Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-22MicrosoftMicrosoft 365 Defender Research Team
@online{team:20220922:malicious:a32eecc, author = {Microsoft 365 Defender Research Team}, title = {{Malicious OAuth applications used to compromise email servers and spread spam}}, date = {2022-09-22}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/22/malicious-oauth-applications-used-to-compromise-email-servers-and-spread-spam/}, language = {English}, urldate = {2022-09-26} } Malicious OAuth applications used to compromise email servers and spread spam
2022-09-21MicrosoftMicrosoft Security Experts, Microsoft Detection and Response Team (DART)
@online{experts:20220921:art:657254d, author = {Microsoft Security Experts and Microsoft Detection and Response Team (DART)}, title = {{The art and science behind Microsoft threat hunting: Part 2}}, date = {2022-09-21}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/21/the-art-and-science-behind-microsoft-threat-hunting-part-2/}, language = {English}, urldate = {2022-09-26} } The art and science behind Microsoft threat hunting: Part 2
2022-09-21MicrosoftMicrosoft 365 Defender Research Team, Shivang Desai, Abhishek Pustakala, Harshita Tripathi
@online{team:20220921:rewards:daf8b35, author = {Microsoft 365 Defender Research Team and Shivang Desai and Abhishek Pustakala and Harshita Tripathi}, title = {{Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices}}, date = {2022-09-21}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/21/rewards-plus-fake-mobile-banking-rewards-apps-lure-users-to-install-info-stealing-rat-on-android-devices/}, language = {English}, urldate = {2022-09-26} } Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices
2022-09-08MicrosoftMicrosoft Security Experts, Microsoft Detection and Response Team (DART)
@online{experts:20220908:art:b42106d, author = {Microsoft Security Experts and Microsoft Detection and Response Team (DART)}, title = {{The art and science behind Microsoft threat hunting: Part 1}}, date = {2022-09-08}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/08/part-1-the-art-and-science-of-threat-hunting/}, language = {English}, urldate = {2022-09-13} } The art and science behind Microsoft threat hunting: Part 1
2022-09-08MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20220908:microsoft:66fa6e4, author = {Microsoft Security Threat Intelligence}, title = {{Microsoft investigates Iranian attacks against the Albanian government}}, date = {2022-09-08}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/08/microsoft-investigates-iranian-attacks-against-the-albanian-government}, language = {English}, urldate = {2022-09-13} } Microsoft investigates Iranian attacks against the Albanian government
ZeroCleare
2022-09-07MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20220907:profiling:26b424d, author = {Microsoft Security Threat Intelligence}, title = {{Profiling DEV-0270: PHOSPHORUS’ ransomware operations}}, date = {2022-09-07}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/07/profiling-dev-0270-phosphorus-ransomware-operations/}, language = {English}, urldate = {2022-09-13} } Profiling DEV-0270: PHOSPHORUS’ ransomware operations
2022-08-25MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Research Team, Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20220825:mercury:a02a670, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team and Microsoft 365 Defender Threat Intelligence Team}, title = {{MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations}}, date = {2022-08-25}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/25/mercury-leveraging-log4j-2-vulnerabilities-in-unpatched-systems-to-target-israeli-organizations}, language = {English}, urldate = {2022-08-30} } MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
MimiKatz
2022-08-24MicrosoftMicrosoft Security Experts
@online{experts:20220824:looking:599689a, author = {Microsoft Security Experts}, title = {{Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks}}, date = {2022-08-24}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/24/looking-for-the-sliver-lining-hunting-for-emerging-command-and-control-frameworks}, language = {English}, urldate = {2022-08-30} } Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
BumbleBee Sliver
2022-08-24MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Detection and Response Team (DART), Microsoft 365 Defender Team
@online{mstic:20220824:magicweb:1bb7204, author = {Microsoft Threat Intelligence Center (MSTIC) and Detection and Response Team (DART) and Microsoft 365 Defender Team}, title = {{MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone}}, date = {2022-08-24}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-authenticate-as-anyone/}, language = {English}, urldate = {2022-08-28} } MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
2022-08-22MicrosoftMicrosoft
@online{microsoft:20220822:extortion:67c26d4, author = {Microsoft}, title = {{Extortion Economics - Ransomware’s new business model}}, date = {2022-08-22}, organization = {Microsoft}, url = {https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE54L7v}, language = {English}, urldate = {2022-08-31} } Extortion Economics - Ransomware’s new business model
