Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-10-13MicrosoftMSRC Team, Microsoft Threat Hunting
@online{team:20221013:hunting:601b99c, author = {MSRC Team and Microsoft Threat Hunting}, title = {{Hunting for Cobalt Strike: Mining and plotting for fun and profit}}, date = {2022-10-13}, organization = {Microsoft}, url = {https://msrc.microsoft.com/blog/2022/10/hunting-for-cobalt-strike-mining-and-plotting-for-fun-and-profit/}, language = {English}, urldate = {2023-03-20} } Hunting for Cobalt Strike: Mining and plotting for fun and profit
Cobalt Strike
2022-02-28MicrosoftMSRC Team
@online{team:20220228:cyber:8ef46fd, author = {MSRC Team}, title = {{Cyber threat activity in Ukraine: analysis and resources}}, date = {2022-02-28}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2022/02/28/analysis-resources-cyber-threat-activity-ukraine}, language = {English}, urldate = {2022-03-07} } Cyber threat activity in Ukraine: analysis and resources
HermeticWiper IsaacWiper PartyTicket WhisperGate
2022-02-28MicrosoftMSRC Team
@online{team:20220228:cyber:69efe8b, author = {MSRC Team}, title = {{Cyber threat activity in Ukraine: analysis and resources}}, date = {2022-02-28}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2022/02/28/analysis-resources-cyber-threat-activity-ukraine/}, language = {English}, urldate = {2022-07-25} } Cyber threat activity in Ukraine: analysis and resources
CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate DEV-0586
2021-06-25MicrosoftMSRC Team
@online{team:20210625:investigating:a58f4f9, author = {MSRC Team}, title = {{Investigating and Mitigating Malicious Drivers}}, date = {2021-06-25}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2021/06/25/investigating-and-mitigating-malicious-drivers/}, language = {English}, urldate = {2021-06-29} } Investigating and Mitigating Malicious Drivers
NetfilterRootkit
2021-06-25MicrosoftMSRC Team
@online{team:20210625:new:7df0836, author = {MSRC Team}, title = {{New Nobelium activity}}, date = {2021-06-25}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/}, language = {English}, urldate = {2021-06-29} } New Nobelium activity
2021-03-16MicrosoftMSRC Team
@online{team:20210316:guidance:c9a881b, author = {MSRC Team}, title = {{Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities}}, date = {2021-03-16}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2021/03/16/guidance-for-responders-investigating-and-remediating-on-premises-exchange-server-vulnerabilities/}, language = {English}, urldate = {2021-03-19} } Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities
2021-03-09MicrosoftMSRC Team
@online{team:20210309:microsoft:3e03bbf, author = {MSRC Team}, title = {{Microsoft Exchange Server Vulnerabilities Mitigations – updated March 9, 2021}}, date = {2021-03-09}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021}, language = {English}, urldate = {2021-03-10} } Microsoft Exchange Server Vulnerabilities Mitigations – updated March 9, 2021
HAFNIUM
2021-03-02MicrosoftMSRC Team
@online{team:20210302:multiple:d62f8de, author = {MSRC Team}, title = {{Multiple Security Updates Released for Exchange Server – updated March 8, 2021}}, date = {2021-03-02}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server}, language = {English}, urldate = {2021-03-10} } Multiple Security Updates Released for Exchange Server – updated March 8, 2021
HAFNIUM
2021-02-18MicrosoftMSRC Team
@online{team:20210218:microsoft:645b21a, author = {MSRC Team}, title = {{Microsoft Internal Solorigate Investigation – Final Update}}, date = {2021-02-18}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/}, language = {English}, urldate = {2021-02-18} } Microsoft Internal Solorigate Investigation – Final Update
2021-02-09MicrosoftMSRC Team
@online{team:20210209:multiple:984a407, author = {MSRC Team}, title = {{Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086}}, date = {2021-02-09}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2021/02/09/multiple-security-updates-affecting-tcp-ip/}, language = {English}, urldate = {2021-02-10} } Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086
2021-02-09MicrosoftMSRC Team
@online{team:20210209:windows:85fcea7, author = {MSRC Team}, title = {{Windows Win32k Elevation of Privilege Vulnerability CVE-2021-1732 (exploited ITW)}}, date = {2021-02-09}, organization = {Microsoft}, url = {https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1732}, language = {English}, urldate = {2021-02-10} } Windows Win32k Elevation of Privilege Vulnerability CVE-2021-1732 (exploited ITW)
2020-12-31MicrosoftMSRC Team
@online{team:20201231:microsoft:c94b7aa, author = {MSRC Team}, title = {{Microsoft Internal Solorigate Investigation Update}}, date = {2020-12-31}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/}, language = {English}, urldate = {2021-01-04} } Microsoft Internal Solorigate Investigation Update
SUNBURST
2020-12-21MicrosoftMSRC Team
@online{team:20201221:solorigate:7c7ab64, author = {MSRC Team}, title = {{Solorigate Resource Center}}, date = {2020-12-21}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2020/12/21/december-21st-2020-solorigate-resource-center/}, language = {English}, urldate = {2021-01-01} } Solorigate Resource Center
SUNBURST TEARDROP
2019-08-05MicrosoftMSRC Team
@online{team:20190805:corporate:683c54a, author = {MSRC Team}, title = {{Corporate IoT – a path to intrusion (APT28/STRONTIUM)}}, date = {2019-08-05}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/}, language = {English}, urldate = {2020-08-14} } Corporate IoT – a path to intrusion (APT28/STRONTIUM)
VPNFilter