Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-05-22Bleeping ComputerBill Toulas
@online{toulas:20220522:pdf:f2a1ce7, author = {Bill Toulas}, title = {{PDF smuggles Microsoft Word doc to drop Snake Keylogger malware}}, date = {2022-05-22}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/pdf-smuggles-microsoft-word-doc-to-drop-snake-keylogger-malware/}, language = {English}, urldate = {2022-05-24} } PDF smuggles Microsoft Word doc to drop Snake Keylogger malware
404 Keylogger
2022-05-19MicrosoftMicrosoft 365 Defender Research Team
@online{team:20220519:rise:2087702, author = {Microsoft 365 Defender Research Team}, title = {{Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices}}, date = {2022-05-19}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/}, language = {English}, urldate = {2022-05-20} } Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
XOR DDoS
2022-05-17Microsoft SecurityBerman Enconado, Laurie Kirk
@online{enconado:20220517:in:c234e4d, author = {Berman Enconado and Laurie Kirk}, title = {{In hot pursuit of ‘cryware’: Defending hot wallets from attacks}}, date = {2022-05-17}, organization = {Microsoft Security}, url = {https://www.microsoft.com/security/blog/2022/05/17/in-hot-pursuit-of-cryware-defending-hot-wallets-from-attacks/}, language = {English}, urldate = {2022-05-25} } In hot pursuit of ‘cryware’: Defending hot wallets from attacks
Mars Stealer RedLine Stealer
2022-05-09MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20220509:ransomwareasaservice:13ec472, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself}}, date = {2022-05-09}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself}, language = {English}, urldate = {2022-05-17} } Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker
2022-05-06Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20220506:twitter:7a00df8, author = {Microsoft Security Intelligence}, title = {{Twitter Thread on initial infeciton of SocGholish/ FAKEUPDATES campaigns lead to BLISTER Loader, CobaltStrike, Lockbit and followed by Hands On Keyboard activity}}, date = {2022-05-06}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1522690116979855360}, language = {English}, urldate = {2022-05-09} } Twitter Thread on initial infeciton of SocGholish/ FAKEUPDATES campaigns lead to BLISTER Loader, CobaltStrike, Lockbit and followed by Hands On Keyboard activity
FAKEUPDATES Blister Cobalt Strike LockBit
2022-04-27MicrosoftMicrosoft Digital Security Unit (DSU)
@online{dsu:20220427:special:f1a2031, author = {Microsoft Digital Security Unit (DSU)}, title = {{Special Report: Ukraine An overview of Russia’s cyberattack activity in Ukraine}}, date = {2022-04-27}, organization = {Microsoft}, url = {https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd}, language = {English}, urldate = {2022-05-03} } Special Report: Ukraine An overview of Russia’s cyberattack activity in Ukraine
CaddyWiper DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate
2022-04-20Bleeping ComputerBill Toulas
@online{toulas:20220420:microsoft:c1073df, author = {Bill Toulas}, title = {{Microsoft Exchange servers hacked to deploy Hive ransomware}}, date = {2022-04-20}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-to-deploy-hive-ransomware/}, language = {English}, urldate = {2022-04-24} } Microsoft Exchange servers hacked to deploy Hive ransomware
Babuk BlackByte Conti Hive LockFile
2022-04-13MicrosoftAmy Hogan-Burney
@online{hoganburney:20220413:notorious:30afb78, author = {Amy Hogan-Burney}, title = {{Notorious cybercrime gang’s botnet disrupted}}, date = {2022-04-13}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2022/04/13/zloader-botnet-disrupted-malware-ukraine/}, language = {English}, urldate = {2022-04-15} } Notorious cybercrime gang’s botnet disrupted
Ryuk Zloader
2022-04-13MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20220413:dismantling:ace8546, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware}}, date = {2022-04-13}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/04/13/dismantling-zloader-how-malicious-ads-led-to-disabled-security-tools-and-ransomware/}, language = {English}, urldate = {2022-04-14} } Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
BlackMatter Cobalt Strike DarkSide Ryuk Zloader
2022-04-12Microsoft SecurityDetection and Response Team (DART)
@online{dart:20220412:tarrask:4789795, author = {Detection and Response Team (DART)}, title = {{Tarrask malware uses scheduled tasks for defense evasion}}, date = {2022-04-12}, organization = {Microsoft Security}, url = {https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/}, language = {English}, urldate = {2022-05-04} } Tarrask malware uses scheduled tasks for defense evasion
