","modified":"2025-01-06T19:39:10.994787Z"},{"id":"8f15755b-2e32-420e-8463-497e3f8d8cfd","name":"UtilityFunctions.ps1 - LOLBAS Project","description":"LOLBAS. (2021, September 26). UtilityFunctions.ps1. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Scripts/UtilityFunctions/","source":"Tidal Cyber","title":"UtilityFunctions.ps1","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-09-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2963acd3-6e54-5439-b013-56c5069e44fc","created":"2024-01-12T14:47:39.181647Z","modified":"2024-01-12T14:47:39.376653Z"},{"id":"a7c3fc64-9b79-4324-8177-0061208d018c","name":"Kernel.org Restrict Kernel Module","description":"Vander Stoep, J. (2016, April 5). [v3] selinux: restrict kernel module loadinglogin register. Retrieved April 9, 2018.","url":"https://patchwork.kernel.org/patch/8754821/","source":"MITRE","title":"[v3] selinux: restrict kernel module loadinglogin register","authors":"Vander Stoep, J","date_accessed":"2018-04-09T00:00:00Z","date_published":"2016-04-05T00:00:00Z","owner_name":null,"tidal_id":"c3fc04c8-4e65-5986-aab9-9eb8ad8f63ee","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415697Z"},{"id":"92b8ff34-05ef-4139-a6bd-56eb8af9d5e9","name":"SentinelOne Valak June 2020","description":"Reaves, J. and Platt, J. (2020, June). Valak Malware and the Connection to Gozi Loader ConfCrew. Retrieved August 31, 2020.","url":"https://assets.sentinelone.com/labs/sentinel-one-valak-i","source":"MITRE","title":"Valak Malware and the Connection to Gozi Loader ConfCrew","authors":"Reaves, J. and Platt, J","date_accessed":"2020-08-31T00:00:00Z","date_published":"2020-06-01T00:00:00Z","owner_name":null,"tidal_id":"81adf330-831f-5647-956b-9757a68647a2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440068Z"},{"id":"235d1cf1-2413-4620-96cf-083d348410c2","name":"Cybereason Valak May 2020","description":"Salem, E. et al. (2020, May 28). VALAK: MORE THAN MEETS THE EYE . Retrieved June 19, 2020.","url":"https://www.cybereason.com/blog/valak-more-than-meets-the-eye","source":"MITRE","title":"VALAK: MORE THAN MEETS THE EYE","authors":"Salem, E. et al","date_accessed":"2020-06-19T00:00:00Z","date_published":"2020-05-28T00:00:00Z","owner_name":null,"tidal_id":"24a75329-de31-5da3-9d67-713bb3dfef0b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421096Z"},{"id":"9ef527df-db8d-421e-82b4-2f50c8ab50f8","name":"Trend Micro December 03 2025","description":"Sarah Pearl Camiling, Junestherry Dela Cruz, Jacob Santos, Sophia Nilette Robles, Maristel Policarpio, Raymart Yambot. (2025, December 3). ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading | Trend Micro (US). Retrieved December 5, 2025.","url":"https://www.trendmicro.com/en_us/research/25/l/valleyrat-campaign.html","source":"Tidal Cyber","title":"ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading | Trend Micro (US)","authors":"Sarah Pearl Camiling, Junestherry Dela Cruz, Jacob Santos, Sophia Nilette Robles, Maristel Policarpio, Raymart Yambot","date_accessed":"2025-12-05T12:00:00Z","date_published":"2025-12-03T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4befa1ed-16b1-585a-b6f8-b49d3f14f64e","created":"2025-12-10T14:13:46.907085Z","modified":"2025-12-10T14:13:47.061073Z"},{"id":"6cb12d3f-0296-47f7-9131-fc21ea806383","name":"Medium January 11 2026","description":"APOPHIS. (2026, January 11). ValleyRAT_S2 Chinese campaign. ValleyRAT_S2 represents the… | by APOPHIS | Jan, 2026 | Medium. Retrieved January 12, 2026.","url":"https://apophis133.medium.com/valleyrat-s2-chinese-campaign-4504b890f416","source":"Tidal Cyber","title":"ValleyRAT_S2 Chinese campaign. ValleyRAT_S2 represents the… | by APOPHIS | Jan, 2026 | Medium","authors":"APOPHIS","date_accessed":"2026-01-12T12:00:00Z","date_published":"2026-01-11T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"dc2b175d-4a51-579f-99ea-600bf8b3c075","created":"2026-01-14T13:29:42.709890Z","modified":"2026-01-14T13:29:42.849641Z"},{"id":"d1c88a57-85f4-4a35-a7fa-35e8c7fcd943","name":"Walmart Roberts Oct 2018","description":"Sayre, K., Ogden, H., Roberts, C. (2018, October 10). VBA Stomping — Advanced Maldoc Techniques. Retrieved September 17, 2020.","url":"https://medium.com/walmartglobaltech/vba-stomping-advanced-maldoc-techniques-612c484ab278","source":"MITRE","title":"VBA Stomping — Advanced Maldoc Techniques","authors":"Sayre, K., Ogden, H., Roberts, C","date_accessed":"2020-09-17T00:00:00Z","date_published":"2018-10-10T00:00:00Z","owner_name":null,"tidal_id":"d5be1563-b037-56e1-9777-d513c138b721","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434595Z"},{"id":"25eb4048-ee6d-44ca-a70b-37605028bd3c","name":"vbc.exe - LOLBAS Project","description":"LOLBAS. (2020, February 27). vbc.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Vbc/","source":"Tidal Cyber","title":"vbc.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-02-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"457b2ebf-dd89-5849-9e20-ca2576ca0c86","created":"2024-01-12T14:47:05.402966Z","modified":"2024-01-12T14:47:05.588205Z"},{"id":"4138f502-bb9b-41b7-8b3f-a7b66c7f6dd0","name":"Vmware vCenter","description":"Vmware. (n.d.). vCenter. Retrieved December 19, 2024.","url":"https://www.vmware.com/products/vcenter.html","source":"Tidal Cyber","title":"vCenter","authors":"Vmware","date_accessed":"2024-12-19T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"8eee3499-3580-52dd-90d0-b2ec394e449b","created":"2025-04-11T15:06:25.736695Z","modified":"2025-04-11T15:06:25.888059Z"},{"id":"722755a8-305f-4e37-8278-afb360836bec","name":"Veil_Ref","description":"Veil Framework. (n.d.). Retrieved December 4, 2014.","url":"https://www.veil-framework.com/framework/","source":"MITRE","title":"Veil_Ref","authors":"","date_accessed":"2014-12-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"91be8971-cc6b-5cd9-adf3-b0724ca8f2b5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431780Z"},{"id":"06bee483-26fb-4cfc-a6a5-c8282a997946","name":"Cisco Talos Blog October 09 2025","description":"Michael Szeliga. (2025, October 9). Velociraptor leveraged in ransomware attacks. Retrieved October 10, 2025.","url":"https://blog.talosintelligence.com/velociraptor-leveraged-in-ransomware-attacks/","source":"Tidal Cyber","title":"Velociraptor leveraged in ransomware attacks","authors":"Michael Szeliga","date_accessed":"2025-10-10T12:00:00Z","date_published":"2025-10-09T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c3961e02-ea62-5e7b-8480-9d4af533fab1","created":"2025-10-13T17:28:45.411631Z","modified":"2025-10-13T17:28:45.540111Z"},{"id":"2df3afe7-e33a-4db9-8ee6-937772168a04","name":"Cyberint October 23 2023","description":"Shmuel Gihon. (2023, October 23). Venom Control–RAT With a Sting. Retrieved March 24, 2025.","url":"https://cyberint.com/blog/research/venom-control-rat-with-a-sting/","source":"Tidal Cyber","title":"Venom Control–RAT With a Sting","authors":"Shmuel Gihon","date_accessed":"2025-03-24T00:00:00Z","date_published":"2023-10-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a32bbbeb-62db-5a4a-aecd-26e5e760c2d0","created":"2025-03-25T13:16:02.275750Z","modified":"2025-03-25T13:16:02.669865Z"},{"id":"bd6e6a59-3a73-48f6-84cd-e7c027c8671f","name":"HC3 Analyst Note Venus Ransomware November 2022","description":"Health Sector Cybersecurity Coordination Center (HC3). (2022, November 9). Venus Ransomware Targets Publicly Exposed Remote Desktop Services. Retrieved May 19, 2023.","url":"https://www.hhs.gov/sites/default/files/venus-ransomware-analyst-note.pdf","source":"Tidal Cyber","title":"Venus Ransomware Targets Publicly Exposed Remote Desktop Services","authors":"Health Sector Cybersecurity Coordination Center (HC3)","date_accessed":"2023-05-19T00:00:00Z","date_published":"2022-11-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2f4bd1e9-ee8b-565f-8f18-e97d99578865","created":"2024-06-13T20:10:28.774047Z","modified":"2024-06-13T20:10:28.961366Z"},{"id":"63ac9e95-aad8-4735-9e63-f45d8c499030","name":"LOLBAS Verclsid","description":"LOLBAS. (n.d.). Verclsid.exe. Retrieved August 10, 2020.","url":"https://lolbas-project.github.io/lolbas/Binaries/Verclsid/","source":"MITRE","title":"Verclsid.exe","authors":"LOLBAS","date_accessed":"2020-08-10T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"76a48612-40d4-5516-925b-2ec9f66152a8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431829Z"},{"id":"5d5fa25b-64a9-4fdb-87c5-1a69a7d2f874","name":"WinOSBite verclsid.exe","description":"verclsid-exe. (2019, December 17). verclsid.exe File Information - What is it & How to Block . Retrieved November 17, 2024.","url":"https://winosbite.com/verclsid-exe/","source":"MITRE","title":"verclsid.exe File Information - What is it & How to Block","authors":"verclsid-exe","date_accessed":"2024-11-17T00:00:00Z","date_published":"2019-12-17T00:00:00Z","owner_name":null,"tidal_id":"cd970d2e-f9a6-59c4-8fa2-0530201e5925","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431840Z"},{"id":"b76eace9-ef2e-5191-8047-7a950f5c3878","name":"Android-VerifiedBoot","description":"Android. (n.d.). Verified Boot. Retrieved December","url":"https://source.android.com/security/verifiedboot/","source":"Mobile","title":"Verified Boot","authors":"Android","date_accessed":"1978-12-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a4c1dfff-5b75-50c2-9874-9ffb8c7befb7","created":"2026-01-28T13:08:10.043899Z","modified":"2026-01-28T13:08:10.043902Z"},{"id":"cd585229-5b5d-5601-b68c-bc2a30ab48df","name":"Android App Links","description":"Google. (n.d.). Verify Android App Links. Retrieved September","url":"https://developer.android.com/training/app-links/verify-site-associations","source":"Mobile","title":"Verify Android App Links","authors":"Google","date_accessed":"1978-09-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e6206732-e876-5ff3-9e90-604464f9f06b","created":"2026-01-28T13:08:10.046816Z","modified":"2026-01-28T13:08:10.046819Z"},{"id":"0d6db249-9368-495e-9f1f-c7f10041f5ff","name":"Unit 42 VERMIN Jan 2018","description":"Lancaster, T., Cortes, J. (2018, January 29). VERMIN: Quasar RAT and Custom Malware Used In Ukraine. Retrieved July 5, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/","source":"MITRE","title":"VERMIN: Quasar RAT and Custom Malware Used In Ukraine","authors":"Lancaster, T., Cortes, J","date_accessed":"2018-07-05T00:00:00Z","date_published":"2018-01-29T00:00:00Z","owner_name":null,"tidal_id":"2d8954e0-a9ea-579f-aa93-173888665a00","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418582Z"},{"id":"4dbabd46-ee23-5f9c-93be-b39b22e6e699","name":"SecureList - ViceLeaker 2019","description":"GReAT. (2019, June 26). ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November","url":"https://securelist.com/fanning-the-flames-viceleaker-operation/90877/","source":"Mobile","title":"ViceLeaker Operation: mobile espionage targeting Middle East","authors":"GReAT","date_accessed":"1978-11-01T00:00:00Z","date_published":"2019-06-26T00:00:00Z","owner_name":null,"tidal_id":"c787d8a2-e5d3-551a-ae49-c560ab9a2022","created":"2026-01-28T13:08:10.040931Z","modified":"2026-01-28T13:08:10.040934Z"},{"id":"6abf7387-0857-4938-b36e-1374a66d4ed8","name":"Unit 42 Vice Society December 6 2022","description":"JR Gumarin. (2022, December 6). Vice Society: Profiling a Persistent Threat to the Education Sector. Retrieved November 14, 2023.","url":"https://unit42.paloaltonetworks.com/vice-society-targets-education-sector/","source":"Tidal Cyber","title":"Vice Society: Profiling a Persistent Threat to the Education Sector","authors":"JR Gumarin","date_accessed":"2023-11-14T00:00:00Z","date_published":"2022-12-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"30e6b964-a8fb-551c-96c7-47da10d5cbe5","created":"2023-11-17T17:09:16.690634Z","modified":"2023-11-17T17:09:16.778759Z"},{"id":"ce9714d3-7f7c-4068-bcc8-0f0eeaf0dc0b","name":"Minerva Labs Vidar Stealer Evasion","description":"Minerva Labs. (2021, September 23). Vidar Stealer Evasion Arsenal. Retrieved November 16, 2023.","url":"https://web.archive.org/web/20221201005558/https://minerva-labs.com/blog/vidar-stealer-evasion-arsenal/","source":"Tidal Cyber","title":"Vidar Stealer Evasion Arsenal","authors":"Minerva Labs","date_accessed":"2023-11-16T00:00:00Z","date_published":"2021-09-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"63d04f9c-e022-50ab-8e2d-724f6d95f951","created":"2023-11-17T17:09:17.796934Z","modified":"2023-11-17T17:09:17.897020Z"},{"id":"a54a2f68-8406-43ab-8758-07edd49dfb83","name":"Amnesty Intl. Ocean Lotus February 2021","description":"Amnesty International. (2021, February 24). Vietnamese activists targeted by notorious hacking group. Retrieved March 1, 2021.","url":"https://www.amnestyusa.org/wp-content/uploads/2021/02/Click-and-Bait_Vietnamese-Human-Rights-Defenders-Targeted-with-Spyware-Attacks.pdf","source":"MITRE","title":"Vietnamese activists targeted by notorious hacking group","authors":"Amnesty International","date_accessed":"2021-03-01T00:00:00Z","date_published":"2021-02-24T00:00:00Z","owner_name":null,"tidal_id":"8fd3fc3e-05bb-5761-95b4-cad18e9b1c55","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420183Z"},{"id":"347ad5a1-d0b1-4f2b-9abd-eff96d05987d","name":"FireEye APT32 April 2020","description":"Henderson, S., et al. (2020, April 22). Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage. Retrieved April 28, 2020.","url":"https://www.fireeye.com/blog/threat-research/2020/04/apt32-targeting-chinese-government-in-covid-19-related-espionage.html","source":"MITRE","title":"Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage","authors":"Henderson, S., et al","date_accessed":"2020-04-28T00:00:00Z","date_published":"2020-04-22T00:00:00Z","owner_name":null,"tidal_id":"79e05c33-60a6-565c-880e-1ca4f9bbde3d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441362Z"},{"id":"b179d0d4-e115-59f1-86a7-7dcfc253e16f","name":"Slack Help Center Access Logs","description":"Slack Help Center. (n.d.). View Access Logs for your workspace. Retrieved April 10, 2023.","url":"https://slack.com/help/articles/360002084807-View-Access-Logs-for-your-workspace","source":"MITRE","title":"View Access Logs for your workspace","authors":"Slack Help Center","date_accessed":"2023-04-10T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e08f3b6e-80bd-5686-b084-3f8a5a5cb73a","created":"2023-05-26T01:21:19.162264Z","modified":"2025-04-22T20:47:30.587397Z"},{"id":"19b55c10-f4fd-49c2-b267-0d3d8e9acdd7","name":"Azure Activity Logs","description":"Microsoft. (n.d.). View Azure activity logs. Retrieved June 17, 2020.","url":"https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/view-activity-logs","source":"MITRE","title":"View Azure activity logs","authors":"Microsoft","date_accessed":"2020-06-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"68021393-1594-5c9f-80e6-8c791e68f5e0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431183Z"},{"id":"d65f371b-19d0-49de-b92b-94a2bea1d988","name":"DOJ GRU Indictment Jul 2018","description":"Mueller, R. (2018, July 13). Indictment - United States of America vs. VIKTOR BORISOVICH NETYKSHO, et al. Retrieved November 17, 2024.","url":"https://cdn.cnn.com/cnn/2018/images/07/13/gru.indictment.pdf","source":"MITRE","title":"VIKTOR BORISOVICH NETYKSHO, et al","authors":"Mueller, R. (2018, July 13)","date_accessed":"2024-11-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d934c480-b8ed-545f-aa31-a0dbb1cb4f15","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421665Z"},{"id":"a04524b1-5a42-5eac-981b-02d247da491d","name":"Lookout ViperRAT","description":"M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September","url":"https://blog.lookout.com/viperrat-mobile-apt","source":"Mobile","title":"ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar","authors":"M. Flossman","date_accessed":"1978-09-01T00:00:00Z","date_published":"2017-02-16T00:00:00Z","owner_name":null,"tidal_id":"1f5704ed-f643-581f-bd15-8281968dad5c","created":"2026-01-28T13:08:10.042286Z","modified":"2026-01-28T13:08:10.042289Z"},{"id":"c06af73d-5ed0-46a0-a5a9-161035075884","name":"MalwareTech VFS Nov 2014","description":"Hutchins, M. (2014, November 28). Virtual File Systems for Beginners. Retrieved June 22, 2020.","url":"https://www.malwaretech.com/2014/11/virtual-file-systems-for-beginners.html","source":"MITRE","title":"Virtual File Systems for Beginners","authors":"Hutchins, M","date_accessed":"2020-06-22T00:00:00Z","date_published":"2014-11-28T00:00:00Z","owner_name":null,"tidal_id":"d7ed717c-7bd3-58f7-9af8-405cffddd95b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435509Z"},{"id":"a3031616-f21a-574f-a9a5-a808a6230aa8","name":"Virtualization/Sandbox Evasion","description":"YUCEEL, Huseyin Can. Picus Labs. (2022, June 9). Virtualization/Sandbox Evasion - How Attackers Avoid Malware Analysis. Retrieved December 26, 2023.","url":"https://www.picussecurity.com/resource/virtualization/sandbox-evasion-how-attackers-avoid-malware-analysis","source":"MITRE","title":"Virtualization/Sandbox Evasion - How Attackers Avoid Malware Analysis","authors":"YUCEEL, Huseyin Can. Picus Labs","date_accessed":"2023-12-26T00:00:00Z","date_published":"2022-06-09T00:00:00Z","owner_name":null,"tidal_id":"b17e3292-86b8-5edb-8010-61a7cb5048cd","created":"2024-04-25T13:28:41.518142Z","modified":"2025-12-17T15:08:36.436524Z"},{"id":"e75f2d0f-f63e-48c7-a0c3-8f00f371624e","name":"Ars Technica Pwn2Own 2017 VM Escape","description":"Goodin, D. (2017, March 17). Virtual machine escape fetches $105,000 at Pwn2Own hacking contest - updated. Retrieved March 12, 2018.","url":"https://arstechnica.com/information-technology/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/","source":"MITRE","title":"Virtual machine escape fetches $105,000 at Pwn2Own hacking contest - updated","authors":"Goodin, D","date_accessed":"2018-03-12T00:00:00Z","date_published":"2017-03-17T00:00:00Z","owner_name":null,"tidal_id":"8bf42a5e-2f1e-5e31-809f-f94ffd5fbddb","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415412Z"},{"id":"24d8fa50-801d-5576-b95f-d5ad4f3a9768","name":"Broadcom Virtual Machine Guest Operations Privileges","description":"Broadcom. (n.d.). Virtual Machine Guest Operations Privileges. Retrieved March 28, 2025.","url":"https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/vsphere-security-7-0/defined-privileges/virtual-machine-guest-operations-privileges.html","source":"MITRE","title":"Virtual Machine Guest Operations Privileges","authors":"Broadcom","date_accessed":"2025-03-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"49112445-ccdb-52f8-90d5-f0f78744cb17","created":"2025-04-22T20:47:32.171241Z","modified":"2025-12-17T15:08:36.442313Z"},{"id":"2b7ec610-5654-4c94-b5df-9cf5670eec33","name":"Google VM","description":"Google. (n.d.). Virtual machine instances. Retrieved October 13, 2021.","url":"https://cloud.google.com/compute/docs/instances","source":"MITRE","title":"Virtual machine instances","authors":"Google","date_accessed":"2021-10-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a8248749-54a8-552f-8603-f90d86ff5eee","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437128Z"},{"id":"f565c237-07c5-4e9e-9879-513627517109","name":"Microsoft Virutal Machine API","description":"Microsoft. (2019, March 1). Virtual Machines - Get. Retrieved October 8, 2019.","url":"https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/get","source":"MITRE","title":"Virtual Machines - Get","authors":"Microsoft","date_accessed":"2019-10-08T00:00:00Z","date_published":"2019-03-01T00:00:00Z","owner_name":null,"tidal_id":"bf7a9de0-4a0b-592f-bbc4-818abf93c3a8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427553Z"},{"id":"299f231f-70d1-4c1a-818f-8a01cf65382c","name":"Azure Update Virtual Machines","description":"Microsoft. (n.d.). Virtual Machines - Update. Retrieved April 1, 2022.","url":"https://docs.microsoft.com/en-us/rest/api/compute/virtual-machines/update","source":"MITRE","title":"Virtual Machines - Update","authors":"Microsoft","date_accessed":"2022-04-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"035276f8-4161-59c4-93aa-138412e03bab","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430898Z"},{"id":"3f106d7e-f101-4adb-bbd1-d8c04a347f85","name":"Azure Virtual Network TAP","description":"Microsoft. (2022, February 9). Virtual network TAP. Retrieved March 17, 2022.","url":"https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-tap-overview","source":"MITRE","title":"Virtual network TAP","authors":"Microsoft","date_accessed":"2022-03-17T00:00:00Z","date_published":"2022-02-09T00:00:00Z","owner_name":null,"tidal_id":"dd9c8a8f-4e30-5d98-9afb-1e818f153bfc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427375Z"},{"id":"9ebe53cf-657f-475d-85e4-9e30f4af1e7d","name":"Google VPC Overview","description":"Google. (2019, September 23). Virtual Private Cloud (VPC) network overview. Retrieved October 6, 2019.","url":"https://cloud.google.com/vpc/docs/vpc","source":"MITRE","title":"Virtual Private Cloud (VPC) network overview","authors":"Google","date_accessed":"2019-10-06T00:00:00Z","date_published":"2019-09-23T00:00:00Z","owner_name":null,"tidal_id":"3395a0c2-b62b-5524-acd8-b536c6e69c05","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431704Z"},{"id":"b299f8e7-01da-4d59-9657-ef93cf284cc0","name":"Volexity Virtual Private Keylogging","description":"Adair, S. (2015, October 7). Virtual Private Keylogging: Cisco Web VPNs Leveraged for Access and Persistence. Retrieved March 20, 2017.","url":"https://www.volexity.com/blog/2015/10/07/virtual-private-keylogging-cisco-web-vpns-leveraged-for-access-and-persistence/","source":"MITRE","title":"Virtual Private Keylogging: Cisco Web VPNs Leveraged for Access and Persistence","authors":"Adair, S","date_accessed":"2017-03-20T00:00:00Z","date_published":"2015-10-07T00:00:00Z","owner_name":null,"tidal_id":"60093278-d501-5324-a543-1d23f057a504","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425054Z"},{"id":"7aabd59f-295b-5dcc-b117-6d27edbebf62","name":"ArsTechnica-HummingWhale","description":"Dan Goodin. (2017, January 23). Virulent Android malware returns, gets >2 million downloads on Google Play. Retrieved January","url":"http://arstechnica.com/security/2017/01/virulent-android-malware-returns-gets-2-million-downloads-on-google-play/","source":"Mobile","title":"Virulent Android malware returns, gets >2 million downloads on Google Play","authors":"Dan Goodin","date_accessed":"1978-01-01T00:00:00Z","date_published":"2017-01-23T00:00:00Z","owner_name":null,"tidal_id":"f81af8ef-77cf-5e8e-94dc-404d9b53ed58","created":"2026-01-28T13:08:10.040751Z","modified":"2026-01-28T13:08:10.040756Z"},{"id":"3502c98d-b61d-42fa-b23e-7128a4042c03","name":"VirusTotal Behavior def.exe","description":"VirusTotal. (2023, July 11). VirusTotal Behavior def.exe. Retrieved July 11, 2023.","url":"https://www.virustotal.com/gui/file/7b15f570a23a5c5ce8ff942da60834a9d0549ea3ea9f34f900a09331325df893/behavior","source":"Tidal Cyber","title":"VirusTotal Behavior def.exe","authors":"VirusTotal","date_accessed":"2023-07-11T00:00:00Z","date_published":"2023-07-11T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"450f8736-04e7-508a-a142-023b113dbd2c","created":"2023-07-14T12:56:33.376187Z","modified":"2023-07-14T12:56:33.488344Z"},{"id":"3cbe5712-97c2-4a51-b063-1d5064a784ef","name":"VirusTotal Behavior grim-real","description":"VirusTotal. (2024, October 27). VirusTotal Behavior grim-real. Retrieved November 15, 2024.","url":"https://www.virustotal.com/gui/file/14bcb7196143fd2b800385e9b32cfacd837007b0face71a73b546b53310258bb/behavior","source":"Tidal Cyber","title":"VirusTotal Behavior grim-real","authors":"VirusTotal","date_accessed":"2024-11-15T00:00:00Z","date_published":"2024-10-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7d172373-bbe8-5cbe-aea7-4c2a1ef18ad3","created":"2024-11-15T17:28:56.154255Z","modified":"2024-11-15T17:28:56.330065Z"},{"id":"5cd965f6-c4af-40aa-8f08-620cf5f1242a","name":"VirusTotal FAQ","description":"VirusTotal. (n.d.). VirusTotal FAQ. Retrieved May 23, 2019.","url":"https://www.virustotal.com/en/faq/","source":"MITRE","title":"VirusTotal FAQ","authors":"VirusTotal","date_accessed":"2019-05-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3400e2b4-c84d-5665-8fa2-b44ba40b0a7d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429443Z"},{"id":"a2371f44-0a88-4d68-bbe7-7e79f13f78c2","name":"Visa RawPOS March 2015","description":"Visa. (2015, March). Visa Security Alert: \"RawPOS\" Malware Targeting Lodging Merchants. Retrieved October 6, 2017.","url":"https://usa.visa.com/dam/VCOM/download/merchants/alert-rawpos.pdf","source":"MITRE","title":"Visa Security Alert: \"RawPOS\" Malware Targeting Lodging Merchants","authors":"Visa","date_accessed":"2017-10-06T00:00:00Z","date_published":"2015-03-01T00:00:00Z","owner_name":null,"tidal_id":"eb5cb41a-e0ea-541f-b3bc-48c26e50480b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420573Z"},{"id":"e92c169e-2096-4b07-b0d1-06492ab61019","name":"Visio.exe - LOLBAS Project","description":"LOLBAS. (2024, February 15). Visio.exe. Retrieved May 19, 2025.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Visio/","source":"Tidal Cyber","title":"Visio.exe","authors":"LOLBAS","date_accessed":"2025-05-19T00:00:00Z","date_published":"2024-02-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c81c2a58-48f2-58a6-9192-2fd2097a5ad6","created":"2025-05-20T16:19:06.447701Z","modified":"2025-05-20T16:19:06.594822Z"},{"id":"b69d7c73-40c2-4cb2-b9ad-088ef61e2f7f","name":"ESET Recon Snake Nest","description":"Boutin, J. and Faou, M. (2018). Visiting the snake nest. Retrieved May 7, 2019.","url":"https://recon.cx/2018/brussels/resources/slides/RECON-BRX-2018-Visiting-The-Snake-Nest.pdf","source":"MITRE","title":"Visiting the snake nest","authors":"Boutin, J. and Faou, M","date_accessed":"2019-05-07T00:00:00Z","date_published":"2018-01-01T00:00:00Z","owner_name":null,"tidal_id":"970575eb-feaf-5986-9654-ebf0baf10525","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442146Z"},{"id":"b23a1a5d-48dd-4346-bf8d-390624214081","name":"VB Microsoft","description":"Microsoft. (n.d.). Visual Basic documentation. Retrieved June 23, 2020.","url":"https://docs.microsoft.com/dotnet/visual-basic/","source":"MITRE","title":"Visual Basic documentation","authors":"Microsoft","date_accessed":"2020-06-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"da97c3e5-bb57-5891-b7c2-85b7b4c3856b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435498Z"},{"id":"70818420-c3ec-46c3-9e97-d8f989f2e3db","name":"Wikipedia VBA","description":"Wikipedia. (n.d.). Visual Basic for Applications. Retrieved August 13, 2020.","url":"https://en.wikipedia.org/wiki/Visual_Basic_for_Applications","source":"MITRE","title":"Visual Basic for Applications","authors":"Wikipedia","date_accessed":"2020-08-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e0b18478-c901-5eac-9011-89d790f5b843","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435503Z"},{"id":"da6d1b56-8e59-4125-b318-48a40a1c8e94","name":"VB .NET Mar 2020","description":".NET Team. (2020, March 11). Visual Basic support planned for .NET 5.0. Retrieved June 23, 2020.","url":"https://devblogs.microsoft.com/vbteam/visual-basic-support-planned-for-net-5-0/","source":"MITRE","title":"Visual Basic support planned for .NET 5.0","authors":".NET Team","date_accessed":"2020-06-23T00:00:00Z","date_published":"2020-03-11T00:00:00Z","owner_name":null,"tidal_id":"80086d9a-8e69-532c-bd28-5e7400ebd3f4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435473Z"},{"id":"28238b70-511d-5e90-a1f0-95ab8b72fee4","name":"Thornton tutorial VSCode shell September 2023","description":"Truvis Thornton. (2023, September 25). Visual Studio Code: embedded reverse shell and how to block, create Sentinel Detection, and add Environment Prevention. Retrieved March 24, 2025.","url":"https://medium.com/@truvis.thornton/visual-studio-code-embedded-reverse-shell-and-how-to-block-create-sentinel-detection-and-add-e864ebafaf6d","source":"MITRE","title":"Visual Studio Code: embedded reverse shell and how to block, create Sentinel Detection, and add Environment Prevention","authors":"Truvis Thornton","date_accessed":"2025-03-24T00:00:00Z","date_published":"2023-09-25T00:00:00Z","owner_name":null,"tidal_id":"10802115-b332-5655-b79e-e4a195929317","created":"2025-04-22T20:47:16.004910Z","modified":"2025-12-17T15:08:36.431377Z"},{"id":"b17be296-15ad-468f-8157-8cb4093b2e97","name":"VisualUiaVerifyNative.exe - LOLBAS Project","description":"LOLBAS. (2021, September 26). VisualUiaVerifyNative.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/VisualUiaVerifyNative/","source":"Tidal Cyber","title":"VisualUiaVerifyNative.