Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-21MicrosoftMicrosoft Security Experts, Microsoft Detection and Response Team (DART)
@online{experts:20220921:art:657254d, author = {Microsoft Security Experts and Microsoft Detection and Response Team (DART)}, title = {{The art and science behind Microsoft threat hunting: Part 2}}, date = {2022-09-21}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/21/the-art-and-science-behind-microsoft-threat-hunting-part-2/}, language = {English}, urldate = {2022-09-26} } The art and science behind Microsoft threat hunting: Part 2
2022-09-08MicrosoftMicrosoft Security Experts, Microsoft Detection and Response Team (DART)
@online{experts:20220908:art:b42106d, author = {Microsoft Security Experts and Microsoft Detection and Response Team (DART)}, title = {{The art and science behind Microsoft threat hunting: Part 1}}, date = {2022-09-08}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/08/part-1-the-art-and-science-of-threat-hunting/}, language = {English}, urldate = {2022-09-13} } The art and science behind Microsoft threat hunting: Part 1
2022-08-24MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Detection and Response Team (DART), Microsoft 365 Defender Team
@online{mstic:20220824:magicweb:1bb7204, author = {Microsoft Threat Intelligence Center (MSTIC) and Detection and Response Team (DART) and Microsoft 365 Defender Team}, title = {{MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone}}, date = {2022-08-24}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-authenticate-as-anyone/}, language = {English}, urldate = {2022-08-28} } MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
2022-04-12Microsoft SecurityDetection and Response Team (DART)
@online{dart:20220412:tarrask:4789795, author = {Detection and Response Team (DART)}, title = {{Tarrask malware uses scheduled tasks for defense evasion}}, date = {2022-04-12}, organization = {Microsoft Security}, url = {https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/}, language = {English}, urldate = {2022-05-04} } Tarrask malware uses scheduled tasks for defense evasion
Godzilla Webshell
2022-03-22MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Detection and Response Team (DART), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20220322:dev0537:eea56dc, author = {Microsoft Threat Intelligence Center (MSTIC) and Detection and Response Team (DART) and Microsoft 365 Defender Threat Intelligence Team}, title = {{DEV-0537 (UNC3661) criminal actor targeting organizations for data exfiltration and destruction}}, date = {2022-03-22}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/}, language = {English}, urldate = {2022-08-05} } DEV-0537 (UNC3661) criminal actor targeting organizations for data exfiltration and destruction
RedLine Stealer LAPSUS
2022-03-11MicrosoftMicrosoft Detection and Response Team (DART)
@online{dart:20220311:part:13e8665, author = {Microsoft Detection and Response Team (DART)}, title = {{Part 2: LockBit 2.0 ransomware bugs and database recovery attempts}}, date = {2022-03-11}, organization = {Microsoft}, url = {https://techcommunity.microsoft.com/t5/security-compliance-and-identity/part-2-lockbit-2-0-ransomware-bugs-and-database-recovery/ba-p/3254421}, language = {English}, urldate = {2022-03-14} } Part 2: LockBit 2.0 ransomware bugs and database recovery attempts
LockBit
2022-03-11MicrosoftMicrosoft Detection and Response Team (DART)
@online{dart:20220311:part:2a214e2, author = {Microsoft Detection and Response Team (DART)}, title = {{Part 1: LockBit 2.0 ransomware bugs and database recovery attempts}}, date = {2022-03-11}, organization = {Microsoft}, url = {https://techcommunity.microsoft.com/t5/security-compliance-and-identity/part-1-lockbit-2-0-ransomware-bugs-and-database-recovery/ba-p/3254354}, language = {English}, urldate = {2022-03-14} } Part 1: LockBit 2.0 ransomware bugs and database recovery attempts
LockBit
2022-01-15MicrosoftMicrosoft, Microsoft Security Intelligence, Microsoft Digital Security Unit (DSU), Microsoft Detection and Response Team (DART), Microsoft 365 Defender Threat Intelligence Team
