Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-15MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20210915:analyzing:37b6528, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability}}, date = {2021-09-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/}, language = {English}, urldate = {2021-09-19} } Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
Cobalt Strike
2021-09-07Bleeping ComputerIonut Ilascu
@online{ilascu:20210907:microsoft:3cfe82b, author = {Ionut Ilascu}, title = {{Microsoft shares temp fix for ongoing Office 365 zero-day attacks ( CVE-2021-40444)}}, date = {2021-09-07}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/microsoft-shares-temp-fix-for-ongoing-office-365-zero-day-attacks/}, language = {English}, urldate = {2021-09-10} } Microsoft shares temp fix for ongoing Office 365 zero-day attacks ( CVE-2021-40444)
2021-09-03FireEyeAdrian Sanchez Hernandez, Govand Sinjari, Joshua Goddard, Brendan McKeague, John Wolfram, Alex Pennino, Andrew Rector, Harris Ansari, Yash Gupta
@online{hernandez:20210903:pst:a8de902, author = {Adrian Sanchez Hernandez and Govand Sinjari and Joshua Goddard and Brendan McKeague and John Wolfram and Alex Pennino and Andrew Rector and Harris Ansari and Yash Gupta}, title = {{PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers}}, date = {2021-09-03}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/09/proxyshell-exploiting-microsoft-exchange-servers.html}, language = {English}, urldate = {2021-09-06} } PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers
CHINACHOPPER HTran
2021-09-02MicrosoftMicrosoft Offensive Research & Security Engineering team
@online{team:20210902:deepdive:fe91071, author = {Microsoft Offensive Research & Security Engineering team}, title = {{A deep-dive into the SolarWinds Serv-U SSH vulnerability (DEV-0322)}}, date = {2021-09-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/09/02/a-deep-dive-into-the-solarwinds-serv-u-ssh-vulnerability/}, language = {English}, urldate = {2021-09-06} } A deep-dive into the SolarWinds Serv-U SSH vulnerability (DEV-0322)
2021-08-30zero day initiativeSimon Zuckerbraun
@online{zuckerbraun:20210830:proxytoken:73ad176, author = {Simon Zuckerbraun}, title = {{ProxyToken: An Authentication Bypass in Microsoft Exchange Server}}, date = {2021-08-30}, organization = {zero day initiative}, url = {https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server}, language = {English}, urldate = {2021-08-31} } ProxyToken: An Authentication Bypass in Microsoft Exchange Server
2021-08-26CrowdStrikeYaron Zinar
@online{zinar:20210826:ntlm:9a3faa5, author = {Yaron Zinar}, title = {{NTLM Keeps Haunting Microsoft}}, date = {2021-08-26}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/ntlm-keeps-haunting-microsoft/}, language = {English}, urldate = {2021-08-31} } NTLM Keeps Haunting Microsoft
2021-08-26nprDina Temple-Raston
@online{templeraston:20210826:chinas:79e53ae, author = {Dina Temple-Raston}, title = {{China's Microsoft Hack May Have Had A Bigger Purpose Than Just Spying}}, date = {2021-08-26}, organization = {npr}, url = {https://www.npr.org/2021/08/26/1013501080/chinas-microsoft-hack-may-have-had-a-bigger-purpose-than-just-spying?t=1630048154118}, language = {English}, urldate = {2021-09-14} } China's Microsoft Hack May Have Had A Bigger Purpose Than Just Spying
2021-08-26MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210826:widespread:16ba3cc, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Widespread credential phishing campaign abuses open redirector links}}, date = {2021-08-26}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/}, language = {English}, urldate = {2021-08-31} } Widespread credential phishing campaign abuses open redirector links
2021-08-25Cybleinccybleinc
@online{cybleinc:20210825:lockfile:0bc870f, author = {cybleinc}, title = {{​LockFile Ransomware: Exploiting Microsoft Exchange Vulnerabilities Using ProxyShell}}, date = {2021-08-25}, organization = {Cybleinc}, url = {https://blog.cyble.com/2021/08/25/lockfile-ransomware-using-proxyshell-attack-to-deploy-ransomware/}, language = {English}, urldate = {2021-08-31} } ​LockFile Ransomware: Exploiting Microsoft Exchange Vulnerabilities Using ProxyShell
LockFile
2021-08-19Huntress LabsJohn Hammond
@online{hammond:20210819:microsoft:a25f571, author = {John Hammond}, title = {{Microsoft Exchange Servers Still Vulnerable to ProxyShell Exploit}}, date = {2021-08-19}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/rapid-response-microsoft-exchange-servers-still-vulnerable-to-proxyshell-exploit}, language = {English}, urldate = {2021-08-25} } Microsoft Exchange Servers Still Vulnerable to ProxyShell Exploit
