Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-12NetskopeGustavo Palazolo
@online{palazolo:20220112:abusing:47afdc2, author = {Gustavo Palazolo}, title = {{Abusing Microsoft Office Using Malicious Web Archive Files}}, date = {2022-01-12}, organization = {Netskope}, url = {https://www.netskope.com/blog/abusing-microsoft-office-using-malicious-web-archive-files}, language = {English}, urldate = {2022-01-18} } Abusing Microsoft Office Using Malicious Web Archive Files
2022-01-05Check PointGolan Cohen
@online{cohen:20220105:can:6a1ef46, author = {Golan Cohen}, title = {{Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk}}, date = {2022-01-05}, organization = {Check Point}, url = {https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/}, language = {English}, urldate = {2022-01-18} } Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk
Zloader
2022-01-04MicrosoftMicrosoft Detection and Response Team (DART)
@online{dart:20220104:leveraging:36a7deb, author = {Microsoft Detection and Response Team (DART)}, title = {{Leveraging the Power of KQL in Incident Response}}, date = {2022-01-04}, organization = {Microsoft}, url = {https://techcommunity.microsoft.com/t5/security-compliance-and-identity/leveraging-the-power-of-kql-in-incident-response/ba-p/3044795}, language = {English}, urldate = {2022-03-14} } Leveraging the Power of KQL in Incident Response
2021-12-09MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20211209:closer:bace4ec, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{A closer look at Qakbot’s latest building blocks (and how to knock them down)}}, date = {2021-12-09}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/12/09/a-closer-look-at-qakbots-latest-building-blocks-and-how-to-knock-them-down/}, language = {English}, urldate = {2021-12-13} } A closer look at Qakbot’s latest building blocks (and how to knock them down)
QakBot
2021-12-06MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20211206:nickel:115c365, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{NICKEL targeting government organizations across Latin America and Europe}}, date = {2021-12-06}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/12/06/nickel-targeting-government-organizations-across-latin-america-and-europe/}, language = {English}, urldate = {2021-12-08} } NICKEL targeting government organizations across Latin America and Europe
MimiKatz
2021-12-06Notice of PleadingsMicrosoft
@online{microsoft:20211206:complaint:035d577, author = {Microsoft}, title = {{Complaint filed by Microsoft against NICKEL/APT15}}, date = {2021-12-06}, organization = {Notice of Pleadings}, url = {https://noticeofpleadings.com/nickel/#}, language = {English}, urldate = {2021-12-08} } Complaint filed by Microsoft against NICKEL/APT15
MimiKatz
2021-12-06MicrosoftTom Burt
@online{burt:20211206:protecting:1e30e3d, author = {Tom Burt}, title = {{Protecting people from recent cyberattacks}}, date = {2021-12-06}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2021/12/06/cyberattacks-nickel-dcu-china/}, language = {English}, urldate = {2021-12-08} } Protecting people from recent cyberattacks
2021-12-06MandiantLuke Jenkins, Sarah Hawley, Parnian Najafi, Doug Bienstock, Luis Rocha, Marius Fodoreanu, Mitchell Clarke, Manfred Erjak, Josh Madeley, Ashraf Abdalhalim, Juraj Sucik, Wojciech Ledzion, Gabriella Roncone, Jonathan Leathery, Ben Read, Microsoft Threat Intelligence Center (MSTIC), Microsoft Detection and Response Team (DART)
@online{jenkins:20211206:suspected:d9da4ec, author = {Luke Jenkins and Sarah Hawley and Parnian Najafi and Doug Bienstock and Luis Rocha and Marius Fodoreanu and Mitchell Clarke and Manfred Erjak and Josh Madeley and Ashraf Abdalhalim and Juraj Sucik and Wojciech Ledzion and Gabriella Roncone and Jonathan Leathery and Ben Read and Microsoft Threat Intelligence Center (MSTIC) and Microsoft Detection and Response Team (DART)}, title = {{Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)}}, date = {2021-12-06}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/russian-targeting-gov-business}, language = {English}, urldate = {2021-12-07} } Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)
Cobalt Strike CryptBot
2021-12-02MicrosoftMicrosoft Threat Experts
@online{experts:20211202:structured:74127b2, author = {Microsoft Threat Experts}, title = {{Structured threat hunting: One way Microsoft Threat Experts prioritizes customer defense}}, date = {2021-12-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/12/02/structured-threat-hunting-one-way-microsoft-threat-experts-prioritizes-customer-defense/}, language = {English}, urldate = {2021-12-06} } Structured threat hunting: One way Microsoft Threat Experts prioritizes customer defense
2021-11-24safebreachTomer Bar