@online{microsoft:20220115:destructive:77ac2f5, author = {Microsoft and Microsoft Security Intelligence and Microsoft Digital Security Unit (DSU) and Microsoft Detection and Response Team (DART) and Microsoft 365 Defender Threat Intelligence Team}, title = {{Destructive malware targeting Ukrainian organizations (DEV-0586)}}, date = {2022-01-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/}, language = {English}, urldate = {2022-01-18} } Destructive malware targeting Ukrainian organizations (DEV-0586)
WhisperGate DEV-0586
2022-01-04MicrosoftMicrosoft Detection and Response Team (DART)
@online{dart:20220104:leveraging:36a7deb, author = {Microsoft Detection and Response Team (DART)}, title = {{Leveraging the Power of KQL in Incident Response}}, date = {2022-01-04}, organization = {Microsoft}, url = {https://techcommunity.microsoft.com/t5/security-compliance-and-identity/leveraging-the-power-of-kql-in-incident-response/ba-p/3044795}, language = {English}, urldate = {2022-03-14} } Leveraging the Power of KQL in Incident Response
2021-12-06MandiantLuke Jenkins, Sarah Hawley, Parnian Najafi, Doug Bienstock, Luis Rocha, Marius Fodoreanu, Mitchell Clarke, Manfred Erjak, Josh Madeley, Ashraf Abdalhalim, Juraj Sucik, Wojciech Ledzion, Gabriella Roncone, Jonathan Leathery, Ben Read, Microsoft Threat Intelligence Center (MSTIC), Microsoft Detection and Response Team (DART)
@online{jenkins:20211206:suspected:d9da4ec, author = {Luke Jenkins and Sarah Hawley and Parnian Najafi and Doug Bienstock and Luis Rocha and Marius Fodoreanu and Mitchell Clarke and Manfred Erjak and Josh Madeley and Ashraf Abdalhalim and Juraj Sucik and Wojciech Ledzion and Gabriella Roncone and Jonathan Leathery and Ben Read and Microsoft Threat Intelligence Center (MSTIC) and Microsoft Detection and Response Team (DART)}, title = {{Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)}}, date = {2021-12-06}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/russian-targeting-gov-business}, language = {English}, urldate = {2021-12-07} } Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)
Cobalt Strike CryptBot
2021-10-26MicrosoftDetection and Response Team (DART)
@online{dart:20211026:protect:22b026a, author = {Detection and Response Team (DART)}, title = {{Protect your business from password sprays with Microsoft DART recommendations}}, date = {2021-10-26}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/10/26/protect-your-business-from-password-sprays-with-microsoft-dart-recommendations/}, language = {English}, urldate = {2021-11-03} } Protect your business from password sprays with Microsoft DART recommendations
2021-09-27MicrosoftDetection and Response Team (DART)
@online{dart:20210927:guide:40f51ba, author = {Detection and Response Team (DART)}, title = {{A guide to combatting human-operated ransomware: Part 2}}, date = {2021-09-27}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/09/27/a-guide-to-combatting-human-operated-ransomware-part-2/}, language = {English}, urldate = {2021-09-28} } A guide to combatting human-operated ransomware: Part 2
2021-09-20MicrosoftDetection and Response Team (DART)
@online{dart:20210920:guide:8d2760b, author = {Detection and Response Team (DART)}, title = {{A guide to combatting human-operated ransomware: Part 1}}, date = {2021-09-20}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/09/20/a-guide-to-combatting-human-operated-ransomware-part-1/}, language = {English}, urldate = {2021-09-22} } A guide to combatting human-operated ransomware: Part 1
2021-02-11MicrosoftDetection and Response Team (DART), Microsoft 365 Defender Research Team
@online{dart:20210211:web:c22c110, author = {Detection and Response Team (DART) and Microsoft 365 Defender Research Team}, title = {{Web shell attacks continue to rise}}, date = {2021-02-11}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/02/11/web-shell-attacks-continue-to-rise/}, language = {English}, urldate = {2021-02-20} } Web shell attacks continue to rise
2020-12-21MicrosoftDetection and Response Team (DART)
@online{dart:20201221:advice:dd08ada, author = {Detection and Response Team (DART)}, title = {{Advice for incident responders on recovery from systemic identity compromises}}, date = {2020-12-21}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/12/21/advice-for-incident-responders-on-recovery-from-systemic-identity-compromises/}, language = {English}, urldate = {2020-12-23} } Advice for incident responders on recovery from systemic identity compromises