Godzilla Webshell
2022-04-08The Hacker NewsRavie Lakshmanan
@online{lakshmanan:20220408:microsoft:f01c170, author = {Ravie Lakshmanan}, title = {{Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine}}, date = {2022-04-08}, organization = {The Hacker News}, url = {https://thehackernews.com/2022/04/microsoft-obtains-court-order-to-take.html}, language = {English}, urldate = {2022-04-25} } Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine
HilalRAT
2022-04-07MicrosoftTom Burt
@online{burt:20220407:disrupting:8f3a3d9, author = {Tom Burt}, title = {{Disrupting cyberattacks targeting Ukraine (APT28)}}, date = {2022-04-07}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2022/04/07/cyberattacks-ukraine-strontium-russia/}, language = {English}, urldate = {2022-04-12} } Disrupting cyberattacks targeting Ukraine (APT28)
2022-04-04CloudsekAnirudh Batra
@online{batra:20220404:detailed:eb43a08, author = {Anirudh Batra}, title = {{Detailed Analysis of LAPSUS$ Cybercriminal Group that has Compromised Nvidia, Microsoft, Okta, and Globant}}, date = {2022-04-04}, organization = {Cloudsek}, url = {https://cloudsek.com/profile-lapsus-cybercriminal-group/}, language = {English}, urldate = {2022-05-25} } Detailed Analysis of LAPSUS$ Cybercriminal Group that has Compromised Nvidia, Microsoft, Okta, and Globant
2022-03-31CrowdStrikeChristopher Romano, Vaishnav Murthy
@online{romano:20220331:cloudy:15ac5c7, author = {Christopher Romano and Vaishnav Murthy}, title = {{Cloudy with a Chance of Unclear Mailbox Sync: CrowdStrike Services Identifies Logging Inconsistencies in Microsoft 365}}, date = {2022-03-31}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/crowdstrike-services-identifies-logging-inconsistencies-in-microsoft-365/}, language = {English}, urldate = {2022-04-05} } Cloudy with a Chance of Unclear Mailbox Sync: CrowdStrike Services Identifies Logging Inconsistencies in Microsoft 365
2022-03-28Bleeping ComputerBill Toulas
@online{toulas:20220328:microsoft:5bc32d1, author = {Bill Toulas}, title = {{Microsoft Exchange targeted for IcedID reply-chain hijacking attacks}}, date = {2022-03-28}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/microsoft-exchange-targeted-for-icedid-reply-chain-hijacking-attacks/}, language = {English}, urldate = {2022-03-30} } Microsoft Exchange targeted for IcedID reply-chain hijacking attacks
IcedID
2022-03-28Sentinel LABSKasif Dekel, Ronen Shustin
@online{dekel:20220328:pwning:c0427db, author = {Kasif Dekel and Ronen Shustin}, title = {{Pwning Microsoft Azure Defender for IoT | Multiple Flaws Allow Remote Code Execution for All}}, date = {2022-03-28}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/pwning-microsoft-azure-defender-for-iot-multiple-flaws-allow-remote-code-execution-for-all/}, language = {English}, urldate = {2022-03-30} } Pwning Microsoft Azure Defender for IoT | Multiple Flaws Allow Remote Code Execution for All
2022-03-24Bleeping ComputerBill Toulas
@online{toulas:20220324:malicious:560c659, author = {Bill Toulas}, title = {{Malicious Microsoft Excel add-ins used to deliver RAT malware}}, date = {2022-03-24}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/malicious-microsoft-excel-add-ins-used-to-deliver-rat-malware/}, language = {English}, urldate = {2022-03-25} } Malicious Microsoft Excel add-ins used to deliver RAT malware
JSSLoader
2022-03-24CSO OnlineJon Gold
@online{gold:20220324:microsoft:1a7616f, author = {Jon Gold}, title = {{Microsoft help files repurposed to contain Vidar malware in new campaign}}, date = {2022-03-24}, organization = {CSO Online}, url = {https://www.csoonline.com/article/3654849/microsoft-help-files-repurposed-to-contain-vidar-malware-in-new-campaign.html}, language = {English}, urldate = {2022-03-25} } Microsoft help files repurposed to contain Vidar malware in new campaign
Vidar
2022-03-24Threat PostNate Nelson
@online{nelson:20220324:microsoft:027f9d7, author = {Nate Nelson}, title = {{Microsoft Help Files Disguise Vidar Malware}}, date = {2022-03-24}, organization = {Threat Post}, url = {https://threatpost.com/microsoft-help-files-vidar-malware/179078/}, language = {English}, urldate = {2022-03-25} } Microsoft Help Files Disguise Vidar Malware
Vidar
2022-03-23SecurityAffairsPierluigi Paganini
@online{paganini:20220323:its:93ae664, author = {Pierluigi Paganini}, title = {{It’s official, Lapsus$ gang compromised a Microsoft employee’s account}}, date = {2022-03-23}, organization = {SecurityAffairs}, url = {https://securityaffairs.co/wordpress/129391/hacking/lapsus-gang-compromised-microsoft-employees-account.html}, language = {English}, urldate = {2022-03-25} } It’s official, Lapsus$ gang compromised a Microsoft employee’s account
RedLine Stealer