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-09-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"11d226dd-3a63-5337-9579-ca37df59eb46","created":"2024-01-12T14:47:33.136822Z","modified":"2024-01-12T14:47:33.344526Z"},{"id":"4bc981c7-c0d9-5042-85dd-d08b5ee72670","name":"Broadcom VMSA-2024-0019","description":"Broadcom. (2024, September 17). VMSA-2024-0019: Questions & Answers. Retrieved April 8, 2025.","url":"https://github.com/vmware/vcf-security-and-compliance-guidelines/blob/main/security-advisories/vmsa-2024-0019/README.md","source":"MITRE","title":"VMSA-2024-0019: Questions & Answers","authors":"Broadcom","date_accessed":"2025-04-08T00:00:00Z","date_published":"2024-09-17T00:00:00Z","owner_name":null,"tidal_id":"f75b877f-3e09-5c16-b58b-bddd672a273f","created":"2025-04-22T20:47:17.588827Z","modified":"2025-12-17T15:08:36.432943Z"},{"id":"6f88aad2-2180-56ac-ae5f-d69f23c407cb","name":"Broadcom VMSA-2025-004","description":"Broadcom. (2025, March 6). VMSA-2025-0004: Questions & Answers. Retrieved March 26, 2025.","url":"https://github.com/vmware/vcf-security-and-compliance-guidelines/tree/main/security-advisories/vmsa-2025-0004","source":"MITRE","title":"VMSA-2025-0004: Questions & Answers","authors":"Broadcom","date_accessed":"2025-03-26T00:00:00Z","date_published":"2025-03-06T00:00:00Z","owner_name":null,"tidal_id":"c08d21c4-29b6-54d2-866a-b9cb47e6b6c2","created":"2025-04-22T20:47:13.587839Z","modified":"2025-12-17T15:08:36.429047Z"},{"id":"43bcb35b-56e1-47a8-9c74-f7543a25b2a6","name":"Carbon Black HotCroissant April 2020","description":"Knight, S.. (2020, April 16). VMware Carbon Black TAU Threat Analysis: The Evolution of Lazarus. Retrieved May 1, 2020.","url":"https://www.carbonblack.com/2020/04/16/vmware-carbon-black-tau-threat-analysis-the-evolution-of-lazarus/","source":"MITRE","title":"VMware Carbon Black TAU Threat Analysis: The Evolution of Lazarus","authors":"Knight, S.","date_accessed":"2020-05-01T00:00:00Z","date_published":"2020-04-16T00:00:00Z","owner_name":null,"tidal_id":"f7697e33-7a1c-5461-af74-c6e8c4698745","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418066Z"},{"id":"2084fd09-f246-50f1-bfaa-5b3aa0b00779","name":"Varonis","description":"Jason Hill. (2023, February 8). VMware ESXi in the Line of Ransomware Fire. Retrieved March 26, 2025.","url":"https://www.varonis.com/blog/vmware-esxi-in-the-line-of-ransomware-fire","source":"MITRE","title":"VMware ESXi in the Line of Ransomware Fire","authors":"Jason Hill","date_accessed":"2025-03-26T00:00:00Z","date_published":"2023-02-08T00:00:00Z","owner_name":null,"tidal_id":"a38213e7-78b2-5b97-bd3b-fe859775bdb2","created":"2025-04-22T20:47:12.218599Z","modified":"2025-12-17T15:08:36.427547Z"},{"id":"204d9587-957b-5398-a7c9-969500315ab3","name":"Google Cloud Threat Intelligence VMWare ESXi Zero-Day 2023","description":"Alexander Marvi, Brad Slaybaugh, Ron Craft, and Rufus Brown. (2023, June 13). VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors. Retrieved March 26, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/vmware-esxi-zero-day-bypass/","source":"MITRE","title":"VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors","authors":"Alexander Marvi, Brad Slaybaugh, Ron Craft, and Rufus Brown","date_accessed":"2025-03-26T00:00:00Z","date_published":"2023-06-13T00:00:00Z","owner_name":null,"tidal_id":"1991d031-c729-5869-8551-a18c7988311b","created":"2025-04-22T20:47:11.954295Z","modified":"2025-12-17T15:08:36.427295Z"},{"id":"2691b5a8-a146-407d-80b4-b3e81da5781f","name":"Google Cloud June 13 2023","description":"Mandiant. (2023, June 13). VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors . Retrieved December 12, 2024.","url":"https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass","source":"Tidal Cyber","title":"VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors","authors":"Mandiant","date_accessed":"2024-12-12T00:00:00Z","date_published":"2023-06-13T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0be271f7-ba7d-5f89-bcc2-5133e3562f58","created":"2025-04-11T15:06:02.433118Z","modified":"2025-04-11T15:06:02.599111Z"},{"id":"b9f12d45-1fe3-5358-9ce1-acd0607bc8c3","name":"Broadcom VMware Tools Services","description":"Broadcom. (n.d.). VMware Tools Services. Retrieved March 28, 2025.","url":"https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/tools/12-4-0/vmware-tools-administration-12-4-0/introduction-to-vmware-tools/vmware-tools-service.html","source":"MITRE","title":"VMware Tools Services","authors":"Broadcom","date_accessed":"2025-03-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f0ac8a25-be07-5510-95ff-c5b67d62ec3e","created":"2025-04-22T20:47:11.970031Z","modified":"2025-12-17T15:08:36.427308Z"},{"id":"90a5ab3c-c2a8-4b02-9bd7-628672907737","name":"Offensive Security VNC Authentication Check","description":"Offensive Security. (n.d.). VNC Authentication. Retrieved October 6, 2021.","url":"https://www.offensive-security.com/metasploit-unleashed/vnc-authentication/","source":"MITRE","title":"VNC Authentication","authors":"Offensive Security","date_accessed":"2021-10-06T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b824ff79-c77f-5ec1-bd93-6094eeb77cd2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423723Z"},{"id":"d2975241-0efb-5691-a910-976e96376b96","name":"Manifest.permission","description":"Android Developers. (2022, March 17). Voice Call. Retrieved April","url":"https://developer.android.com/reference/android/media/MediaRecorder.AudioSource#VOICE_CALL","source":"Mobile","title":"Voice Call","authors":"Android Developers","date_accessed":"1978-04-01T00:00:00Z","date_published":"2022-03-17T00:00:00Z","owner_name":null,"tidal_id":"6d5f60b8-d4de-53a8-be41-5353c49f1ea6","created":"2026-01-28T13:08:10.044392Z","modified":"2026-01-28T13:08:10.044395Z"},{"id":"02c4dda2-3aae-43ec-9b14-df282b200def","name":"Trend Micro Void Banshee July 15 2024","description":"Peter Girnus, Aliakbar Zahravi. (2024, July 15). Void Banshee Targets Windows Users. Retrieved September 19, 2024.","url":"https://www.trendmicro.com/en_us/research/24/g/CVE-2024-38112-void-banshee.html","source":"Tidal Cyber","title":"Void Banshee Targets Windows Users","authors":"Peter Girnus, Aliakbar Zahravi","date_accessed":"2024-09-19T00:00:00Z","date_published":"2024-07-15T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"4d4c00c6-5149-5cda-afaf-4284513d6f7e","created":"2024-09-20T15:08:31.490911Z","modified":"2024-09-20T15:08:31.708510Z"},{"id":"d9dee943-2b68-4321-9c1b-d065bf69fb71","name":"Check Point Research January 13 2026","description":"pedrod@checkpoint.com. (2026, January 13). VoidLink: The Cloud-Native Malware Framework. Retrieved January 23, 2026.","url":"https://research.checkpoint.com/2026/voidlink-the-cloud-native-malware-framework/","source":"Tidal Cyber","title":"VoidLink: The Cloud-Native Malware Framework","authors":"pedrod@checkpoint.com","date_accessed":"2026-01-23T12:00:00Z","date_published":"2026-01-13T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"02946f7c-563d-5788-9e2c-9f334f4ee8b2","created":"2026-01-23T20:29:40.417790Z","modified":"2026-01-23T20:29:40.557465Z"},{"id":"5fd628ca-f366-4f0d-b493-8be19fa4dd4e","name":"Trend Micro Void Rabisu May 30 2023","description":"Feike Hacquebord, Stephen Hilt, Fernando Merces, Lord Alfred Remorin. (2023, May 30). Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals. Retrieved June 4, 2023.","url":"https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html","source":"Tidal Cyber","title":"Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals","authors":"Feike Hacquebord, Stephen Hilt, Fernando Merces, Lord Alfred Remorin","date_accessed":"2023-06-04T00:00:00Z","date_published":"2023-05-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"aa3fc3ff-5f86-5926-8538-f0aebd65ac14","created":"2024-06-13T20:10:33.393619Z","modified":"2024-06-13T20:10:33.584839Z"},{"id":"a26344a2-63ca-422e-8cf9-0cf22a5bee72","name":"CheckPoint Volatile Cedar March 2015","description":"Threat Intelligence and Research. (2015, March 30). VOLATILE CEDAR. Retrieved February 8, 2021.","url":"https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2015/03/20082004/volatile-cedar-technical-report.pdf","source":"MITRE, Tidal Cyber","title":"VOLATILE CEDAR","authors":"Threat Intelligence and Research","date_accessed":"2021-02-08T00:00:00Z","date_published":"2015-03-30T00:00:00Z","owner_name":null,"tidal_id":"6ea5eec6-22bb-5ecc-bf67-1b594e7c79a3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.259726Z"},{"id":"2e94c44a-d2a7-4e56-ac8a-df315fc14ec1","name":"Microsoft Volt Typhoon May 24 2023","description":"Microsoft Threat Intelligence. (2023, May 24). Volt Typhoon targets US critical infrastructure with living-off-the-land techniques. Retrieved May 25, 2023.","url":"https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/","source":"Tidal Cyber","title":"Volt Typhoon targets US critical infrastructure with living-off-the-land techniques","authors":"Microsoft Threat Intelligence","date_accessed":"2023-05-25T00:00:00Z","date_published":"2023-05-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"77bf0c6d-0f11-5d83-9ed2-05f4ae6922f0","created":"2024-06-13T20:10:32.997722Z","modified":"2024-06-13T20:10:33.204875Z"},{"id":"8b74f0b7-9719-598c-b3ee-61d734393e6f","name":"Microsoft Volt Typhoon May 2023","description":"Microsoft Threat Intelligence. (2023, May 24). Volt Typhoon targets US critical infrastructure with living-off-the-land techniques. Retrieved July 27, 2023.","url":"https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/","source":"MITRE","title":"Volt Typhoon targets US critical infrastructure with living-off-the-land techniques","authors":"Microsoft Threat Intelligence","date_accessed":"2023-07-27T00:00:00Z","date_published":"2023-05-24T00:00:00Z","owner_name":null,"tidal_id":"fb60d2b7-1a39-51fd-9575-52cad51d26c0","created":"2023-11-07T00:36:11.306378Z","modified":"2025-12-17T15:08:36.438026Z"},{"id":"c25c2d75-bc00-4dc9-8663-34e2825699b5","name":"Microsoft VSS","description":"Microsoft. (2025, July 7). Volume Shadow Copy Service (VSS). Retrieved August 5, 2025.","url":"https://learn.microsoft.com/en-us/windows-server/storage/file-server/volume-shadow-copy-service","source":"Tidal Cyber","title":"Volume Shadow Copy Service (VSS)","authors":"Microsoft","date_accessed":"2025-08-05T12:00:00Z","date_published":"2025-07-07T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"be82e104-c908-58e0-bfdd-8bc69c5c56ec","created":"2025-08-06T14:56:44.052485Z","modified":"2025-08-06T14:56:44.200834Z"},{"id":"8ace39ea-cd89-50b9-9aa7-3df8b4b1db6d","name":"Abramovsky VSCode Security","description":"Abramovsky, O. (2023, May 16). VSCode Security: Malicious Extensions Detected- More Than 45,000 Downloads- PII Exposed, and Backdoors Enabled. Retrieved March 30, 2025.","url":"https://blog.checkpoint.com/securing-the-cloud/malicious-vscode-extensions-with-more-than-45k-downloads-steal-pii-and-enable-backdoors/","source":"MITRE","title":"VSCode Security: Malicious Extensions Detected- More Than 45,000 Downloads- PII Exposed, and Backdoors Enabled","authors":"Abramovsky, O","date_accessed":"2025-03-30T00:00:00Z","date_published":"2023-05-16T00:00:00Z","owner_name":null,"tidal_id":"b2658cf9-92cd-5371-b5c4-350e6acd961c","created":"2025-04-22T20:47:12.414367Z","modified":"2025-12-17T15:08:36.427770Z"},{"id":"b4658fc0-af16-45b1-8403-a9676760a36a","name":"VSDiagnostics.exe - LOLBAS Project","description":"LOLBAS. (2023, July 12). VSDiagnostics.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/VSDiagnostics/","source":"Tidal Cyber","title":"VSDiagnostics.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2023-07-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d9f8f6a2-fe3a-570f-bfee-d7444c060674","created":"2024-01-12T14:47:32.400911Z","modified":"2024-01-12T14:47:32.572492Z"},{"id":"ae3b1e26-d7d7-4049-b4a7-80cd2b149b7c","name":"Vshadow.exe - LOLBAS Project","description":"LOLBAS. (2023, September 6). Vshadow.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Vshadow/","source":"Tidal Cyber","title":"Vshadow.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2023-09-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1fc0ecb7-5615-5fbf-91b3-ab71e4987ade","created":"2024-01-12T14:47:33.510305Z","modified":"2024-01-12T14:47:33.690339Z"},{"id":"e2fda344-77b8-4650-a7da-1e422db6d3a1","name":"VSIISExeLauncher.exe - LOLBAS Project","description":"LOLBAS. (2021, September 24). VSIISExeLauncher.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/VSIISExeLauncher/","source":"Tidal Cyber","title":"VSIISExeLauncher.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-09-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8696cb63-a457-5072-a72d-d9eced5bdc9b","created":"2024-01-12T14:47:32.755522Z","modified":"2024-01-12T14:47:32.948898Z"},{"id":"94a880fa-70b0-46c3-997e-b22dc9180134","name":"vsjitdebugger.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). vsjitdebugger.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Vsjitdebugger/","source":"Tidal Cyber","title":"vsjitdebugger.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bf3107e0-3938-50d4-b9d4-6d677dd8cbe1","created":"2024-01-12T14:47:33.876446Z","modified":"2024-01-12T14:47:34.067835Z"},{"id":"d88f1249-6a39-496c-afc8-8032457740e8","name":"VSLaunchBrowser.exe - LOLBAS Project","description":"LOLBAS. (2024, April 12). VSLaunchBrowser.exe. Retrieved May 19, 2025.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/VsLaunchBrowser/","source":"Tidal Cyber","title":"VSLaunchBrowser.exe","authors":"LOLBAS","date_accessed":"2025-05-19T00:00:00Z","date_published":"2024-04-12T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e92cd2bb-f30d-576f-9b20-663964565914","created":"2025-05-20T16:19:06.753409Z","modified":"2025-05-20T16:19:06.915105Z"},{"id":"325eab54-bcdd-4a12-ab41-aaf06a0405e9","name":"vsls-agent.exe - LOLBAS Project","description":"LOLBAS. (2022, November 1). vsls-agent.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/vsls-agent/","source":"Tidal Cyber","title":"vsls-agent.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-11-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a6ca40f7-fe04-55e9-b82a-6cc1cd184396","created":"2024-01-12T14:47:35.696271Z","modified":"2024-01-12T14:47:35.877665Z"},{"id":"70c168a0-9ddf-408d-ba29-885c0c5c936a","name":"vstest.console.exe - LOLBAS Project","description":"LOLBAS. (2023, September 8). vstest.console.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/vstest.console/","source":"Tidal Cyber","title":"vstest.console.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2023-09-08T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f15481a6-35b8-5645-b258-123e9cb60566","created":"2024-01-12T14:47:36.070173Z","modified":"2024-01-12T14:47:36.269230Z"},{"id":"d63d6e14-8fe7-4893-a42f-3752eaec8770","name":"Vulnerability and Exploit Detector","description":"Kanthak, S.. (2016, July 20). Vulnerability and Exploit Detector. Retrieved February 3, 2017.","url":"https://skanthak.homepage.t-online.de/sentinel.html","source":"MITRE","title":"Vulnerability and Exploit Detector","authors":"Kanthak, S.","date_accessed":"2017-02-03T00:00:00Z","date_published":"2016-07-20T00:00:00Z","owner_name":null,"tidal_id":"af61dca4-58b9-5a2a-a02e-8e7d52990c5e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441184Z"},{"id":"94f99326-1512-47ca-8c99-9b382e4d0261","name":"Kanthak Sentinel","description":"Kanthak, S. (2016, July 20). Vulnerability and Exploit Detector. Retrieved February 3, 2017.","url":"https://skanthak.homepage.t-online.de/sentinel.html","source":"MITRE","title":"Vulnerability and Exploit Detector","authors":"Kanthak, S","date_accessed":"2017-02-03T00:00:00Z","date_published":"2016-07-20T00:00:00Z","owner_name":null,"tidal_id":"27955bea-ab31-5854-aed6-89dadcfd3505","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416362Z"},{"id":"b425f1b5-0375-5747-abd0-c5cd7ba3b781","name":"Electron Security 3","description":"CertiK. (2020, June 30). Vulnerability in Electron-based Application: Unintentionally Giving Malicious Code Room to Run. Retrieved March 7, 2024.","url":"https://medium.com/certik/vulnerability-in-electron-based-application-unintentionally-giving-malicious-code-room-to-run-e2e1447d01b8","source":"MITRE","title":"Vulnerability in Electron-based Application: Unintentionally Giving Malicious Code Room to Run","authors":"CertiK","date_accessed":"2024-03-07T00:00:00Z","date_published":"2020-06-30T00:00:00Z","owner_name":null,"tidal_id":"fb61d90d-6321-5cba-9cc5-05a18ffe90a1","created":"2024-04-25T13:28:52.193989Z","modified":"2025-12-17T15:08:36.441630Z"},{"id":"db78c095-b7b2-4422-8473-49d4a1129b76","name":"Technet MS14-068","description":"Microsoft. (2014, November 18). Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780). Retrieved December 23, 2015.","url":"https://technet.microsoft.com/en-us/library/security/ms14-068.aspx","source":"MITRE","title":"Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780)","authors":"Microsoft","date_accessed":"2015-12-23T00:00:00Z","date_published":"2014-11-18T00:00:00Z","owner_name":null,"tidal_id":"19cb776d-fe21-53be-bfae-539139527142","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432924Z"},{"id":"8c7fe2a2-64a1-4680-a4e6-f6eefe00407a","name":"vxunderground debug","description":"vxunderground. (2021, June 30). VX-API. Retrieved April 1, 2022.","url":"https://github.com/vxunderground/VX-API/tree/main/Anti%20Debug","source":"MITRE","title":"VX-API","authors":"vxunderground","date_accessed":"2022-04-01T00:00:00Z","date_published":"2021-06-30T00:00:00Z","owner_name":null,"tidal_id":"87797137-e4d1-5a5d-97ec-8c6368145c23","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435788Z"},{"id":"a696dc21-fa6a-54fc-94c3-6334c99287ae","name":"Symantec","description":"Symantec. (n.d.). W32.Duqu The precursor to the next Stuxnet. Retrieved 2019/11/03","url":"https://docs.broadcom.com/doc/w32-duqu-11-en","source":"ICS","title":"W32.Duqu The precursor to the next Stuxnet","authors":"Symantec","date_accessed":"2019-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"151b615e-da0c-5adc-a76c-03265935479d","created":"2026-01-28T13:08:18.179229Z","modified":"2026-01-28T13:08:18.179232Z"},{"id":"8660411a-6b9c-46c2-8f5f-049ec60c7d40","name":"Symantec W32.Duqu","description":"Symantec Security Response. (2011, November). W32.Duqu: The precursor to the next Stuxnet. Retrieved September 17, 2015.","url":"https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf","source":"MITRE","title":"W32.Duqu: The precursor to the next Stuxnet","authors":"Symantec Security Response","date_accessed":"2015-09-17T00:00:00Z","date_published":"2011-11-01T00:00:00Z","owner_name":null,"tidal_id":"0e0e1f05-1d90-55c0-a341-f507c0a04c18","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419332Z"},{"id":"d6eaa7c6-4ddb-530e-9084-594770ead519","name":"Kevin Savage and Branko Spasojevic","description":"Kevin Savage and Branko Spasojevic. (n.d.). W32.Flamer. Retrieved November","url":"https://web.archive.org/web/20190930124504/https:/www.symantec.com/security-center/writeup/2012-052811-0308-99","source":"ICS","title":"W32.Flamer","authors":"Kevin Savage and Branko Spasojevic","date_accessed":"1978-11-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"88703604-948d-5321-93af-fb351d5f4825","created":"2026-01-28T13:08:18.179473Z","modified":"2026-01-28T13:08:18.179476Z"},{"id":"ef65ab18-fd84-4098-8805-df0268fc3a38","name":"Symantec W.32 Stuxnet Dossier","description":"Nicolas Falliere, Liam O. Murchu, Eric Chien. (2011, February). W32.Stuxnet Dossier. Retrieved December 7, 2020.","url":"https://www.wired.com/images_blogs/threatlevel/2010/11/w32_stuxnet_dossier.pdf","source":"MITRE","title":"W32.Stuxnet Dossier","authors":"Nicolas Falliere, Liam O. Murchu, Eric Chien","date_accessed":"2020-12-07T00:00:00Z","date_published":"2011-02-01T00:00:00Z","owner_name":null,"tidal_id":"cf87bfa5-94eb-5129-90cf-5aa1219f10e8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426671Z"},{"id":"a1b371c2-b2b1-5780-95c8-11f8c616dcf3","name":"Nicolas Falliere, Liam O Murchu, Eric Chien February 2011","description":"Nicolas Falliere, Liam O Murchu, Eric Chien. (2011, February). W32.Stuxnet Dossier (Version 1.4). Retrieved November 17, 2024.","url":"https://docs.broadcom.com/doc/security-response-w32-stuxnet-dossier-11-en","source":"MITRE","title":"W32.Stuxnet Dossier (Version 1.4)","authors":"Nicolas Falliere, Liam O Murchu, Eric Chien","date_accessed":"2024-11-17T00:00:00Z","date_published":"2011-02-01T00:00:00Z","owner_name":null,"tidal_id":"c4e7b7d7-f742-502f-8e6f-decc6a5b0802","created":"2023-05-26T01:21:15.295014Z","modified":"2025-12-17T15:08:36.416774Z"},{"id":"8db84cd3-926d-5ab8-8c22-a10afa01c2f0","name":"Stuxnet - Symantec - 201102","description":"Nicolas Falliere, Liam O Murchu, Eric Chien. (2011, February). W32.Stuxnet Dossier (Version 1.4). Retrieved September","url":"https://www.symantec.com/content/en/us/enterprise/media/security%20response/whitepapers/w32%20stuxnet%20dossier.pdf","source":"ICS","title":"W32.Stuxnet Dossier (Version 1.4)","authors":"Nicolas Falliere, Liam O Murchu, Eric Chien","date_accessed":"1978-09-01T00:00:00Z","date_published":"2011-02-01T00:00:00Z","owner_name":null,"tidal_id":"bf09bf74-bba8-55fb-8e72-608c5e0761ee","created":"2026-01-28T13:08:18.177428Z","modified":"2026-01-28T13:08:18.177431Z"},{"id":"5a035e94-feab-513b-97c4-773b5863b05a","name":"Wired W32.Stuxnet Dossier Feb 2011","description":"Nicolas Falliere, Liam O Murchu, Eric Chien. (2011, February). W32.Stuxnet Dossier (Version 1.4). Retrieved September","url":"https://www.wired.com/images_blogs/threatlevel/2010/11/w32_stuxnet_dossier.pdf","source":"ICS","title":"W32.Stuxnet Dossier (Version 1.4)","authors":"Nicolas Falliere, Liam O Murchu, Eric Chien","date_accessed":"1978-09-01T00:00:00Z","date_published":"2011-02-01T00:00:00Z","owner_name":null,"tidal_id":"36c8194c-b92c-5399-8be2-429d04c51b14","created":"2026-01-28T13:08:18.175492Z","modified":"2026-01-28T13:08:18.175495Z"},{"id":"7bc9f132-14b6-537e-9345-c64633139d7d","name":"Symantec W32.Stuxnet Writeup","description":"Jarrad Shearer. (n.d.). W32.Stuxnet Writeup. Retrieved October","url":"https://www.symantec.com/security-center/writeup/2010-071400-3123-99","source":"ICS","title":"W32.Stuxnet Writeup","authors":"Jarrad Shearer","date_accessed":"1978-10-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"448d21ab-782c-5dfa-939a-f19c0b97e5d8","created":"2026-01-28T13:08:18.175517Z","modified":"2026-01-28T13:08:18.175520Z"},{"id":"9d4ac51b-d870-43e8-bc6f-d7159343b00c","name":"w32.tidserv.g","description":"Symantec. (2009, March 22). W32.Tidserv.G. Retrieved January 14, 2022.","url":"https://web.archive.org/web/20150923175837/http://www.symantec.com/security_response/writeup.jsp?docid=2009-032211-2952-99&tabid=2","source":"MITRE","title":"W32.Tidserv.G","authors":"Symantec","date_accessed":"2022-01-14T00:00:00Z","date_published":"2009-03-22T00:00:00Z","owner_name":null,"tidal_id":"293f3ebd-7f9f-51fe-ae5d-a81be91d5ef6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430115Z"},{"id":"a248fd87-c3c1-4de7-a9af-0436a10f71aa","name":"Github W32Time Oct 2017","description":"Lundgren, S. (2017, October 28). w32time. Retrieved March 26, 2018.","url":"https://github.com/scottlundgren/w32time","source":"MITRE","title":"w32time","authors":"Lundgren, S","date_accessed":"2018-03-26T00:00:00Z","date_published":"2017-10-28T00:00:00Z","owner_name":null,"tidal_id":"b4048e5b-7829-5b26-9dd6-92ba3093119b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430261Z"},{"id":"a35cab17-634d-4a7a-a42c-4a4280e8785d","name":"Symantec Chernobyl W95.CIH","description":"Yamamura, M. (2002, April 25). W95.CIH. Retrieved April 12, 2019.","url":"https://web.archive.org/web/20190508170055/https://www.symantec.com/security-center/writeup/2000-122010-2655-99","source":"MITRE","title":"W95.CIH","authors":"Yamamura, M","date_accessed":"2019-04-12T00:00:00Z","date_published":"2002-04-25T00:00:00Z","owner_name":null,"tidal_id":"852c77a3-20f1-551e-b1dc-cf141a8fa9cd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436610Z"},{"id":"c432556e-c7f9-4e36-af7e-d7bea6f51e95","name":"Wab.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Wab.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Wab/","source":"Tidal Cyber","title":"Wab.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"81d679f1-f841-5a03-803a-2ace20d97dcc","created":"2024-01-12T14:47:05.768371Z","modified":"2024-01-12T14:47:05.967924Z"},{"id":"120e3b14-f08b-40e0-9d20-4ddda6b8cc06","name":"GitLab WakeOnLAN","description":"Perry, David. (2020, August 11). WakeOnLAN (WOL). Retrieved February 17, 2021.","url":"https://gitlab.com/wireshark/wireshark/-/wikis/WakeOnLAN","source":"MITRE","title":"WakeOnLAN (WOL)","authors":"Perry, David","date_accessed":"2021-02-17T00:00:00Z","date_published":"2020-08-11T00:00:00Z","owner_name":null,"tidal_id":"3f981a01-50fa-5cf3-a0e1-c2470dfd8457","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428723Z"},{"id":"cbaa3a39-f12e-4487-8aa6-1bd3e66b62b0","name":"Wandering Spider Profile","description":"CrowdStrike. (n.d.). Wandering Spider Profile. Retrieved February 28, 2025.","url":"https://www.crowdstrike.com/adversaries/wandering-spider/","source":"Tidal Cyber","title":"Wandering Spider Profile","authors":"CrowdStrike","date_accessed":"2025-02-28T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"86afd708-9572-5718-a11a-98b32901a357","created":"2025-03-04T15:54:55.700849Z","modified":"2025-03-04T15:54:55.868188Z"},{"id":"34b15fe1-c550-4150-87bc-ac9662547247","name":"FireEye WannaCry 2017","description":"Berry, A., Homan, J., and Eitzman, R. (2017, May 23). WannaCry Malware Profile. Retrieved March 15, 2019.","url":"https://www.fireeye.com/blog/threat-research/2017/05/wannacry-malware-profile.html","source":"MITRE","title":"WannaCry Malware Profile","authors":"Berry, A., Homan, J., and Eitzman, R","date_accessed":"2019-03-15T00:00:00Z","date_published":"2017-05-23T00:00:00Z","owner_name":null,"tidal_id":"ff21aedb-9d41-5276-9746-8d02bf19a840","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419643Z"},{"id":"ba7b3055-3819-5c51-9c2f-e33b012d833a","name":"AhnLab Malicioys Copy Paste 2024","description":"AhnLab SEcurity intelligence Center. (2024, May 23). Warning Against Phishing Emails Prompting Execution of Commands via Paste (CTRL+V). Retrieved April 23, 2025.","url":"https://asec.ahnlab.com/en/73952/","source":"MITRE","title":"Warning Against Phishing Emails Prompting Execution of Commands via Paste (CTRL+V)","authors":"AhnLab SEcurity intelligence Center","date_accessed":"2025-04-23T00:00:00Z","date_published":"2024-05-23T00:00:00Z","owner_name":null,"tidal_id":"a449be43-1b12-5552-bb66-a0533037c594","created":"2025-10-29T21:08:48.166564Z","modified":"2025-12-17T15:08:36.435670Z"},{"id":"bc723c71-ebda-576d-9dda-dee87ffa61a4","name":"Forbes Cerberus","description":"Z. Doffman. (2019, August 16). Warning As Devious New Android Malware Hides In Fake Adobe Flash Player Installations (Updated). Retrieved June","url":"https://www.forbes.com/sites/zakdoffman/2019/08/16/dangerous-new-android-trojan-hides-from-malware-researchers-and-taunts-them-on-twitter/#1563fef26d9c","source":"Mobile","title":"Warning As Devious New Android Malware Hides In Fake Adobe Flash Player Installations (Updated)","authors":"Z. Doffman","date_accessed":"1978-06-01T00:00:00Z","date_published":"2019-08-16T00:00:00Z","owner_name":null,"tidal_id":"45532acf-7e9d-5a81-8b45-a09e8964e1d1","created":"2026-01-28T13:08:10.047589Z","modified":"2026-01-28T13:08:10.047592Z"},{"id":"cc76be15-6d9d-40b2-b7f3-196bb0a7106a","name":"BfV North Korea February 17 2024","description":"Bundesamt fur Verfassungsschutz. (2024, February 17). Warning of North Korean cyber threats targeting the Defense Sector. Retrieved February 26, 2024.","url":"https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/cyberabwehr/2024-02-19-joint-cyber-security-advisory-englisch.pdf?