Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-11Twitter (@MsftSecIntel)Microsoft Threat Intelligence
Tweet on DEV-0401, DEV-0234 exploiting Confluence RCE CVE-2022-26134
Kinsing Mirai Cobalt Strike
2022-06-02MicrosoftMicrosoft Digital Security Unit (DSU), Microsoft Threat Intelligence Center (MSTIC)
Exposing POLONIUM activity and infrastructure targeting Israeli organizations
POLONIUM
2022-05-09Microsoft SecurityMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
Griffon BazarBackdoor BlackCat BlackMatter Blister Gozi LockBit Pandora Rook SystemBC TrickBot
2022-05-09MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT
2022-03-22MicrosoftDetection and Response Team (DART), Microsoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
DEV-0537 (UNC3661) criminal actor targeting organizations for data exfiltration and destruction
RedLine Stealer LAPSUS
2022-03-16MicrosoftMicrosoft Defender for IoT Research Team, Microsoft Threat Intelligence Center (MSTIC)
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
TrickBot
2022-02-04MicrosoftMicrosoft Digital Security Unit (DSU), Microsoft Threat Intelligence Center (MSTIC)
ACTINIUM targets Ukrainian organizations
Pteranodon Gamaredon Group
2022-02-04MicrosoftMicrosoft Digital Security Unit (DSU), Microsoft Threat Intelligence Center (MSTIC)
ACTINIUM targets Ukrainian organizations
DilongTrash DinoTrain Pteranodon QuietSieve Gamaredon Group
2021-12-11MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
Khonsari NightSky BRONZE STARLIGHT
2021-12-06MicrosoftMicrosoft Digital Security Unit (DSU), Microsoft Threat Intelligence Center (MSTIC)
NICKEL targeting government organizations across Latin America and Europe
MimiKatz
2021-12-06MandiantAshraf Abdalhalim, Ben Read, Doug Bienstock, Gabriella Roncone, Jonathan Leathery, Josh Madeley, Juraj Sucik, Luis Rocha, Luke Jenkins, Manfred Erjak, Marius Fodoreanu, Microsoft Detection and Response Team (DART), Microsoft Threat Intelligence Center (MSTIC), Mitchell Clarke, Parnian Najafi, Sarah Hawley, Wojciech Ledzion
Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)
Cobalt Strike CryptBot
2021-11-18MicrosoftMicrosoft Digital Security Unit (DSU), Microsoft Threat Intelligence Center (MSTIC)
Iranian targeting of IT sector on the rise
MimiKatz ShellClient RAT Cuboid Sandstorm
2021-11-16MicrosoftMicrosoft Threat Intelligence
Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021
APT35 Gray Sandstorm
2021-11-16MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021
2021-11-08MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus
2021-10-25MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
NOBELIUM targeting delegated administrative privileges to facilitate broader attacks
2021-10-11MicrosoftMicrosoft Digital Security Unit (DSU), Microsoft Threat Intelligence Center (MSTIC)
Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors
2021-09-27MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Ramin Nafisi
FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor
2021-09-15MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
EXOTIC LILY
2021-09-15MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
Cobalt Strike