BlackCat Conti Hive REvil AgendaCrypt Black Basta BlackCat Brute Ratel C4 Cobalt Strike Conti Hive Mount Locker Nokoyawa Ransomware REvil Ryuk
2022-08-21ResecurityResecurity
@online{resecurity:20220821:escanor:df2d766, author = {Resecurity}, title = {{Escanor Malware Delivered In Weaponized Microsoft Office Documents}}, date = {2022-08-21}, organization = {Resecurity}, url = {https://resecurity.com/blog/article/escanor-malware-delivered-in-weaponized-microsoft-office-documents}, language = {English}, urldate = {2022-08-28} } Escanor Malware Delivered In Weaponized Microsoft Office Documents
2022-08-18MicrosoftSuriyaraj Natarajan, Andrea Lelli, Amitrajit Banerjee, Microsoft 365 Defender Research Team
@online{natarajan:20220818:hardwarebased:3c88744, author = {Suriyaraj Natarajan and Andrea Lelli and Amitrajit Banerjee and Microsoft 365 Defender Research Team}, title = {{Hardware-based threat defense against increasingly complex cryptojackers}}, date = {2022-08-18}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/18/hardware-based-threat-defense-against-increasingly-complex-cryptojackers}, language = {English}, urldate = {2022-08-18} } Hardware-based threat defense against increasingly complex cryptojackers
2022-08-18MandiantDouglas Bienstock
@online{bienstock:20220818:you:f22ee5c, author = {Douglas Bienstock}, title = {{You Can’t Audit Me: APT29 Continues Targeting Microsoft 365}}, date = {2022-08-18}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/apt29-continues-targeting-microsoft}, language = {English}, urldate = {2022-08-18} } You Can’t Audit Me: APT29 Continues Targeting Microsoft 365
2022-08-15MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Office 365 Threat Research Team, Digital Threat Analysis Center (DTAC)
@online{mstic:20220815:disrupting:6429d3a, author = {Microsoft Threat Intelligence Center (MSTIC) and Office 365 Threat Research Team and Digital Threat Analysis Center (DTAC)}, title = {{Disrupting SEABORGIUM’s ongoing phishing operations}}, date = {2022-08-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations}, language = {English}, urldate = {2022-08-18} } Disrupting SEABORGIUM’s ongoing phishing operations
Callisto
2022-08-15MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Office 365 Threat Research Team, Digital Threat Analysis Center (DTAC)
@online{mstic:20220815:disrupting:528a65e, author = {Microsoft Threat Intelligence Center (MSTIC) and Office 365 Threat Research Team and Digital Threat Analysis Center (DTAC)}, title = {{Disrupting SEABORGIUM’s ongoing phishing operations}}, date = {2022-08-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/}, language = {English}, urldate = {2022-08-17} } Disrupting SEABORGIUM’s ongoing phishing operations
2022-08-04YouTube (Arda Büyükkaya)Arda Büyükkaya
@online{bykkaya:20220804:lockbit:15879e8, author = {Arda Büyükkaya}, title = {{LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool}}, date = {2022-08-04}, organization = {YouTube (Arda Büyükkaya)}, url = {https://www.youtube.com/watch?v=C733AyPzkoc}, language = {English}, urldate = {2022-08-08} } LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool
Cobalt Strike LockBit
2022-08-03FortinetWayne Chin Yick Low
@online{low:20220803:journey:7d7b2ae, author = {Wayne Chin Yick Low}, title = {{Journey to Network Protocol Fuzzing – Dissecting Microsoft IMAP Client Protocol}}, date = {2022-08-03}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/analyzing-microsoft-imap-client-protocol}, language = {English}, urldate = {2022-08-11} } Journey to Network Protocol Fuzzing – Dissecting Microsoft IMAP Client Protocol
2022-08-02ZscalerSudeep Singh, Jagadeeswar Ramanukolanu
@online{singh:20220802:largescale:ae7725e, author = {Sudeep Singh and Jagadeeswar Ramanukolanu}, title = {{Large-Scale AiTM Attack targeting enterprise users of Microsoft email services}}, date = {2022-08-02}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/large-scale-aitm-attack-targeting-enterprise-users-microsoft-email-services}, language = {English}, urldate = {2022-08-08} } Large-Scale AiTM Attack targeting enterprise users of Microsoft email services
2022-07-30The Hacker NewsRavie Lakshmanan
@online{lakshmanan:20220730:microsoft:0f1459e, author = {Ravie Lakshmanan}, title = {{Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers}}, date = {2022-07-30}, organization = {The Hacker News}, url = {https://thehackernews.com/2022/07/microsoft-links-raspberry-robin-usb.html?_m=3n%2e009a%2e2800%2ejp0ao0cjb8%2e1shm}, language = {English}, urldate = {2022-08-02} } Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers
FAKEUPDATES Raspberry Robin
2022-07-29RiskIQJordan Herman
@online{herman:20220729:falling:12d2d82, author = {Jordan Herman}, title = {{Falling Into a Nest of Vipers or: "Why'd it have to be snakes?" (Microsoft Threat Intelligence Brief)}}, date = {2022-07-29}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/f3179571}, language = {English}, urldate = {2022-09-19} } Falling Into a Nest of Vipers or: "Why'd it have to be snakes?" (Microsoft Threat Intelligence Brief)