Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-02-03MicrosoftClint Watts
@online{watts:20230203:iran:d8d3849, author = {Clint Watts}, title = {{Iran responsible for Charlie Hebdo attacks}}, date = {2023-02-03}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2023/02/03/dtac-charlie-hebdo-hack-iran-neptunium/}, language = {English}, urldate = {2023-02-06} } Iran responsible for Charlie Hebdo attacks
2022-12-21TrustwaveWojciech Cieslak
@online{cieslak:20221221:malicious:e95b69a, author = {Wojciech Cieslak}, title = {{Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT}}, date = {2022-12-21}, organization = {Trustwave}, url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/malicious-macros-adapt-to-use-microsoft-publisher-to-push-ekipa-rat/}, language = {English}, urldate = {2023-01-05} } Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT
Ekipa RAT
2022-12-21MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221221:microsoft:3e9b011, author = {Microsoft Security Threat Intelligence}, title = {{Microsoft research uncovers new Zerobot capabilities}}, date = {2022-12-21}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities/}, language = {English}, urldate = {2022-12-29} } Microsoft research uncovers new Zerobot capabilities
ZeroBot SparkRAT
2022-12-03MicrosoftCliff Watts
@online{watts:20221203:preparing:139621a, author = {Cliff Watts}, title = {{Preparing for a Russian cyber offensive against Ukraine this winter}}, date = {2022-12-03}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2022/12/03/preparing-russian-cyber-offensive-ukraine/}, language = {English}, urldate = {2022-12-05} } Preparing for a Russian cyber offensive against Ukraine this winter
CaddyWiper HermeticWiper Prestige
2022-11-21BlackberryBlackBerry Research & Intelligence Team
@online{team:20221121:gamaredon:da14d7a, author = {BlackBerry Research & Intelligence Team}, title = {{Gamaredon Leverages Microsoft Office Docs to Target Ukraine Government and Military}}, date = {2022-11-21}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/11/gamaredon-leverages-microsoft-office-docs-to-target-ukraine-government}, language = {English}, urldate = {2022-12-01} } Gamaredon Leverages Microsoft Office Docs to Target Ukraine Government and Military
Pteranodon
2022-11-17MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221117:dev0569:86675d7, author = {Microsoft Security Threat Intelligence}, title = {{DEV-0569 finds new ways to deliver Royal ransomware, various payloads}}, date = {2022-11-17}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2022/11/17/dev-0569-finds-new-ways-to-deliver-royal-ransomware-various-payloads/}, language = {English}, urldate = {2023-01-05} } DEV-0569 finds new ways to deliver Royal ransomware, various payloads
Royal Ransom
2022-10-27Bleeping ComputerSergiu Gatlan
@online{gatlan:20221027:microsoft:e274158, author = {Sergiu Gatlan}, title = {{Microsoft links Raspberry Robin worm to Clop ransomware attacks}}, date = {2022-10-27}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/microsoft-links-raspberry-robin-worm-to-clop-ransomware-attacks/}, language = {English}, urldate = {2022-11-11} } Microsoft links Raspberry Robin worm to Clop ransomware attacks
Clop Raspberry Robin
2022-10-27MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221027:raspberry:b6d1ce4, author = {Microsoft Security Threat Intelligence}, title = {{Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity}}, date = {2022-10-27}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/}, language = {English}, urldate = {2022-11-11} } Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
FAKEUPDATES Fauppod Raspberry Robin Roshtyak
2022-10-25MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221025:dev0832:5d16a04, author = {Microsoft Security Threat Intelligence}, title = {{DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector}}, date = {2022-10-25}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2022/10/25/dev-0832-vice-society-opportunistic-ransomware-campaigns-impacting-us-education-sector/}, language = {English}, urldate = {2023-02-03} } DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector
BlackCat Mount Locker Zeppelin
2022-10-22MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221022:dev0952:21116ee, author = {Microsoft Security Threat Intelligence}, title = {{DEV-0952 deploys Daixin ransomware at hospitals}}, date = {2022-10-22}, organization = {Microsoft}, url = {https://community.riskiq.com/article/2f515d18}, language = {English}, urldate = {2022-10-24} } DEV-0952 deploys Daixin ransomware at hospitals
