Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-10-21MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20211021:frankenphish:0b9f2e9, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Franken-phish: TodayZoo built from other phishing kits}}, date = {2021-10-21}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/10/21/franken-phish-todayzoo-built-from-other-phishing-kits/}, language = {English}, urldate = {2021-10-26} } Franken-phish: TodayZoo built from other phishing kits
2021-09-21MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210921:catching:4621a10, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Catching the big fish: Analyzing a large-scale phishing-as-a-service operation}}, date = {2021-09-21}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/09/21/catching-the-big-fish-analyzing-a-large-scale-phishing-as-a-service-operation/}, language = {English}, urldate = {2021-09-22} } Catching the big fish: Analyzing a large-scale phishing-as-a-service operation
2021-09-15MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20210915:analyzing:37b6528, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability}}, date = {2021-09-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/}, language = {English}, urldate = {2021-09-19} } Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
Cobalt Strike
2021-08-26MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210826:widespread:16ba3cc, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Widespread credential phishing campaign abuses open redirector links}}, date = {2021-08-26}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/}, language = {English}, urldate = {2021-08-31} } Widespread credential phishing campaign abuses open redirector links
2021-07-29MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210729:bazacall:8d79cdf, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{BazaCall: Phony call centers lead to exfiltration and ransomware}}, date = {2021-07-29}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/07/29/bazacall-phony-call-centers-lead-to-exfiltration-and-ransomware/}, language = {English}, urldate = {2021-08-02} } BazaCall: Phony call centers lead to exfiltration and ransomware
BazarBackdoor Cobalt Strike
2021-07-29MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210729:when:5d75299, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks}}, date = {2021-07-29}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/07/29/when-coin-miners-evolve-part-2-hunting-down-lemonduck-and-lemoncat-attacks/}, language = {English}, urldate = {2021-08-02} } When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks
2021-07-22MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210722:when:d734e91, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure}}, date = {2021-07-22}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/}, language = {English}, urldate = {2021-07-22} } When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
2021-06-01MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20210601:new:83aee4c, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{New sophisticated email-based attack from NOBELIUM}}, date = {2021-06-01}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/}, language = {English}, urldate = {2021-06-09} } New sophisticated email-based attack from NOBELIUM
Cobalt Strike
2021-05-20MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210520:phorpiex:1a8fb3c, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment}}, date = {2021-05-20}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/05/20/phorpiex-morphs-how-a-longstanding-botnet-persists-and-thrives-in-the-current-threat-environment/}, language = {English}, urldate = {2021-05-26} } Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment
Phorpiex
2021-04-09MicrosoftEmily Hacker, Justin Carroll, Microsoft 365 Defender Threat Intelligence Team
@online{hacker:20210409:investigating:2b6f30a, author = {Emily Hacker and Justin Carroll and Microsoft 365 Defender Threat Intelligence Team}, title = {{Investigating a unique “form” of email delivery for IcedID malware}}, date = {2021-04-09}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/04/09/investigating-a-unique-form-of-email-delivery-for-icedid-malware/}, language = {English}, urldate = {2021-04-12} } Investigating a unique “form” of email delivery for IcedID malware
IcedID
2021-03-25MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210325:analyzing:d9ddef0, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Analyzing attacks taking advantage of the Exchange Server vulnerabilities}}, date = {2021-03-25}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/25/analyzing-attacks-taking-advantage-of-the-exchange-server-vulnerabilities/}, language = {English}, urldate = {2021-03-30} } Analyzing attacks taking advantage of the Exchange Server vulnerabilities
CHINACHOPPER
2021-03-04MicrosoftRamin Nafisi, Andrea Lelli, Microsoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{nafisi:20210304:goldmax:3fa3f68, author = {Ramin Nafisi and Andrea Lelli and Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence}}, date = {2021-03-04}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware}, language = {English}, urldate = {2021-03-06} } GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
SUNBURST TEARDROP UNC2452
2021-03-02MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team, Microsoft 365 Security
@online{mstic:20210302:hafnium:c7d8588, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team and Microsoft 365 Security}, title = {{HAFNIUM targeting Exchange Servers with 0-day exploits}}, date = {2021-03-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers}, language = {English}, urldate = {2021-03-07} } HAFNIUM targeting Exchange Servers with 0-day exploits
CHINACHOPPER HAFNIUM
2021-02-01MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210201:what:2e12897, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{What tracking an attacker email infrastructure tells us about persistent cybercriminal operations}}, date = {2021-02-01}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/02/01/what-tracking-an-attacker-email-infrastructure-tells-us-about-persistent-cybercriminal-operations/}, language = {English}, urldate = {2021-02-02} } What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
Dridex Emotet Makop Ransomware SmokeLoader TrickBot
2021-01-28MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20210128:zinc:9c8aff4, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{ZINC attacks against security researchers}}, date = {2021-01-28}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/}, language = {English}, urldate = {2021-01-29} } ZINC attacks against security researchers
ComeBacker Klackring
2020-11-30MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20201130:threat:99a3844, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them}}, date = {2020-11-30}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/11/30/threat-actor-leverages-coin-miner-techniques-to-stay-under-the-radar-heres-how-to-spot-them}, language = {English}, urldate = {2020-12-15} } Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them
APT32
2020-11-30MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20201130:threat:2633df5, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Threat actor (BISMUTH) leverages coin miner techniques to stay under the radar – here’s how to spot them}}, date = {2020-11-30}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/11/30/threat-actor-leverages-coin-miner-techniques-to-stay-under-the-radar-heres-how-to-spot-them/}, language = {English}, urldate = {2020-12-01} } Threat actor (BISMUTH) leverages coin miner techniques to stay under the radar – here’s how to spot them
Cobalt Strike
2020-10-12MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20201012:trickbot:e4f086f, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Trickbot disrupted}}, date = {2020-10-12}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/10/12/trickbot-disrupted/}, language = {English}, urldate = {2020-10-12} } Trickbot disrupted
TrickBot