__blob=publicationFile&v=2","source":"Tidal Cyber","title":"Warning of North Korean cyber threats targeting the Defense Sector","authors":"Bundesamt fur Verfassungsschutz","date_accessed":"2024-02-26T00:00:00Z","date_published":"2024-02-17T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a5c87116-0a80-575d-a79d-439d82cdd7ca","created":"2024-03-01T20:23:26.807205Z","modified":"2024-03-01T20:23:27.219443Z"},{"id":"1ba47efe-35f8-4d52-95c7-65cdc829c8e5","name":"Trend Micro War of Crypto Miners","description":"Oliveira, A., Fiser, D. (2020, September 10). War of Linux Cryptocurrency Miners: A Battle for Resources. Retrieved April 6, 2021.","url":"https://www.trendmicro.com/en_us/research/20/i/war-of-linux-cryptocurrency-miners-a-battle-for-resources.html","source":"MITRE","title":"War of Linux Cryptocurrency Miners: A Battle for Resources","authors":"Oliveira, A., Fiser, D","date_accessed":"2021-04-06T00:00:00Z","date_published":"2020-09-10T00:00:00Z","owner_name":null,"tidal_id":"311536e7-64cf-5c95-abb9-e8a54968f570","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433319Z"},{"id":"cca902ee-0d12-577a-93ca-6da57b6b5d84","name":"laginimaineb-TEE","description":"laginimaineb. (2016, May). War of the Worlds - Hijacking the Linux Kernel from QSEE. Retrieved December","url":"http://bits-please.blogspot.co.il/2016/05/war-of-worlds-hijacking-linux-kernel.html","source":"Mobile","title":"War of the Worlds - Hijacking the Linux Kernel from QSEE","authors":"laginimaineb","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-05-01T00:00:00Z","owner_name":null,"tidal_id":"fb26d244-5ce3-55de-ae9b-2daa99bccffc","created":"2026-01-28T13:08:10.046513Z","modified":"2026-01-28T13:08:10.046516Z"},{"id":"c214c36e-2bc7-4b98-a74e-529aae99f9cf","name":"Check Point Warzone Feb 2020","description":"Harakhavik, Y. (2020, February 3). Warzone: Behind the enemy lines. Retrieved December 17, 2021.","url":"https://research.checkpoint.com/2020/warzone-behind-the-enemy-lines/","source":"MITRE","title":"Warzone: Behind the enemy lines","authors":"Harakhavik, Y","date_accessed":"2021-12-17T00:00:00Z","date_published":"2020-02-03T00:00:00Z","owner_name":null,"tidal_id":"ee9808f2-7d43-507f-b49e-ebad51ff603d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422557Z"},{"id":"1324b314-a4d9-43e7-81d6-70b6917fe527","name":"Uptycs Warzone UAC Bypass November 2020","description":"Mohanta, A. (2020, November 25). Warzone RAT comes with UAC bypass technique. Retrieved April 7, 2022.","url":"https://www.uptycs.com/blog/warzone-rat-comes-with-uac-bypass-technique","source":"MITRE","title":"Warzone RAT comes with UAC bypass technique","authors":"Mohanta, A","date_accessed":"2022-04-07T00:00:00Z","date_published":"2020-11-25T00:00:00Z","owner_name":null,"tidal_id":"810d3368-4271-5daa-a55e-4cec2ca43fd0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422563Z"},{"id":"39e6ab06-9f9f-4292-9034-b2f56064164d","name":"Dragos WASSONITE","description":"Dragos. (n.d.). WASSONITE. Retrieved January 20, 2021.","url":"https://www.dragos.com/threat/wassonite/","source":"MITRE","title":"WASSONITE","authors":"Dragos","date_accessed":"2021-01-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a1fb4489-ff4e-571b-b009-9fa5bdb56b63","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422475Z"},{"id":"1520f2e5-2689-428f-9ee4-05e153a52381","name":"NCC Group WastedLocker June 2020","description":"Antenucci, S., Pantazopoulos, N., Sandee, M. (2020, June 23). WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group. Retrieved September 14, 2021.","url":"https://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/","source":"MITRE","title":"WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group","authors":"Antenucci, S., Pantazopoulos, N., Sandee, M","date_accessed":"2021-09-14T00:00:00Z","date_published":"2020-06-23T00:00:00Z","owner_name":null,"tidal_id":"e6ebbb44-1fd8-5303-86cf-2cab1c3c1f9a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418122Z"},{"id":"5ed4eb07-cc90-46bc-8527-0bb59e1eefe1","name":"Sentinel Labs WastedLocker July 2020","description":"Walter, J.. (2020, July 23). WastedLocker Ransomware: Abusing ADS and NTFS File Attributes. Retrieved September 14, 2021.","url":"https://www.sentinelone.com/labs/wastedlocker-ransomware-abusing-ads-and-ntfs-file-attributes/","source":"MITRE","title":"WastedLocker Ransomware: Abusing ADS and NTFS File Attributes","authors":"Walter, J.","date_accessed":"2021-09-14T00:00:00Z","date_published":"2020-07-23T00:00:00Z","owner_name":null,"tidal_id":"80da92e0-60ed-5111-9579-785e54c1f2a4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418136Z"},{"id":"688b2582-6602-44e1-aaac-3a4b8e168b04","name":"Intezer Doki July 20","description":"Fishbein, N., Kajiloti, M.. (2020, July 28). Watch Your Containers: Doki Infecting Docker Servers in the Cloud. Retrieved March 30, 2021.","url":"https://www.intezer.com/blog/cloud-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/","source":"MITRE","title":"Watch Your Containers: Doki Infecting Docker Servers in the Cloud","authors":"Fishbein, N., Kajiloti, M.","date_accessed":"2021-03-30T00:00:00Z","date_published":"2020-07-28T00:00:00Z","owner_name":null,"tidal_id":"76cb79f0-9b11-5865-9321-8ba574539d3e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418525Z"},{"id":"05e16ab7-ac69-562f-a13c-9a3b0f4d426f","name":"Intezer","description":"Nicole Fishbein. (2020, July 28). Watch Your Containers: Doki Infecting Docker Servers in the Cloud. Retrieved June 15, 2025.","url":"https://intezer.com/blog/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/","source":"MITRE","title":"Watch Your Containers: Doki Infecting Docker Servers in the Cloud","authors":"Nicole Fishbein","date_accessed":"2025-06-15T00:00:00Z","date_published":"2020-07-28T00:00:00Z","owner_name":null,"tidal_id":"7a95bcd7-fd88-5693-91d6-1805a7889e2e","created":"2025-10-29T21:08:48.166390Z","modified":"2025-12-17T15:08:36.434273Z"},{"id":"d4e229ab-daa5-56cf-a752-b26f67c7f866","name":"CISA AA23-335A IRGC-Affiliated December 2023","description":"DHS/CISA. (2023, December 1). IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities. Retrieved March","url":"https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a","source":"ICS","title":"Water and Wastewater Systems Facilities","authors":"DHS/CISA. (2023, December 1)","date_accessed":"1978-03-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c187fbab-0610-532d-a8ab-6169e6c0ca51","created":"2026-01-28T13:08:18.178702Z","modified":"2026-01-28T13:08:18.178705Z"},{"id":"bf320133-3823-4232-b7d2-d07da9bbccc2","name":"Trend Micro Waterbear December 2019","description":"Su, V. et al. (2019, December 11). Waterbear Returns, Uses API Hooking to Evade Security. Retrieved February 22, 2021.","url":"https://www.trendmicro.com/en_us/research/19/l/waterbear-is-back-uses-api-hooking-to-evade-security-product-detection.html","source":"MITRE","title":"Waterbear Returns, Uses API Hooking to Evade Security","authors":"Su, V. et al","date_accessed":"2021-02-22T00:00:00Z","date_published":"2019-12-11T00:00:00Z","owner_name":null,"tidal_id":"0719bbd9-d06b-5313-bf6c-0d736eb19c38","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422401Z"},{"id":"ddd5c2c9-7126-4b89-b415-dc651a2ccc0e","name":"Symantec Waterbug Jun 2019","description":"Symantec DeepSight Adversary Intelligence Team. (2019, June 20). Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments. Retrieved July 8, 2019.","url":"https://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments","source":"MITRE","title":"Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments","authors":"Symantec DeepSight Adversary Intelligence Team","date_accessed":"2019-07-08T00:00:00Z","date_published":"2019-06-20T00:00:00Z","owner_name":null,"tidal_id":"64138eaa-fa90-5b5c-a17d-a98ec08b731d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423286Z"},{"id":"212012ac-9084-490f-8dd2-5cc9ac6e6de1","name":"ESET DazzleSpy Jan 2022","description":"M.Léveillé, M., Cherepanov, A.. (2022, January 25). Watering hole deploys new macOS malware, DazzleSpy, in Asia. Retrieved May 6, 2022.","url":"https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/","source":"MITRE","title":"Watering hole deploys new macOS malware, DazzleSpy, in Asia","authors":"M.Léveillé, M., Cherepanov, A.","date_accessed":"2022-05-06T00:00:00Z","date_published":"2022-01-25T00:00:00Z","owner_name":null,"tidal_id":"ac8e0419-b8a7-5d1b-a12f-1ff971ea1c68","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421465Z"},{"id":"feb327e7-06fa-44e4-a0c9-1dbc80aa9246","name":"TrendMicro Water Ouroboros March 5 2025","description":"Trend Research. (2025, March 5). Water Ouroboros. Retrieved July 11, 2025.","url":"https://www.trendmicro.com/vinfo/in/security/news/ransomware-spotlight/ransomware-spotlight-water-ouroboros","source":"Tidal Cyber","title":"Water Ouroboros","authors":"Trend Research","date_accessed":"2025-07-11T12:00:00Z","date_published":"2025-03-05T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"06453d77-36e5-51a1-875f-64b4067eb35c","created":"2025-07-15T16:15:29.843569Z","modified":"2025-07-15T16:15:30.381408Z"},{"id":"12c8c373-c3cf-5e5d-86ac-9236cedfe631","name":"CISA AA21-042A Water Treatment Intrusion Feb 2021","description":"CISA. (2021, February 11). Compromise of U.S. Water Treatment Facility . Retrieved October","url":"https://www.cisa.gov/uscert/ncas/alerts/aa21-042a","source":"ICS","title":"Water Treatment Facility","authors":"CISA. (2021, February 11)","date_accessed":"1978-10-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"59328327-4d2b-5a26-a0ba-d80a0a302aed","created":"2026-01-28T13:08:18.178775Z","modified":"2026-01-28T13:08:18.178778Z"},{"id":"073244c2-95fc-4f77-8857-f6ee9a65ff4e","name":"MicrosoftLearn March 2 2023","description":"MicrosoftLearn. (2023, March 2). wbadmin. Retrieved December 19, 2024.","url":"https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/wbadmin","source":"Tidal Cyber","title":"wbadmin","authors":"MicrosoftLearn","date_accessed":"2024-12-19T00:00:00Z","date_published":"2023-03-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0ad060b9-b70a-53cf-8b2c-39a99e06e318","created":"2025-04-11T15:06:14.358864Z","modified":"2025-04-11T15:06:14.522630Z"},{"id":"6adfba35-3bf1-4915-813e-40c4a843ae34","name":"win_wbadmin_delete_catalog","description":"Microsoft. (2017, October 16). wbadmin delete catalog. Retrieved September 20, 2021.","url":"https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/wbadmin-delete-catalog","source":"MITRE","title":"wbadmin delete catalog","authors":"Microsoft","date_accessed":"2021-09-20T00:00:00Z","date_published":"2017-10-16T00:00:00Z","owner_name":null,"tidal_id":"3cc41860-e29f-5d7b-88d3-396e3436b9d9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436917Z"},{"id":"6622b44f-7065-4572-a40c-2ad5293c305e","name":"wbemtest.exe - LOLBAS Project","description":"LOLBAS. (2025, April 22). wbemtest.exe. Retrieved May 19, 2025.","url":"https://lolbas-project.github.io/lolbas/Binaries/Wbemtest/","source":"Tidal Cyber","title":"wbemtest.exe","authors":"LOLBAS","date_accessed":"2025-05-19T00:00:00Z","date_published":"2025-04-22T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c8e788db-d50f-513d-a4d5-9866d4924843","created":"2025-05-20T16:19:05.216032Z","modified":"2025-05-20T16:19:05.374285Z"},{"id":"522b2a19-1d15-48f8-8801-c64d3abd945a","name":"SecureWorks WannaCry Analysis","description":"Counter Threat Unit Research Team. (2017, May 18). WCry Ransomware Analysis. Retrieved March 26, 2019.","url":"https://www.secureworks.com/research/wcry-ransomware-analysis","source":"MITRE","title":"WCry Ransomware Analysis","authors":"Counter Threat Unit Research Team","date_accessed":"2019-03-26T00:00:00Z","date_published":"2017-05-18T00:00:00Z","owner_name":null,"tidal_id":"30562c5f-847c-5f0e-b613-a28beef237e2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419650Z"},{"id":"5d63bb19-02d7-47b2-a120-9601ba09d99e","name":"NCC Group SafePay March 10 2025","description":"NCC Group. (2025, March 10). Weak Passwords Led to (SafePay) Ransomware…Yet Again. Retrieved April 14, 2025.","url":"https://www.nccgroup.com/us/research-blog/weak-passwords-led-to-safepay-ransomware-yet-again/","source":"Tidal Cyber","title":"Weak Passwords Led to (SafePay) Ransomware…Yet Again","authors":"NCC Group","date_accessed":"2025-04-14T00:00:00Z","date_published":"2025-03-10T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"53621bc0-f1a9-5447-9fec-937c987eda9c","created":"2025-04-15T17:47:09.347107Z","modified":"2025-04-15T17:47:09.838722Z"},{"id":"43ab0888-e806-5be3-9ef4-d3dc43b5a41c","name":"CyberCX Akira Ransomware","description":"CyberCX. (2023, September 15). Weaponising VMs to bypass EDR – Akira ransomware. Retrieved April 4, 2025.","url":"https://cybercx.com.au/blog/akira-ransomware/","source":"MITRE","title":"Weaponising VMs to bypass EDR – Akira ransomware","authors":"CyberCX","date_accessed":"2025-04-04T00:00:00Z","date_published":"2023-09-15T00:00:00Z","owner_name":null,"tidal_id":"acb96e5e-394f-50ba-9beb-152d036813d2","created":"2025-04-22T20:47:18.350088Z","modified":"2025-12-17T15:08:36.433784Z"},{"id":"fd22c941-b0dc-4420-b363-2f5777981041","name":"Aleks Weapons Nov 2015","description":"Nick Aleks. (2015, November 7). Weapons of a Pentester - Understanding the virtual & physical tools used by white/black hat hackers. Retrieved March 30, 2018.","url":"https://www.youtube.com/watch?v=lDvf4ScWbcQ","source":"MITRE","title":"Weapons of a Pentester - Understanding the virtual & physical tools used by white/black hat hackers","authors":"Nick Aleks","date_accessed":"2018-03-30T00:00:00Z","date_published":"2015-11-07T00:00:00Z","owner_name":null,"tidal_id":"489fb461-b25c-5271-8899-491039ea8916","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435104Z"},{"id":"9e862514-c8ff-5125-9762-2fb9fafb5625","name":"Cisco Salt Typhoon FEB 2025","description":"Cisco Talos. (2025, February 20). Weathering the storm: In the midst of a Typhoon. Retrieved February 24, 2025.","url":"https://blog.talosintelligence.com/salt-typhoon-analysis/","source":"MITRE","title":"Weathering the storm: In the midst of a Typhoon","authors":"Cisco Talos","date_accessed":"2025-02-24T00:00:00Z","date_published":"2025-02-20T00:00:00Z","owner_name":null,"tidal_id":"9ace07e8-f25d-54b0-9b53-028c486a56c9","created":"2025-04-22T20:47:22.965170Z","modified":"2025-12-17T15:08:36.416678Z"},{"id":"b4362602-faf0-5b28-a147-b3153da1903f","name":"NIST Web Bug","description":"NIST Information Technology Laboratory. (n.d.). web bug. Retrieved March 22, 2023.","url":"https://csrc.nist.gov/glossary/term/web_bug","source":"MITRE","title":"web bug","authors":"NIST Information Technology Laboratory","date_accessed":"2023-03-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"77e52f18-9342-5b15-a7e2-1abf37c0d85c","created":"2023-05-26T01:21:03.413708Z","modified":"2025-12-17T15:08:36.426872Z"},{"id":"df9ff358-4d1e-4094-92cd-4703c53a384c","name":"Sekoia.io Blog September 19 2024","description":"Marc N; Sekoia TDR. (2024, September 19). WebDAV-as-a-Service Uncovering the infrastructure behind Emmenhtal loader distribution. Retrieved September 20, 2024.","url":"https://blog.sekoia.io/webdav-as-a-service-uncovering-the-infrastructure-behind-emmenhtal-loader-distribution/","source":"Tidal Cyber","title":"WebDAV-as-a-Service Uncovering the infrastructure behind Emmenhtal loader distribution","authors":"Marc N; Sekoia TDR","date_accessed":"2024-09-20T00:00:00Z","date_published":"2024-09-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"00f3b37a-6eb5-5ec7-95ee-eaefb073868c","created":"2024-10-14T19:18:53.641550Z","modified":"2024-10-14T19:18:53.855349Z"},{"id":"b521efe2-5c1c-48c5-a2a9-95da2367f537","name":"Didier Stevens WebDAV Traffic","description":"Stevens, D. (2017, November 13). WebDAV Traffic To Malicious Sites. Retrieved December 21, 2017.","url":"https://blog.didierstevens.com/2017/11/13/webdav-traffic-to-malicious-sites/","source":"MITRE","title":"WebDAV Traffic To Malicious Sites","authors":"Stevens, D","date_accessed":"2017-12-21T00:00:00Z","date_published":"2017-11-13T00:00:00Z","owner_name":null,"tidal_id":"6d26aac0-ffe4-532b-87de-ea9694ebd67d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433970Z"},{"id":"f68f1151-839e-5ae7-bab1-aa2b4c0d11ec","name":"Checkmarx Webhooks","description":"Jossef Harush Kadouri. (2022, March 7). Webhook Party — Malicious packages caught exfiltrating data via legit webhook services. Retrieved July 20, 2023.","url":"https://medium.com/checkmarx-security/webhook-party-malicious-packages-caught-exfiltrating-data-via-legit-webhook-services-6e046b07d191","source":"MITRE","title":"Webhook Party — Malicious packages caught exfiltrating data via legit webhook services","authors":"Jossef Harush Kadouri","date_accessed":"2023-07-20T00:00:00Z","date_published":"2022-03-07T00:00:00Z","owner_name":null,"tidal_id":"5bfd5b10-ab4e-57af-b123-1d2dbe06127f","created":"2023-11-07T00:36:01.577678Z","modified":"2025-12-17T15:08:36.428669Z"},{"id":"519693e2-71c9-55d2-98fd-be451837582a","name":"Push Security SaaS Attacks Repository Webhooks","description":"Push Security. (2023, July 31). Webhooks. Retrieved August 4, 2023.","url":"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/webhooks/description.md","source":"MITRE","title":"Webhooks","authors":"Push Security","date_accessed":"2023-08-04T00:00:00Z","date_published":"2023-07-31T00:00:00Z","owner_name":null,"tidal_id":"57b61082-8842-596a-a32e-4f70c021d45b","created":"2023-11-07T00:36:01.625842Z","modified":"2025-12-17T15:08:36.428704Z"},{"id":"cedbdeb8-6669-4c5c-a8aa-d37576aaa1ba","name":"acunetix Server Secuirty","description":"Acunetix. (n.d.). Web Server Security and Database Server Security. Retrieved July 26, 2018.","url":"https://www.acunetix.com/websitesecurity/webserver-security/","source":"MITRE","title":"Web Server Security and Database Server Security","authors":"Acunetix","date_accessed":"2018-07-26T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d0a92de9-be57-5ccb-9bd7-1a672850e94c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415665Z"},{"id":"14b344ed-bde6-4755-b59a-595edb23a210","name":"Microsoft Well Known SIDs Jun 2017","description":"Microsoft. (2017, June 23). Well-known security identifiers in Windows operating systems. Retrieved November 30, 2017.","url":"https://support.microsoft.com/help/243330/well-known-security-identifiers-in-windows-operating-systems","source":"MITRE","title":"Well-known security identifiers in Windows operating systems","authors":"Microsoft","date_accessed":"2017-11-30T00:00:00Z","date_published":"2017-06-23T00:00:00Z","owner_name":null,"tidal_id":"827db7c3-2a9e-5b8e-b290-c2ad4314fd1f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425917Z"},{"id":"3afca6f1-680a-46ae-8cea-10b6b870d5e7","name":"PWC WellMess C2 August 2020","description":"PWC. (2020, August 17). WellMess malware: analysis of its Command and Control (C2) server. Retrieved September 29, 2020.","url":"https://www.pwc.co.uk/issues/cyber-security-services/insights/wellmess-analysis-command-control.html","source":"MITRE","title":"WellMess malware: analysis of its Command and Control (C2) server","authors":"PWC","date_accessed":"2020-09-29T00:00:00Z","date_published":"2020-08-17T00:00:00Z","owner_name":null,"tidal_id":"74e58f3c-cdfc-5871-a9a5-42868718167a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438130Z"},{"id":"d316c581-646d-48e7-956e-34e2f957c67d","name":"Cofense Astaroth Sept 2018","description":"Doaty, J., Garrett, P.. (2018, September 10). We’re Seeing a Resurgence of the Demonic Astaroth WMIC Trojan. Retrieved September 25, 2024.","url":"https://web.archive.org/web/20200302071436/https://cofense.com/seeing-resurgence-demonic-astaroth-wmic-trojan/","source":"MITRE","title":"We’re Seeing a Resurgence of the Demonic Astaroth WMIC Trojan","authors":"Doaty, J., Garrett, P.","date_accessed":"2024-09-25T00:00:00Z","date_published":"2018-09-10T00:00:00Z","owner_name":null,"tidal_id":"b09c5117-a780-5a32-9098-24dbe0b46d61","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422210Z"},{"id":"b8df2f03-e19c-59f3-9e28-dd8b12c0d467","name":"ZimperiumGupta_RatMilad_Oct2022","description":"Gupta, N. (2022, October 5). We Smell A RatMilad Android Spyware. Retrieved August","url":"https://zimperium.com/blog/we-smell-a-ratmilad-mobile-spyware","source":"Mobile","title":"We Smell A RatMilad Android Spyware","authors":"Gupta, N","date_accessed":"1978-08-01T00:00:00Z","date_published":"2022-10-05T00:00:00Z","owner_name":null,"tidal_id":"e7e58123-91d6-536d-bd4e-17dc82b7b875","created":"2026-01-28T13:08:10.040854Z","modified":"2026-01-28T13:08:10.040857Z"},{"id":"25511dde-9e13-4e03-8ae4-2495e9f5eb5e","name":"Wevtutil Microsoft Documentation","description":"Microsoft. (n.d.). wevtutil. Retrieved September 14, 2021.","url":"https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/wevtutil","source":"MITRE","title":"wevtutil","authors":"Microsoft","date_accessed":"2021-09-14T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9081e01e-1983-5751-a526-a8683f4f19d9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423490Z"},{"id":"8896d802-96c6-4546-8a82-c1f7f2d71ea1","name":"Microsoft wevtutil Oct 2017","description":"Plett, C. et al.. (2017, October 16). wevtutil. Retrieved July 2, 2018.","url":"https://docs.microsoft.com/windows-server/administration/windows-commands/wevtutil","source":"MITRE","title":"wevtutil","authors":"Plett, C. et al.","date_accessed":"2018-07-02T00:00:00Z","date_published":"2017-10-16T00:00:00Z","owner_name":null,"tidal_id":"4186a88f-f517-5541-be59-a6ab58792bd1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430446Z"},{"id":"a937012a-01c8-457c-8808-47c1753e8781","name":"Wfc.exe - LOLBAS Project","description":"LOLBAS. (2021, September 26). Wfc.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Wfc/","source":"Tidal Cyber","title":"Wfc.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-09-26T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"9011b03f-afe0-5d0c-9811-29f66ebfe985","created":"2024-01-12T14:47:34.260949Z","modified":"2024-01-12T14:47:34.439582Z"},{"id":"fa9a472d-d982-4e0c-a68d-1541f1b31b9c","name":"WFMFormat.exe - LOLBAS Project","description":"LOLBAS. (2024, December 5). WFMFormat.exe. Retrieved May 19, 2025.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/WFMFormat/","source":"Tidal Cyber","title":"WFMFormat.exe","authors":"LOLBAS","date_accessed":"2025-05-19T00:00:00Z","date_published":"2024-12-05T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bf4a947b-192e-5bc7-8d83-87d386b4c408","created":"2025-05-20T16:19:07.207739Z","modified":"2025-05-20T16:19:07.353528Z"},{"id":"839911f1-5f08-5004-aa79-0bd7e08f3b82","name":"Cloudflare DMARC, DKIM, and SPF","description":"Cloudflare. (n.d.). What are DMARC, DKIM, and SPF?. Retrieved April 8, 2025.","url":"https://www.cloudflare.com/learning/email-security/dmarc-dkim-spf/","source":"MITRE","title":"What are DMARC, DKIM, and SPF?","authors":"Cloudflare","date_accessed":"2025-04-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"bca5c713-7aea-59cf-9dca-97e5d26c976d","created":"2025-04-22T20:47:20.204582Z","modified":"2025-12-17T15:08:36.435612Z"},{"id":"47856c5f-6c4c-5b4c-bbc1-ccb6848d9b74","name":"Crowdstrike Downgrade","description":"Bart Lenaerts-Bergman. (2023, March 14). WHAT ARE DOWNGRADE ATTACKS?. Retrieved May 24, 2023.","url":"https://www.crowdstrike.com/cybersecurity-101/attack-types/downgrade-attacks/","source":"MITRE","title":"WHAT ARE DOWNGRADE ATTACKS?","authors":"Bart Lenaerts-Bergman","date_accessed":"2023-05-24T00:00:00Z","date_published":"2023-03-14T00:00:00Z","owner_name":null,"tidal_id":"296a6b24-c126-5f3e-89fe-5eae76b3da52","created":"2023-11-07T00:36:05.154372Z","modified":"2025-12-17T15:08:36.431871Z"},{"id":"fe00cee9-54d9-4775-86da-b7db73295bf7","name":"Chrome Extensions Definition","description":"Chrome. (n.d.). What are Extensions?. Retrieved November 16, 2017.","url":"https://developer.chrome.com/extensions","source":"MITRE","title":"What are Extensions?","authors":"Chrome","date_accessed":"2017-11-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"38fc4667-030a-5027-958e-a3854c2f9aac","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426466Z"},{"id":"dfa76ff1-df9e-4cdf-aabe-476479cdcf13","name":"StackExchange Hooks Jul 2012","description":"Stack Exchange - Security. (2012, July 31). What are the methods to find hooked functions and APIs?. Retrieved December 12, 2017.","url":"https://security.stackexchange.com/questions/17904/what-are-the-methods-to-find-hooked-functions-and-apis","source":"MITRE","title":"What are the methods to find hooked functions and APIs?","authors":"Stack Exchange - Security","date_accessed":"2017-12-12T00:00:00Z","date_published":"2012-07-31T00:00:00Z","owner_name":null,"tidal_id":"c64f7a73-c465-5c8a-8039-33eaf3b29541","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430625Z"},{"id":"7ccda957-b38d-4c3f-a8f5-6cecdcb3f584","name":"macOS APT Activity Bradley","description":"Jaron Bradley. (2021, November 14). What does APT Activity Look Like on macOS?. Retrieved January 19, 2022.","url":"https://themittenmac.com/what-does-apt-activity-look-like-on-macos/","source":"MITRE","title":"What does APT Activity Look Like on macOS?","authors":"Jaron Bradley","date_accessed":"2022-01-19T00:00:00Z","date_published":"2021-11-14T00:00:00Z","owner_name":null,"tidal_id":"f595cb2a-b494-5fe7-9cbc-fc077f7cb37e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435720Z"},{"id":"61e2fb16-d04b-494c-8bea-fb34e81faa73","name":"okta","description":"okta. (n.d.). What Happens If Your JWT Is Stolen?. Retrieved September 12, 2019.","url":"https://developer.okta.com/blog/2018/06/20/what-happens-if-your-jwt-is-stolen","source":"MITRE","title":"What Happens If Your JWT Is Stolen?","authors":"okta","date_accessed":"2019-09-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"cfe6d7ef-b364-5118-ab4b-b5b9866dc3e8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426549Z"},{"id":"f97427f1-ea16-4e92-a4a2-4d62a800df15","name":"Norton Botnet","description":"Norton. (n.d.). What is a botnet?. Retrieved October 4, 2020.","url":"https://us.norton.com/internetsecurity-malware-what-is-a-botnet.html","source":"MITRE","title":"What is a botnet?","authors":"Norton","date_accessed":"2020-10-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b771d949-0ec6-5946-850a-34c6729faf2a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427212Z"},{"id":"f0ae2788-537c-5644-ba1b-d06a612e73c1","name":"Microsoft DLL","description":"Microsoft. (2023, April 28). What is a DLL. Retrieved September 7, 2023.","url":"https://learn.microsoft.com/troubleshoot/windows-client/deployment/dynamic-link-library","source":"MITRE","title":"What is a DLL","authors":"Microsoft","date_accessed":"2023-09-07T00:00:00Z","date_published":"2023-04-28T00:00:00Z","owner_name":null,"tidal_id":"e56f8492-9474-5b79-8b7a-86c1dea9c5d2","created":"2023-11-07T00:35:57.199499Z","modified":"2025-12-17T15:08:36.424426Z"},{"id":"734cb2bb-462a-4bdc-9774-6883f99379b9","name":"Cloudflare DNSamplficationDoS","description":"Cloudflare. (n.d.). What is a DNS amplification attack?. Retrieved April 23, 2019.","url":"https://www.cloudflare.com/learning/ddos/dns-amplification-ddos-attack/","source":"MITRE","title":"What is a DNS amplification attack?","authors":"Cloudflare","date_accessed":"2019-04-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"dac1c2da-9215-5dec-bd86-e800d7295619","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427678Z"},{"id":"7972332d-fbe9-4f14-9511-4298f65f2a86","name":"Amazon AWS VPC Guide","description":"Amazon. (n.d.). What Is Amazon VPC?. Retrieved October 6, 2019.","url":"https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html","source":"MITRE","title":"What Is Amazon VPC?","authors":"Amazon","date_accessed":"2019-10-06T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"de2edcba-4d6c-5396-833e-3c9a2382395e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431691Z"},{"id":"1a5934a4-35ce-4f7c-be9c-c1faf4ee0838","name":"Cloudflare HTTPflood","description":"Cloudflare. (n.d.). What is an HTTP flood DDoS attack?. Retrieved April 22, 2019.","url":"https://www.cloudflare.com/learning/ddos/http-flood-ddos-attack/","source":"MITRE","title":"What is an HTTP flood DDoS attack?","authors":"Cloudflare","date_accessed":"2019-04-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b4af35ee-2472-53bb-a159-f325bd57d571","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427783Z"},{"id":"09ce093a-d378-4915-a35f-bf18a278d873","name":"Cloudflare NTPamplifciationDoS","description":"Cloudflare. (n.d.). What is a NTP amplificaiton attack?. Retrieved April 23, 2019.","url":"https://www.cloudflare.com/learning/ddos/ntp-amplification-ddos-attack/","source":"MITRE","title":"What is a NTP amplificaiton attack?","authors":"Cloudflare","date_accessed":"2019-04-23T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"d6a6c697-b389-56c0-bda6-8e887fbcbdd5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427684Z"},{"id":"d23bf6dc-979b-5f34-86a7-637979a5f20e","name":"Microsoft Primary Refresh Token","description":"Microsoft. (2022, September 9). What is a Primary Refresh Token?. Retrieved February 21, 2023.","url":"https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-primary-refresh-token","source":"MITRE","title":"What is a Primary Refresh Token?","authors":"Microsoft","date_accessed":"2023-02-21T00:00:00Z","date_published":"2022-09-09T00:00:00Z","owner_name":null,"tidal_id":"799bdf3d-b38e-5a92-919e-4c02a8a25c23","created":"2023-05-26T01:21:06.304691Z","modified":"2025-12-17T15:08:36.430192Z"},{"id":"a9f0b569-8f18-579f-bf98-f4f9b93e5524","name":"Comparitech Replay Attack","description":"Justin Schamotta. (2022, October 28). What is a replay attack?. Retrieved September 27, 2023.","url":"https://www.comparitech.com/blog/information-security/what-is-a-replay-attack/","source":"MITRE","title":"What is a replay attack?","authors":"Justin Schamotta","date_accessed":"2023-09-27T00:00:00Z","date_published":"2022-10-28T00:00:00Z","owner_name":null,"tidal_id":"ebfb46b6-dece-551b-a63a-164998274921","created":"2023-11-07T00:36:06.177954Z","modified":"2025-12-17T15:08:36.432904Z"},{"id":"ec41de8a-c673-41bf-b713-4a647b135532","name":"Corero SYN-ACKflood","description":"Corero. (n.d.). What is a SYN-ACK Flood Attack?. