Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-06-25GdataFlorian Roth, Johann Aydinbas, Karsten Hahn, Takahiro Haruyama
Microsoft signed a malicious Netfilter rootkit
NetfilterRootkit
2021-06-17struppigelKarsten Hahn
Tweet on Network filter rootkit driver signed by Microsoft
2021-06-14MicrosoftMicrosoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC)
Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign
2021-06-11Twitter (@MsftSecIntel)Microsoft Security Intelligence
Tweet on solarmarker/Jupyter malware
solarmarker
2021-06-08MicrosoftYossi Weizman
New large-scale campaign targets Kubeflow
2021-06-08The RecordCatalin Cimpanu
Microsoft patches six Windows zero-days, including a commercial exploit
2021-06-01MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
New sophisticated email-based attack from NOBELIUM
Cobalt Strike
2021-05-30MicrosoftTom Burt
Defend and deter
2021-05-28MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
Breaking down NOBELIUM’s latest early-stage toolset
BOOMBOX Cobalt Strike
2021-05-27MicrosoftTom Burt
Another Nobelium Cyberattack
2021-05-21LACYoshihiro Ishikawa
Targeted attack by 'Cobalt Strike loader' that exploits Microsoft's digital signature-Attacker group APT41
Cobalt Strike DUSTPAN
2021-05-21blackarrowPablo Ambite
Leveraging Microsoft Teams to persist and cover up Cobalt Strike traffic
Cobalt Strike
2021-05-20MicrosoftMicrosoft 365 Defender Threat Intelligence Team
Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment
Phorpiex
2021-05-20Github (microsoft)Microsoft
Microsoft 365 Defender Hunting Queries for hunting multiple threat actors' TTPs and malwares
STRRAT OceanLotus BabyShark Elise Revenge RAT WastedLocker Zebrocy
2021-05-20Twitter (@MsftSecIntel)Microsoft Security Intelligence
Tweet on Java-based STRRAT malware campaign distributed via email
STRRAT
2021-05-12MicrosoftMicrosoft
Incident response playbooks
2021-05-11Twitter (@MsftSecIntel)Microsoft Security Intelligence
Tweet on Snip3 crypter delivering AsyncRAT or AgentTesla
Agent Tesla AsyncRAT
2021-05-07Cisco TalosAndrew Windsor, Caitlin Huey, Edmund Brumaghin
Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs
CHINACHOPPER Cobalt Strike Lemon Duck
2021-05-07SophosLabs UncutRajesh Nataraj
New Lemon Duck variants exploiting Microsoft Exchange Server
CHINACHOPPER Cobalt Strike Lemon Duck
2021-05-07MicrosoftMicrosoft
Human operated ransomware