Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-18MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20211118:iranian:911ab04, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{Iranian targeting of IT sector on the rise}}, date = {2021-11-18}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/18/iranian-targeting-of-it-sector-on-the-rise/}, language = {English}, urldate = {2021-11-19} } Iranian targeting of IT sector on the rise
MimiKatz ShellClient RAT
2021-11-16MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20211116:evolving:9bd9d2e, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021}}, date = {2021-11-16}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/16/evolving-trends-in-iranian-threat-actor-activity-mstic-presentation-at-cyberwarcon-2021/}, language = {English}, urldate = {2021-11-17} } Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021
2021-11-08MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20211108:threat:0d18523, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus}}, date = {2021-11-08}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/08/threat-actor-dev-0322-exploiting-zoho-manageengine-adselfservice-plus/}, language = {English}, urldate = {2021-11-09} } Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus
2021-10-25MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20211025:nobelium:ce29e06, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{NOBELIUM targeting delegated administrative privileges to facilitate broader attacks}}, date = {2021-10-25}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks/}, language = {English}, urldate = {2021-11-02} } NOBELIUM targeting delegated administrative privileges to facilitate broader attacks
2021-10-11MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20211011:iranlinked:0d8f98a, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors}}, date = {2021-10-11}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/10/11/iran-linked-dev-0343-targeting-defense-gis-and-maritime-sectors/}, language = {English}, urldate = {2021-10-26} } Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors
2021-09-27MicrosoftRamin Nafisi, Microsoft Threat Intelligence Center (MSTIC)
@online{nafisi:20210927:foggyweb:3a85efc, author = {Ramin Nafisi and Microsoft Threat Intelligence Center (MSTIC)}, title = {{FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor}}, date = {2021-09-27}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/}, language = {English}, urldate = {2021-09-28} } FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor
2021-09-15MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20210915:analyzing:37b6528, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability}}, date = {2021-09-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/}, language = {English}, urldate = {2021-09-19} } Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
Cobalt Strike
2021-07-15MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20210715:protecting:8e27c6c, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware}}, date = {2021-07-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/07/15/protecting-customers-from-a-private-sector-offensive-actor-using-0-day-exploits-and-devilstongue-malware/}, language = {English}, urldate = {2021-07-20} } Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware
2021-07-14MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20210714:microsoft:6701699, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Microsoft delivers comprehensive solution to battle rise in consent phishing emails}}, date = {2021-07-14}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/07/14/microsoft-delivers-comprehensive-solution-to-battle-rise-in-consent-phishing-emails/}, language = {English}, urldate = {2021-07-20} } Microsoft delivers comprehensive solution to battle rise in consent phishing emails
2021-07-13MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20210713:microsoft:5394367, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Microsoft discovers threat actor (DEV-0322) targeting SolarWinds Serv-U software with 0-day exploit}}, date = {2021-07-13}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit/}, language = {English}, urldate = {2021-07-20} } Microsoft discovers threat actor (DEV-0322) targeting SolarWinds Serv-U software with 0-day exploit
2021-06-14MicrosoftMicrosoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20210614:behind:450af46, author = {Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign}}, date = {2021-06-14}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/}, language = {English}, urldate = {2021-06-16} } Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign
2021-06-01MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20210601:new:83aee4c, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{New sophisticated email-based attack from NOBELIUM}}, date = {2021-06-01}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/}, language = {English}, urldate = {2021-06-09} } New sophisticated email-based attack from NOBELIUM
Cobalt Strike
2021-03-04MicrosoftRamin Nafisi, Andrea Lelli, Microsoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{nafisi:20210304:goldmax:3fa3f68, author = {Ramin Nafisi and Andrea Lelli and Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence}}, date = {2021-03-04}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware}, language = {English}, urldate = {2021-03-06} } GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
SUNBURST TEARDROP UNC2452
2021-03-02MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20210302:hafnium:58ec0a0, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{HAFNIUM targeting Exchange Servers with 0-day exploits}}, date = {2021-03-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/}, language = {English}, urldate = {2021-03-04} } HAFNIUM targeting Exchange Servers with 0-day exploits
PowerCat
2021-03-02MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team, Microsoft 365 Security
@online{mstic:20210302:hafnium:c7d8588, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team and Microsoft 365 Security}, title = {{HAFNIUM targeting Exchange Servers with 0-day exploits}}, date = {2021-03-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers}, language = {English}, urldate = {2021-03-07} } HAFNIUM targeting Exchange Servers with 0-day exploits
CHINACHOPPER HAFNIUM
2021-01-28MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20210128:zinc:9c8aff4, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{ZINC attacks against security researchers}}, date = {2021-01-28}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/}, language = {English}, urldate = {2021-01-29} } ZINC attacks against security researchers
ComeBacker Klackring
2021-01-20MicrosoftMicrosoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC), Microsoft Cyber Defense Operations Center (CDOC)
@online{team:20210120:deep:1cc0551, author = {Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center (MSTIC) and Microsoft Cyber Defense Operations Center (CDOC)}, title = {{Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop}}, date = {2021-01-20}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/}, language = {English}, urldate = {2021-01-21} } Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
Cobalt Strike SUNBURST TEARDROP
2020-12-18MicrosoftMicrosoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20201218:analyzing:9486213, author = {Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers}}, date = {2020-12-18}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/}, language = {English}, urldate = {2020-12-19} } Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers
SUNBURST SUPERNOVA TEARDROP UNC2452
2020-11-30MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20201130:threat:2633df5, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Threat actor (BISMUTH) leverages coin miner techniques to stay under the radar – here’s how to spot them}}, date = {2020-11-30}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/11/30/threat-actor-leverages-coin-miner-techniques-to-stay-under-the-radar-heres-how-to-spot-them/}, language = {English}, urldate = {2020-12-01} } Threat actor (BISMUTH) leverages coin miner techniques to stay under the radar – here’s how to spot them
Cobalt Strike
2020-09-10MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20200910:strontium:eeaafcd, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{STRONTIUM: Detecting new patterns in credential harvesting}}, date = {2020-09-10}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/09/10/strontium-detecting-new-patters-credential-harvesting/}, language = {English}, urldate = {2020-09-15} } STRONTIUM: Detecting new patterns in credential harvesting
Sofacy