Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-05-24MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230524:volt:e7b8951, author = {Microsoft Threat Intelligence}, title = {{Volt Typhoon targets US critical infrastructure with living-off-the-land techniques}}, date = {2023-05-24}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/}, language = {English}, urldate = {2023-05-26} } Volt Typhoon targets US critical infrastructure with living-off-the-land techniques
2023-04-19MicrosoftJustin Warner, Microsoft Threat Intelligence Center (MSTIC)
@online{warner:20230419:exploring:c68c1d0, author = {Justin Warner and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Exploring STRONTIUM's Abuse of Cloud Services}}, date = {2023-04-19}, organization = {Microsoft}, url = {https://www.youtube.com/watch?v=_qdCGgQlHJE}, language = {English}, urldate = {2023-04-22} } Exploring STRONTIUM's Abuse of Cloud Services
FusionDrive
2023-04-18MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230418:nationstate:11efa4c, author = {Microsoft Threat Intelligence}, title = {{Nation-state threat actor PHOSPHORUS refines tradecraft to attack high-value targets}}, date = {2023-04-18}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/18/nation-state-threat-actor-mint-sandstorm-refines-tradecraft-to-attack-high-value-targets/}, language = {English}, urldate = {2023-04-22} } Nation-state threat actor PHOSPHORUS refines tradecraft to attack high-value targets
Drokbk
2023-04-18MicrosoftDianne Gali, Daniel Simpson, Stacyrch140
@online{gali:20230418:how:84d68aa, author = {Dianne Gali and Daniel Simpson and Stacyrch140}, title = {{How Microsoft names threat actors}}, date = {2023-04-18}, organization = {Microsoft}, url = {https://learn.microsoft.com/de-de/microsoft-365/security/intelligence/microsoft-threat-actor-naming}, language = {English}, urldate = {2023-04-18} } How Microsoft names threat actors
2023-04-13MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230413:threat:a445e97, author = {Microsoft Threat Intelligence}, title = {{Threat actors strive to cause Tax Day headaches}}, date = {2023-04-13}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/13/threat-actors-strive-to-cause-tax-day-headaches/}, language = {English}, urldate = {2023-04-18} } Threat actors strive to cause Tax Day headaches
CloudEyE Remcos
2023-04-11MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230411:dev0196:1589080, author = {Microsoft Threat Intelligence}, title = {{DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia}}, date = {2023-04-11}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/11/dev-0196-quadreams-kingspawn-malware-used-to-target-civil-society-in-europe-north-america-the-middle-east-and-southeast-asia/}, language = {English}, urldate = {2023-04-18} } DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia
2023-04-11MicrosoftMicrosoft Incident Response
@online{response:20230411:guidance:ddf000c, author = {Microsoft Incident Response}, title = {{Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign}}, date = {2023-04-11}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/11/guidance-for-investigating-attacks-using-cve-2022-21894-the-blacklotus-campaign/}, language = {English}, urldate = {2023-04-18} } Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
BlackLotus
2023-04-10Check PointCheck Point
@online{point:20230410:march:144c1ad, author = {Check Point}, title = {{March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files}}, date = {2023-04-10}, organization = {Check Point}, url = {https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/}, language = {English}, urldate = {2023-04-12} } March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files
Agent Tesla CloudEyE Emotet Formbook Nanocore RAT NjRAT QakBot Remcos Tofsee
2023-04-07MicrosoftMicrosoft Threat Intelligence
@online{intelligence:20230407:mercury:7727e83, author = {Microsoft Threat Intelligence}, title = {{MERCURY and DEV-1084: Destructive attack on hybrid environment}}, date = {2023-04-07}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/04/07/mercury-and-dev-1084-destructive-attack-on-hybrid-environment/}, language = {English}, urldate = {2023-04-18} } MERCURY and DEV-1084: Destructive attack on hybrid environment
DarkBit
2023-03-30United States District Court (Eastern District of New York)Microsoft, Fortra, HEALTH-ISAC
@techreport{microsoft:20230330:cracked:08c67c0, author = {Microsoft and Fortra and HEALTH-ISAC}, title = {{Cracked Cobalt Strike (1:23-cv-02447)}}, date = {2023-03-30}, institution = {United States District Court (Eastern District of New York)}, url = {https://noticeofpleadings.com/crackedcobaltstrike/files/ComplaintAndSummons/1%20-Microsoft%20Cobalt%20Strike%20-%20Complaint(907040021.9).pdf}, language = {English}, urldate = {2023-04-28} } Cracked Cobalt Strike (1:23-cv-02447)
