Malpedia Library

Click here to download all references as Bib-File.•

2021-11-18 ⋅ Microsoft ⋅ Microsoft Digital Security Unit (DSU), Microsoft Threat Intelligence Center (MSTIC)
Iranian targeting of IT sector on the rise
MimiKatz ShellClient RAT Cuboid Sandstorm

2021-11-16 ⋅ Microsoft ⋅ Microsoft Threat Intelligence Center (MSTIC)
Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021

2021-11-08 ⋅ Microsoft ⋅ Microsoft Threat Intelligence Center (MSTIC)
Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus

2021-10-25 ⋅ Microsoft ⋅ Microsoft Threat Intelligence Center (MSTIC)
NOBELIUM targeting delegated administrative privileges to facilitate broader attacks

2021-10-11 ⋅ Microsoft ⋅ Microsoft Digital Security Unit (DSU), Microsoft Threat Intelligence Center (MSTIC)
Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors

2021-09-27 ⋅ Microsoft ⋅ Microsoft Threat Intelligence Center (MSTIC), Ramin Nafisi
FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor

2021-09-15 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
EXOTIC LILY

2021-07-15 ⋅ Microsoft ⋅ Microsoft Threat Intelligence Center (MSTIC)
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

2021-07-14 ⋅ Microsoft ⋅ Microsoft Threat Intelligence Center (MSTIC)
Microsoft delivers comprehensive solution to battle rise in consent phishing emails

2021-07-13 ⋅ Microsoft ⋅ Microsoft Threat Intelligence Center (MSTIC)
Microsoft discovers threat actor (DEV-0322) targeting SolarWinds Serv-U software with 0-day exploit

2021-06-14 ⋅ Microsoft ⋅ Microsoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC)
Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign

2021-06-01 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
New sophisticated email-based attack from NOBELIUM
Cobalt Strike

2021-05-28 ⋅ Microsoft ⋅ Microsoft Threat Intelligence Center (MSTIC)
Breaking down NOBELIUM’s latest early-stage toolset
BOOMBOX Cobalt Strike

2021-03-04 ⋅ Microsoft ⋅ Andrea Lelli, Microsoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC), Ramin Nafisi
GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
SUNBURST TEARDROP UNC2452

2021-03-02 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team, Microsoft 365 Security, Microsoft Threat Intelligence Center (MSTIC)
HAFNIUM targeting Exchange Servers with 0-day exploits
CHINACHOPPER HAFNIUM

2021-03-02 ⋅ Microsoft ⋅ Microsoft Threat Intelligence Center (MSTIC)
HAFNIUM targeting Exchange Servers with 0-day exploits
PowerCat

2021-01-28 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
ZINC attacks against security researchers
ComeBacker Klackring

2021-01-20 ⋅ Microsoft ⋅ Microsoft 365 Defender Research Team, Microsoft Cyber Defense Operations Center (CDOC), Microsoft Threat Intelligence Center (MSTIC)
Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
Cobalt Strike SUNBURST TEARDROP

2020-12-18 ⋅ Microsoft ⋅ Microsoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC)
Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers
SUNBURST SUPERNOVA TEARDROP UNC2452

2020-11-30 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
Threat actor (BISMUTH) leverages coin miner techniques to stay under the radar – here’s how to spot them
Cobalt Strike

2020-09-10 ⋅ Microsoft ⋅ Microsoft Threat Intelligence Center (MSTIC)
STRONTIUM: Detecting new patterns in credential harvesting
APT28