2022-10-14MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221014:new:96a6fbd, author = {Microsoft Security Threat Intelligence}, title = {{New “Prestige” ransomware impacts organizations in Ukraine and Poland}}, date = {2022-10-14}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/}, language = {English}, urldate = {2022-10-14} } New “Prestige” ransomware impacts organizations in Ukraine and Poland
Prestige
2022-10-10RiskIQMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20221010:dev0832:07768a3, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{DEV-0832 Leverages Commodity Tools in Opportunistic Ransomware Campaigns}}, date = {2022-10-10}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/47766fbd}, language = {English}, urldate = {2022-10-19} } DEV-0832 Leverages Commodity Tools in Opportunistic Ransomware Campaigns
BlackCat Mount Locker SystemBC Zeppelin
2022-10-05MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221005:detecting:76c0e4f, author = {Microsoft Security Threat Intelligence}, title = {{Detecting and preventing LSASS credential dumping attacks}}, date = {2022-10-05}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/10/05/detecting-and-preventing-lsass-credential-dumping-attacks/}, language = {English}, urldate = {2022-10-17} } Detecting and preventing LSASS credential dumping attacks
2022-09-30MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20220930:analyzing:115d508, author = {Microsoft Security Threat Intelligence}, title = {{Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082}}, date = {2022-09-30}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082}, language = {English}, urldate = {2022-10-17} } Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082
2022-09-29MicrosoftMicrosoft Security Threat Intelligence, LinkedIn Threat Prevention and Defense
@online{intelligence:20220929:zinc:4b8e6c0, author = {Microsoft Security Threat Intelligence and LinkedIn Threat Prevention and Defense}, title = {{ZINC weaponizing open-source software}}, date = {2022-09-29}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/29/zinc-weaponizing-open-source-software/}, language = {English}, urldate = {2022-09-30} } ZINC weaponizing open-source software
2022-09-29GTSCGTSC SECURITY TEAM
@online{team:20220929:warning:e0972dc, author = {GTSC SECURITY TEAM}, title = {{Warning Campaign Attack Using Zero Day Vulnerability on Microsoft Exchange Server}}, date = {2022-09-29}, organization = {GTSC}, url = {https://www.gteltsc.vn/blog/canh-bao-chien-dich-tan-cong-su-dung-lo-hong-zero-day-tren-microsoft-exchange-server-12714.html}, language = {Vietnamese}, urldate = {2022-09-30} } Warning Campaign Attack Using Zero Day Vulnerability on Microsoft Exchange Server
2022-09-22MicrosoftMicrosoft 365 Defender Research Team
@online{team:20220922:malicious:a32eecc, author = {Microsoft 365 Defender Research Team}, title = {{Malicious OAuth applications used to compromise email servers and spread spam}}, date = {2022-09-22}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/22/malicious-oauth-applications-used-to-compromise-email-servers-and-spread-spam/}, language = {English}, urldate = {2022-09-26} } Malicious OAuth applications used to compromise email servers and spread spam
2022-09-21MicrosoftMicrosoft Security Experts, Microsoft Detection and Response Team (DART)
@online{experts:20220921:art:657254d, author = {Microsoft Security Experts and Microsoft Detection and Response Team (DART)}, title = {{The art and science behind Microsoft threat hunting: Part 2}}, date = {2022-09-21}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/21/the-art-and-science-behind-microsoft-threat-hunting-part-2/}, language = {English}, urldate = {2022-09-26} } The art and science behind Microsoft threat hunting: Part 2
2022-09-21MicrosoftMicrosoft 365 Defender Research Team, Shivang Desai, Abhishek Pustakala, Harshita Tripathi
@online{team:20220921:rewards:daf8b35, author = {Microsoft 365 Defender Research Team and Shivang Desai and Abhishek Pustakala and Harshita Tripathi}, title = {{Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices}}, date = {2022-09-21}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/21/rewards-plus-fake-mobile-banking-rewards-apps-lure-users-to-install-info-stealing-rat-on-android-devices/}, language = {English}, urldate = {2022-09-26} } Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices
2022-09-08MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20220908:microsoft:66fa6e4, author = {Microsoft Security Threat Intelligence}, title = {{Microsoft investigates Iranian attacks against the Albanian government}}, date = {2022-09-08}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/08/microsoft-investigates-iranian-attacks-against-the-albanian-government}, language = {English}, urldate = {2022-09-13} } Microsoft investigates Iranian attacks against the Albanian government
ZeroCleare