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20220119104451/https://www.corero.com/resource-hub/syn-ack-flood-attack/","source":"MITRE","title":"What is a SYN-ACK Flood Attack?","authors":"Corero","date_accessed":"2024-11-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"38366719-701e-5013-bcf7-c284fb053e5c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424775Z"},{"id":"e292c4fe-ae77-4393-b666-fb6290cb4aa8","name":"Cloudflare SynFlood","description":"Cloudflare. (n.d.). What is a SYN flood attack?. Retrieved April 22, 2019.","url":"https://www.cloudflare.com/learning/ddos/syn-flood-ddos-attack/","source":"MITRE","title":"What is a SYN flood attack?","authors":"Cloudflare","date_accessed":"2019-04-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4bafd71d-3a52-5d81-8a1e-7f7c953ad6f8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424768Z"},{"id":"9afbd6a5-1c31-4727-8f36-04d4d8e65660","name":"Amazon VM","description":"Microsoft. (n.d.). What is a virtual machine (VM)?. Retrieved November 17, 2024.","url":"https://azure.microsoft.com/en-us/resources/cloud-computing-dictionary/what-is-a-virtual-machine/","source":"MITRE","title":"What is a virtual machine (VM)?","authors":"Microsoft","date_accessed":"2024-11-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e2f392bf-7075-5b0b-b489-6617ee167b2e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437133Z"},{"id":"37321591-40fd-537e-ba74-71042bc5064e","name":"RedHat Webhooks","description":"RedHat. (2022, June 1). What is a webhook?. Retrieved July 20, 2023.","url":"https://www.redhat.com/en/topics/automation/what-is-a-webhook","source":"MITRE","title":"What is a webhook?","authors":"RedHat","date_accessed":"2023-07-20T00:00:00Z","date_published":"2022-06-01T00:00:00Z","owner_name":null,"tidal_id":"2a04f462-6d85-5c77-9164-f546c2d78635","created":"2023-11-07T00:36:01.636343Z","modified":"2025-12-17T15:08:36.428710Z"},{"id":"a7813928-4351-54c5-a64e-61bd4689e93b","name":"AWS System Manager","description":"AWS. (2023, June 2). What is AWS System Manager?. Retrieved June 2, 2023.","url":"https://docs.aws.amazon.com/systems-manager/latest/userguide/what-is-systems-manager.html","source":"MITRE","title":"What is AWS System Manager?","authors":"AWS","date_accessed":"2023-06-02T00:00:00Z","date_published":"2023-06-02T00:00:00Z","owner_name":null,"tidal_id":"837d7a05-5cd0-5ffc-9e8f-e256b7627eb2","created":"2023-11-07T00:36:01.697736Z","modified":"2025-12-17T15:08:36.428736Z"},{"id":"bf7f2e7a-f5ae-4b6e-8c90-fd41a92c4615","name":"Microsoft Azure Virtual Network Overview","description":"Annamalai, N., Casey, C., Almeida, M., et. al.. (2019, June 18). What is Azure Virtual Network?. Retrieved October 6, 2019.","url":"https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview","source":"MITRE","title":"What is Azure Virtual Network?","authors":"Annamalai, N., Casey, C., Almeida, M., et. al.","date_accessed":"2019-10-06T00:00:00Z","date_published":"2019-06-18T00:00:00Z","owner_name":null,"tidal_id":"43571d5f-2386-58de-a32b-ded3c234f680","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431698Z"},{"id":"7e674a8d-e79f-5cb0-8ad2-a7678e647c6f","name":"CrowdStrike-BEC","description":"Bart Lenaerts-Bergmans. (2023, March 10). What is Business Email Compromise?. Retrieved August 8, 2023.","url":"https://www.crowdstrike.com/cybersecurity-101/business-email-compromise-bec/","source":"MITRE","title":"What is Business Email Compromise?","authors":"Bart Lenaerts-Bergmans","date_accessed":"2023-08-08T00:00:00Z","date_published":"2023-03-10T00:00:00Z","owner_name":null,"tidal_id":"6360e9a0-86c6-5827-bb15-9fe123496dc7","created":"2023-11-07T00:36:07.747596Z","modified":"2025-12-17T15:08:36.434643Z"},{"id":"7d39522c-5a9c-5a19-a0e4-e5aec68f5f08","name":"Microsoft Conditional Access","description":"Microsoft. (2023, November 15). What is Conditional Access?. Retrieved January 2, 2024.","url":"https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview","source":"MITRE","title":"What is Conditional Access?","authors":"Microsoft","date_accessed":"2024-01-02T00:00:00Z","date_published":"2023-11-15T00:00:00Z","owner_name":null,"tidal_id":"81ccb2bd-0bdc-57f4-b664-673a1eda741e","created":"2024-04-25T13:28:39.866725Z","modified":"2025-12-17T15:08:36.434846Z"},{"id":"2e96848f-389d-517f-bbe7-0f4cf8ad1b0a","name":"ReasonLabs","description":"ReasonLabs. (n.d.). What is Dead code insertion?. Retrieved March 4, 2025.","url":"https://cyberpedia.reasonlabs.com/EN/dead%20code%20insertion.html","source":"MITRE","title":"What is Dead code insertion?","authors":"ReasonLabs","date_accessed":"2025-03-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e753dbb9-f1e5-536d-9dfa-f296d9a8e137","created":"2025-04-22T20:47:15.299346Z","modified":"2025-12-17T15:08:36.430643Z"},{"id":"efe1c443-475b-45fc-8d33-5bf3bdf941c5","name":"PAN DNS Tunneling","description":"Palo Alto Networks. (n.d.). What Is DNS Tunneling?. Retrieved March 15, 2020.","url":"https://www.paloaltonetworks.com/cyberpedia/what-is-dns-tunneling","source":"MITRE","title":"What Is DNS Tunneling?","authors":"Palo Alto Networks","date_accessed":"2020-03-15T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"81ebf534-dd99-57c9-8bbe-e74988b7ea42","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425731Z"},{"id":"fe9f7542-bbf0-5e34-b3a9-8596cc5aa754","name":"Proofpoint-spoof","description":"Proofpoint. (n.d.). What Is Email Spoofing?. Retrieved February 24, 2023.","url":"https://www.proofpoint.com/us/threat-reference/email-spoofing","source":"MITRE","title":"What Is Email Spoofing?","authors":"Proofpoint","date_accessed":"2023-02-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"47112d76-db97-5a4f-befe-1df19babde4d","created":"2023-05-26T01:21:08.652049Z","modified":"2025-12-17T15:08:36.433260Z"},{"id":"373f64a5-a30f-4b6e-b352-d0c6f8b65fdb","name":"magnusviri emond Apr 2016","description":"Reynolds, James. (2016, April 7). What is emond?. Retrieved September 10, 2019.","url":"http://www.magnusviri.com/Mac/what-is-emond.html","source":"MITRE","title":"What is emond?","authors":"Reynolds, James","date_accessed":"2019-09-10T00:00:00Z","date_published":"2016-04-07T00:00:00Z","owner_name":null,"tidal_id":"2429522f-fc36-5c9a-8ffd-a293ad1d5196","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432931Z"},{"id":"fedb345f-b5a7-40cd-98c7-6b14bab95ed9","name":"Microsoft - Azure AD Federation","description":"Microsoft. (2018, November 28). What is federation with Azure AD?. Retrieved December 30, 2020.","url":"https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed","source":"MITRE","title":"What is federation with Azure AD?","authors":"Microsoft","date_accessed":"2020-12-30T00:00:00Z","date_published":"2018-11-28T00:00:00Z","owner_name":null,"tidal_id":"921dad52-36ca-55ce-b7c2-669c7a461008","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426372Z"},{"id":"d1f57ed6-8f44-46cc-afb7-53d9543f68ed","name":"What Is FormBook Malware?","description":"www.blackberry.com. (n.d.). What Is FormBook Malware?. Retrieved May 18, 2023.","url":"https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/formbook","source":"Tidal Cyber","title":"What Is FormBook Malware?","authors":"www.blackberry.com","date_accessed":"2023-05-18T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"656ff127-19ab-58f8-a9ab-c91183e0c7f0","created":"2024-06-13T20:10:26.893662Z","modified":"2024-06-13T20:10:27.087668Z"},{"id":"c7670c6d-014b-4937-ac0f-9f2aec60e2d8","name":"What is FormBook Malware? - Check Point Software","description":"Check Point Software. (n.d.). What is FormBook Malware? - Check Point Software. Retrieved May 18, 2023.","url":"https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-malware/what-is-formbook-malware/","source":"Tidal Cyber","title":"What is FormBook Malware? - Check Point Software","authors":"Check Point Software","date_accessed":"2023-05-18T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"c72919a1-893e-57a7-922f-4a33dad85fc8","created":"2024-06-13T20:10:27.276160Z","modified":"2024-06-13T20:10:27.469450Z"},{"id":"cc682467-1ad0-50d9-9d81-be84ed862df8","name":"FRP GitHub","description":"fatedier. (n.d.). What is frp?. Retrieved July 10, 2024.","url":"https://github.com/fatedier/frp","source":"MITRE","title":"What is frp?","authors":"fatedier","date_accessed":"2024-07-10T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f79800da-52d5-5a5e-8b19-b0acc1f0d722","created":"2024-10-31T16:28:35.215856Z","modified":"2025-12-17T15:08:36.422904Z"},{"id":"f87c0c95-65bd-4b57-9b7d-1b7936f03c2a","name":"grsecurity official","description":"grsecurity. (2017, December 12). What is grsecurity?. Retrieved December 20, 2017.","url":"https://grsecurity.net/","source":"MITRE","title":"What is grsecurity?","authors":"grsecurity","date_accessed":"2017-12-20T00:00:00Z","date_published":"2017-12-12T00:00:00Z","owner_name":null,"tidal_id":"7eef9163-82f8-5d33-9b44-296761a408b5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-04-22T20:47:33.334627Z"},{"id":"3f458e65-3910-4ed0-a576-bea4cfabdfcc","name":"freeCodeCamp.org March 29 2021","description":"Freecodecamp. (2021, March 29). What is JavaScript A Definition of the JS Programming Language. Retrieved December 19, 2024.","url":"https://www.freecodecamp.org/news/what-is-javascript-definition-of-js/","source":"Tidal Cyber","title":"What is JavaScript A Definition of the JS Programming Language","authors":"Freecodecamp","date_accessed":"2024-12-19T00:00:00Z","date_published":"2021-03-29T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"68895b93-df96-5fcc-8e30-8145fef10118","created":"2025-04-11T15:06:10.621188Z","modified":"2025-04-11T15:06:10.782113Z"},{"id":"ae70f799-ebb6-4ffe-898e-945cb754c1cb","name":"VDSO Aug 2005","description":"Petersson, J. (2005, August 14). What is linux-gate.so.1?. Retrieved June 16, 2020.","url":"https://web.archive.org/web/20051013084246/http://www.trilithium.com/johan/2005/08/linux-gate/","source":"MITRE","title":"What is linux-gate.so.1?","authors":"Petersson, J","date_accessed":"2020-06-16T00:00:00Z","date_published":"2005-08-14T00:00:00Z","owner_name":null,"tidal_id":"25e70b2b-23cb-5d78-a33f-940732ee3be3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432869Z"},{"id":"8fd46ee3-9819-4c7b-b56e-322de5657fad","name":"Secret Double Octopus September 7 2022","description":"Secret Double Octopus. (2022, September 7). What is Meterpreter - Security Wiki. Retrieved June 9, 2025.","url":"https://doubleoctopus.com/security-wiki/threats-and-tools/meterpreter/","source":"Tidal Cyber","title":"What is Meterpreter - Security Wiki","authors":"Secret Double Octopus","date_accessed":"2025-06-09T00:00:00Z","date_published":"2022-09-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5cc0b05d-a724-5fa8-862a-c643d2796618","created":"2025-06-10T15:50:19.018115Z","modified":"2025-06-10T15:50:19.183541Z"},{"id":"57e130ab-f981-423e-bafe-51d0d0e1abdf","name":"what_is_mmc","description":"Microsoft. (2020, September 27). What is Microsoft Management Console?. Retrieved October 5, 2021.","url":"https://docs.microsoft.com/en-us/troubleshoot/windows-server/system-management-components/what-is-microsoft-management-console","source":"MITRE","title":"What is Microsoft Management Console?","authors":"Microsoft","date_accessed":"2021-10-05T00:00:00Z","date_published":"2020-09-27T00:00:00Z","owner_name":null,"tidal_id":"381a62c7-70a9-5af4-b09f-a9bccc9e3201","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436931Z"},{"id":"b4727044-51bb-43b3-afdb-515bb4bb0f7e","name":"Microsoft NET","description":"Microsoft. (n.d.). What is .NET Framework?. Retrieved March 15, 2020.","url":"https://dotnet.microsoft.com/learn/dotnet/what-is-dotnet-framework","source":"MITRE","title":"What is .NET Framework?","authors":"Microsoft","date_accessed":"2020-03-15T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"0309d9ff-aaa9-52c8-b87d-730e20069b68","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427866Z"},{"id":"3fc422e5-9a1d-5ac4-8e65-1df13d8a688e","name":"Pastebin EchoSec","description":"Ciarniello, A. (2019, September 24). What is Pastebin and Why Do Hackers Love It?. Retrieved April 11, 2023.","url":"https://web.archive.org/web/20201107203304/https://www.echosec.net/blog/what-is-pastebin-and-why-do-hackers-love-it","source":"MITRE","title":"What is Pastebin and Why Do Hackers Love It?","authors":"Ciarniello, A","date_accessed":"2023-04-11T00:00:00Z","date_published":"2019-09-24T00:00:00Z","owner_name":null,"tidal_id":"ea603c4c-92e8-55cb-b120-95dd24d70fbe","created":"2023-05-26T01:21:09.310680Z","modified":"2025-12-17T15:08:36.434000Z"},{"id":"1918a3fe-b7a2-5420-8671-f602d58566fd","name":"polymorphic-blackberry","description":"Blackberry. (n.d.). What is Polymorphic Malware?. Retrieved September 27, 2024.","url":"https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/polymorphic-malware","source":"MITRE","title":"What is Polymorphic Malware?","authors":"Blackberry","date_accessed":"2024-09-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"bcbcbb5b-2fc2-577a-9e06-c9a54bde930c","created":"2024-10-31T16:28:24.856038Z","modified":"2025-12-17T15:08:36.433810Z"},{"id":"cd7a1320-3bdd-5b26-8d6d-2e2897231dcb","name":"polymorphic-sentinelone","description":"SentinelOne. (2023, March 18). What is Polymorphic Malware? Examples and Challenges. Retrieved September 27, 2024.","url":"https://www.sentinelone.com/cybersecurity-101/threat-intelligence/what-is-polymorphic-malware","source":"MITRE","title":"What is Polymorphic Malware? Examples and Challenges","authors":"SentinelOne","date_accessed":"2024-09-27T00:00:00Z","date_published":"2023-03-18T00:00:00Z","owner_name":null,"tidal_id":"b4eb56d5-a3ea-572f-9880-213f1337e8a2","created":"2024-10-31T16:28:24.863071Z","modified":"2025-12-17T15:08:36.433816Z"},{"id":"45d44067-251a-4609-941f-66078b89fd0c","name":"MicrosoftLearn October 30 2024","description":"MicrosoftLearn. (2024, October 30). What is PowerShell - PowerShell. Retrieved December 19, 2024.","url":"https://docs.microsoft.com/en-us/powershell/scripting/overview?view=powershell-7.1","source":"Tidal Cyber","title":"What is PowerShell - PowerShell","authors":"MicrosoftLearn","date_accessed":"2024-12-19T00:00:00Z","date_published":"2024-10-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"a17d79d2-4791-55ad-a957-f13b96d2e25f","created":"2025-04-11T15:06:12.005650Z","modified":"2025-04-11T15:06:12.201097Z"},{"id":"5261895f-367f-4c5d-b4df-7ff44bbbe28e","name":"Microsoft Protected View","description":"Microsoft. (n.d.). What is Protected View?. Retrieved November 22, 2017.","url":"https://support.office.com/en-us/article/What-is-Protected-View-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653","source":"MITRE","title":"What is Protected View?","authors":"Microsoft","date_accessed":"2017-11-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"64ee8e33-163e-5e00-8d37-a3cafc81afc7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415929Z"},{"id":"ab0acab9-706f-47ed-966f-b0249276cafd","name":"python.exe Windows process July 2 2014","description":"Python Software Foundation. (2014, July 2). What is python.exe. Retrieved December 19, 2024.","url":"https://www.file.net/process/python.exe.html","source":"Tidal Cyber","title":"What is python.exe","authors":"Python Software Foundation","date_accessed":"2024-12-19T00:00:00Z","date_published":"2014-07-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"86e91761-5508-5cd7-8d5a-6c93a395e36d","created":"2025-04-11T15:06:13.322585Z","modified":"2025-04-11T15:06:13.482188Z"},{"id":"db2e2685-cdda-47dc-8b81-44970fcbef50","name":"McAfee What is Ransomware","description":"McAfee. (n.d.). What is Ransomware?. Retrieved December 19, 2024.","url":"https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware.html","source":"Tidal Cyber","title":"What is Ransomware?","authors":"McAfee","date_accessed":"2024-12-19T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"04ce2e70-0af4-59cd-b5d9-18a09dc2a4cd","created":"2025-04-11T15:06:25.112728Z","modified":"2025-04-11T15:06:25.265484Z"},{"id":"7eaa0fa8-953a-482e-8f6b-02607e928525","name":"TechNet RPC","description":"Microsoft. (2003, March 28). What Is RPC?. Retrieved June 12, 2016.","url":"https://technet.microsoft.com/en-us/library/cc787851.aspx","source":"MITRE","title":"What Is RPC?","authors":"Microsoft","date_accessed":"2016-06-12T00:00:00Z","date_published":"2003-03-28T00:00:00Z","owner_name":null,"tidal_id":"dc5309dd-1087-5897-a9b5-16182a1001a0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429327Z"},{"id":"2a75c6ae-b7d1-5af4-b647-7ac6cb63e95a","name":"Twilio SMS Pumping Fraud","description":"Twilio. (n.d.). What is SMS Pumping Fraud?. Retrieved September 25, 2024.","url":"https://www.twilio.com/docs/glossary/what-is-sms-pumping-fraud","source":"MITRE","title":"What is SMS Pumping Fraud?","authors":"Twilio","date_accessed":"2024-09-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e267dcc0-6325-5bbf-ae39-a06f2a4791e1","created":"2024-10-31T16:28:17.043596Z","modified":"2025-12-17T15:08:36.425292Z"},{"id":"fa3ae7e9-afbb-5aac-bbf7-e76e9425b01f","name":"Twilio SMS Pumping","description":"Twilio. (2024, April 10). What Is SMS Pumping Fraud and How to Stop It. Retrieved September 25, 2024.","url":"https://www.twilio.com/en-us/blog/sms-pumping-fraud-solutions","source":"MITRE","title":"What Is SMS Pumping Fraud and How to Stop It","authors":"Twilio","date_accessed":"2024-09-25T00:00:00Z","date_published":"2024-04-10T00:00:00Z","owner_name":null,"tidal_id":"fae8f104-23a8-549b-96b7-23ef5b256db0","created":"2024-10-31T16:28:17.036525Z","modified":"2025-12-17T15:08:36.425285Z"},{"id":"ac90279f-becd-4a96-a08e-8c4c26dba3c0","name":"IOKit Fundamentals","description":"Apple. (2014, April 9). What Is the I/O Kit?. Retrieved September 24, 2021.","url":"https://developer.apple.com/library/archive/documentation/DeviceDrivers/Conceptual/IOKitFundamentals/Features/Features.html","source":"MITRE","title":"What Is the I/O Kit?","authors":"Apple","date_accessed":"2021-09-24T00:00:00Z","date_published":"2014-04-09T00:00:00Z","owner_name":null,"tidal_id":"82a7ee1b-7572-58b9-a1e9-af8b65d5b052","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437190Z"},{"id":"6fd6ea96-1cf4-4169-8069-4f29dbc9f217","name":"Baeldung LD_PRELOAD","description":"baeldung. (2020, August 9). What Is the LD_PRELOAD Trick?. Retrieved March 24, 2021.","url":"https://www.baeldung.com/linux/ld_preload-trick-what-is","source":"MITRE","title":"What Is the LD_PRELOAD Trick?","authors":"baeldung","date_accessed":"2021-03-24T00:00:00Z","date_published":"2020-08-09T00:00:00Z","owner_name":null,"tidal_id":"56a71669-c4cc-5992-9ecf-931c7fba0bde","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430336Z"},{"id":"5ea8d8c7-8039-4210-967a-a4dcd566bf95","name":"Microsoft VBScript","description":"Microsoft. (2011, April 19). What Is VBScript?. Retrieved March 28, 2020.","url":"https://docs.microsoft.com/previous-versions//1kw29xwf(v=vs.85)","source":"MITRE","title":"What Is VBScript?","authors":"Microsoft","date_accessed":"2020-03-28T00:00:00Z","date_published":"2011-04-19T00:00:00Z","owner_name":null,"tidal_id":"ae0f8c92-f037-5e58-be58-a8f0a01ec2bf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435484Z"},{"id":"4fd7c9f7-4731-524a-b332-9cb7f2c025ae","name":"VEC","description":"CloudFlare. (n.d.). What is vendor email compromise (VEC)?. Retrieved September 12, 2023.","url":"https://www.cloudflare.com/learning/email-security/what-is-vendor-email-compromise/#:~:text=Vendor%20email%20compromise%2C%20also%20referred,steal%20from%20that%20vendor%27s%20customers.","source":"MITRE","title":"What is vendor email compromise (VEC)?","authors":"CloudFlare","date_accessed":"2023-09-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"2cfe411f-9366-5919-af71-f38ef6547277","created":"2023-11-07T00:36:05.483227Z","modified":"2025-12-17T15:08:36.432140Z"},{"id":"7a200d34-b4f3-5036-8582-23872ef27eb1","name":"Proofpoint Vishing","description":"Proofpoint. (n.d.). What Is Vishing?. Retrieved September 8, 2023.","url":"https://www.proofpoint.com/us/threat-reference/vishing","source":"MITRE","title":"What Is Vishing?","authors":"Proofpoint","date_accessed":"2023-09-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"655d5d21-011d-5e03-9c1b-a95c9228948a","created":"2023-11-07T00:36:07.202201Z","modified":"2025-12-17T15:08:36.434024Z"},{"id":"4459076e-7c79-4855-9091-5aabd274f586","name":"taxonomy_downgrade_att_tls","description":"Alashwali, E. S., Rasmussen, K. (2019, January 26). What's in a Downgrade? A Taxonomy of Downgrade Attacks in the TLS Protocol and Application Protocols Using TLS. Retrieved December 7, 2021.","url":"https://arxiv.org/abs/1809.05681","source":"MITRE","title":"What's in a Downgrade? A Taxonomy of Downgrade Attacks in the TLS Protocol and Application Protocols Using TLS","authors":"Alashwali, E. S., Rasmussen, K","date_accessed":"2021-12-07T00:00:00Z","date_published":"2019-01-26T00:00:00Z","owner_name":null,"tidal_id":"31bb3d98-fb9b-5e1f-86fd-158ff938eaef","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423914Z"},{"id":"1e9a2311-f49d-5844-9d4a-9b6e7b696dfd","name":"VMware VIBs","description":"Kyle Gleed. (2011, September 13). What's in a VIB?. Retrieved March 27, 2025.","url":"https://blogs.vmware.com/vsphere/2011/09/whats-in-a-vib.html","source":"MITRE","title":"What's in a VIB?","authors":"Kyle Gleed","date_accessed":"2025-03-27T00:00:00Z","date_published":"2011-09-13T00:00:00Z","owner_name":null,"tidal_id":"1b8d210b-a9d0-5e17-8bf6-dcd194a67cf6","created":"2025-04-22T20:47:21.271135Z","modified":"2025-12-17T15:08:36.436662Z"},{"id":"20ea6253-da6d-5e95-8cd3-61a5538fd71c","name":"GoogleIO2016","description":"Adrian Ludwig. (2016, May 19). What's new in Android security (M and N Version). Retrieved December","url":"https://www.youtube.com/watch?v=XZzLjllizYs","source":"Mobile","title":"What's new in Android security (M and N Version)","authors":"Adrian Ludwig","date_accessed":"1978-12-01T00:00:00Z","date_published":"2016-05-19T00:00:00Z","owner_name":null,"tidal_id":"b271619a-47c3-542d-8ff1-55d5bc8523c2","created":"2026-01-28T13:08:10.047249Z","modified":"2026-01-28T13:08:10.047252Z"},{"id":"d351b4a1-72b8-488d-a926-176c77ee9d1c","name":"ESET Emotet July 6 2023","description":"Jakub Kaloč. (2023, July 6). What’s up with Emotet?. Retrieved February 27, 2024.","url":"https://www.welivesecurity.com/2023/07/06/whats-up-with-emotet/","source":"Tidal Cyber","title":"What’s up with Emotet?","authors":"Jakub Kaloč","date_accessed":"2024-02-27T00:00:00Z","date_published":"2023-07-06T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"471004a8-3761-5cde-9eb0-a659bfb4a859","created":"2024-06-13T20:10:52.769669Z","modified":"2024-06-13T20:10:52.958621Z"},{"id":"06f8f5b2-2ebe-4210-84b6-f86e911a7118","name":"FireEye fxsst June 2011","description":"Harbour, N. (2011, June 3). What the fxsst?. Retrieved November 17, 2020.","url":"https://www.fireeye.com/blog/threat-research/2011/06/fxsst.html","source":"MITRE","title":"What the fxsst?","authors":"Harbour, N","date_accessed":"2020-11-17T00:00:00Z","date_published":"2011-06-03T00:00:00Z","owner_name":null,"tidal_id":"0ef460d9-031a-56a3-9bac-818ce1dcea4a","created":"2022-12-14T20:06:32.013016Z","modified":"2024-10-31T16:28:18.553753Z"},{"id":"7d917231-735c-40d8-806d-7fee60d2f996","name":"Krebs Capital One August 2019","description":"Krebs, B.. (2019, August 19). What We Can Learn from the Capital One Hack. Retrieved March 25, 2020.","url":"https://krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack/","source":"MITRE","title":"What We Can Learn from the Capital One Hack","authors":"Krebs, B.","date_accessed":"2020-03-25T00:00:00Z","date_published":"2019-08-19T00:00:00Z","owner_name":null,"tidal_id":"84a5d928-cfa3-5d27-afed-7ef29f4cf8e7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425757Z"},{"id":"b3204a7d-9a40-4912-9370-80fe4bb38bf1","name":"ABC News ShinyHunters May 30 2024","description":"Annika Burgess. (2024, May 30). What we know about the 'remarkably devious' ShinyHunters hackers allegedly behind the Ticketmaster data leak. Retrieved September 19, 2025.","url":"https://www.abc.net.au/news/2024-05-31/shinyhunters-cyber-hackers-ticketmaster-data-breach/103911928","source":"Tidal Cyber","title":"What we know about the 'remarkably devious' ShinyHunters hackers allegedly behind the Ticketmaster data leak","authors":"Annika Burgess","date_accessed":"2025-09-19T12:00:00Z","date_published":"2024-05-30T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"0d9f59e7-22ea-5b15-8dd9-a75293688ef9","created":"2025-10-07T14:06:53.833240Z","modified":"2025-10-07T14:06:53.967874Z"},{"id":"e2970bef-439d-435d-92e7-8c58abbd270c","name":"Symantec ADS May 2009","description":"Pravs. (2009, May 25). What you need to know about alternate data streams in windows? Is your Data secure? Can you restore that?. Retrieved March 21, 2018.","url":"https://www.symantec.com/connect/articles/what-you-need-know-about-alternate-data-streams-windows-your-data-secure-can-you-restore","source":"MITRE","title":"What you need to know about alternate data streams in windows? Is your Data secure? Can you restore that?","authors":"Pravs","date_accessed":"2018-03-21T00:00:00Z","date_published":"2009-05-25T00:00:00Z","owner_name":null,"tidal_id":"b3f4be02-0eaf-5745-9ec5-1e991010c22e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416112Z"},{"id":"6d71e655-029e-49b0-8285-30e036e63140","name":"Red Canary December 09 2025","description":"susannah.matt@redcanary.com. (2025, December 9). When adversaries bring their own virtual machine for persistence. Retrieved December 19, 2025.","url":"https://redcanary.com/blog/threat-intelligence/email-bombing-virtual-machine/","source":"Tidal Cyber","title":"When adversaries bring their own virtual machine for persistence","authors":"susannah.matt@redcanary.com","date_accessed":"2025-12-19T12:00:00Z","date_published":"2025-12-09T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e49c7304-639c-5ced-b445-f9739054ab79","created":"2025-12-24T14:56:05.623799Z","modified":"2025-12-24T14:56:05.759573Z"},{"id":"1debebac-6578-433f-b8c3-d17e704ee501","name":"BH Manul Aug 2016","description":"Galperin, E., Et al.. (2016, August 4). When Governments Attack: State Sponsored Malware Attacks Against Activists, Lawyers, and Journalists. Retrieved May 23, 2018.","url":"https://www.blackhat.com/docs/us-16/materials/us-16-Quintin-When-Governments-Attack-State-Sponsored-Malware-Attacks-Against-Activists-Lawyers-And-Journalists.pdf","source":"MITRE","title":"When Governments Attack: State Sponsored Malware Attacks Against Activists, Lawyers, and Journalists","authors":"Galperin, E., Et al.","date_accessed":"2018-05-23T00:00:00Z","date_published":"2016-08-04T00:00:00Z","owner_name":null,"tidal_id":"eccf87ac-69ca-5bf2-b9e6-7bf8325b30fc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441282Z"},{"id":"8768909c-f511-4067-9a97-6f7dee24f276","name":"Dragos Heroku Watering Hole","description":"Kent Backman. (2021, May 18). When Intrusions Don’t Align: A New Water Watering Hole and Oldsmar. Retrieved August 18, 2022.","url":"https://www.dragos.com/blog/industry-news/a-new-water-watering-hole/","source":"MITRE","title":"When Intrusions Don’t Align: A New Water Watering Hole and Oldsmar","authors":"Kent Backman","date_accessed":"2022-08-18T00:00:00Z","date_published":"2021-05-18T00:00:00Z","owner_name":null,"tidal_id":"8a39511c-8a0d-5e9b-8710-dc45ce1be317","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429423Z"},{"id":"58ecb4e9-25fc-487b-9fed-25c781cc531b","name":"SpectorOps Bifrost Kerberos macOS 2019","description":"Cody Thomas. (2019, November 14). When Kirbi walks the Bifrost. Retrieved October 6, 2021.","url":"https://posts.specterops.io/when-kirbi-walks-the-bifrost-4c727807744f","source":"MITRE","title":"When Kirbi walks the Bifrost","authors":"Cody Thomas","date_accessed":"2021-10-06T00:00:00Z","date_published":"2019-11-14T00:00:00Z","owner_name":null,"tidal_id":"08ea80b9-f529-5118-9844-8474d1a21d0a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427898Z"},{"id":"a9ab0444-386b-5baf-84e1-0e6df4a21296","name":"Palo Alto Brute Ratel July 2022","description":"Harbison, M. and Renals, P. (2022, July 5). When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors. Retrieved February 1, 2023.","url":"https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/","source":"MITRE","title":"When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors","authors":"Harbison, M. and