@online{bar:20211124:new:3fc1309, author = {Tomer Bar}, title = {{New PowerShortShell Stealer Exploits Recent Microsoft MSHTML Vulnerability to Spy on Farsi Speakers}}, date = {2021-11-24}, organization = {safebreach}, url = {https://www.safebreach.com/blog/2021/new-powershortshell-stealer-exploits-recent-microsoft-mshtml-vulnerability-to-spy-on-farsi-speakers/}, language = {English}, urldate = {2021-11-29} } New PowerShortShell Stealer Exploits Recent Microsoft MSHTML Vulnerability to Spy on Farsi Speakers
PowerShortShell
2021-11-18MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20211118:iranian:911ab04, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{Iranian targeting of IT sector on the rise}}, date = {2021-11-18}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/18/iranian-targeting-of-it-sector-on-the-rise/}, language = {English}, urldate = {2021-11-19} } Iranian targeting of IT sector on the rise
MimiKatz ShellClient RAT
2021-11-17MicrosoftPete Bryan
@online{bryan:20211117:creating:b3fac06, author = {Pete Bryan}, title = {{Creating your first Microsoft Sentinel Notebook}}, date = {2021-11-17}, organization = {Microsoft}, url = {https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/creating-your-first-microsoft-sentinel-notebook/ba-p/2977745#.YZXCGrsENGQ.twitter}, language = {English}, urldate = {2021-11-19} } Creating your first Microsoft Sentinel Notebook
2021-11-17CISAFBI, CISA, Australian Cyber Security Centre (ACSC), NCSC UK
@techreport{fbi:20211117:alert:e4ba10a, author = {FBI and CISA and Australian Cyber Security Centre (ACSC) and NCSC UK}, title = {{Alert (AA21-321A): Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities}}, date = {2021-11-17}, institution = {CISA}, url = {https://us-cert.cisa.gov/sites/default/files/publications/AA21-321A-Iranian%20Government-Sponsored%20APT%20Actors%20Exploiting%20Microsoft%20Exchange%20and%20Fortinet%20Vulnerabilities.pdf}, language = {English}, urldate = {2022-01-03} } Alert (AA21-321A): Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities
2021-11-16MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20211116:evolving:9bd9d2e, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021}}, date = {2021-11-16}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/16/evolving-trends-in-iranian-threat-actor-activity-mstic-presentation-at-cyberwarcon-2021/}, language = {English}, urldate = {2021-11-17} } Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021
2021-11-11MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20211111:html:410a27f, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks}}, date = {2021-11-11}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/}, language = {English}, urldate = {2021-11-12} } HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks
AsyncRAT Mekotio NjRAT
2021-11-10MicrosoftJohn Lambert
@online{lambert:20211110:hunt:8ab9e28, author = {John Lambert}, title = {{The hunt for NOBELIUM, the most sophisticated nation-state attack in history}}, date = {2021-11-10}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/10/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history/}, language = {English}, urldate = {2021-11-17} } The hunt for NOBELIUM, the most sophisticated nation-state attack in history
2021-11-08MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20211108:threat:0d18523, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus}}, date = {2021-11-08}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/08/threat-actor-dev-0322-exploiting-zoho-manageengine-adselfservice-plus/}, language = {English}, urldate = {2021-11-09} } Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus
2021-11-03MicrosoftCristin Goodwin
@online{goodwin:20211103:understanding:01669de, author = {Cristin Goodwin}, title = {{Understanding Nation State Threats}}, date = {2021-11-03}, organization = {Microsoft}, url = {https://myignite.microsoft.com/sessions/bab2fd78-cb64-4630-910d-559eb3c9fd5f?source=sessions}, language = {English}, urldate = {2021-11-08} } Understanding Nation State Threats
2021-11-03Cisco TalosChetan Raghuprasad, Vanja Svajcer, Caitlin Huey
@online{raghuprasad:20211103:microsoft:2b6de43, author = {Chetan Raghuprasad and Vanja Svajcer and Caitlin Huey}, title = {{Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk}}, date = {2021-11-03}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html}, language = {English}, urldate = {2021-11-03} } Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk
Babuk CHINACHOPPER
2021-11-02MicrosoftAshwin Patil
@online{patil:20211102:hunting:ff5418b, author = {Ashwin Patil}, title = {{Hunting for potential network beaconing patterns using Apache Spark via Azure Synapse – Part 1}}, date = {2021-11-02}, organization = {Microsoft}, url = {https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/hunting-for-potential-network-beaconing-patterns-using-apache/ba-p/2916179}, language = {English}, urldate = {2021-11-19} } Hunting for potential network beaconing patterns using Apache Spark via Azure Synapse – Part 1