2021-08-19MicrosoftDavid Atch, Gil Regev, Ross Bevington
@online{atch:20210819:how:53769da, author = {David Atch and Gil Regev and Ross Bevington}, title = {{How to proactively defend against Mozi IoT botnet}}, date = {2021-08-19}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/08/19/how-to-proactively-defend-against-mozi-iot-botnet/}, language = {English}, urldate = {2021-08-30} } How to proactively defend against Mozi IoT botnet
Mozi
2021-08-10IntezerGiancarlo Lezama
@online{lezama:20210810:fast:0b4334e, author = {Giancarlo Lezama}, title = {{Fast Insights for a Microsoft-Signed Netfilter Rootkit}}, date = {2021-08-10}, organization = {Intezer}, url = {https://www.intezer.com/blog/malware-analysis/fast-insights-for-a-microsoft-signed-netfilter-rootkit/}, language = {English}, urldate = {2021-08-25} } Fast Insights for a Microsoft-Signed Netfilter Rootkit
NetfilterRootkit
2021-08-04MicrosoftMicrosoft 365 Defender Research Team
@online{team:20210804:spotting:ccfe397, author = {Microsoft 365 Defender Research Team}, title = {{Spotting brand impersonation with Swin transformers and Siamese neural networks}}, date = {2021-08-04}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/08/04/spotting-brand-impersonation-with-swin-transformers-and-siamese-neural-networks/}, language = {English}, urldate = {2021-08-06} } Spotting brand impersonation with Swin transformers and Siamese neural networks
2021-08-04FireEyeDoug Bienstock, Josh Madeley
@techreport{bienstock:20210804:cloudy:a74cb93, author = {Doug Bienstock and Josh Madeley}, title = {{Cloudy with a Chance of APTNovel Microsoft 365 Attacks in the Wild}}, date = {2021-08-04}, institution = {FireEye}, url = {https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Cloudy-With-A-Chance-Of-APT-Novel-Microsoft-365-Attacks-In-The-Wild.pdf}, language = {English}, urldate = {2021-08-06} } Cloudy with a Chance of APTNovel Microsoft 365 Attacks in the Wild
2021-07-29MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210729:bazacall:8d79cdf, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{BazaCall: Phony call centers lead to exfiltration and ransomware}}, date = {2021-07-29}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/07/29/bazacall-phony-call-centers-lead-to-exfiltration-and-ransomware/}, language = {English}, urldate = {2021-08-02} } BazaCall: Phony call centers lead to exfiltration and ransomware
BazarBackdoor Cobalt Strike
2021-07-29MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210729:when:5d75299, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks}}, date = {2021-07-29}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/07/29/when-coin-miners-evolve-part-2-hunting-down-lemonduck-and-lemoncat-attacks/}, language = {English}, urldate = {2021-08-02} } When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks
2021-07-27Palo Alto Networks Unit 42Mike Harbison, Alex Hinchliffe
@online{harbison:20210727:thor:5d6d793, author = {Mike Harbison and Alex Hinchliffe}, title = {{THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group}}, date = {2021-07-27}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/thor-plugx-variant/}, language = {English}, urldate = {2021-07-29} } THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group
PlugX
2021-07-24Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210724:attackers:4a3d443, author = {Microsoft Security Intelligence}, title = {{Tweet on attackers increasingly using HTML smuggling in phishing and other email campaigns to deliver Casbaneiro}}, date = {2021-07-24}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1418706916922986504}, language = {English}, urldate = {2021-08-02} } Tweet on attackers increasingly using HTML smuggling in phishing and other email campaigns to deliver Casbaneiro
Metamorfo
2021-07-22MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210722:when:d734e91, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure}}, date = {2021-07-22}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/}, language = {English}, urldate = {2021-07-22} } When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
2021-07-20MicrosoftMicrosoft Corporate Blogs
@online{blogs:20210720:growing:25ed338, author = {Microsoft Corporate Blogs}, title = {{The growing threat of ransomware}}, date = {2021-07-20}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2021/07/20/the-growing-threat-of-ransomware/}, language = {English}, urldate = {2021-07-26} } The growing threat of ransomware