Renals, P","date_accessed":"2023-02-01T00:00:00Z","date_published":"2022-07-05T00:00:00Z","owner_name":null,"tidal_id":"37546d81-79ad-59e2-bd44-f202975be956","created":"2023-05-26T01:21:18.504463Z","modified":"2025-12-17T15:08:36.423049Z"},{"id":"dbdc2009-a468-439b-bd96-e6153b3fb8a1","name":"Trend Micro When Phishing Starts from the Inside 2017","description":"Chris Taylor. (2017, October 5). When Phishing Starts from the Inside. Retrieved October 8, 2019.","url":"https://blog.trendmicro.com/phishing-starts-inside/","source":"MITRE","title":"When Phishing Starts from the Inside","authors":"Chris Taylor","date_accessed":"2019-10-08T00:00:00Z","date_published":"2017-10-05T00:00:00Z","owner_name":null,"tidal_id":"06c3ebef-c82e-50c8-aaa6-53d67e07ddc8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432962Z"},{"id":"7f0acd33-602e-5f07-a1ae-a87e3c8f2eb5","name":"Booz Allen Hamilton","description":"Booz Allen Hamilton. (2016). When The Lights Went Out. Retrieved December 18, 2024.","url":"https://www.boozallen.com/content/dam/boozallen/documents/2016/09/ukraine-report-when-the-lights-went-out.pdf","source":"MITRE","title":"When The Lights Went Out","authors":"Booz Allen Hamilton","date_accessed":"2024-12-18T00:00:00Z","date_published":"2016-01-01T00:00:00Z","owner_name":null,"tidal_id":"19c55100-b74e-5e37-b364-06f628071074","created":"2023-11-07T00:36:10.188475Z","modified":"2025-12-17T15:08:36.438744Z"},{"id":"91ebfec7-4e67-4972-9f78-5a21da212a6f","name":"Unit 42 November 7 2020","description":"Ryan Tracey; Drew Schmitt. (2020, November 7). When Threat Actors Fly Under the Radar Vatet, PyXie and Defray777. Retrieved December 19, 2024.","url":"https://unit42.paloaltonetworks.com/vatet-pyxie-defray777/","source":"Tidal Cyber","title":"When Threat Actors Fly Under the Radar Vatet, PyXie and Defray777","authors":"Ryan Tracey; Drew Schmitt","date_accessed":"2024-12-19T00:00:00Z","date_published":"2020-11-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"fae8fe76-d86b-563e-a600-acf30d244664","created":"2025-04-11T15:06:20.257664Z","modified":"2025-04-11T15:06:20.410456Z"},{"id":"f315072c-67cb-4166-aa18-8e92e00ef7e8","name":"Microsoft Where to use TxF","description":"Microsoft. (n.d.). When to Use Transactional NTFS. Retrieved December 20, 2017.","url":"https://msdn.microsoft.com/library/windows/desktop/aa365738.aspx","source":"MITRE","title":"When to Use Transactional NTFS","authors":"Microsoft","date_accessed":"2017-12-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9cf55c34-e327-5a26-950a-9c579093cdc9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431136Z"},{"id":"75fc60af-ac30-50be-bf5d-5c97b2afc12c","name":"SahinSRLabs_FluBot_Dec2021","description":"Şahin, Erdoğan Yağız. (2021, December 21). When your phone gets sick: FluBot abuses Accessibility features to steal data. Retrieved April","url":"https://www.srlabs.de/blog-post/flubot-abuses-accessibility-features-to-steal-data","source":"Mobile","title":"When your phone gets sick: FluBot abuses Accessibility features to steal data","authors":"Şahin, Erdoğan Yağız","date_accessed":"1978-04-01T00:00:00Z","date_published":"2021-12-21T00:00:00Z","owner_name":null,"tidal_id":"28b499f8-45ec-55c1-a36d-ec908a666d30","created":"2026-01-28T13:08:10.043143Z","modified":"2026-01-28T13:08:10.043146Z"},{"id":"5ad06565-6694-4c42-81c9-880d66f6d07f","name":"Brining MimiKatz to Unix","description":"Tim Wadhwa-Brown. (2018, November). Where 2 worlds collide Bringing Mimikatz et al to UNIX. Retrieved October 13, 2021.","url":"https://labs.portcullis.co.uk/download/eu-18-Wadhwa-Brown-Where-2-worlds-collide-Bringing-Mimikatz-et-al-to-UNIX.pdf","source":"MITRE","title":"Where 2 worlds collide Bringing Mimikatz et al to UNIX","authors":"Tim Wadhwa-Brown","date_accessed":"2021-10-13T00:00:00Z","date_published":"2018-11-01T00:00:00Z","owner_name":null,"tidal_id":"0adb03db-7596-551c-8335-dbbd65969506","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424413Z"},{"id":"fcc9b52a-751f-4985-8c32-7aaf411706ad","name":"Dell Lateral Movement","description":"Carvey, H.. (2014, September 2). Where you AT?: Indicators of lateral movement using at.exe on Windows 7 systems. Retrieved January 25, 2016.","url":"http://www.secureworks.com/resources/blog/where-you-at-indicators-of-lateral-movement-using-at-exe-on-windows-7-systems/","source":"MITRE, Tidal Cyber","title":"Where you AT?: Indicators of lateral movement using at.exe on Windows 7 systems","authors":"Carvey, H.","date_accessed":"2016-01-25T00:00:00Z","date_published":"2014-09-02T00:00:00Z","owner_name":null,"tidal_id":"938fde8f-5ad2-5f0a-8481-87af08750d78","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.261140Z"},{"id":"cd197a24-3671-427f-8ee6-da001ec985c8","name":"Secureworks - AT.exe Scheduled Task","description":"Carvey, H.. (2014, September). Where You AT?: Indicators of Lateral Movement Using at.exe on Windows 7 Systems. Retrieved November 27, 2019.","url":"https://www.secureworks.com/blog/where-you-at-indicators-of-lateral-movement-using-at-exe-on-windows-7-systems","source":"MITRE","title":"Where You AT?: Indicators of Lateral Movement Using at.exe on Windows 7 Systems","authors":"Carvey, H.","date_accessed":"2019-11-27T00:00:00Z","date_published":"2014-09-01T00:00:00Z","owner_name":null,"tidal_id":"81135028-f6e2-5c6a-b4c2-a48d2ce6b7bf","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.441436Z"},{"id":"464d9cac-04c7-4e57-a5d6-604fba90a982","name":"Cybereason WhisperGate February 2022","description":"Cybereason Nocturnus. (2022, February 15). Cybereason vs. WhisperGate and HermeticWiper. Retrieved March 10, 2022.","url":"https://www.cybereason.com/blog/cybereason-vs.-whispergate-wiper","source":"MITRE","title":"WhisperGate and HermeticWiper","authors":"Cybereason Nocturnus. (2022, February 15)","date_accessed":"2022-03-10T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"f3a32e2f-69c1-5b1a-8592-ecf813f8834f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418232Z"},{"id":"4610e4db-a75b-5fdd-826d-15099d131585","name":"RecordedFuture WhisperGate Jan 2022","description":"Insikt Group. (2020, January 28). WhisperGate Malware Corrupts Computers in Ukraine. Retrieved September 16, 2024.","url":"https://www.recordedfuture.com/research/whispergate-malware-corrupts-computers-ukraine","source":"MITRE","title":"WhisperGate Malware Corrupts Computers in Ukraine","authors":"Insikt Group","date_accessed":"2024-09-16T00:00:00Z","date_published":"2020-01-28T00:00:00Z","owner_name":null,"tidal_id":"40d861d7-ec12-5be3-b784-ce141bfecafc","created":"2023-05-26T01:21:18.578670Z","modified":"2025-12-17T15:08:36.440190Z"},{"id":"d0e48356-36d9-4b4c-b621-e3c4404378d2","name":"Symantec Whitefly March 2019","description":"Symantec. (2019, March 6). Whitefly: Espionage Group has Singapore in Its Sights. Retrieved May 26, 2020.","url":"https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/whitefly-espionage-singapore","source":"MITRE, Tidal Cyber","title":"Whitefly: Espionage Group has Singapore in Its Sights","authors":"Symantec","date_accessed":"2020-05-26T00:00:00Z","date_published":"2019-03-06T00:00:00Z","owner_name":null,"tidal_id":"c9f94643-7aba-57e9-8367-3c4cd9ffcc97","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.280078Z"},{"id":"127836ce-e459-405d-a75c-32fd5f0ab198","name":"Accenture Lyceum Targets November 2021","description":"Accenture. (2021, November 9). Who are latest targets of cyber group Lyceum?. Retrieved June 16, 2022.","url":"https://www.accenture.com/us-en/blogs/cyber-defense/iran-based-lyceum-campaigns","source":"MITRE","title":"Who are latest targets of cyber group Lyceum?","authors":"Accenture","date_accessed":"2022-06-16T00:00:00Z","date_published":"2021-11-09T00:00:00Z","owner_name":null,"tidal_id":"94b88020-2926-5f72-ba57-6cb9afc094c4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420622Z"},{"id":"f9c81b1d-b58c-54d4-8eb8-cd86e9121ce4","name":"Who Hid My Desktop","description":"Safran, Or. Asinovsky, Pavel. (2017, November). Who Hid My Desktop: Deep Dive Into HVNC. Retrieved November 28, 2023.","url":"https://deepsec.net/docs/Slides/2017/Who_Hid_My_Desktop_Or_Safran_Pavel_Asinovsky.pdf","source":"MITRE","title":"Who Hid My Desktop: Deep Dive Into HVNC","authors":"Safran, Or. Asinovsky, Pavel","date_accessed":"2023-11-28T00:00:00Z","date_published":"2017-11-01T00:00:00Z","owner_name":null,"tidal_id":"4bbcb18d-35c2-5a3d-a483-aaea1a050a9b","created":"2024-04-25T13:28:52.288139Z","modified":"2025-04-22T20:47:31.526530Z"},{"id":"028b7582-be46-4642-9e36-b781cac66340","name":"Krebs-Anna","description":"Brian Krebs. (2017, January 18). Who is Anna-Senpai, the Mirai Worm Author?. Retrieved May 15, 2017.","url":"https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/","source":"MITRE","title":"Who is Anna-Senpai, the Mirai Worm Author?","authors":"Brian Krebs","date_accessed":"2017-05-15T00:00:00Z","date_published":"2017-01-18T00:00:00Z","owner_name":null,"tidal_id":"10ce711e-d738-575a-8e7f-6962d98d92da","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427199Z"},{"id":"0639c340-b495-4d91-8418-3069f3fe0df1","name":"CrowdStrike Ember Bear Profile March 2022","description":"CrowdStrike. (2022, March 30). Who is EMBER BEAR?. Retrieved June 9, 2022.","url":"https://www.crowdstrike.com/blog/who-is-ember-bear/","source":"MITRE","title":"Who is EMBER BEAR?","authors":"CrowdStrike","date_accessed":"2022-06-09T00:00:00Z","date_published":"2022-03-30T00:00:00Z","owner_name":null,"tidal_id":"cdb3c780-3957-5a2b-b79c-9cb58ba89cba","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437858Z"},{"id":"fa6cba30-66e9-4a6b-85e8-a8c3773a3efe","name":"WHOIS","description":"NTT America. (n.d.). Whois Lookup. Retrieved November 17, 2024.","url":"https://who.is/","source":"MITRE","title":"Whois Lookup","authors":"NTT America","date_accessed":"2024-11-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e4c19a7f-1234-55a4-a546-c61c58708829","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424762Z"},{"id":"988dfcfc-0c16-4129-9523-a77539291951","name":"Meyers Numbered Panda","description":"Meyers, A. (2013, March 29). Whois Numbered Panda. Retrieved January 14, 2016.","url":"http://www.crowdstrike.com/blog/whois-numbered-panda/","source":"MITRE, Tidal Cyber","title":"Whois Numbered Panda","authors":"Meyers, A","date_accessed":"2016-01-14T00:00:00Z","date_published":"2013-03-29T00:00:00Z","owner_name":null,"tidal_id":"3bf12aef-d379-5dc0-8145-c37f4922a217","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.272423Z"},{"id":"4fce29cc-ddab-4b96-b295-83c282a87564","name":"CrowdStrike PIONEER KITTEN August 2020","description":"Orleans, A. (2020, August 31). Who Is PIONEER KITTEN?. Retrieved December 21, 2020.","url":"https://www.crowdstrike.com/blog/who-is-pioneer-kitten/","source":"MITRE, Tidal Cyber","title":"Who Is PIONEER KITTEN?","authors":"Orleans, A","date_accessed":"2020-12-21T00:00:00Z","date_published":"2020-08-31T00:00:00Z","owner_name":null,"tidal_id":"cc93414f-6ec5-5a28-91d3-3bce21c6de1c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.278027Z"},{"id":"f83e81b4-edf0-5a55-a7ad-f2a23dc2f98b","name":"Google-Vishing24","description":"Emily Astranova, Pascal Issa. (2024, July 23). Whose Voice Is It Anyway? AI-Powered Voice Spoofing for Next-Gen Vishing Attacks. Retrieved March 18, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/ai-powered-voice-spoofing-vishing-attacks","source":"MITRE","title":"Whose Voice Is It Anyway? AI-Powered Voice Spoofing for Next-Gen Vishing Attacks","authors":"Emily Astranova, Pascal Issa","date_accessed":"2025-03-18T00:00:00Z","date_published":"2024-07-23T00:00:00Z","owner_name":null,"tidal_id":"6f4ede70-5f9b-5db8-af30-5dda95a8fc1a","created":"2025-04-22T20:47:09.482664Z","modified":"2025-12-17T15:08:36.424564Z"},{"id":"59cba16f-91ed-458c-91c9-5b02c03678f5","name":"SECURELIST Bright Star 2015","description":"Baumgartner, K., Guerrero-Saade, J. (2015, March 4). Who’s Really Spreading through the Bright Star?. Retrieved December 18, 2020.","url":"https://securelist.com/whos-really-spreading-through-the-bright-star/68978/","source":"MITRE","title":"Who’s Really Spreading through the Bright Star?","authors":"Baumgartner, K., Guerrero-Saade, J","date_accessed":"2020-12-18T00:00:00Z","date_published":"2015-03-04T00:00:00Z","owner_name":null,"tidal_id":"4dacc377-17fc-5f79-9d0c-4d3760e0afe9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426220Z"},{"id":"2d3ec648-f288-52d6-b00b-207d3ff59f33","name":"Olympic Destroyer","description":"Paul Rascagneres, Martin Lee. (2018, February 26). Who Wasn’t Responsible for Olympic Destroyer?. Retrieved June 14, 2025.","url":"https://blog.talosintelligence.com/who-wasnt-responsible-for-olympic/","source":"MITRE","title":"Who Wasn’t Responsible for Olympic Destroyer?","authors":"Paul Rascagneres, Martin Lee","date_accessed":"2025-06-14T00:00:00Z","date_published":"2018-02-26T00:00:00Z","owner_name":null,"tidal_id":"7e98fbcc-01c4-5511-a61b-0e91cdf373ec","created":"2025-10-29T21:08:48.165717Z","modified":"2025-12-17T15:08:36.426146Z"},{"id":"92ac290c-4863-4774-b334-848ed72e3627","name":"Trend Micro Privileged Container","description":"Fiser, D., Oliveira, A.. (2019, December 20). Why a Privileged Container in Docker is a Bad Idea. Retrieved March 30, 2021.","url":"https://www.trendmicro.com/en_us/research/19/l/why-running-a-privileged-container-in-docker-is-a-bad-idea.html","source":"MITRE","title":"Why a Privileged Container in Docker is a Bad Idea","authors":"Fiser, D., Oliveira, A.","date_accessed":"2021-03-30T00:00:00Z","date_published":"2019-12-20T00:00:00Z","owner_name":null,"tidal_id":"9ca1f99d-6f60-51d1-b0ed-f4ad753f9ab0","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429073Z"},{"id":"7420d79f-c6a3-4932-9c2e-c9cc36e2ca35","name":"Mandiant UNC3944 September 14 2023","description":"Mandiant Intelligence. (2023, September 14). Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety. Retrieved November 16, 2023.","url":"https://www.mandiant.com/resources/blog/unc3944-sms-phishing-sim-swapping-ransomware","source":"Tidal Cyber","title":"Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety","authors":"Mandiant Intelligence","date_accessed":"2023-11-16T00:00:00Z","date_published":"2023-09-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"69f68fac-18ed-5419-9bf8-f9d287d432cc","created":"2023-11-17T17:09:17.045661Z","modified":"2023-11-17T17:09:17.139920Z"},{"id":"3a310dbd-4b5c-5eaf-a4ce-699e52007c9b","name":"Mandiant UNC3944 SMS Phishing 2023","description":"Mandiant Intelligence. (2023, September 14). Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety. Retrieved January 2, 2024.","url":"https://www.mandiant.com/resources/blog/unc3944-sms-phishing-sim-swapping-ransomware","source":"MITRE","title":"Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety","authors":"Mandiant Intelligence","date_accessed":"2024-01-02T00:00:00Z","date_published":"2023-09-14T00:00:00Z","owner_name":null,"tidal_id":"39f2a974-70af-5632-ac15-b0597dd273a4","created":"2024-04-25T13:28:32.171403Z","modified":"2025-12-17T15:08:36.427109Z"},{"id":"8ec05b76-ec57-5173-9e1e-cf4131d7bd51","name":"Electron Security 2","description":"Stack Overflow. (n.d.). Why do I see an \"Electron Security Warning\" after updating my Electron project to the latest version?. Retrieved March 7, 2024.","url":"https://stackoverflow.com/questions/48854265/why-do-i-see-an-electron-security-warning-after-updating-my-electron-project-t","source":"MITRE","title":"Why do I see an \"Electron Security Warning\" after updating my Electron project to the latest version?","authors":"Stack Overflow","date_accessed":"2024-03-07T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9ccee367-8e81-5c20-aaa7-0541d828e369","created":"2024-04-25T13:28:51.835546Z","modified":"2025-12-17T15:08:36.441251Z"},{"id":"dac0203a-d625-4a9f-b58e-195b06cd4307","name":"Unit 42 August 24 2023","description":"Siddharth Sharma. (2023, August 24). Why LaZagne Makes D-Bus API Vigilance Crucial. Retrieved January 1, 2024.","url":"https://unit42.paloaltonetworks.com/lazagne-leverages-d-bus/#post-129710-_fe2et1lrlrj6","source":"Tidal Cyber","title":"Why LaZagne Makes D-Bus API Vigilance Crucial","authors":"Siddharth Sharma","date_accessed":"2024-01-01T00:00:00Z","date_published":"2023-08-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ba97aeb5-a2d2-5c9e-b753-0f2bb08902ac","created":"2025-04-11T15:05:55.147910Z","modified":"2025-04-11T15:05:55.354385Z"},{"id":"8ec52402-7e54-463d-8906-f373e5855018","name":"Auth0 - Why You Should Always Use Access Tokens to Secure APIs Sept 2019","description":"Auth0. (n.d.). Why You Should Always Use Access Tokens to Secure APIs. Retrieved September 12, 2019.","url":"https://auth0.com/blog/why-should-use-accesstokens-to-secure-an-api/","source":"MITRE","title":"Why You Should Always Use Access Tokens to Secure APIs","authors":"Auth0","date_accessed":"2019-09-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"58bd5bcc-a22d-5cb6-96f4-2237ad0fc5ce","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426532Z"},{"id":"3568163b-24b8-42fd-b111-b9d83c34cc4f","name":"Securelist Digital Certificates","description":"Ladikov, A. (2015, January 29). Why You Shouldn’t Completely Trust Files Signed with Digital Certificates. Retrieved March 31, 2016.","url":"https://securelist.com/why-you-shouldnt-completely-trust-files-signed-with-digital-certificates/68593/","source":"MITRE","title":"Why You Shouldn’t Completely Trust Files Signed with Digital Certificates","authors":"Ladikov, A","date_accessed":"2016-03-31T00:00:00Z","date_published":"2015-01-29T00:00:00Z","owner_name":null,"tidal_id":"755a4abc-4e35-5165-94d7-157069d7416d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415959Z"},{"id":"9d98f4ff-a358-45d0-89d4-541786abc36a","name":"Google Cloud August 26 2025","description":"Google Threat Intelligence Group; Mandiant. (2025, August 26). Widespread Data Theft Targets Salesforce Instances via Salesloft Drift . Retrieved August 27, 2025.","url":"https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift","source":"Tidal Cyber","title":"Widespread Data Theft Targets Salesforce Instances via Salesloft Drift","authors":"Google Threat Intelligence Group; Mandiant","date_accessed":"2025-08-27T12:00:00Z","date_published":"2025-08-26T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"92504b97-a9d5-525b-afa5-5ee723a4b6ea","created":"2025-08-28T19:35:15.995677Z","modified":"2025-08-28T19:35:16.126265Z"},{"id":"969ad6de-9415-464d-ba52-2e61e1814a92","name":"Crowdstrike DNS Hijack 2019","description":"Matt Dahl. (2019, January 25). Widespread DNS Hijacking Activity Targets Multiple Sectors. Retrieved February 14, 2022.","url":"https://www.crowdstrike.com/blog/widespread-dns-hijacking-activity-targets-multiple-sectors/","source":"MITRE","title":"Widespread DNS Hijacking Activity Targets Multiple Sectors","authors":"Matt Dahl","date_accessed":"2022-02-14T00:00:00Z","date_published":"2019-01-25T00:00:00Z","owner_name":null,"tidal_id":"53c82285-a6a5-54c7-a2ec-4f15a76f2de3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434298Z"},{"id":"48afb730-b5e1-5a85-bb60-9ef9b536e397","name":"Browser Adrozek","description":"Microsoft Threat Intelligence. (2020, December 10). Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers. Retrieved February 26, 2024.","url":"https://www.microsoft.com/en-us/security/blog/2020/12/10/widespread-malware-campaign-seeks-to-silently-inject-ads-into-search-results-affects-multiple-browsers/","source":"MITRE","title":"Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers","authors":"Microsoft Threat Intelligence","date_accessed":"2024-02-26T00:00:00Z","date_published":"2020-12-10T00:00:00Z","owner_name":null,"tidal_id":"0578924d-ee7f-551a-a78c-211836b6f1b0","created":"2024-04-25T13:28:32.815390Z","modified":"2025-12-17T15:08:36.426506Z"},{"id":"7005f62f-0239-56c7-964b-64384e17b8da","name":"Wi-Fi Password of All Connected Networks in Windows/Linux","description":"Geeks for Geeks. (n.d.). Wi-Fi Password of All Connected Networks in Windows/Linux. Retrieved September 8, 2023.","url":"https://www.geeksforgeeks.org/wi-fi-password-connected-networks-windowslinux/","source":"MITRE","title":"Wi-Fi Password of All Connected Networks in Windows/Linux","authors":"Geeks for Geeks","date_accessed":"2023-09-08T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"538ca167-7f66-527a-ac57-197fcc94ff9e","created":"2023-11-07T00:36:01.899654Z","modified":"2025-12-17T15:08:36.428968Z"},{"id":"a66911ba-57c5-59ab-a140-d2343c3f0803","name":"Wikipedia","description":"Wikipedia Microsoft Security Response Center 2017, August Moving Beyond EMET II Windows Defender Exploit Guard. Retrieved 2020/09/25","url":"https://en.wikipedia.org/wiki/Control-flow_integrity","source":"ICS","title":"Wikipedia","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e01b5f23-891b-56c5-8a09-2d92a20ce50b","created":"2026-01-28T13:08:18.179449Z","modified":"2026-01-28T13:08:18.179452Z"},{"id":"13ac05f8-f2a9-4243-8039-aff9ee1d5fc6","name":"Wikipedia Exe Compression","description":"Executable compression. (n.d.). Retrieved December 4, 2014.","url":"http://en.wikipedia.org/wiki/Executable_compression","source":"MITRE","title":"Wikipedia Exe Compression","authors":"","date_accessed":"2014-12-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"1e302ee4-d735-5091-9ff7-00775458f742","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431111Z"},{"id":"ccc34a5f-e17d-5b4c-84cf-ccff3ff9d845","name":"William Largent June 2018","description":"William Largent. (2018, June 06) VPNFilter Update - VPNFilter exploits endpoints, targets new devices. Retrieved March 28, 2019","url":"https://blog.talosintelligence.com/2018/06/vpnfilter-update.html","source":"MITRE","title":"William Largent June 2018","authors":"","date_accessed":"2019-03-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"7a9c85e3-5a0c-58f3-8dcb-77f1e42d4481","created":"2024-10-31T16:28:33.224236Z","modified":"2025-12-17T15:08:36.419122Z"},{"id":"806eadfc-f473-4f2b-b03b-8a1f1c0a2d96","name":"ESET Carberp March 2012","description":"Matrosov, A., Rodionov, E., Volkov, D., Harley, D. (2012, March 2). Win32/Carberp When You’re in a Black Hole, Stop Digging. Retrieved July 15, 2020.","url":"https://www.eset.com/fileadmin/eset/US/resources/docs/white-papers/white-papers-win-32-carberp.pdf","source":"MITRE","title":"Win32/Carberp When You’re in a Black Hole, Stop Digging","authors":"Matrosov, A., Rodionov, E., Volkov, D., Harley, D","date_accessed":"2020-07-15T00:00:00Z","date_published":"2012-03-02T00:00:00Z","owner_name":null,"tidal_id":"6dfe7531-435e-5cb7-a547-e35d0db632e3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439771Z"},{"id":"de44abcc-9467-4c63-b0c4-c3a3b282ae39","name":"microsoft.com April 2 2012","description":"Microsoft Corporation. (2012, April 2). Win32Gamarue threat description - Microsoft Security Intelligence. Retrieved September 27, 2024.","url":"https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/Gamarue","source":"Tidal Cyber","title":"Win32Gamarue threat description - Microsoft Security Intelligence","authors":"Microsoft Corporation","date_accessed":"2024-09-27T00:00:00Z","date_published":"2012-04-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"372a518f-d4b6-5e4f-a9b1-3de60adf2b97","created":"2024-09-27T16:59:20.711882Z","modified":"2024-09-27T16:59:21.073539Z"},{"id":"9197f712-3c53-4746-9722-30e248511611","name":"ESET Industroyer","description":"Anton Cherepanov. (2017, June 12). Win32/Industroyer: A new threat for industrial controls systems. Retrieved December 18, 2020.","url":"https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf","source":"MITRE","title":"Win32/Industroyer: A new threat for industrial controls systems","authors":"Anton Cherepanov","date_accessed":"2020-12-18T00:00:00Z","date_published":"2017-06-12T00:00:00Z","owner_name":null,"tidal_id":"4a15ce87-6ff1-5c88-8af2-8b9ba7270e2b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422080Z"},{"id":"ffce3c04-42c0-5ea1-bc1e-1906a91102f2","name":"ESET Win32/Industroyer","description":"Anton Cherepanov, ESET. (2017, June 12). Win32/Industroyer: A new threat for industrial control systems. Retrieved September","url":"https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf","source":"ICS","title":"Win32/Industroyer: A new threat for industrial control systems","authors":"Anton Cherepanov, ESET","date_accessed":"1978-09-01T00:00:00Z","date_published":"2017-06-12T00:00:00Z","owner_name":null,"tidal_id":"8608dc03-72c7-540c-8f6b-7b411617bbac","created":"2026-01-28T13:08:18.175329Z","modified":"2026-01-28T13:08:18.175333Z"},{"id":"7c34c189-6581-4a56-aead-871400839d1a","name":"Microsoft Kasidet","description":"Manuel, J. and Plantado, R.. (2015, August 9). Win32/Kasidet. Retrieved March 24, 2016.","url":"http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2FKasidet","source":"MITRE","title":"Win32/Kasidet","authors":"Manuel, J. and Plantado, R.","date_accessed":"2016-03-24T00:00:00Z","date_published":"2015-08-09T00:00:00Z","owner_name":null,"tidal_id":"13baeb45-2687-5660-9c8a-9ccfbdf5c4ba","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442226Z"},{"id":"1ba84bfe-b617-4a0d-8260-b29b0d797a8d","name":"WinDbg.exe - LOLBAS Project","description":"LOLBAS. (2025, July 16). WinDbg.exe. Retrieved December 30, 2025.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/WinDbg/","source":"Tidal Cyber","title":"WinDbg.exe","authors":"LOLBAS","date_accessed":"2025-12-30T12:00:00Z","date_published":"2025-07-16T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1866be3e-d39d-57f3-8b20-15ef5ec613c9","created":"2026-01-06T18:03:33.290345Z","modified":"2026-01-06T18:03:33.431368Z"},{"id":"5257a8ed-1cc8-42f8-86a7-8c0fd0e553a7","name":"ESET Ebury Oct 2017","description":"Vachon, F. (2017, October 30). Windigo Still not Windigone: An Ebury Update . Retrieved February 10, 2021.","url":"https://www.welivesecurity.com/2017/10/30/windigo-ebury-update-2/","source":"MITRE","title":"Windigo Still not Windigone: An Ebury Update","authors":"Vachon, F","date_accessed":"2021-02-10T00:00:00Z","date_published":"2017-10-30T00:00:00Z","owner_name":null,"tidal_id":"ab1cad5b-d76d-5f57-95a1-95648968b19b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421788Z"},{"id":"d3724d08-f89b-4fb9-a0ea-3a6f929e0b6a","name":"Microsoft AMSI June 2015","description":"Microsoft. (2015, June 9). Windows 10 to offer application developers new malware defenses. Retrieved February 12, 2018.","url":"https://cloudblogs.microsoft.com/microsoftsecure/2015/06/09/windows-10-to-offer-application-developers-new-malware-defenses/?source=mmpc","source":"MITRE","title":"Windows 10 to offer application developers new malware defenses","authors":"Microsoft","date_accessed":"2018-02-12T00:00:00Z","date_published":"2015-06-09T00:00:00Z","owner_name":null,"tidal_id":"2d0b7250-c464-5df9-86fa-81275ee0ff50","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442957Z"},{"id":"49af01f2-06c5-4b21-9882-901ad828ee28","name":"Davidson Windows","description":"Davidson, L. (n.d.). Windows 7 UAC whitelist. Retrieved November 12, 2014.","url":"http://www.pretentiousname.com/misc/win7_uac_whitelist2.html","source":"MITRE","title":"Windows 7 UAC whitelist","authors":"Davidson, L","date_accessed":"2014-11-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a9b14bb0-f22b-5d90-84de-ee016e36a025","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425219Z"},{"id":"1b8b87d5-1b70-401b-8850-d8afd3b22356","name":"IRED API Hashing","description":"spotheplanet. (n.d.). Windows API Hashing in Malware. Retrieved August 22, 2022.","url":"https://www.ired.team/offensive-security/defense-evasion/windows-api-hashing-in-malware","source":"MITRE","title":"Windows API Hashing in Malware","authors":"spotheplanet","date_accessed":"2022-08-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c778bf72-80f5-5417-8116-429780a2cb00","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436078Z"},{"id":"dc673650-1a37-4af1-aa03-8f57a064156b","name":"TrendMicro WindowsAppMac","description":"Trend Micro. (2019, February 11). Windows App Runs on Mac, Downloads Info Stealer and Adware. Retrieved April 25, 2019.","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/windows-app-runs-on-mac-downloads-info-stealer-and-adware/","source":"MITRE","title":"Windows App Runs on Mac, Downloads Info Stealer and Adware","authors":"Trend Micro","date_accessed":"2019-04-25T00:00:00Z","date_published":"2019-02-11T00:00:00Z","owner_name":null,"tidal_id":"7628d3f1-d256-56bc-914e-113935a0fcc8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434535Z"},{"id":"9d935f7f-bc2a-4d09-a51a-82074ffd7d77","name":"Windows Commands JPCERT","description":"Tomonaga, S. (2016, January 26). Windows Commands Abused by Attackers. Retrieved February 2, 2016.","url":"http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html","source":"MITRE","title":"Windows Commands Abused by Attackers","authors":"Tomonaga, S","date_accessed":"2016-02-02T00:00:00Z","date_published":"2016-01-26T00:00:00Z","owner_name":null,"tidal_id":"5742312b-9e2c-5558-996a-ffe8584aa383","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415448Z"},{"id":"790ea33a-7a64-488e-ab90-d82e021e0c06","name":"Amplia WCE","description":"Amplia Security. (n.d.). Windows Credentials Editor (WCE) F.A.Q.. Retrieved September 12, 2024.","url":"https://web.archive.org/web/20240904163410/https://www.ampliasecurity.com/research/wcefaq.html","source":"MITRE","title":"Windows Credentials Editor (WCE) F.A.Q.","authors":"Amplia Security","date_accessed":"2024-09-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e1504e26-839a-5681-b207-8e5c97846d48","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422802Z"},{"id":"678ef307-d203-4b65-bed4-b844ada7ab83","name":"Microsoft Windows Defender Application Control","description":"Gorzelany, A., Hall, J., Poggemeyer, L.. (2019, January 7). Windows Defender Application Control. Retrieved July 16, 2019.","url":"https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control","source":"MITRE","title":"Windows Defender Application Control","authors":"Gorzelany, A., Hall, J., Poggemeyer, L.","date_accessed":"2019-07-16T00:00:00Z","date_published":"2019-01-07T00:00:00Z","owner_name":null,"tidal_id":"5f37f359-8fa2-5e6a-8d1c-26ccf209bfd7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440398Z"},{"id":"567ce633-a061-460b-84af-01dfe3d818c7","name":"Microsoft Operation Wilysupply","description":"Florio, E.. (2017, May 4). Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack. Retrieved February 14, 2019.","url":"https://www.microsoft.com/security/blog/2017/05/04/windows-defender-atp-thwarts-operation-wilysupply-software-supply-chain-cyberattack/","source":"MITRE","title":"Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack","authors":"Florio, E.","date_accessed":"2019-02-14T00:00:00Z","date_published":"2017-05-04T00:00:00Z","owner_name":null,"tidal_id":"a663fd17-7141-54e3-bf20-3ed98be42759","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431324Z"},{"id":"ce40e997-d04b-49a6-8838-13205c54243a","name":"PassLib mscache","description":"Eli Collins. (2016, November 25). Windows' Domain Cached Credentials v2. Retrieved February 21, 2020.","url":"https://passlib.readthedocs.io/en/stable/lib/passlib.hash.msdcc2.html","source":"MITRE","title":"Windows' Domain Cached Credentials v2","authors":"Eli Collins","date_accessed":"2020-02-21T00:00:00Z","date_published":"2016-11-25T00:00:00Z","owner_name":null,"tidal_id":"23cfa034-1ad0-5625-a286-2c2d8da63f84","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430839Z"},{"id":"9b4dc472-66c6-5ef1-897a-e8516e0e4a00","name":"SafeBreach","description":"Alon Leviev. (2024, August 7). Windows Downdate: Downgrade Attacks Using Windows Updates. Retrieved January 8, 2025.","url":"https://www.safebreach.com/blog/downgrade-attacks-using-windows-updates/","source":"MITRE","title":"Windows Downdate: Downgrade Attacks Using Windows Updates","authors":"Alon Leviev","date_accessed":"2025-01-08T00:00:00Z","date_published":"2024-08-07T00:00:00Z","owner_name":null,"tidal_id":"de0a58f6-b33c-511b-bae1-329f81215e17","created":"2025-04-22T20:47:16.497158Z","modified":"2025-12-17T15:08:36.431865Z"},{"id":"930ca682-03e0-57e7-a1ec-5a3186f0ff64","name":"Secure Team - Scriptrunner.exe","description":"Secure Team - Information Assurance. (2023, January 8). Windows Error Reporting Tool Abused to Load Malware. Retrieved July 8, 2024.","url":"https://secureteam.co.uk/2023/01/08/windows-error-reporting-tool-abused-to-load-malware/","source":"MITRE","title":"Windows Error Reporting Tool Abused to Load Malware","authors":"Secure Team - Information Assurance","date_accessed":"2024-07-08T00:00:00Z","date_published":"2023-01-08T00:00:00Z","owner_name":null,"tidal_id":"cf85bde1-bb87-54ed-a3b1-220f4754ba38","created":"2024-10-31T16:28:19.497012Z","modified":"2025-12-17T15:08:36.428084Z"},{"id":"2c49288b-438d-487a-8e6e-f9d9eda73e2f","name":"ProjectZero File Write EoP Apr 2018","description":"Forshaw, J. (2018, April 18). Windows Exploitation Tricks: Exploiting Arbitrary File Writes for Local Elevation of Privilege. Retrieved May 3, 2018.","url":"https://googleprojectzero.blogspot.com/2018/04/windows-exploitation-tricks-exploiting.html","source":"MITRE","title":"Windows Exploitation Tricks: Exploiting Arbitrary File Writes for Local Elevation of Privilege","authors":"Forshaw, J","date_accessed":"2018-05-03T00:00:00Z","date_published":"2018-04-18T00:00:00Z","owner_name":null,"tidal_id":"8930f94b-3c21-58f1-abad-02d572a8e6a8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427006Z"},{"id":"fb98df9a-303d-4658-93da-0dcbd7bf9b1e","name":"DBAPPSecurity BITTER zero-day Feb 2021","description":"JinQuan, MaDongZe, TuXiaoYi, and LiHao. (2021, February 10). Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack. Retrieved June 1, 2022.","url":"https://ti.dbappsecurity.com.cn/blog/articles/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/","source":"MITRE","title":"Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack","authors":"JinQuan, MaDongZe, TuXiaoYi, and LiHao","date_accessed":"2022-06-01T00:00:00Z","date_published":"2021-02-10T00:00:00Z","owner_name":null,"tidal_id":"92654c0c-67b0-5c6d-9ca9-c795953684f6","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442214Z"},{"id":"d2d2186c-040f-4045-b161-fc468aa09534","name":"EyeofRa Detecting Hooking June 2017","description":"Eye of Ra. (2017, June 27). Windows Keylogger Part 2: Defense against user-land. Retrieved December 12, 2017.","url":"https://eyeofrablog.wordpress.com/2017/06/27/windows-keylogger-part-2-defense-against-user-land/","source":"MITRE","title":"Windows Keylogger Part 2: Defense against user-land","authors":"Eye of Ra","date_accessed":"2017-12-12T00:00:00Z","date_published":"2017-06-27T00:00:00Z","owner_name":null,"tidal_id":"480cfa11-5fb8-5f1a-8954-fd1d2dda963f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430606Z"},{"id":"64b0e13f-de5f-4964-bcfa-bb0f6206383a","name":"Passcape LSA Secrets","description":"Passcape. (n.d.). Windows LSA secrets. Retrieved February 21, 2020.","url":"https://www.passcape.com/index.php?section=docsys&cmd=details&id=23","source":"MITRE","title":"Windows LSA secrets","authors":"Passcape","date_accessed":"2020-02-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"378a7701-a494-50bb-bdcc-bce7c92da4dc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.426035Z"},{"id":"3733386a-14bd-44a6-8241-a10660ba25d9","name":"Windows Malware Infecting Android","description":"Lucian Constantin. (2014, January 23). Windows malware tries to infect Android devices connected to PCs. Retrieved May 25, 2022.","url":"https://www.computerworld.com/article/2486903/windows-malware-tries-to-infect-android-devices-connected-to-pcs.html","source":"MITRE","title":"Windows malware tries to infect Android devices connected to PCs","authors":"Lucian Constantin","date_accessed":"2022-05-25T00:00:00Z","date_published":"2014-01-23T00:00:00Z","owner_name":null,"tidal_id":"c0a4bc9e-9663-5138-99a9-65a8e43f7b10","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428117Z"},{"id":"210ca539-71f6-4494-91ea-402a3e0e2a10","name":"MSDN WMI","description":"Microsoft. (n.d.). Windows Management Instrumentation. Retrieved April 27, 2016.","url":"https://msdn.microsoft.com/en-us/library/aa394582.aspx","source":"MITRE","title":"Windows Management Instrumentation","authors":"Microsoft","date_accessed":"2016-04-27T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"96f8bf50-97b1-5bc8-a14b-1923305d7bd5","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430223Z"},{"id":"135ccd72-2714-4453-9c8f-f5fde31905ee","name":"FireEye WMI 2015","description":"Ballenthin, W., et al. (2015). Windows Management Instrumentation (WMI) Offense, Defense, and Forensics. Retrieved March 30, 2016.","url":"https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-windows-management-instrumentation.pdf","source":"MITRE","title":"Windows Management Instrumentation (WMI) Offense, Defense, and Forensics","authors":"Ballenthin, W., et al","date_accessed":"2016-03-30T00:00:00Z","date_published":"2015-01-01T00:00:00Z","owner_name":null,"tidal_id":"7ebdf2ef-09d7-5b2a-baf5-c123b702afe2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.415502Z"},{"id":"81aa896a-3498-4c37-8882-2b77933b71a8","name":"win_msc_files_overview","description":"Brinkmann, M.. (2017, June 10). Windows .msc files overview. Retrieved September 20, 2021.","url":"https://www.ghacks.net/2017/06/10/windows-msc-files-overview/","source":"MITRE","title":"Windows .msc files overview","authors":"Brinkmann, M.","date_accessed":"2021-09-20T00:00:00Z","date_published":"2017-06-10T00:00:00Z","owner_name":null,"tidal_id":"8fd11e15-e250-508e-a98b-feb761846792","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436905Z"},{"id":"0e5dfc7e-c908-49b4-a54f-7dcecf332ee8","name":"Hill NT Shell","description":"Hill, T. (n.d.). Windows NT Command Shell. Retrieved December 5, 2014.","url":"http://technet.microsoft.com/en-us/library/cc723564.aspx#XSLTsection127121120120","source":"MITRE","title":"Windows NT Command Shell","authors":"Hill, T","date_accessed":"2014-12-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3884ca61-da61-5cbf-9a8b-ac6ace0604d4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434422Z"},{"id":"a8a56a64-8e73-4331-9961-b1f9b6cbb348","name":"passcape Windows Vault","description":"Passcape. (n.d.). Windows Password Recovery - Vault Explorer and Decoder. Retrieved November 24, 2020.","url":"https://www.passcape.com/windows_password_recovery_vault_explorer","source":"MITRE","title":"Windows Password Recovery - Vault Explorer and Decoder","authors":"Passcape","date_accessed":"2020-11-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"696a7cd5-99b1-5a14-ba7f-9c3ea9ad1195","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.435072Z"},{"id":"d7da4285-aeed-42dc-8f55-facbe6daf317","name":"Malware Archaeology PowerShell Cheat Sheet","description":"Malware Archaeology. (2016, June). WINDOWS POWERSHELL LOGGING CHEAT SHEET - Win 7/Win 2008 or later. Retrieved June 24, 2016.","url":"http://www.malwarearchaeology.com/s/Windows-PowerShell-Logging-Cheat-Sheet-ver-June-2016-v2.pdf","source":"MITRE","title":"WINDOWS POWERSHELL LOGGING CHEAT SHEET - Win 7/Win 2008 or later","authors":"Malware Archaeology","date_accessed":"2016-06-24T00:00:00Z","date_published":"2016-06-01T00:00:00Z","owner_name":null,"tidal_id":"2862c9eb-c13e-5705-8b8e-0a255be72e0e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424825Z"},{"id":"20ec94d1-4a5c-43f5-bb65-f3ea965d2b6e","name":"TechNet PowerShell","description":"Microsoft. (n.d.). Windows PowerShell Scripting. Retrieved April 28, 2016.","url":"https://technet.microsoft.com/en-us/scriptcenter/dd742419.aspx","source":"MITRE","title":"Windows PowerShell Scripting","authors":"Microsoft","date_accessed":"2016-04-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a627d435-8945-5052-987d-45255d8a8065","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.432834Z"},{"id":"185154f2-5f2e-48bf-b609-991e9d6a037b","name":"Windows Privilege Escalation Guide","description":"absolomb. (2018, January 26). Windows Privilege Escalation Guide. Retrieved August 10, 2018.","url":"https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/","source":"MITRE","title":"Windows Privilege Escalation Guide","authors":"absolomb","date_accessed":"2018-08-10T00:00:00Z","date_published":"2018-01-26T00:00:00Z","owner_name":null,"tidal_id":"bd44d8ab-728e-5f8f-9516-910264cf9c7a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434173Z"},{"id":"c52945dc-eb20-4e69-8f8e-a262f33c244c","name":"SploitSpren Windows Priv Jan 2018","description":"McFarland, R. (2018, January 26). Windows Privilege Escalation Guide. Retrieved August 10, 2018.","url":"https://www.sploitspren.com/2018-01-26-Windows-Privilege-Escalation-Guide/","source":"MITRE","title":"Windows Privilege Escalation Guide","authors":"McFarland, R","date_accessed":"2018-08-10T00:00:00Z","date_published":"2018-01-26T00:00:00Z","owner_name":null,"tidal_id":"37213983-5529-53f5-a30a-52d3ef6aa5d9","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434416Z"},{"id":"30681a0a-a49f-416a-b5bc-621c60f1130a","name":"Windows Unquoted Services","description":"HackHappy. (2018, April 23). Windows Privilege Escalation – Unquoted Services. Retrieved August 10, 2018.","url":"https://securityboulevard.com/2018/04/windows-privilege-escalation-unquoted-services/","source":"MITRE","title":"Windows Privilege Escalation – Unquoted Services","authors":"HackHappy","date_accessed":"2018-08-10T00:00:00Z","date_published":"2018-04-23T00:00:00Z","owner_name":null,"tidal_id":"fa06f8fb-65d6-5403-ba14-2cb0ef1131bc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434179Z"},{"id":"939c05ae-bb21-4ed2-8fa3-a729f717ee3a","name":"SecurityBoulevard Unquoted Services APR 2018","description":"HackHappy. (2018, April 23). Windows Privilege Escalation – Unquoted Services. Retrieved August 10, 2018.","url":"https://securityboulevard.com/2018/04/windows-privilege-escalation-unquoted-services/","source":"MITRE","title":"Windows Privilege Escalation – Unquoted Services","authors":"HackHappy","date_accessed":"2018-08-10T00:00:00Z","date_published":"2018-04-23T00:00:00Z","owner_name":null,"tidal_id":"7a5226f7-15e9-56d4-aba5-3e87a157bdfe","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434410Z"},{"id":"a9edeec0-623c-574e-af2b-6dbb565669f2","name":"Medium","description":"Michael Koczwara. (2021, March 14). Windows privilege escalation via PowerShell History. Retrieved June 13, 2025.","url":"https://michaelkoczwara.medium.com/windows-privilege-escalation-dbb908cce8d4","source":"MITRE","title":"Windows privilege escalation via PowerShell History","authors":"Michael Koczwara","date_accessed":"2025-06-13T00:00:00Z","date_published":"2021-03-14T00:00:00Z","owner_name":null,"tidal_id":"8b2c919a-0ba5-5466-8ff5-6a0fdf372721","created":"2025-10-29T21:08:48.166093Z","modified":"2025-12-17T15:08:36.431853Z"},{"id":"01a3fc64-ff07-48f7-b0d9-5728012761c7","name":"Windows Process Injection KernelCallbackTable","description":"odzhan. (2019, May 25). Windows Process Injection: KernelCallbackTable used by FinFisher / FinSpy. Retrieved February 4, 2022.","url":"https://modexp.wordpress.com/2019/05/25/windows-injection-finspy/","source":"MITRE","title":"Windows Process Injection: KernelCallbackTable used by FinFisher / FinSpy","authors":"odzhan","date_accessed":"2022-02-04T00:00:00Z","date_published":"2019-05-25T00:00:00Z","owner_name":null,"tidal_id":"571951c8-24b6-58d9-8709-24e78cf49401","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433200Z"},{"id":"1bf45166-bfce-450e-87d1-b1e3b19fdb62","name":"Modexp Windows Process Injection","description":"odzhan. (2019, April 25). Windows Process Injection: WordWarping, Hyphentension, AutoCourgette, Streamception, Oleum, ListPlanting, Treepoline. Retrieved November 15, 2021.","url":"https://modexp.wordpress.com/2019/04/25/seven-window-injection-methods/","source":"MITRE","title":"Windows Process Injection: WordWarping, Hyphentension, AutoCourgette, Streamception, Oleum, ListPlanting, Treepoline","authors":"odzhan","date_accessed":"2021-11-15T00:00:00Z","date_published":"2019-04-25T00:00:00Z","owner_name":null,"tidal_id":"255bf2e1-3c6b-5e70-8580-08ab65d94ded","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436108Z"},{"id":"656f0ffd-33e0-40ef-bdf7-70758f855f18","name":"Wikipedia Windows Registry","description":"Wikipedia. (n.d.). Windows Registry. Retrieved February 2, 2015.","url":"https://en.wikipedia.org/wiki/Windows_Registry","source":"MITRE","title":"Windows Registry","authors":"Wikipedia","date_accessed":"2015-02-02T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"af70b4f2-db2e-5e3c-9f5a-ebb3aa5da039","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.434373Z"},{"id":"9e9c745f-19fd-4218-b8dc-85df804ecb70","name":"Cylance Reg Persistence Sept 2013","description":"Langendorf, S. (2013, September 24). Windows Registry Persistence, Part 2: The Run Keys and Search-Order. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20160214140250/http://blog.cylance.com/windows-registry-persistence-part-2-the-run-keys-and-search-order","source":"MITRE","title":"Windows Registry Persistence, Part 2: The Run Keys and Search-Order","authors":"Langendorf, S","date_accessed":"2024-11-17T00:00:00Z","date_published":"2013-09-24T00:00:00Z","owner_name":null,"tidal_id":"4ebaaa22-0601-5ccf-b8c7-bd5e0d7ad080","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425982Z"},{"id":"ddbe110c-88f1-4774-bcb9-cd18b6218fc4","name":"Microsoft WinRM","description":"Microsoft. (n.d.). Windows Remote Management. Retrieved September 12, 2024.","url":"https://learn.microsoft.com/en-us/windows/win32/winrm/portal","source":"MITRE","title":"Windows Remote Management","authors":"Microsoft","date_accessed":"2024-09-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"c095ff50-7cf0-559f-a066-7cb896bc6fb4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430229Z"},{"id":"5b8d9094-dabf-4c29-a95b-b90dbcf07382","name":"Symantec Windows Rootkits","description":"Symantec. (n.d.). Windows Rootkit Overview. Retrieved December 21, 2017.","url":"https://www.symantec.com/avcenter/reference/windows.rootkit.overview.pdf","source":"MITRE","title":"Windows Rootkit Overview","authors":"Symantec","date_accessed":"2017-12-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"89f0660c-03d8-55df-b522-458438e0f708","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424803Z"},{"id":"d18717ae-7fe4-40f9-aff2-b35120d31dc8","name":"insecure_reg_perms","description":"Clément Labro. (2020, November 12). Windows RpcEptMapper Service Insecure Registry Permissions EoP. Retrieved August 25, 2021.","url":"https://itm4n.github.io/windows-registry-rpceptmapper-eop/","source":"MITRE","title":"Windows RpcEptMapper Service Insecure Registry Permissions EoP","authors":"Clément Labro","date_accessed":"2021-08-25T00:00:00Z","date_published":"2020-11-12T00:00:00Z","owner_name":null,"tidal_id":"6b953962-db2a-57c6-bad5-81b2b3796a5b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425533Z"},{"id":"9e7cd4da-da18-4d20-809a-19abb4352807","name":"Microsoft Windows Scripts","description":"Microsoft. (2017, January 18). Windows Script Interfaces. Retrieved June 23, 2020.","url":"https://docs.microsoft.com/scripting/winscript/windows-script-interfaces","source":"MITRE","title":"Windows Script Interfaces","authors":"Microsoft","date_accessed":"2020-06-23T00:00:00Z","date_published":"2017-01-18T00:00:00Z","owner_name":null,"tidal_id":"fe8b0988-d156-55be-921b-f95f4df926ba","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424865Z"},{"id":"23a50cd5-ac76-4dbe-8937-0fe8aec8cbf6","name":"Microsoft Security Event 4670","description":"Franklin Smith, R. (n.d.). Windows Security Log Event ID 4670. Retrieved November 4, 2019.","url":"https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4670","source":"MITRE","title":"Windows Security Log Event ID 4670","authors":"Franklin Smith, R","date_accessed":"2019-11-04T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e735d87b-e3c6-54a7-900f-5ec0d1f29ac2","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433074Z"},{"id":"53464503-6e6f-45d8-a208-1820678deeac","name":"Windows Log Events","description":"Franklin Smith. (n.d.). Windows Security Log Events. Retrieved February 21, 2020.","url":"https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/","source":"MITRE","title":"Windows Security Log Events","authors":"Franklin Smith","date_accessed":"2020-02-21T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"70b500a9-3991-529f-953e-03d0c3956c1a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429270Z"},{"id":"158d971e-2f96-5200-8a87-d3887de30ff0","name":"winser19_file_overwrite_bug_twitter","description":"Naceri, A. (2021, November 7). Windows Server 2019 file overwrite bug. Retrieved April 7, 2022.","url":"https://web.archive.org/web/20211107115646/https://twitter.com/klinix5/status/1457316029114327040","source":"MITRE","title":"Windows Server 2019 file overwrite bug","authors":"Naceri, A","date_accessed":"2022-04-07T00:00:00Z","date_published":"2021-11-07T00:00:00Z","owner_name":null,"tidal_id":"d71ed833-561a-5801-9d53-bba803782909","created":"2023-05-26T01:21:05.497994Z","modified":"2025-12-17T15:08:36.429289Z"},{"id":"9a801256-5852-433e-95bd-768f9b70b9fe","name":"Windows Server Containers Are Open","description":"Daniel Prizmant. (2020, July 15). Windows Server Containers Are Open, and Here's How You Can Break Out. Retrieved October 1, 2021.","url":"https://unit42.paloaltonetworks.com/windows-server-containers-vulnerabilities/","source":"MITRE","title":"Windows Server Containers Are Open, and Here's How You Can Break Out","authors":"Daniel Prizmant","date_accessed":"2021-10-01T00:00:00Z","date_published":"2020-07-15T00:00:00Z","owner_name":null,"tidal_id":"f7acda2e-0953-5bbb-97b9-897a1974a1ec","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429053Z"},{"id":"68e006df-9fb6-4890-9952-7bad38b16dee","name":"Sysinternals AppCertDlls Oct 2007","description":"Microsoft. (2007, October 24). Windows Sysinternals - AppCertDlls. Retrieved December 18, 2017.","url":"https://forum.sysinternals.com/appcertdlls_topic12546.html","source":"MITRE","title":"Windows Sysinternals - AppCertDlls","authors":"Microsoft","date_accessed":"2017-12-18T00:00:00Z","date_published":"2007-10-24T00:00:00Z","owner_name":null,"tidal_id":"1c5c005a-ffaf-54f7-9c4f-a3f50271ded7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429177Z"},{"id":"72d27aca-62c5-4e96-9977-c41951aaa888","name":"Russinovich Sysinternals","description":"Russinovich, M. (2014, May 2). Windows Sysinternals PsExec v2.11. Retrieved May 13, 2015.","url":"https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx","source":"MITRE","title":"Windows Sysinternals PsExec v2.11","authors":"Russinovich, M","date_accessed":"2015-05-13T00:00:00Z","date_published":"2014-05-02T00:00:00Z","owner_name":null,"tidal_id":"a76227a8-b456-579c-891e-c8be6798f79c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423527Z"},{"id":"25d54a16-59a0-497d-a4a5-021420da8f1c","name":"Microsoft System Services Fundamentals","description":"Microsoft. (2018, February 17). Windows System Services Fundamentals. Retrieved March 28, 2022.","url":"https://social.technet.microsoft.com/wiki/contents/articles/12229.windows-system-services-fundamentals.aspx","source":"MITRE","title":"Windows System Services Fundamentals","authors":"Microsoft","date_accessed":"2022-03-28T00:00:00Z","date_published":"2018-02-17T00:00:00Z","owner_name":null,"tidal_id":"d699beac-4166-5287-8bb6-05146c976559","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427724Z"},{"id":"9e3d8dec-745a-4744-b80c-d65897ebba3c","name":"Microsoft W32Time May 2017","description":"Mathers, B. (2017, May 31). Windows Time Service Tools and Settings. Retrieved March 26, 2018.","url":"https://docs.microsoft.com/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings","source":"MITRE","title":"Windows Time Service Tools and Settings","authors":"Mathers, B","date_accessed":"2018-03-26T00:00:00Z","date_published":"2017-05-31T00:00:00Z","owner_name":null,"tidal_id":"aa473610-d09e-551d-b64d-50455f3962c7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.416073Z"},{"id":"0d908e07-abc1-40fc-b147-9b9fd483b262","name":"Technet Windows Time Service","description":"Mathers, B. (2016, September 30). Windows Time Service Tools and Settings. Retrieved November 25, 2016.","url":"https://technet.microsoft.com/windows-server-docs/identity/ad-ds/get-started/windows-time-service/windows-time-service-tools-and-settings","source":"MITRE","title":"Windows Time Service Tools and Settings","authors":"Mathers, B","date_accessed":"2016-11-25T00:00:00Z","date_published":"2016-09-30T00:00:00Z","owner_name":null,"tidal_id":"0c69e83c-d022-5540-a6f1-2632b40b9d42","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436499Z"},{"id":"991f7a9f-4317-42fa-bc9b-f533fe36b517","name":"Microsoft W32Time Feb 2018","description":"Microsoft. (2018, February 1). Windows Time Service (W32Time). Retrieved March 26, 2018.","url":"https://docs.microsoft.com/windows-server/networking/windows-time-service/windows-time-service-top","source":"MITRE","title":"Windows Time Service (W32Time)","authors":"Microsoft","date_accessed":"2018-03-26T00:00:00Z","date_published":"2018-02-01T00:00:00Z","owner_name":null,"tidal_id":"3da168c4-7041-561a-ab29-669b8923bbb7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430267Z"},{"id":"7bbf39dd-851d-42dd-8be2-87de83f3abc0","name":"Microsoft CVE-2021-1732 Feb 2021","description":"Microsoft. (2018, February 9). Windows Win32k Elevation of Privilege Vulnerability CVE-2021-1732. Retrieved June 1, 2022.","url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1732","source":"MITRE","title":"Windows Win32k Elevation of Privilege Vulnerability CVE-2021-1732","authors":"Microsoft","date_accessed":"2022-06-01T00:00:00Z","date_published":"2018-02-09T00:00:00Z","owner_name":null,"tidal_id":"c25cd13c-5ed1-5e21-99ee-49ab6d501110","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.442220Z"},{"id":"baeaad76-0acf-4921-9d6c-245649b32976","name":"win_xml_evt_log","description":"Forensics Wiki. (2021, June 19). Windows XML Event Log (EVTX). Retrieved September 13, 2021.","url":"https://forensicswiki.xyz/wiki/index.php?title=Windows_XML_Event_Log_(EVTX)","source":"MITRE","title":"Windows XML Event Log (EVTX)","authors":"Forensics Wiki","date_accessed":"2021-09-13T00:00:00Z","date_published":"2021-06-19T00:00:00Z","owner_name":null,"tidal_id":"1269d6dc-53cc-5069-bc4f-959310f7d2cd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.440952Z"},{"id":"7003e2d4-83e5-4672-aaa9-53cc4bcb08b5","name":"Winexe Github Sept 2013","description":"Skalkotos, N. (2013, September 20). WinExe. Retrieved January 22, 2018.","url":"https://github.com/skalkoto/winexe/","source":"MITRE","title":"WinExe","authors":"Skalkotos, N","date_accessed":"2018-01-22T00:00:00Z","date_published":"2013-09-20T00:00:00Z","owner_name":null,"tidal_id":"dc270498-291e-50ca-825b-c44197aeb082","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423152Z"},{"id":"9e1ae9ae-bafc-460a-891e-e75df01c96c4","name":"Microsoft WinExec","description":"Microsoft. (n.d.). WinExec function. Retrieved September 12, 2024.","url":"https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-winexec","source":"MITRE","title":"WinExec function","authors":"Microsoft","date_accessed":"2024-09-12T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"344150f2-68e4-576b-babb-ba3048c17c3c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430063Z"},{"id":"78e30416-6c71-44c5-8124-9d047d372474","name":"winfile.exe - LOLBAS Project","description":"LOLBAS. (2024, April 30). winfile.exe. Retrieved May 19, 2025.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/winfile/","source":"Tidal Cyber","title":"winfile.exe","authors":"LOLBAS","date_accessed":"2025-05-19T00:00:00Z","date_published":"2024-04-30T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bc26e7c1-528d-5095-a5ab-5f73770a592d","created":"2025-05-20T16:19:07.804968Z","modified":"2025-05-20T16:19:07.949935Z"},{"id":"5ef334f3-fe6f-4cc1-b37d-d147180a8b8d","name":"winget.exe - LOLBAS Project","description":"LOLBAS. (2022, January 3). winget.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Winget/","source":"Tidal Cyber","title":"winget.