Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-10-11MicrosoftMicrosoft Digital Security Unit (DSU), Microsoft Threat Intelligence Center (MSTIC)
Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors
2021-09-27MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Ramin Nafisi
FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor
2021-09-15MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
EXOTIC LILY
2021-09-15MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
Cobalt Strike
2021-07-15MicrosoftMicrosoft Threat Intelligence
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware
Caramel Tsunami
2021-07-15MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware
2021-07-14MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
Microsoft delivers comprehensive solution to battle rise in consent phishing emails
2021-07-13MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
Microsoft discovers threat actor (DEV-0322) targeting SolarWinds Serv-U software with 0-day exploit
2021-06-14MicrosoftMicrosoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC)
Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign
2021-06-01MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
New sophisticated email-based attack from NOBELIUM
Cobalt Strike
2021-05-28MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
Breaking down NOBELIUM’s latest early-stage toolset
BOOMBOX Cobalt Strike
2021-03-04MicrosoftAndrea Lelli, Microsoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC), Ramin Nafisi
GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
SUNBURST TEARDROP UNC2452
2021-03-02MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft 365 Security, Microsoft Threat Intelligence Center (MSTIC)
HAFNIUM targeting Exchange Servers with 0-day exploits
CHINACHOPPER HAFNIUM
2021-03-02MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
HAFNIUM targeting Exchange Servers with 0-day exploits
PowerCat
2021-01-28MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
ZINC attacks against security researchers
ComeBacker Klackring
2021-01-20MicrosoftMicrosoft 365 Defender Research Team, Microsoft Cyber Defense Operations Center (CDOC), Microsoft Threat Intelligence Center (MSTIC)
Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
Cobalt Strike SUNBURST TEARDROP
2020-12-18MicrosoftMicrosoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC)
Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers
SUNBURST SUPERNOVA TEARDROP UNC2452
2020-11-30MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
Threat actor (BISMUTH) leverages coin miner techniques to stay under the radar – here’s how to spot them
Cobalt Strike
2020-09-10MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
STRONTIUM: Detecting new patterns in credential harvesting
APT28
2019-12-12MicrosoftMicrosoft Threat Intelligence Center
GALLIUM: Targeting global telecom
CHINACHOPPER Ghost RAT HTran MimiKatz Poison Ivy GALLIUM