Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-21BleepingComputerSergiu Gatlan
@online{gatlan:20220621:microsoft:dc02b91, author = {Sergiu Gatlan}, title = {{Microsoft Exchange servers hacked by new ToddyCat APT gang}}, date = {2022-06-21}, organization = {BleepingComputer}, url = {https://www.bleepingcomputer.com/news/security/new-toddycat-apt-group-targets-exchange-servers-in-asia-europe/}, language = {English}, urldate = {2022-06-27} } Microsoft Exchange servers hacked by new ToddyCat APT gang
ToddyCat
2022-06-16ESET ResearchRene Holt
@online{holt:20220616:how:d3225fc, author = {Rene Holt}, title = {{How Emotet is changing tactics in response to Microsoft’s tightening of Office macro security}}, date = {2022-06-16}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2022/06/16/how-emotet-is-changing-tactics-microsoft-tightening-office-macro-security/}, language = {English}, urldate = {2022-06-17} } How Emotet is changing tactics in response to Microsoft’s tightening of Office macro security
Emotet
2022-06-13MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20220613:many:7681eda, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{The many lives of BlackCat ransomware}}, date = {2022-06-13}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/}, language = {English}, urldate = {2022-06-15} } The many lives of BlackCat ransomware
BlackCat
2022-06-02MicrosoftMicrosoft Digital Crimes Unit
@online{unit:20220602:complaint:ad53ccf, author = {Microsoft Digital Crimes Unit}, title = {{Complaint filed by Microsoft Digital Crimes Unit against BOHRIUM, a Iranian threat actor}}, date = {2022-06-02}, organization = {Microsoft}, url = {https://noticeofpleadings.com/Bohrium}, language = {English}, urldate = {2022-06-02} } Complaint filed by Microsoft Digital Crimes Unit against BOHRIUM, a Iranian threat actor
2022-06-02MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20220602:exposing:b85423c, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{Exposing POLONIUM activity and infrastructure targeting Israeli organizations}}, date = {2022-06-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/}, language = {English}, urldate = {2022-06-02} } Exposing POLONIUM activity and infrastructure targeting Israeli organizations
2022-06-01FortinetShunichi Imano, James Slaughter, Fred Gutierrez
@online{imano:20220601:cve202230190:e43f2d3, author = {Shunichi Imano and James Slaughter and Fred Gutierrez}, title = {{CVE-2022-30190: Microsoft Support Diagnostic Tool (MSDT) RCE Vulnerability “Follina”}}, date = {2022-06-01}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/analysis-of-follina-zero-day}, language = {English}, urldate = {2022-06-07} } CVE-2022-30190: Microsoft Support Diagnostic Tool (MSDT) RCE Vulnerability “Follina”
turian
2022-05-24Deep instinctBar Block
@online{block:20220524:blame:9f45829, author = {Bar Block}, title = {{Blame the Messenger: 4 Types of Dropper Malware in Microsoft Office & How to Detect Them}}, date = {2022-05-24}, organization = {Deep instinct}, url = {https://www.deepinstinct.com/blog/types-of-dropper-malware-in-microsoft-office}, language = {English}, urldate = {2022-05-29} } Blame the Messenger: 4 Types of Dropper Malware in Microsoft Office & How to Detect Them
Dridex Emotet
2022-05-22Bleeping ComputerBill Toulas
@online{toulas:20220522:pdf:f2a1ce7, author = {Bill Toulas}, title = {{PDF smuggles Microsoft Word doc to drop Snake Keylogger malware}}, date = {2022-05-22}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/pdf-smuggles-microsoft-word-doc-to-drop-snake-keylogger-malware/}, language = {English}, urldate = {2022-05-24} } PDF smuggles Microsoft Word doc to drop Snake Keylogger malware
404 Keylogger
2022-05-19MicrosoftMicrosoft 365 Defender Research Team
@online{team:20220519:rise:2087702, author = {Microsoft 365 Defender Research Team}, title = {{Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices}}, date = {2022-05-19}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/}, language = {English}, urldate = {2022-05-20} } Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
XOR DDoS
2022-05-17Microsoft SecurityBerman Enconado, Laurie Kirk
@online{enconado:20220517:in:c234e4d, author = {Berman Enconado and Laurie Kirk}, title = {{In hot pursuit of ‘cryware’: Defending hot wallets from attacks}}, date = {2022-05-17}, organization = {Microsoft Security}, url = {https://www.microsoft.com/security/blog/2022/05/17/in-hot-pursuit-of-cryware-defending-hot-wallets-from-attacks/}, language = {English}, urldate = {2022-05-25} } In hot pursuit of ‘cryware’: Defending hot wallets from attacks
Mars Stealer RedLine Stealer