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-01-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c1cd03ad-7f99-593f-a526-baed5c943a01","created":"2024-01-12T14:47:06.159217Z","modified":"2024-01-12T14:47:06.346891Z"},{"id":"9461f70f-bb14-4e40-9136-97f93aa16f33","name":"PreKageo Winhook Jul 2011","description":"Prekas, G. (2011, July 11). Winhook. Retrieved December 12, 2017.","url":"https://github.com/prekageo/winhook","source":"MITRE","title":"Winhook","authors":"Prekas, G","date_accessed":"2017-12-12T00:00:00Z","date_published":"2011-07-11T00:00:00Z","owner_name":null,"tidal_id":"24c5e9fb-5fd0-5c15-adc0-f1319ff15e06","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.430587Z"},{"id":"cbe8373b-f14b-4890-99fd-35ffd7090dea","name":"Novetta Winnti April 2015","description":"Novetta Threat Research Group. (2015, April 7). Winnti Analysis. Retrieved February 8, 2017.","url":"https://web.archive.org/web/20150412223949/http://www.novetta.com/wp-content/uploads/2015/04/novetta_winntianalysis.pdf","source":"MITRE","title":"Winnti Analysis","authors":"Novetta Threat Research Group","date_accessed":"2017-02-08T00:00:00Z","date_published":"2015-04-07T00:00:00Z","owner_name":null,"tidal_id":"11fcbb80-6689-56bb-b5d3-8114273a07a4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421754Z"},{"id":"da8f4fd8-aaa1-4ba9-97e3-13bee02c97f5","name":"web.archive.org October 18 2022","description":"None Identified. (2022, October 18). Winnti APT group docks in Sri Lanka for new campaign - Malwarebytes Threat Intelligence Report. Retrieved January 20, 2026.","url":"https://web.archive.org/web/20231027195423/https://www.malwarebytes.com/blog/threat-intelligence/2022/winnti-apt-group-docks-in-sri-lanka-for-new-campaign-final.pdf","source":"Tidal Cyber","title":"Winnti APT group docks in Sri Lanka for new campaign - Malwarebytes Threat Intelligence Report","authors":"None Identified","date_accessed":"2026-01-20T12:00:00Z","date_published":"2022-10-18T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5cb0bf84-9dc2-5f41-8d89-1a9ca538ab0c","created":"2026-01-23T20:29:39.539709Z","modified":"2026-01-23T20:29:39.686615Z"},{"id":"e815e47a-c924-4b03-91e5-d41f2bb74773","name":"Chronicle Winnti for Linux May 2019","description":"Chronicle Blog. (2019, May 15). Winnti: More than just Windows and Gates. Retrieved April 29, 2020.","url":"https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a","source":"MITRE","title":"Winnti: More than just Windows and Gates","authors":"Chronicle Blog","date_accessed":"2020-04-29T00:00:00Z","date_published":"2019-05-15T00:00:00Z","owner_name":null,"tidal_id":"f1788bca-c706-565c-897c-1ea45c9315e8","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420038Z"},{"id":"d7ceab5b-ae4e-4c68-b5df-df46f1308ec5","name":"WinProj.exe - LOLBAS Project","description":"LOLBAS. (2024, February 14). WinProj.exe. Retrieved May 19, 2025.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Winproj/","source":"Tidal Cyber","title":"WinProj.exe","authors":"LOLBAS","date_accessed":"2025-05-19T00:00:00Z","date_published":"2024-02-14T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bea85b6a-a5e6-5382-ba50-94efb490ef4c","created":"2025-05-20T16:19:07.505958Z","modified":"2025-05-20T16:19:07.657133Z"},{"id":"ad620d61-108c-4bb0-a897-02764ea9a903","name":"WinRAR Website","description":"WinRAR. (n.d.). WinRAR download free and support: WinRAR. Retrieved December 18, 2023.","url":"https://www.win-rar.com/","source":"Tidal Cyber","title":"WinRAR download free and support: WinRAR","authors":"WinRAR","date_accessed":"2023-12-18T00:00:00Z","date_published":null,"owner_name":"TidalCyberIan","tidal_id":"9656b4e2-9575-53da-b519-83c353d9a3ed","created":"2023-12-22T16:35:57.515157Z","modified":"2023-12-22T16:35:57.698500Z"},{"id":"d1560567-56a5-4465-9b37-9222f94fb560","name":"The Hacker News CVE-2025-8088 August 11 2025","description":"Ravie Lakshmanan. (2025, August 11). WinRAR Zero-Day Under Active Exploitation. Retrieved August 11, 2025.","url":"https://thehackernews.com/2025/08/winrar-zero-day-under-active.html","source":"Tidal Cyber","title":"WinRAR Zero-Day Under Active Exploitation","authors":"Ravie Lakshmanan","date_accessed":"2025-08-11T12:00:00Z","date_published":"2025-08-11T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8a6581b8-9bc8-5b89-8630-ab15b123e993","created":"2025-08-14T15:16:01.127233Z","modified":"2025-08-14T15:16:01.302892Z"},{"id":"86107810-8a1d-4c13-80f0-c1624143d057","name":"winrm.vbs - LOLBAS Project","description":"LOLBAS. (2018, May 25). winrm.vbs. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Scripts/Winrm/","source":"Tidal Cyber","title":"winrm.vbs","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ffe51377-4dd6-5072-9836-0c3e2380c5b1","created":"2024-01-12T14:47:39.564199Z","modified":"2024-01-12T14:47:39.732387Z"},{"id":"5f52274f-9d02-5e3c-a1da-48eee0804459","name":"DomainTools WinterVivern 2021","description":"Chad Anderson. (2021, April 27). Winter Vivern: A Look At Re-Crafted Government MalDocs Targeting Multiple Languages. Retrieved July 29, 2024.","url":"https://www.domaintools.com/resources/blog/winter-vivern-a-look-at-re-crafted-government-maldocs/","source":"MITRE","title":"Winter Vivern: A Look At Re-Crafted Government MalDocs Targeting Multiple Languages","authors":"Chad Anderson","date_accessed":"2024-07-29T00:00:00Z","date_published":"2021-04-27T00:00:00Z","owner_name":null,"tidal_id":"3b66f6c4-3386-510c-8cab-fe040bd59b18","created":"2024-10-31T16:28:30.127720Z","modified":"2025-12-17T15:08:36.439343Z"},{"id":"7def830a-22d8-55b6-a1e5-a6a63a8bbd5a","name":"ESET WinterVivern 2023","description":"Matthieu Faou. (2023, October 25). Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers. Retrieved July 29, 2024.","url":"https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/","source":"MITRE","title":"Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers","authors":"Matthieu Faou","date_accessed":"2024-07-29T00:00:00Z","date_published":"2023-10-25T00:00:00Z","owner_name":null,"tidal_id":"00a7d379-3cbb-565a-9135-f4f36b00ccb0","created":"2024-10-31T16:28:30.135799Z","modified":"2025-12-17T15:08:36.439349Z"},{"id":"f1b6b3b8-2068-5d80-a318-c77aaa9417c1","name":"SentinelOne WinterVivern 2023","description":"Tom Hegel. (2023, March 16). Winter Vivern | Uncovering a Wave of Global Espionage. Retrieved July 29, 2024.","url":"https://www.sentinelone.com/labs/winter-vivern-uncovering-a-wave-of-global-espionage/","source":"MITRE","title":"Winter Vivern | Uncovering a Wave of Global Espionage","authors":"Tom Hegel","date_accessed":"2024-07-29T00:00:00Z","date_published":"2023-03-16T00:00:00Z","owner_name":null,"tidal_id":"319bd17b-0c8e-5594-a68e-78ff67ebde1b","created":"2024-10-31T16:28:30.150749Z","modified":"2025-12-17T15:08:36.439362Z"},{"id":"cc14faff-c164-4135-ae36-ba68e1a50024","name":"Microsoft WinVerifyTrust","description":"Microsoft. (n.d.). WinVerifyTrust function. Retrieved January 31, 2018.","url":"https://msdn.microsoft.com/library/windows/desktop/aa388208.aspx","source":"MITRE","title":"WinVerifyTrust function","authors":"Microsoft","date_accessed":"2018-01-31T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"4c82a722-67c7-5af3-b8e3-42e5f090ce9e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429635Z"},{"id":"6d75b154-a51d-4541-8353-22ee1d12ebed","name":"Winword.exe - LOLBAS Project","description":"LOLBAS. (2019, July 19). Winword.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Winword/","source":"Tidal Cyber","title":"Winword.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2019-07-19T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c85fb2c1-1b99-5c73-a635-2a777cb32054","created":"2024-01-12T14:47:34.620618Z","modified":"2024-01-12T14:47:34.798075Z"},{"id":"dc047688-2ea3-415c-b516-06542048b049","name":"WinZip Homepage","description":"Corel Corporation. (2020). WinZip. Retrieved February 20, 2020.","url":"https://www.winzip.com/win/en/","source":"MITRE","title":"WinZip","authors":"Corel Corporation","date_accessed":"2020-02-20T00:00:00Z","date_published":"2020-01-01T00:00:00Z","owner_name":null,"tidal_id":"85abece2-8ec2-5eff-b1c2-49c69a143b0c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.423667Z"},{"id":"be6629ef-e7c6-411c-9bd2-34e59062cadd","name":"Dell Wiper","description":"Dell SecureWorks. (2013, March 21). Wiper Malware Analysis Attacking Korean Financial Sector. Retrieved May 13, 2015.","url":"http://www.secureworks.com/cyber-threat-intelligence/threats/wiper-malware-analysis-attacking-korean-financial-sector/","source":"MITRE","title":"Wiper Malware Analysis Attacking Korean Financial Sector","authors":"Dell SecureWorks","date_accessed":"2015-05-13T00:00:00Z","date_published":"2013-03-21T00:00:00Z","owner_name":null,"tidal_id":"1bb59ecf-5f39-5fa5-9f22-71272c8168f3","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.420839Z"},{"id":"a3002e0a-596e-50cd-802a-7f3e1b4e6e66","name":"Wireless Intrusion Detection","description":"Tomko, A.; Rieser, C; Buell, H.; Zeret, D.; Turner, W. (2007, March). Wireless Intrusion Detection. Retrieved September","url":"https://apps.dtic.mil/sti/pdfs/ADA466332.pdf","source":"ICS","title":"Wireless Intrusion Detection","authors":"Tomko, A.; Rieser, C; Buell, H.; Zeret, D.; Turner, W","date_accessed":"1978-09-01T00:00:00Z","date_published":"2007-03-01T00:00:00Z","owner_name":null,"tidal_id":"a9532751-dc1b-53d2-a652-89c8567b492e","created":"2026-01-28T13:08:18.178577Z","modified":"2026-01-28T13:08:18.178580Z"},{"id":"af6cfe7c-a757-51e2-8e4f-52e2ca28ded0","name":"medium evil twin","description":"Gihan, Kavishka. (2021, August 8). Wireless Security— Evil Twin Attack. Retrieved September 17, 2024.","url":"https://kavigihan.medium.com/wireless-security-evil-twin-attack-d3842f4aef59","source":"MITRE","title":"Wireless Security— Evil Twin Attack","authors":"Gihan, Kavishka","date_accessed":"2024-09-17T00:00:00Z","date_published":"2021-08-08T00:00:00Z","owner_name":null,"tidal_id":"0abb872e-e4e2-532f-93e0-4103e3e6969f","created":"2024-10-31T16:28:20.363028Z","modified":"2025-12-17T15:08:36.428887Z"},{"id":"fd33f71b-767d-4312-a8c9-5446939bb5ae","name":"WireLurker","description":"Claud Xiao. (n.d.). WireLurker: A New Era in iOS and OS X Malware. Retrieved July 10, 2017.","url":"https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/Unit_42/unit42-wirelurker.pdf","source":"MITRE","title":"WireLurker: A New Era in iOS and OS X Malware","authors":"Claud Xiao","date_accessed":"2017-07-10T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8ce196ac-e6f9-57ec-9a24-8a1d48e5b1e1","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.429991Z"},{"id":"512eb279-dacd-5c50-ac87-59856e11e450","name":"PaloAlto-WireLurker","description":"Claud Xiao. (2014, November 5). WireLurker: A New Era in OS X and iOS Malware. Retrieved January","url":"https://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/","source":"Mobile","title":"WireLurker: A New Era in OS X and iOS Malware","authors":"Claud Xiao","date_accessed":"1978-01-01T00:00:00Z","date_published":"2014-11-05T00:00:00Z","owner_name":null,"tidal_id":"3b72934b-6a2a-5696-a931-4f3c27054e7b","created":"2026-01-28T13:08:10.040052Z","modified":"2026-01-28T13:08:10.040057Z"},{"id":"884b675e-390c-4f6d-8cb7-5d97d84115e5","name":"Lab52 WIRTE Apr 2019","description":"S2 Grupo. (2019, April 2). WIRTE Group attacking the Middle East. Retrieved May 24, 2019.","url":"https://lab52.io/blog/wirte-group-attacking-the-middle-east/","source":"MITRE","title":"WIRTE Group attacking the Middle East","authors":"S2 Grupo","date_accessed":"2019-05-24T00:00:00Z","date_published":"2019-04-02T00:00:00Z","owner_name":null,"tidal_id":"0092c3c0-d2aa-5684-b0a8-3117d9b41b80","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437428Z"},{"id":"143b4694-024d-49a5-be3c-d9ceca7295b2","name":"Kaspersky WIRTE November 2021","description":"Yamout, M. (2021, November 29). WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019. Retrieved February 1, 2022.","url":"https://securelist.com/wirtes-campaign-in-the-middle-east-living-off-the-land-since-at-least-2019/105044","source":"MITRE","title":"WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019","authors":"Yamout, M","date_accessed":"2022-02-01T00:00:00Z","date_published":"2021-11-29T00:00:00Z","owner_name":null,"tidal_id":"a65dde27-d78b-5d58-b624-e9bde27af3dd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419614Z"},{"id":"3abfc3eb-7f9d-49e5-8048-4118cde3122e","name":"Cofense RevengeRAT Feb 2019","description":"Gannon, M. (2019, February 11). With Upgrades in Delivery and Support Infrastructure, Revenge RAT Malware is a Bigger Threat. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20200428173819/https://cofense.com/upgrades-delivery-support-infrastructure-revenge-rat-malware-bigger-threat/","source":"MITRE","title":"With Upgrades in Delivery and Support Infrastructure, Revenge RAT Malware is a Bigger Threat","authors":"Gannon, M","date_accessed":"2024-11-17T00:00:00Z","date_published":"2019-02-11T00:00:00Z","owner_name":null,"tidal_id":"0e85a964-e2cf-519b-8dc6-84a2046b1f0a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421451Z"},{"id":"5c8d67ea-63bc-4765-b6f6-49fa5210abe6","name":"CrowdStrike Wizard Spider October 2020","description":"Podlosky, A., Hanel, A. et al. (2020, October 16). WIZARD SPIDER Update: Resilient, Reactive and Resolute. Retrieved June 15, 2021.","url":"https://www.crowdstrike.com/blog/wizard-spider-adversary-update/","source":"MITRE, Tidal Cyber","title":"WIZARD SPIDER Update: Resilient, Reactive and Resolute","authors":"Podlosky, A., Hanel, A. et al","date_accessed":"2021-06-15T00:00:00Z","date_published":"2020-10-16T00:00:00Z","owner_name":null,"tidal_id":"f1bfc633-0ab6-5ae2-b33c-7d0c4056231e","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.256724Z"},{"id":"43bebdc3-3072-4a3d-a0b7-0b23f1119136","name":"Wlrmdr.exe - LOLBAS Project","description":"LOLBAS. (2022, February 16). Wlrmdr.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Wlrmdr/","source":"Tidal Cyber","title":"Wlrmdr.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-02-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"5248548f-3dcd-529d-954c-82dd4d8b0fcf","created":"2024-01-12T14:47:06.530011Z","modified":"2024-01-12T14:47:06.726372Z"},{"id":"fe0a3b0c-8526-5a0d-acb8-660bbc0c9328","name":"WMI 1-3","description":"Microsoft. (2023, March 7). Retrieved February 13, 2024.","url":"https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page?redirectedfrom=MSDN","source":"MITRE","title":"WMI 1-3","authors":"","date_accessed":"2024-02-13T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"5773f3a3-b81d-5935-91d9-76183a2c8032","created":"2024-04-25T13:28:28.915689Z","modified":"2025-12-17T15:08:36.423789Z"},{"id":"3778449c-e8b4-4ee5-914b-746053e8ca70","name":"Microsoft WMI Architecture","description":"Microsoft. (2018, May 31). WMI Architecture. Retrieved September 29, 2021.","url":"https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-architecture","source":"MITRE","title":"WMI Architecture","authors":"Microsoft","date_accessed":"2021-09-29T00:00:00Z","date_published":"2018-05-31T00:00:00Z","owner_name":null,"tidal_id":"33aa91b5-e441-58e6-8da6-bbc555142d8a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437085Z"},{"id":"819cecb2-5bd3-5c20-bbda-372516b00d6e","name":"WMI 7,8","description":"Microsoft. (2024, January 26). WMIC Deprecation. Retrieved February 13, 2024.","url":"https://techcommunity.microsoft.com/t5/windows-it-pro-blog/wmi-command-line-wmic-utility-deprecation-next-steps/ba-p/4039242","source":"MITRE","title":"WMIC Deprecation","authors":"Microsoft","date_accessed":"2024-02-13T00:00:00Z","date_published":"2024-01-26T00:00:00Z","owner_name":null,"tidal_id":"4b0ea704-4934-5ede-8f0c-b5d8f4c6d310","created":"2024-04-25T13:28:28.920883Z","modified":"2025-12-17T15:08:36.423796Z"},{"id":"497e73d4-9f27-4b30-ba09-f152ce866d0f","name":"LOLBAS Wmic","description":"LOLBAS. (n.d.). Wmic.exe. Retrieved July 31, 2019.","url":"https://lolbas-project.github.io/lolbas/Binaries/Wmic/","source":"MITRE","title":"Wmic.exe","authors":"LOLBAS","date_accessed":"2019-07-31T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"a540e98a-48b8-50a3-a068-94b78c1d258c","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436196Z"},{"id":"60a5c359-3523-4638-aee2-3e13e0077ba9","name":"Microsoft WMI System Classes","description":"Microsoft. (2018, May 31). WMI System Classes. Retrieved September 29, 2021.","url":"https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-system-classes","source":"MITRE","title":"WMI System Classes","authors":"Microsoft","date_accessed":"2021-09-29T00:00:00Z","date_published":"2018-05-31T00:00:00Z","owner_name":null,"tidal_id":"a4f2dd50-b187-525d-8acb-dfe5e3c1657d","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437079Z"},{"id":"5c2ecb15-14e9-5bd3-be5f-628fa4e98ee6","name":"MalwareBytes WoodyRAT Aug 2022","description":"MalwareBytes Threat Intelligence Team. (2022, August 3). Woody RAT: A new feature-rich malware spotted in the wild. Retrieved December 6, 2022.","url":"https://www.malwarebytes.com/blog/threat-intelligence/2022/08/woody-rat-a-new-feature-rich-malware-spotted-in-the-wild","source":"MITRE","title":"Woody RAT: A new feature-rich malware spotted in the wild","authors":"MalwareBytes Threat Intelligence Team","date_accessed":"2022-12-06T00:00:00Z","date_published":"2022-08-03T00:00:00Z","owner_name":null,"tidal_id":"4120f501-972b-5a9a-8d65-b10cffe9091b","created":"2023-05-26T01:21:15.671538Z","modified":"2025-12-17T15:08:36.417920Z"},{"id":"42cfa3eb-7a8c-482e-b8d8-78ae5c30b843","name":"WorkFolders.exe - LOLBAS Project","description":"LOLBAS. (2021, August 16). WorkFolders.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/WorkFolders/","source":"Tidal Cyber","title":"WorkFolders.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2021-08-16T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"46005e65-6fdd-5772-a2fb-8394de73e338","created":"2024-01-12T14:47:06.910613Z","modified":"2024-01-12T14:47:07.087022Z"},{"id":"87fb068f-5b9b-5692-8899-2394ef8ce40b","name":"CSRIC5-WG10-FinalReport","description":"Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May","url":"https://web.archive.org/web/20200330012714/https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf","source":"Mobile","title":"Working Group 10 Legacy Systems Risk Reductions Final Report","authors":"Communications Security, Reliability, Interoperability Council (CSRIC)","date_accessed":"1978-05-01T00:00:00Z","date_published":"2017-03-01T00:00:00Z","owner_name":null,"tidal_id":"635a078d-9e4c-595a-b6e1-f973ce2d92f0","created":"2026-01-28T13:08:10.038698Z","modified":"2026-01-28T13:08:10.038701Z"},{"id":"c38d6dfc-e866-5b81-b6e9-46106637f142","name":"AWS DB VPC","description":"AWS. (n.d.). Working with a DB instance in a VPC. Retrieved September 24, 2024.","url":"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html","source":"MITRE","title":"Working with a DB instance in a VPC","authors":"AWS","date_accessed":"2024-09-24T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"ba261aff-48ab-5f4b-86f1-51a92e263cbc","created":"2024-10-31T16:28:38.396337Z","modified":"2025-12-17T15:08:36.442882Z"},{"id":"f715468d-7d72-4ca4-a828-9fc909ca4f37","name":"Confluence Logs","description":"Confluence Support. (2021, April 22). Working with Confluence Logs. Retrieved September 23, 2021.","url":"https://confluence.atlassian.com/doc/working-with-confluence-logs-108364721.html","source":"MITRE","title":"Working with Confluence Logs","authors":"Confluence Support","date_accessed":"2021-09-23T00:00:00Z","date_published":"2021-04-22T00:00:00Z","owner_name":null,"tidal_id":"05890e56-d56e-545a-b2cc-d5ffab3602c7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.437116Z"},{"id":"dd3f98d9-0228-45a6-9e7b-1babf911a9ac","name":"AppInit Registry","description":"Microsoft. (2006, October). Working with the AppInit_DLLs registry value. Retrieved July 15, 2015.","url":"https://support.microsoft.com/en-us/kb/197571","source":"MITRE","title":"Working with the AppInit_DLLs registry value","authors":"Microsoft","date_accessed":"2015-07-15T00:00:00Z","date_published":"2006-10-01T00:00:00Z","owner_name":null,"tidal_id":"1591e01b-d754-5880-9055-c8ae8edd446a","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427247Z"},{"id":"f207163b-08a8-5219-aca8-812e83e0dad3","name":"Kubernetes Workload Management","description":"Kubernetes. (n.d.). Workload Management. Retrieved March 28, 2024.","url":"https://kubernetes.io/docs/concepts/workloads/controllers/","source":"MITRE","title":"Workload Management","authors":"Kubernetes","date_accessed":"2024-03-28T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"633a4efc-23cf-5e6c-910e-ebddc798a3ad","created":"2024-04-25T13:28:34.975906Z","modified":"2025-12-17T15:08:36.429886Z"},{"id":"b34cf57c-f8ce-53c6-b837-68f4f15bf4d4","name":"fsecure-netsky","description":"F-Secure. (2004). Worm:W32/NetSky.H. Retrieved January 31, 2025.","url":"https://www.f-secure.com/v-descs/netsky-h.shtml","source":"MITRE","title":"Worm:W32/NetSky.H","authors":"F-Secure","date_accessed":"2025-01-31T00:00:00Z","date_published":"2004-01-01T00:00:00Z","owner_name":null,"tidal_id":"3872dd9f-d0f6-5db3-b7c9-19775590b24a","created":"2025-04-22T20:47:20.152462Z","modified":"2025-12-17T15:08:36.435567Z"},{"id":"280ddf42-92d1-4850-9241-96c1ef9c0609","name":"ESF_filemonitor","description":"Patrick Wardle. (2019, September 17). Writing a File Monitor with Apple's Endpoint Security Framework. Retrieved December 17, 2020.","url":"https://objective-see.com/blog/blog_0x48.html","source":"MITRE","title":"Writing a File Monitor with Apple's Endpoint Security Framework","authors":"Patrick Wardle","date_accessed":"2020-12-17T00:00:00Z","date_published":"2019-09-17T00:00:00Z","owner_name":null,"tidal_id":"4c99954f-68f6-57cb-95f8-dff025e7fbbc","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.433932Z"},{"id":"5628ecd9-48da-4a50-94ba-4b70abe56089","name":"Writing Bad Malware for OSX","description":"Patrick Wardle. (2015). Writing Bad @$$ Malware for OS X. Retrieved July 10, 2017.","url":"https://www.blackhat.com/docs/us-15/materials/us-15-Wardle-Writing-Bad-A-Malware-For-OS-X.pdf","source":"MITRE","title":"Writing Bad @$$ Malware for OS X","authors":"Patrick Wardle","date_accessed":"2017-07-10T00:00:00Z","date_published":"2015-01-01T00:00:00Z","owner_name":null,"tidal_id":"e238bfc7-3e8b-5340-855d-4ef5496eec45","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424139Z"},{"id":"9f3b77a1-a60d-5ede-af9c-2684a75c4bb9","name":"Trails-DNS","description":"SecurityTrails. (2018, March 14). Wrong Bind Configuration Exposes the Complete List of Russian TLD's to the Internet. Retrieved June 5, 2024.","url":"https://web.archive.org/web/20180615055527/https://securitytrails.com/blog/russian-tlds","source":"MITRE","title":"Wrong Bind Configuration Exposes the Complete List of Russian TLD's to the Internet","authors":"SecurityTrails","date_accessed":"2024-06-05T00:00:00Z","date_published":"2018-03-14T00:00:00Z","owner_name":null,"tidal_id":"9088c675-d4ae-532e-b731-b8d5a8167d48","created":"2024-10-31T16:28:16.680084Z","modified":"2025-12-17T15:08:36.424925Z"},{"id":"6c536675-84dd-44c3-8771-70120b413db7","name":"Wscript.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Wscript.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Wscript/","source":"Tidal Cyber","title":"Wscript.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c29bdb75-b4df-57ed-80cb-6fc9aed102f9","created":"2024-01-12T14:47:07.271585Z","modified":"2024-01-12T14:47:07.469358Z"},{"id":"8b12e87b-3836-4c79-877b-0a2761b34533","name":"Enigma0x3 PubPrn Bypass","description":"Nelson, M. (2017, August 3). WSH INJECTION: A CASE STUDY. Retrieved April 9, 2018.","url":"https://enigma0x3.net/2017/08/03/wsh-injection-a-case-study/","source":"MITRE","title":"WSH INJECTION: A CASE STUDY","authors":"Nelson, M","date_accessed":"2018-04-09T00:00:00Z","date_published":"2017-08-03T00:00:00Z","owner_name":null,"tidal_id":"e42e2aa0-d84c-5a88-99a2-a7c681025fee","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424352Z"},{"id":"c147902a-e8e4-449f-8106-9e268d5367d8","name":"Wsl.exe - LOLBAS Project","description":"LOLBAS. (2019, June 27). Wsl.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/Wsl/","source":"Tidal Cyber","title":"Wsl.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2019-06-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"2d4b1df6-e72c-5e32-a2b9-881dd55ed92d","created":"2024-01-12T14:47:34.976470Z","modified":"2024-01-12T14:47:35.169230Z"},{"id":"24b73a27-f2ec-4cfa-a9df-59d4d4c1dd89","name":"Wsreset.exe - LOLBAS Project","description":"LOLBAS. (2019, March 18). Wsreset.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Wsreset/","source":"Tidal Cyber","title":"Wsreset.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2019-03-18T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"87de0bb5-0205-5258-9296-e24370887b07","created":"2024-01-12T14:47:07.653580Z","modified":"2024-01-12T14:47:07.825797Z"},{"id":"bbdd85b0-fdbb-4bd2-b962-a915c23c83c2","name":"wt.exe - LOLBAS Project","description":"LOLBAS. (2022, July 27). wt.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/wt/","source":"Tidal Cyber","title":"wt.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2022-07-27T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"6228d855-3686-5c94-9dcc-eb81bec2c1a4","created":"2024-01-12T14:47:09.548576Z","modified":"2024-01-12T14:47:09.724958Z"},{"id":"09229ea3-ffd8-4d97-9728-f8c683ef6f26","name":"wuauclt.exe - LOLBAS Project","description":"LOLBAS. (2020, September 23). wuauclt.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Wuauclt/","source":"Tidal Cyber","title":"wuauclt.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2020-09-23T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bd7f4705-6e98-52e7-8d85-76cdbbe0f3f6","created":"2024-01-12T14:47:07.999043Z","modified":"2024-01-12T14:47:08.194413Z"},{"id":"edf16e0a-9207-5aa9-93e6-4deb5dfc0dd2","name":"D. Parsons and D. Wylie September 2019","description":"D. Parsons and D. Wylie 2019, September Practical Industrial Control System (ICS) Cybersecurity: IT and OT Have Converged Discover and Defend Your Assets. Retrieved 2020/09/25","url":"https://www.csiac.org/journal-article/practical-industrial-control-system-ics-cybersecurity-it-and-ot-have-converged-discover-and-defend-your-assets/","source":"ICS","title":"Wylie 2019, September Practical Industrial Control System (ICS) Cybersecurity: IT and OT Have Converged Discover and Defend Your Assets","authors":"D","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3de97739-806f-5a5a-a360-03b2138f8e70","created":"2026-01-28T13:08:18.180089Z","modified":"2026-01-28T13:08:18.180092Z"},{"id":"191de8b6-2565-54f2-8f33-235f88d85dd3","name":"Colin Gray","description":"Colin Gray D. Parsons and D. Wylie 2019, September Practical Industrial Control System (ICS) Cybersecurity: IT and OT Have Converged Discover and Defend Your Assets. Retrieved 2020/09/25","url":"https://cdn.selinc.com/assets/Literature/Publications/Technical%20Papers/6891_HowSDN_CG_20180720_Web2.pdf?v=20190312-231901","source":"ICS","title":"Wylie 2019, September Practical Industrial Control System (ICS) Cybersecurity: IT and OT Have Converged Discover and Defend Your Assets","authors":"Colin Gray D","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"9c472fd3-b1d5-59d7-a3c5-ad8c253c29cb","created":"2026-01-28T13:08:18.180113Z","modified":"2026-01-28T13:08:18.180116Z"},{"id":"2dc7a8f1-ccee-46f0-a995-268694f11b02","name":"XAgentOSX 2017","description":"Robert Falcone. (2017, February 14). XAgentOSX: Sofacy's Xagent macOS Tool. Retrieved July 12, 2017.","url":"https://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/","source":"MITRE","title":"XAgentOSX: Sofacy's Xagent macOS Tool","authors":"Robert Falcone","date_accessed":"2017-07-12T00:00:00Z","date_published":"2017-02-14T00:00:00Z","owner_name":null,"tidal_id":"cc0eeffb-c337-5d79-ba8b-59c2996e4bed","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418848Z"},{"id":"b4fd246d-9bd1-4bed-a9cb-92233c5c45c4","name":"XAgentOSX","description":"Robert Falcone. (2017, February 14). XAgentOSX: Sofacy's Xagent macOS Tool. Retrieved July 12, 2017.","url":"https://researchcenter.paloaltonetworks.com/2017/02/unit42-xagentosx-sofacys-xagent-macos-tool/","source":"MITRE","title":"XAgentOSX: Sofacy's Xagent macOS Tool","authors":"Robert Falcone","date_accessed":"2017-07-12T00:00:00Z","date_published":"2017-02-14T00:00:00Z","owner_name":null,"tidal_id":"17fd0472-160e-5f8c-91d3-35f7af246e04","created":"2022-12-14T20:06:32.013016Z","modified":"2024-10-31T16:28:38.985231Z"},{"id":"21b890f7-82db-4840-a05e-2155b8ddce8c","name":"Unit42 Xbash Sept 2018","description":"Xiao, C. (2018, September 17). Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows. Retrieved November 14, 2018.","url":"https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/","source":"MITRE","title":"Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows","authors":"Xiao, C","date_accessed":"2018-11-14T00:00:00Z","date_published":"2018-09-17T00:00:00Z","owner_name":null,"tidal_id":"4d9380e6-9f74-504c-9880-d05d743287c4","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.419382Z"},{"id":"8be8bfac-8a82-4f3e-882b-070aadaad497","name":"XBootMgr.exe - LOLBAS Project","description":"LOLBAS. (2025, July 10). XBootMgr.exe. Retrieved December 30, 2025.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/XBootMgr/","source":"Tidal Cyber","title":"XBootMgr.exe","authors":"LOLBAS","date_accessed":"2025-12-30T12:00:00Z","date_published":"2025-07-10T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"8b47d108-974c-5e6b-9bb3-47f92553e279","created":"2026-01-06T18:03:33.561796Z","modified":"2026-01-06T18:03:33.695461Z"},{"id":"087ffaa5-6567-4169-b330-af989f1f03bd","name":"XBootMgrSleep.exe - LOLBAS Project","description":"LOLBAS. (2024, June 13). XBootMgrSleep.exe. Retrieved December 30, 2025.