Black Basta BlackCat LockBit RagnarLocker LockBit Black Basta BlackCat Cobalt Strike Cuba Emotet LockBit Mount Locker PLAY QakBot RagnarLocker Royal Ransom Zloader
2023-03-24MicrosoftMicrosoft Incident Response
@online{response:20230324:guidance:d0916ab, author = {Microsoft Incident Response}, title = {{Guidance for investigating attacks using CVE-2023-23397}}, date = {2023-03-24}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/}, language = {English}, urldate = {2023-04-18} } Guidance for investigating attacks using CVE-2023-23397
2023-03-17MicrosoftAzure Network Security Team
@online{team:20230317:killnet:e66da3b, author = {Azure Network Security Team}, title = {{KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks}}, date = {2023-03-17}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/03/17/killnet-and-affiliate-hacktivist-groups-targeting-healthcare-with-ddos-attacks/}, language = {English}, urldate = {2023-04-18} } KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks
2023-03-15MicrosoftMicrosoft Threat Intelligence
@techreport{intelligence:20230315:year:01e29b1, author = {Microsoft Threat Intelligence}, title = {{A year of Russian hybrid warfare in Ukraine}}, date = {2023-03-15}, institution = {Microsoft}, url = {https://www.microsoft.com/en-us/security/business/security-insider/wp-content/uploads/2023/03/A-year-of-Russian-hybrid-warfare-in-Ukraine_MS-Threat-Intelligence-1.pdf}, language = {English}, urldate = {2023-04-25} } A year of Russian hybrid warfare in Ukraine
CaddyWiper DesertBlade DoubleZero HermeticWiper INDUSTROYER2 IsaacWiper PartyTicket SwiftSlicer WhisperGate
2023-03-14GoogleBenoit Sevens
@online{sevens:20230314:magniber:5f03fd7, author = {Benoit Sevens}, title = {{Magniber ransomware actors used a variant of Microsoft SmartScreen bypass}}, date = {2023-03-14}, organization = {Google}, url = {https://blog.google/threat-analysis-group/magniber-ransomware-actors-used-a-variant-of-microsoft-smartscreen-bypass/}, language = {English}, urldate = {2023-03-20} } Magniber ransomware actors used a variant of Microsoft SmartScreen bypass
Magniber
2023-03-13MicrosoftMicrosoft Threat Intelligence Center
@online{center:20230313:dev1101:be64ddc, author = {Microsoft Threat Intelligence Center}, title = {{DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit}}, date = {2023-03-13}, organization = {Microsoft}, url = {https://security-blog-prod-wp01.azurewebsites.net/en-us/security/blog/2023/03/13/dev-1101-enables-high-volume-aitm-campaigns-with-open-source-phishing-kit/}, language = {English}, urldate = {2023-03-20} } DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit
2023-03-02Youtube (Microsoft Security Response Center (MSRC))Daniel Taylor, Ben Magee
@online{taylor:20230302:bluehat:cdd75a0, author = {Daniel Taylor and Ben Magee}, title = {{BlueHat 2023: Hunting Qakbot with Daniel Taylor & Ben Magee}}, date = {2023-03-02}, organization = {Youtube (Microsoft Security Response Center (MSRC))}, url = {https://www.youtube.com/watch?v=OCRyEUhiEyw}, language = {English}, urldate = {2023-04-18} } BlueHat 2023: Hunting Qakbot with Daniel Taylor & Ben Magee
QakBot
2023-03-02YouTube (Microsoft Security)Laurie Kirk
@online{kirk:20230302:bluehat:e91d4c1, author = {Laurie Kirk}, title = {{BlueHat 2023 Lightning Talk: Android Malware Obfuscation}}, date = {2023-03-02}, organization = {YouTube (Microsoft Security)}, url = {https://www.youtube.com/watch?v=sP57_65hQbM}, language = {English}, urldate = {2023-03-13} } BlueHat 2023 Lightning Talk: Android Malware Obfuscation
2023-02-03MicrosoftClint Watts
@online{watts:20230203:iran:d8d3849, author = {Clint Watts}, title = {{Iran responsible for Charlie Hebdo attacks}}, date = {2023-02-03}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2023/02/03/dtac-charlie-hebdo-hack-iran-neptunium/}, language = {English}, urldate = {2023-02-06} } Iran responsible for Charlie Hebdo attacks
2023-02-02YouTube (SLEUTHCON)Christopher Glyer, Microsoft Threat Intelligence Center (MSTIC)
@online{glyer:20230202:lions:b21e15a, author = {Christopher Glyer and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Lions, Tigers, and Infostealers - Oh my!}}, date = {2023-02-02}, organization = {YouTube (SLEUTHCON)}, url = {https://www.youtube.com/watch?v=NI_Yw2t9zoo}, language = {English}, urldate = {2023-04-25} } Lions, Tigers, and Infostealers - Oh my!
RecordBreaker RedLine Stealer Vidar
2022-12-21TrustwaveWojciech Cieslak
@online{cieslak:20221221:malicious:e95b69a, author = {Wojciech Cieslak}, title = {{Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT}}, date = {2022-12-21}, organization = {Trustwave}, url = {https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/malicious-macros-adapt-to-use-microsoft-publisher-to-push-ekipa-rat/}, language = {English}, urldate = {2023-01-05} } Malicious Macros Adapt to Use Microsoft Publisher to Push Ekipa RAT
Ekipa RAT