Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-22MicrosoftMicrosoft 365 Defender Research Team
@online{team:20220922:malicious:a32eecc, author = {Microsoft 365 Defender Research Team}, title = {{Malicious OAuth applications used to compromise email servers and spread spam}}, date = {2022-09-22}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/22/malicious-oauth-applications-used-to-compromise-email-servers-and-spread-spam/}, language = {English}, urldate = {2022-09-26} } Malicious OAuth applications used to compromise email servers and spread spam
2022-09-21MicrosoftMicrosoft 365 Defender Research Team, Shivang Desai, Abhishek Pustakala, Harshita Tripathi
@online{team:20220921:rewards:daf8b35, author = {Microsoft 365 Defender Research Team and Shivang Desai and Abhishek Pustakala and Harshita Tripathi}, title = {{Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices}}, date = {2022-09-21}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/21/rewards-plus-fake-mobile-banking-rewards-apps-lure-users-to-install-info-stealing-rat-on-android-devices/}, language = {English}, urldate = {2022-09-26} } Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices
2022-08-25MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Research Team, Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20220825:mercury:a02a670, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team and Microsoft 365 Defender Threat Intelligence Team}, title = {{MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations}}, date = {2022-08-25}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/25/mercury-leveraging-log4j-2-vulnerabilities-in-unpatched-systems-to-target-israeli-organizations}, language = {English}, urldate = {2022-08-30} } MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
MimiKatz
2022-08-18MicrosoftSuriyaraj Natarajan, Andrea Lelli, Amitrajit Banerjee, Microsoft 365 Defender Research Team
@online{natarajan:20220818:hardwarebased:3c88744, author = {Suriyaraj Natarajan and Andrea Lelli and Amitrajit Banerjee and Microsoft 365 Defender Research Team}, title = {{Hardware-based threat defense against increasingly complex cryptojackers}}, date = {2022-08-18}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/18/hardware-based-threat-defense-against-increasingly-complex-cryptojackers}, language = {English}, urldate = {2022-08-18} } Hardware-based threat defense against increasingly complex cryptojackers
2022-07-26MicrosoftMicrosoft 365 Defender Research Team
@online{team:20220726:malicious:ff5f5c0, author = {Microsoft 365 Defender Research Team}, title = {{Malicious IIS extensions quietly open persistent backdoors into servers}}, date = {2022-07-26}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/26/malicious-iis-extensions-quietly-open-persistent-backdoors-into-servers/}, language = {English}, urldate = {2022-07-28} } Malicious IIS extensions quietly open persistent backdoors into servers
CHINACHOPPER MimiKatz
2022-07-13MicrosoftJonathan Bar Or, Microsoft 365 Defender Research Team
@online{or:20220713:uncovering:7e215ef, author = {Jonathan Bar Or and Microsoft 365 Defender Research Team}, title = {{Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706}}, date = {2022-07-13}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/}, language = {English}, urldate = {2022-08-18} } Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706
2022-07-12MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Research Team
@online{mstic:20220712:from:3d3a8e3, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team}, title = {{From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud}}, date = {2022-07-12}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/}, language = {English}, urldate = {2022-07-15} } From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
2022-06-30MicrosoftMicrosoft 365 Defender Research Team
@online{team:20220630:toll:af822af, author = {Microsoft 365 Defender Research Team}, title = {{Toll fraud malware: How an Android application can drain your wallet}}, date = {2022-06-30}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/06/30/toll-fraud-malware-how-an-android-application-can-drain-your-wallet/}, language = {English}, urldate = {2022-07-05} } Toll fraud malware: How an Android application can drain your wallet
Joker
2022-06-30MicrosoftPhilip Tsukerman, Amir Kutcher, Tomer Cabouly, Microsoft 365 Defender Research Team
@online{tsukerman:20220630:using:bb8c963, author = {Philip Tsukerman and Amir Kutcher and Tomer Cabouly and Microsoft 365 Defender Research Team}, title = {{Using process creation properties to catch evasion techniques}}, date = {2022-06-30}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/06/30/using-process-creation-properties-to-catch-evasion-techniques/}, language = {English}, urldate = {2022-08-18} } Using process creation properties to catch evasion techniques
2022-05-19MicrosoftMicrosoft 365 Defender Research Team
@online{team:20220519:rise:2087702, author = {Microsoft 365 Defender Research Team}, title = {{Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices}}, date = {2022-05-19}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/}, language = {English}, urldate = {2022-05-20} } Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
XOR DDoS
2021-08-04MicrosoftMicrosoft 365 Defender Research Team
@online{team:20210804:spotting:ccfe397, author = {Microsoft 365 Defender Research Team}, title = {{Spotting brand impersonation with Swin transformers and Siamese neural networks}}, date = {2021-08-04}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/08/04/spotting-brand-impersonation-with-swin-transformers-and-siamese-neural-networks/}, language = {English}, urldate = {2021-08-06} } Spotting brand impersonation with Swin transformers and Siamese neural networks
2021-06-14MicrosoftMicrosoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20210614:behind:450af46, author = {Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign}}, date = {2021-06-14}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/}, language = {English}, urldate = {2021-06-16} } Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign
2021-04-01MicrosoftCole Sodja, Justin Carroll, Melissa Turcotte, Joshua Neil, Microsoft 365 Defender Research Team
@online{sodja:20210401:automating:d24c8aa, author = {Cole Sodja and Justin Carroll and Melissa Turcotte and Joshua Neil and Microsoft 365 Defender Research Team}, title = {{Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting}}, date = {2021-04-01}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/04/01/automating-threat-actor-tracking-understanding-attacker-behavior-for-intelligence-and-contextual-alerting/}, language = {English}, urldate = {2021-04-06} } Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting
2021-02-11MicrosoftDetection and Response Team (DART), Microsoft 365 Defender Research Team
@online{dart:20210211:web:c22c110, author = {Detection and Response Team (DART) and Microsoft 365 Defender Research Team}, title = {{Web shell attacks continue to rise}}, date = {2021-02-11}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/02/11/web-shell-attacks-continue-to-rise/}, language = {English}, urldate = {2021-02-20} } Web shell attacks continue to rise
2021-01-20MicrosoftMicrosoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC), Microsoft Cyber Defense Operations Center (CDOC)
@online{team:20210120:deep:1cc0551, author = {Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center (MSTIC) and Microsoft Cyber Defense Operations Center (CDOC)}, title = {{Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop}}, date = {2021-01-20}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/}, language = {English}, urldate = {2021-01-21} } Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
Cobalt Strike SUNBURST TEARDROP
2020-12-18MicrosoftMicrosoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20201218:analyzing:9486213, author = {Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers}}, date = {2020-12-18}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/}, language = {English}, urldate = {2020-12-19} } Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers
SUNBURST SUPERNOVA TEARDROP UNC2452
2020-12-10MicrosoftMicrosoft 365 Defender Research Team
@online{team:20201210:widespread:c2b943e, author = {Microsoft 365 Defender Research Team}, title = {{Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers}}, date = {2020-12-10}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/12/10/widespread-malware-campaign-seeks-to-silently-inject-ads-into-search-results-affects-multiple-browsers/}, language = {English}, urldate = {2020-12-11} } Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers
2020-12-09MicrosoftMicrosoft 365 Defender Research Team
@online{team:20201209:edr:c8811f1, author = {Microsoft 365 Defender Research Team}, title = {{EDR in block mode stops IcedID cold}}, date = {2020-12-09}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/12/09/edr-in-block-mode-stops-icedid-cold/}, language = {English}, urldate = {2020-12-11} } EDR in block mode stops IcedID cold
IcedID