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/XBootMgrSleep/","source":"Tidal Cyber","title":"XBootMgrSleep.exe","authors":"LOLBAS","date_accessed":"2025-12-30T12:00:00Z","date_published":"2024-06-13T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"bea99058-76d1-599b-922d-ad5ee80debb7","created":"2026-01-06T18:03:33.826229Z","modified":"2026-01-06T18:03:33.969390Z"},{"id":"430fc6ef-33c5-4cd8-b785-358e4aae5230","name":"xCmd","description":"Rayaprolu, A.. (2011, April 12). xCmd an Alternative to PsExec. Retrieved August 10, 2016.","url":"https://ashwinrayaprolu.wordpress.com/2011/04/12/xcmd-an-alternative-to-psexec/","source":"MITRE","title":"xCmd an Alternative to PsExec","authors":"Rayaprolu, A.","date_accessed":"2016-08-10T00:00:00Z","date_published":"2011-04-12T00:00:00Z","owner_name":null,"tidal_id":"2f5ff6d4-a040-5911-8ff6-2b8e68464067","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.422959Z"},{"id":"05e01751-ebb4-4b09-be89-4e405ab7e7e4","name":"xcopy Microsoft","description":"Microsoft. (2023, February 3). xcopy Microsoft. Retrieved July 11, 2023.","url":"https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/xcopy","source":"Tidal Cyber","title":"xcopy Microsoft","authors":"Microsoft","date_accessed":"2023-07-11T00:00:00Z","date_published":"2023-02-03T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"d737c1af-0c0f-5543-af31-a16fab2bc100","created":"2023-07-14T12:56:34.453647Z","modified":"2023-07-14T12:56:34.563638Z"},{"id":"5249d328-bc9d-563a-8b5b-e0cb3e758cc5","name":"April 2021 TrendMicro XCSSET","description":"Steven Du, Dechao Zhao, Luis Magisa, Ariel Neimond Lazaro. (2021, April 16). XCSSET Quickly Adapts to macOS 11 and M1-based Macs. Retrieved February 18, 2025.","url":"https://www.trendmicro.com/en_us/research/21/d/xcsset-quickly-adapts-to-macos-11-and-m1-based-macs.html","source":"MITRE","title":"XCSSET Quickly Adapts to macOS 11 and M1-based Macs","authors":"Steven Du, Dechao Zhao, Luis Magisa, Ariel Neimond Lazaro","date_accessed":"2025-02-18T00:00:00Z","date_published":"2021-04-16T00:00:00Z","owner_name":null,"tidal_id":"5e5f6ee2-040d-5987-9cb7-ece1e47668ef","created":"2025-04-22T20:47:28.858129Z","modified":"2025-12-17T15:08:36.421981Z"},{"id":"45b3bc6a-bdf4-438b-8c4e-fede969f83a7","name":"Semicomplete April 24 2015","description":"Jordan Sissel. (2015, April 24). xdotool - fake keyboardmouse input, window management, and more - semicomplete. Retrieved December 19, 2024.","url":"https://www.semicomplete.com/projects/xdotool/","source":"Tidal Cyber","title":"xdotool - fake keyboardmouse input, window management, and more - semicomplete","authors":"Jordan Sissel","date_accessed":"2024-12-19T00:00:00Z","date_published":"2015-04-24T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"f8cae851-6c40-5289-8a07-9f1a4333e035","created":"2025-04-11T15:06:18.503742Z","modified":"2025-04-11T15:06:18.657741Z"},{"id":"b20fe65f-df43-4a59-af3f-43afafba15ab","name":"Dragos Xenotime 2018","description":"Dragos, Inc.. (n.d.). Xenotime. Retrieved April 16, 2019.","url":"https://dragos.com/resource/xenotime/","source":"MITRE","title":"Xenotime","authors":"Dragos, Inc.","date_accessed":"2019-04-16T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"584e6872-c47c-5b5a-8e62-3c5709d6c51f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.439423Z"},{"id":"b2900049-444a-4fe5-af1f-b9cd2cd9491c","name":"gist Arch package compromise 10JUL2018","description":"Catalin Cimpanu. (2018, July 10). ~x file downloaded in public Arch package compromise. Retrieved April 23, 2019.","url":"https://gist.github.com/campuscodi/74d0d2e35d8fd9499c76333ce027345a","source":"MITRE","title":"~x file downloaded in public Arch package compromise","authors":"Catalin Cimpanu","date_accessed":"2019-04-23T00:00:00Z","date_published":"2018-07-10T00:00:00Z","owner_name":null,"tidal_id":"0ac28f2f-cbde-5a0a-8fa2-026132675946","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424946Z"},{"id":"8bafc642-b966-5ca9-9bb2-17d9e83b5357","name":"TrendMicro-XLoader","description":"Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/","source":"Mobile","title":"XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing","authors":"Lorin Wu","date_accessed":"1978-07-01T00:00:00Z","date_published":"2018-04-19T00:00:00Z","owner_name":null,"tidal_id":"c259df4b-cc29-5c88-98ca-0062dba1fcaa","created":"2026-01-28T13:08:10.039870Z","modified":"2026-01-28T13:08:10.039874Z"},{"id":"e61986f6-7d9d-561a-9aee-429295fa8109","name":"CheckPoint XLoader 2022","description":"Alexey Bukhteyev & Raman Ladutska, Check Point Research. (2022, May 31). XLoader Botnet: Find Me If You Can. Retrieved March 11, 2025.","url":"https://research.checkpoint.com/2022/xloader-botnet-find-me-if-you-can/","source":"MITRE","title":"XLoader Botnet: Find Me If You Can","authors":"Alexey Bukhteyev & Raman Ladutska, Check Point Research","date_accessed":"2025-03-11T00:00:00Z","date_published":"2022-05-31T00:00:00Z","owner_name":null,"tidal_id":"30483d24-4552-5526-8f0f-31183ea680e0","created":"2025-04-22T20:47:28.086689Z","modified":"2025-12-17T15:08:36.420707Z"},{"id":"f9d0b5d4-0f5b-5640-8925-bdd09b85703b","name":"TrendMicro-XLoader-FakeSpy","description":"Hiroaki, H., Wu, L., Wu, L. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July","url":"https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/","source":"Mobile","title":"XLoader Disguises as Android Apps, Has FakeSpy Links","authors":"Hiroaki, H., Wu, L., Wu, L","date_accessed":"1978-07-01T00:00:00Z","date_published":"2019-04-02T00:00:00Z","owner_name":null,"tidal_id":"57fd31d3-d671-5cbe-93f0-ef69ff65f72e","created":"2026-01-28T13:08:10.039845Z","modified":"2026-01-28T13:08:10.039848Z"},{"id":"54e460e8-5e0d-5f57-9cb0-930e7ffccba3","name":"ANY.RUN XLoader 2023","description":"ANY.RUN. (2023, February 28). XLoader/FormBook: Encryption Analysis and Malware Decryption . Retrieved March 11, 2025.","url":"https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/","source":"MITRE","title":"XLoader/FormBook: Encryption Analysis and Malware Decryption","authors":"ANY.RUN","date_accessed":"2025-03-11T00:00:00Z","date_published":"2023-02-28T00:00:00Z","owner_name":null,"tidal_id":"679c84c0-a9d0-5c1c-b4c9-d6c453821f81","created":"2025-04-22T20:47:28.095583Z","modified":"2025-12-17T15:08:36.420714Z"},{"id":"1b0e143a-3c5d-4445-9a99-8e42815130ac","name":"Cyble July 01 2022","description":"Cybleinc. (2022, July 1). Xloader Returns with New Infection Technique. Retrieved May 7, 2023.","url":"https://blog.cyble.com/2022/07/01/xloader-returns-with-new-infection-technique/","source":"Tidal Cyber","title":"Xloader Returns with New Infection Technique","authors":"Cybleinc","date_accessed":"2023-05-07T00:00:00Z","date_published":"2022-07-01T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7feec860-1617-5493-96cc-45480a76340c","created":"2024-06-13T20:10:17.251393Z","modified":"2024-06-13T20:10:17.439696Z"},{"id":"fc9b3eac-a638-4b84-92ae-591bc16a845e","name":"SentinelOne 8 21 2023","description":"Dinesh Devadoss; Phil Stokes. (2023, August 21). XLoader's Latest Trick . Retrieved January 1, 2024.","url":"https://www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/","source":"Tidal Cyber","title":"XLoader's Latest Trick","authors":"Dinesh Devadoss; Phil Stokes","date_accessed":"2024-01-01T00:00:00Z","date_published":"2023-08-21T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"867efef3-3cc7-5b03-a9aa-96b682d2e0bb","created":"2024-06-13T20:11:00.100231Z","modified":"2024-06-13T20:11:00.294966Z"},{"id":"05c8909c-749c-4153-9a05-173d5d7a80a9","name":"Trend Micro Exposed Docker Server","description":"Remillano II, A., et al. (2020, June 20). XORDDoS, Kaiji Variants Target Exposed Docker Servers. Retrieved April 5, 2021.","url":"https://www.trendmicro.com/en_us/research/20/f/xorddos-kaiji-botnet-malware-variants-target-exposed-docker-servers.html","source":"MITRE","title":"XORDDoS, Kaiji Variants Target Exposed Docker Servers","authors":"Remillano II, A., et al","date_accessed":"2021-04-05T00:00:00Z","date_published":"2020-06-20T00:00:00Z","owner_name":null,"tidal_id":"006f2daf-bf19-5c04-ab6e-7843f0d94ea7","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.425076Z"},{"id":"1945b8b2-de29-4f7a-8957-cc96fbad3b11","name":"Microsoft xp_cmdshell 2017","description":"Microsoft. (2017, March 15). xp_cmdshell (Transact-SQL). Retrieved September 9, 2019.","url":"https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/xp-cmdshell-transact-sql?view=sql-server-2017","source":"MITRE","title":"xp_cmdshell (Transact-SQL)","authors":"Microsoft","date_accessed":"2019-09-09T00:00:00Z","date_published":"2017-03-15T00:00:00Z","owner_name":null,"tidal_id":"9a9f2a91-80d6-56cb-aea4-7db6208c323b","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436694Z"},{"id":"2f39d112-e777-4d87-9674-38a426b2cf34","name":"xsd.exe - LOLBAS Project","description":"LOLBAS. (2024, April 9). xsd.exe. Retrieved May 19, 2025.","url":"https://lolbas-project.github.io/lolbas/OtherMSBinaries/xsd/","source":"Tidal Cyber","title":"xsd.exe","authors":"LOLBAS","date_accessed":"2025-05-19T00:00:00Z","date_published":"2024-04-09T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"1a548166-13fe-5692-ae4d-3a270cc877c3","created":"2025-05-20T16:19:08.089477Z","modified":"2025-05-20T16:19:08.243673Z"},{"id":"7ff47640-2a98-4a55-939a-ab6c8c8d2d09","name":"Microsoft XSLT Script Mar 2017","description":"Wenzel, M. et al. (2017, March 30). XSLT Stylesheet Scripting Using . Retrieved July 3, 2018.","url":"https://docs.microsoft.com/dotnet/standard/data/xml/xslt-stylesheet-scripting-using-msxsl-script","source":"MITRE","title":"XSLT Stylesheet Scripting Using ","authors":"Wenzel, M. et al","date_accessed":"2018-07-03T00:00:00Z","date_published":"2017-03-30T00:00:00Z","owner_name":null,"tidal_id":"b3bfaea8-4b2d-5256-918a-38829e827912","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.436223Z"},{"id":"573df5d1-83e7-4437-bdad-604f093b3cfd","name":"Xwizard.exe - LOLBAS Project","description":"LOLBAS. (2018, May 25). Xwizard.exe. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Binaries/Xwizard/","source":"Tidal Cyber","title":"Xwizard.exe","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"600e28bb-ec95-50d3-a1fe-b5a52162de9b","created":"2024-01-12T14:47:08.375850Z","modified":"2024-01-12T14:47:08.564198Z"},{"id":"3a396064-d3a4-4923-a8b7-8b4395d0a5ef","name":"Forcepoint September 26 2025 09 26 2025","description":"Prashant Kumar. (2025, September 26). XWorm RAT Delivered via Shellcode | Multi-Stage Attack Analysis. Retrieved October 3, 2025.","url":"https://www.forcepoint.com/blog/x-labs/xworm-rat-shellcode-multi-stage-analysis","source":"Tidal Cyber","title":"XWorm RAT Delivered via Shellcode | Multi-Stage Attack Analysis","authors":"Prashant Kumar","date_accessed":"2025-10-03T12:00:00Z","date_published":"2025-09-26T12:00:00Z","owner_name":"TidalCyberIan","tidal_id":"ab87ffad-594e-55e2-9126-4b74ce16a062","created":"2025-10-07T14:06:57.329167Z","modified":"2025-10-07T14:06:57.465482Z"},{"id":"615d7744-327e-4f14-bce0-a16c352e7486","name":"Linux kernel Yama","description":"Linux Kernel Archives. (n.d.). Yama Documentation - ptrace_scope. Retrieved December 20, 2017.","url":"https://www.kernel.org/doc/Documentation/security/Yama.txt","source":"MITRE","title":"Yama Documentation - ptrace_scope","authors":"Linux Kernel Archives","date_accessed":"2017-12-20T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"e89e778e-008e-5a51-a6aa-029d9f973a9f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-04-22T20:47:33.323308Z"},{"id":"c627e572-31dd-5841-a8c1-ad29e0118e39","name":"AndroidSecurity2014","description":"Google. (2014). Android Security. (2014). Year in Review. Retrieved December","url":"https://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2014_Report_Final.pdf","source":"Mobile","title":"Year in Review","authors":"Google. (2014). Android Security","date_accessed":"1978-12-01T00:00:00Z","date_published":"2014-01-01T00:00:00Z","owner_name":null,"tidal_id":"ccf1510c-8c97-57e3-937a-136b1f6ccb7e","created":"2026-01-28T13:08:10.045035Z","modified":"2026-01-28T13:08:10.045038Z"},{"id":"f97537c2-f080-4438-8728-4d2a91388132","name":"Red Canary Yellow Cockatoo June 2022","description":"RED CANARY INTELLIGENCE. (2022, June 7). Yellow Cockatoo: Search engine redirects, in-memory remote access trojan, and more. Retrieved May 10, 2023.","url":"https://redcanary.com/blog/yellow-cockatoo/","source":"Tidal Cyber","title":"Yellow Cockatoo: Search engine redirects, in-memory remote access trojan, and more","authors":"RED CANARY INTELLIGENCE","date_accessed":"2023-05-10T00:00:00Z","date_published":"2022-06-07T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"7c2c49cc-ff31-541e-a493-54d86ba67466","created":"2024-06-13T20:10:21.089128Z","modified":"2024-06-13T20:10:21.286072Z"},{"id":"b6544ea7-befa-53ae-95fa-5c227c848c46","name":"PwC Yellow Liderc","description":"PwC Threat Intelligence. (2023, October 25). Yellow Liderc ships its scripts and delivers IMAPLoader malware. Retrieved March 29, 2024.","url":"https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/yellow-liderc-ships-its-scripts-delivers-imaploader-malware.html","source":"MITRE","title":"Yellow Liderc ships its scripts and delivers IMAPLoader malware","authors":"PwC Threat Intelligence","date_accessed":"2024-03-29T00:00:00Z","date_published":"2023-10-25T00:00:00Z","owner_name":null,"tidal_id":"73a7a20f-97b5-5809-beeb-e15831705ea3","created":"2024-04-25T13:28:32.572194Z","modified":"2025-12-17T15:08:36.427581Z"},{"id":"e473a371-2f34-5391-8888-42082b0a1904","name":"PWC Yellow Liderc 2023","description":"PwC Threat Intelligence. (2023, October 25). Yellow Liderc ships its scripts and delivers IMAPLoader malware. Retrieved August 14, 2024.","url":"https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/yellow-liderc-ships-its-scripts-delivers-imaploader-malware.html","source":"MITRE","title":"Yellow Liderc ships its scripts and delivers IMAPLoader malware","authors":"PwC Threat Intelligence","date_accessed":"2024-08-14T00:00:00Z","date_published":"2023-10-25T00:00:00Z","owner_name":null,"tidal_id":"22420e5e-72e8-58ff-8e31-dc48c51ab6db","created":"2024-10-31T16:28:29.505811Z","modified":"2025-12-17T15:08:36.417629Z"},{"id":"cbeaf9b5-865f-44a1-a913-9eec28d7a5ff","name":"PwC Yellow Liderc October 25 2023","description":"PwC Threat Intelligence. (2023, October 25). Yellow Liderc ships its scripts and delivers IMAPLoader malware. Retrieved October 25, 2023.","url":"https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/yellow-liderc-ships-its-scripts-delivers-imaploader-malware.html","source":"Tidal Cyber","title":"Yellow Liderc ships its scripts and delivers IMAPLoader malware","authors":"PwC Threat Intelligence","date_accessed":"2023-10-25T00:00:00Z","date_published":"2023-10-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"c2933d7d-cd6f-56e5-96eb-b623af43f1d6","created":"2024-06-13T20:10:43.371425Z","modified":"2024-06-13T20:10:43.558151Z"},{"id":"2ccb530d-cbf4-5979-be85-cb2643679868","name":"paloalto_yispecter_1015","description":"Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March","url":"https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/","source":"Mobile","title":"YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs","authors":"Claud Xiao","date_accessed":"1978-03-01T00:00:00Z","date_published":"2015-10-04T00:00:00Z","owner_name":null,"tidal_id":"655f9809-f61b-531b-a7c1-25bf757cacb3","created":"2026-01-28T13:08:10.041294Z","modified":"2026-01-28T13:08:10.041297Z"},{"id":"e141408e-d22b-58e4-884f-0cbff25444da","name":"Mandiant APT29 Microsoft 365 2022","description":"Douglas Bienstock. (2022, August 18). You Can’t Audit Me: APT29 Continues Targeting Microsoft 365. Retrieved February 23, 2023.","url":"https://www.mandiant.com/resources/blog/apt29-continues-targeting-microsoft","source":"MITRE","title":"You Can’t Audit Me: APT29 Continues Targeting Microsoft 365","authors":"Douglas Bienstock","date_accessed":"2023-02-23T00:00:00Z","date_published":"2022-08-18T00:00:00Z","owner_name":null,"tidal_id":"77db7259-2688-53eb-9642-e44ce0c1dda1","created":"2023-05-26T01:21:07.484322Z","modified":"2025-12-17T15:08:36.423984Z"},{"id":"e01a6d46-5b38-42df-bd46-3995d38bb60e","name":"BlackHat Mac OSX Rootkit","description":"Pan, M., Tsai, S. (2014). You can’t see me: A Mac OS X Rootkit uses the tricks you haven't known yet. Retrieved December 21, 2017.","url":"http://www.blackhat.com/docs/asia-14/materials/Tsai/WP-Asia-14-Tsai-You-Cant-See-Me-A-Mac-OS-X-Rootkit-Uses-The-Tricks-You-Havent-Known-Yet.pdf","source":"MITRE","title":"You can’t see me: A Mac OS X Rootkit uses the tricks you haven't known yet","authors":"Pan, M., Tsai, S","date_accessed":"2017-12-21T00:00:00Z","date_published":"2014-01-01T00:00:00Z","owner_name":null,"tidal_id":"7e88a6dd-5f4a-502a-acaa-1010697c3b16","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.424797Z"},{"id":"6a765a99-8d9f-4076-8741-6415a5ab918b","name":"Malwarebytes DarkComet March 2018","description":"Kujawa, A. (2018, March 27). You dirty RAT! Part 1: DarkComet. Retrieved November 6, 2018.","url":"https://blog.malwarebytes.com/threat-analysis/2012/06/you-dirty-rat-part-1-darkcomet/","source":"MITRE","title":"You dirty RAT! Part 1: DarkComet","authors":"Kujawa, A","date_accessed":"2018-11-06T00:00:00Z","date_published":"2018-03-27T00:00:00Z","owner_name":null,"tidal_id":"ab37d2eb-354f-5bf0-a2c4-3ff86830a599","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418637Z"},{"id":"3e299bbd-ef03-517a-95a6-4cbfb6eb2369","name":"Cybereason LumaStealer Undated","description":"Cybereaon Security Services Team. (n.d.). Your Data Is Under New Lummanagement: The Rise of LummaStealer. Retrieved March 22, 2025.","url":"https://www.cybereason.com/blog/threat-analysis-rise-of-lummastealer","source":"MITRE","title":"Your Data Is Under New Lummanagement: The Rise of LummaStealer","authors":"Cybereaon Security Services Team","date_accessed":"2025-03-22T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"b117c6c4-0018-5e7c-9e1e-29eaa78bd5dd","created":"2025-04-22T20:47:27.380453Z","modified":"2025-12-17T15:08:36.419299Z"},{"id":"a86e18d7-5107-559d-87f0-17833e928592","name":"ZimperiumOrtegaPratapagiri_GodFather_Jun2025","description":"Ortega, F. Pratapagiri, V. (2025, June 18). Your Mobile App, Their Playground: The Dark Side of Virtualization. Retrieved July","url":"https://zimperium.com/blog/your-mobile-app-their-playground-the-dark-side-of-the-virtualization","source":"Mobile","title":"Your Mobile App, Their Playground: The Dark Side of Virtualization","authors":"Ortega, F. Pratapagiri, V","date_accessed":"1978-07-01T00:00:00Z","date_published":"2025-06-18T00:00:00Z","owner_name":null,"tidal_id":"6ee9c4e7-86bd-58f9-a43a-97d74b725b5a","created":"2026-01-28T13:08:10.041617Z","modified":"2026-01-28T13:08:10.041620Z"},{"id":"0af1795c-9cdd-43fa-8184-73f33d9f5366","name":"FireEye Mail CDS 2018","description":"Caban, D. and Hirani, M. (2018, October 3). You’ve Got Mail! Enterprise Email Compromise. Retrieved November 17, 2024.","url":"https://web.archive.org/web/20190508170121/https://summit.fireeye.com/content/dam/fireeye-www/summit/cds-2018/presentations/cds18-technical-s03-youve-got-mail.pdf","source":"MITRE","title":"You’ve Got Mail! Enterprise Email Compromise","authors":"Caban, D. and Hirani, M","date_accessed":"2024-11-17T00:00:00Z","date_published":"2018-10-03T00:00:00Z","owner_name":null,"tidal_id":"ab7b1abc-f5a0-5ad2-9b33-ddc1c3206637","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.427500Z"},{"id":"332344c1-cfa5-4648-8e09-394b15725098","name":"Man7.org December 28 2009","description":"Man7.org. (2009, December 28). yum-versionlock — Linux manual page. Retrieved December 19, 2024.","url":"https://man7.org/linux/man-pages/man1/yum-versionlock.1.html","source":"Tidal Cyber","title":"yum-versionlock — Linux manual page","authors":"Man7.org","date_accessed":"2024-12-19T00:00:00Z","date_published":"2009-12-28T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"670d8c2c-138b-50ef-b579-2032c988917b","created":"2025-04-11T15:06:23.483384Z","modified":"2025-04-11T15:06:23.642063Z"},{"id":"77788d05-30ff-4308-82e6-d123a3c2fd80","name":"US District Court Indictment GRU Unit 74455 October 2020","description":"Scott W. Brady. (2020, October 15). United States vs. Yuriy Sergeyevich Andrienko et al.. Retrieved November 25, 2020.","url":"https://www.justice.gov/opa/press-release/file/1328521/download","source":"MITRE","title":"Yuriy Sergeyevich Andrienko et al.","authors":"Scott W. Brady. (2020, October 15)","date_accessed":"2020-11-25T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"167dfea4-7b71-50cc-a8b0-30b9713f4eac","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.417760Z"},{"id":"a2c395c6-12c4-52ba-ae7e-4aaccfe66033","name":"Zack Whittaker April 2017","description":"Zack Whittaker 2017, April 12 Dallas' emergency sirens were hacked with a rogue radio signal. Retrieved 2020/11/06","url":"https://www.zdnet.com/article/experts-think-they-know-how-dallas-emergency-sirens-were-hacked/","source":"ICS","title":"Zack Whittaker April 2017","authors":"","date_accessed":"2020-01-01T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"78949ed1-d7b4-569c-a4ba-ae0b5b9232a7","created":"2026-01-28T13:08:18.177031Z","modified":"2026-01-28T13:08:18.177034Z"},{"id":"41b51767-62f1-45c2-98cb-47c44c975a58","name":"Sophos ZeroAccess","description":"Wyke, J. (2012, April). ZeroAccess. Retrieved July 18, 2016.","url":"https://sophosnews.files.wordpress.com/2012/04/zeroaccess2.pdf","source":"MITRE","title":"ZeroAccess","authors":"Wyke, J","date_accessed":"2016-07-18T00:00:00Z","date_published":"2012-04-01T00:00:00Z","owner_name":null,"tidal_id":"7775050e-e814-56e9-9a1f-067995146203","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.418693Z"},{"id":"2f5c6e28-ba86-537b-b71b-4a7625b8d41e","name":"Volexity UPSTYLE 2024","description":"Volexity Threat Research. (2024, April 12). Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400). Retrieved November 20, 2024.","url":"https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/","source":"MITRE","title":"Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)","authors":"Volexity Threat Research","date_accessed":"2024-11-20T00:00:00Z","date_published":"2024-04-12T00:00:00Z","owner_name":null,"tidal_id":"8615e1af-473f-5933-93de-09c3b1fc003c","created":"2025-04-22T20:47:21.705304Z","modified":"2025-12-17T15:08:36.417395Z"},{"id":"c0d192d7-6269-52eb-b971-e550b2f45d17","name":"Volexity GlobalProtect CVE 2024","description":"Volexity Threat Research. (2024, April 12). Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400). Retrieved May 22, 2025.","url":"https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/","source":"MITRE","title":"Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)","authors":"Volexity Threat Research","date_accessed":"2025-05-22T00:00:00Z","date_published":"2024-04-12T00:00:00Z","owner_name":null,"tidal_id":"e8bf3857-b8a5-5d51-add9-9ce401febe5f","created":"2025-10-29T21:08:48.166485Z","modified":"2025-12-17T15:08:36.434449Z"},{"id":"232c7555-0483-4a57-88cb-71a990f7d683","name":"Mandiant MOVEit Transfer June 2 2023","description":"Nader Zaveri, Jeremy Kennelly, Genevieve Stark, Matthew Mcwhirt, Dan Nutting, Kimberly Goody, Justin Moore, Joe Pisano, Zander Work, Peter Ukhanov, Juraj Sucik, Will Silverstone, Zach Schramm, Greg Blaum, Ollie Styles, Nicholas Bennett, Josh Murchie. (2023, June 2). Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft. Retrieved June 16, 2023.","url":"https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft","source":"Tidal Cyber","title":"Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft","authors":"Nader Zaveri, Jeremy Kennelly, Genevieve Stark, Matthew Mcwhirt, Dan Nutting, Kimberly Goody, Justin Moore, Joe Pisano, Zander Work, Peter Ukhanov, Juraj Sucik, Will Silverstone, Zach Schramm, Greg Blaum, Ollie Styles, Nicholas Bennett, Josh Murchie","date_accessed":"2023-06-16T00:00:00Z","date_published":"2023-06-02T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"981e7990-35c2-5041-a1d0-97ae42cbb830","created":"2023-07-28T16:33:34.712365Z","modified":"2023-07-28T16:33:34.823433Z"},{"id":"38fbd993-de98-49e9-8437-bc6a1493d6ed","name":"Kaspersky RTLO Cyber Crime","description":"Firsh, A.. (2018, February 13). Zero-day vulnerability in Telegram - Cybercriminals exploited Telegram flaw to launch multipurpose attacks. Retrieved April 22, 2019.","url":"https://securelist.com/zero-day-vulnerability-in-telegram/83800/","source":"MITRE","title":"Zero-day vulnerability in Telegram - Cybercriminals exploited Telegram flaw to launch multipurpose attacks","authors":"Firsh, A.","date_accessed":"2019-04-22T00:00:00Z","date_published":"2018-02-13T00:00:00Z","owner_name":null,"tidal_id":"6f536541-4831-553c-8fa0-f45d9eb4dcea","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431384Z"},{"id":"3ddc68b4-53f1-4fa5-b7f3-4e5d7d9661f2","name":"DOJ APT10 Dec 2018","description":"United States District Court Southern District of New York (USDC SDNY) . (2018, December 17). United States of America v. Zhu Hua and Zhang Shilong. Retrieved April 17, 2019.","url":"https://www.justice.gov/opa/pr/two-chinese-hackers-associated-ministry-state-security-charged-global-computer-intrusion","source":"MITRE, Tidal Cyber","title":"Zhu Hua and Zhang Shilong","authors":"United States District Court Southern District of New York (USDC SDNY) . (2018, December 17)","date_accessed":"2019-04-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"025a6986-b8bb-5c08-ab59-6ef9af9b76dd","created":"2022-12-14T20:06:32.013016Z","modified":"2025-10-29T21:08:53.279298Z"},{"id":"79ccbc74-b9c4-4dc8-91ae-1d15c4db563b","name":"District Court of NY APT10 Indictment December 2018","description":"US District Court Southern District of New York. (2018, December 17). United States v. Zhu Hua Indictment. Retrieved December 17, 2020.","url":"https://www.justice.gov/opa/page/file/1122671/download","source":"MITRE","title":"Zhu Hua Indictment","authors":"US District Court Southern District of New York. (2018, December 17)","date_accessed":"2020-12-17T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"3ee7d098-4337-5d3d-897a-ada900f65f9f","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.438699Z"},{"id":"94c7bfce-61e6-51e0-84a5-2894ef1f2875","name":"lolbas project Zipfldr.dll","description":"lolbas project. (n.d.). Zipfldr.dll. Retrieved October 5, 2025.","url":"https://lolbas-project.github.io/lolbas/Libraries/Zipfldr/","source":"MITRE","title":"Zipfldr.dll","authors":"lolbas project","date_accessed":"2025-10-05T00:00:00Z","date_published":null,"owner_name":null,"tidal_id":"8912ddd1-3cc9-5cbe-be34-38126e43507d","created":"2025-10-29T21:08:48.165393Z","modified":"2025-12-17T15:08:36.424076Z"},{"id":"3bee0640-ea48-4164-be57-ac565d8cbea7","name":"Zipfldr.dll - LOLBAS Project","description":"LOLBAS. (2018, May 25). Zipfldr.dll. Retrieved December 4, 2023.","url":"https://lolbas-project.github.io/lolbas/Libraries/Zipfldr/","source":"Tidal Cyber","title":"Zipfldr.dll","authors":"LOLBAS","date_accessed":"2023-12-04T00:00:00Z","date_published":"2018-05-25T00:00:00Z","owner_name":"TidalCyberIan","tidal_id":"e0462ebd-83ed-507d-a00a-afd7c729f28e","created":"2024-01-12T14:47:16.034903Z","modified":"2024-01-12T14:47:16.206407Z"},{"id":"982bcacc-afb2-4bbb-9197-f44d765b9e07","name":"Zlib Github","description":"madler. (2017). zlib. Retrieved February 20, 2020.","url":"https://github.com/madler/zlib","source":"MITRE","title":"zlib","authors":"madler","date_accessed":"2020-02-20T00:00:00Z","date_published":"2017-01-01T00:00:00Z","owner_name":null,"tidal_id":"b5b82a6a-eb4d-5059-847c-f80254fbc7de","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.428525Z"},{"id":"2efbb7be-3ca1-444a-8584-7ceb08101e74","name":"Microsoft Zone.Identifier 2020","description":"Microsoft. (2020, August 31). Zone.Identifier Stream Name. Retrieved February 22, 2021.","url":"https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fscc/6e3f7352-d11c-4d76-8c39-2516a9df36e8","source":"MITRE","title":"Zone.Identifier Stream Name","authors":"Microsoft","date_accessed":"2021-02-22T00:00:00Z","date_published":"2020-08-31T00:00:00Z","owner_name":null,"tidal_id":"d72f7c8c-078b-5b68-8144-d641703cca31","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.431756Z"},{"id":"4922dbb5-d3fd-4bf2-8af7-3b8889579c31","name":"Sysdig Kinsing November 2020","description":"Huang, K. (2020, November 23). Zoom into Kinsing. Retrieved April 1, 2021.","url":"https://sysdig.com/blog/zoom-into-kinsing-kdevtmpfsi/","source":"MITRE","title":"Zoom into Kinsing","authors":"Huang, K","date_accessed":"2021-04-01T00:00:00Z","date_published":"2020-11-23T00:00:00Z","owner_name":null,"tidal_id":"51cafbdc-af1d-5a26-9d15-1de31b069b65","created":"2022-12-14T20:06:32.013016Z","modified":"2025-12-17T15:08:36.421802Z"}]}