2022-05-09MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20220509:ransomwareasaservice:13ec472, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself}}, date = {2022-05-09}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself}, language = {English}, urldate = {2022-05-17} } Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker
2022-05-09Microsoft SecurityMicrosoft Threat Intelligence Center, Microsoft 365 Defender Threat Intelligence Team
@online{center:20220509:ransomwareasaservice:3dac44d, author = {Microsoft Threat Intelligence Center and Microsoft 365 Defender Threat Intelligence Team}, title = {{Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself}}, date = {2022-05-09}, organization = {Microsoft Security}, url = {https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/}, language = {English}, urldate = {2022-06-02} } Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
Griffon BazarBackdoor BlackCat BlackMatter Blister Gozi LockBit Pandora Rook SystemBC TrickBot
2022-05-06Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20220506:twitter:7a00df8, author = {Microsoft Security Intelligence}, title = {{Twitter Thread on initial infeciton of SocGholish/ FAKEUPDATES campaigns lead to BLISTER Loader, CobaltStrike, Lockbit and followed by Hands On Keyboard activity}}, date = {2022-05-06}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1522690116979855360}, language = {English}, urldate = {2022-05-09} } Twitter Thread on initial infeciton of SocGholish/ FAKEUPDATES campaigns lead to BLISTER Loader, CobaltStrike, Lockbit and followed by Hands On Keyboard activity
FAKEUPDATES Blister Cobalt Strike LockBit
2022-04-27MicrosoftMicrosoft Digital Security Unit (DSU)
@online{dsu:20220427:special:f1a2031, author = {Microsoft Digital Security Unit (DSU)}, title = {{Special Report: Ukraine An overview of Russia’s cyberattack activity in Ukraine}}, date = {2022-04-27}, organization = {Microsoft}, url = {https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd}, language = {English}, urldate = {2022-05-03} } Special Report: Ukraine An overview of Russia’s cyberattack activity in Ukraine
CaddyWiper DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket WhisperGate
2022-04-20Bleeping ComputerBill Toulas
@online{toulas:20220420:microsoft:c1073df, author = {Bill Toulas}, title = {{Microsoft Exchange servers hacked to deploy Hive ransomware}}, date = {2022-04-20}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-to-deploy-hive-ransomware/}, language = {English}, urldate = {2022-04-24} } Microsoft Exchange servers hacked to deploy Hive ransomware
Babuk BlackByte Conti Hive LockFile
2022-04-13MicrosoftAmy Hogan-Burney
@online{hoganburney:20220413:notorious:30afb78, author = {Amy Hogan-Burney}, title = {{Notorious cybercrime gang’s botnet disrupted}}, date = {2022-04-13}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2022/04/13/zloader-botnet-disrupted-malware-ukraine/}, language = {English}, urldate = {2022-04-15} } Notorious cybercrime gang’s botnet disrupted
Ryuk Zloader
2022-04-13MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20220413:dismantling:ace8546, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware}}, date = {2022-04-13}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/04/13/dismantling-zloader-how-malicious-ads-led-to-disabled-security-tools-and-ransomware/}, language = {English}, urldate = {2022-04-14} } Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
BlackMatter Cobalt Strike DarkSide Ryuk Zloader
2022-04-12Microsoft SecurityDetection and Response Team (DART)
@online{dart:20220412:tarrask:4789795, author = {Detection and Response Team (DART)}, title = {{Tarrask malware uses scheduled tasks for defense evasion}}, date = {2022-04-12}, organization = {Microsoft Security}, url = {https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/}, language = {English}, urldate = {2022-05-04} } Tarrask malware uses scheduled tasks for defense evasion
Godzilla Webshell
2022-04-08The Hacker NewsRavie Lakshmanan
@online{lakshmanan:20220408:microsoft:f01c170, author = {Ravie Lakshmanan}, title = {{Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine}}, date = {2022-04-08}, organization = {The Hacker News}, url = {https://thehackernews.com/2022/04/microsoft-obtains-court-order-to-take.html}, language = {English}, urldate = {2022-04-25} } Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine
HilalRAT
2022-04-07Perception PointIgal Lytzki
@online{lytzki:20220407:revenge:9f4c4e4, author = {Igal Lytzki}, title = {{Revenge RAT Malware is back: From Microsoft Excel macros to Remote Access Trojan}}, date = {2022-04-07}, organization = {Perception Point}, url = {https://perception-point.io/revenge-rat-back-from-microsoft-excel-macros/}, language = {English}, urldate = {2022-06-09} } Revenge RAT Malware is back: From Microsoft Excel macros to Remote Access Trojan
Revenge RAT