Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-06-18MicrosoftMicrosoft Threat Protection Intelligence Team
@online{team:20200618:inside:4d53bcc, author = {Microsoft Threat Protection Intelligence Team}, title = {{Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint (APT33/HOLMIUM)}}, date = {2020-06-18}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/06/18/inside-microsoft-threat-protection-mapping-attack-chains-from-cloud-to-endpoint/}, language = {English}, urldate = {2020-06-19} } Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint (APT33/HOLMIUM)
POWERTON
2020-06-17Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20200617:thread:b4b74d5, author = {Microsoft Security Intelligence}, title = {{A tweet thread on TA505 using CAPTCHA to avoid detection and infecting victims with FlawedGrace}}, date = {2020-06-17}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1273359829390655488}, language = {English}, urldate = {2020-06-18} } A tweet thread on TA505 using CAPTCHA to avoid detection and infecting victims with FlawedGrace
FlawedGrace
2020-06-16MicrosoftMicrosoft Threat Protection Intelligence Team
@online{team:20200616:exploiting:3cb9ac3, author = {Microsoft Threat Protection Intelligence Team}, title = {{Exploiting a crisis: How cybercriminals behaved during the outbreak}}, date = {2020-06-16}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/06/16/exploiting-a-crisis-how-cybercriminals-behaved-during-the-outbreak/}, language = {English}, urldate = {2020-06-17} } Exploiting a crisis: How cybercriminals behaved during the outbreak
2020-06-10MicrosoftYossi Weizman
@online{weizman:20200610:misconfigured:4ca63a9, author = {Yossi Weizman}, title = {{Misconfigured Kubeflow workloads are a security risk}}, date = {2020-06-10}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/06/10/misconfigured-kubeflow-workloads-are-a-security-risk/}, language = {English}, urldate = {2020-06-11} } Misconfigured Kubeflow workloads are a security risk
2020-06-09MicrosoftRob Mead, Tom McElroy
@online{mead:20200609:web:825fd05, author = {Rob Mead and Tom McElroy}, title = {{Web shell threat hunting with Azure Sentinel and Microsoft Threat Protection}}, date = {2020-06-09}, organization = {Microsoft}, url = {https://techcommunity.microsoft.com/t5/azure-sentinel/web-shell-threat-hunting-with-azure-sentinel-and-microsoft/ba-p/1448065}, language = {English}, urldate = {2020-06-10} } Web shell threat hunting with Azure Sentinel and Microsoft Threat Protection
2020-05-28Bleeping ComputerAx Sharma
@online{sharma:20200528:microsoft:b02ddb1, author = {Ax Sharma}, title = {{Microsoft IIS servers hacked by Blue Mockingbird to mine Monero}}, date = {2020-05-28}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/microsoft-iis-servers-hacked-by-blue-mockingbird-to-mine-monero/}, language = {English}, urldate = {2020-06-02} } Microsoft IIS servers hacked by Blue Mockingbird to mine Monero
2020-04-28MicrosoftMicrosoft Threat Protection Intelligence Team
@online{team:20200428:ransomware:3205f3a, author = {Microsoft Threat Protection Intelligence Team}, title = {{Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk}}, date = {2020-04-28}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/}, language = {English}, urldate = {2020-05-05} } Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk
LockBit Mailto Maze MedusaLocker Paradise Ransomware RagnarLocker REvil RobinHood
2020-04-03Bleeping ComputerSergiu Gatlan
@online{gatlan:20200403:microsoft:c12a844, author = {Sergiu Gatlan}, title = {{Microsoft: Emotet Took Down a Network by Overheating All Computers}}, date = {2020-04-03}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/microsoft-emotet-took-down-a-network-by-overheating-all-computers/}, language = {English}, urldate = {2020-04-08} } Microsoft: Emotet Took Down a Network by Overheating All Computers
Emotet
2020-03-23MicrosoftMicrosoft Defender ATP Research Team
@online{team:20200323:latest:c58e3ed, author = {Microsoft Defender ATP Research Team}, title = {{Latest Astaroth living-off-the-land attacks are even more invisible but not less observable}}, date = {2020-03-23}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/03/23/latest-astaroth-living-off-the-land-attacks-are-even-more-invisible-but-not-less-observable/}, language = {English}, urldate = {2020-03-26} } Latest Astaroth living-off-the-land attacks are even more invisible but not less observable
Astaroth
2020-03-10MicrosoftTom Burt
@online{burt:20200310:new:251948a, author = {Tom Burt}, title = {{New action to disrupt world’s largest online criminal network}}, date = {2020-03-10}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2020/03/10/necurs-botnet-cyber-crime-disrupt/}, language = {English}, urldate = {2020-03-11} } New action to disrupt world’s largest online criminal network
Necurs
2020-03-05MicrosoftMicrosoft Threat Protection Intelligence Team
@online{team:20200305:humanoperated:d90a28e, author = {Microsoft Threat Protection Intelligence Team}, title = {{Human-operated ransomware attacks: A preventable disaster}}, date = {2020-03-05}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/}, language = {English}, urldate = {2020-03-06} } Human-operated ransomware attacks: A preventable disaster
Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor
2020-01-21MicrosoftMicrosoft Defender ATP Research Team
@online{team:20200121:sload:2a2962b, author = {Microsoft Defender ATP Research Team}, title = {{sLoad launches version 2.0, Starslord}}, date = {2020-01-21}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/01/21/sload-launches-version-2-0-starslord/}, language = {English}, urldate = {2020-01-22} } sLoad launches version 2.0, Starslord
sLoad
2019-12-18US District Court for the Eastern District of Virginia
@online{virginia:20191218:microsoft:0576bc3, author = {US District Court for the Eastern District of Virginia}, title = {{MICROSOFT CORPORATION, Plaintiff, v. JOHN DOES 1-2, CONTROLLING A COMPUTER NETWORK THEREBY INJURING PLAINTIFF AND ITS CUSTOMERS}}, date = {2019-12-18}, url = {https://www.bloomberglaw.com/document/public/subdoc/X67FPNDOUBV9VOPS35A4864BFIU?imagename=1}, language = {English}, urldate = {2020-04-28} } MICROSOFT CORPORATION, Plaintiff, v. JOHN DOES 1-2, CONTROLLING A COMPUTER NETWORK THEREBY INJURING PLAINTIFF AND ITS CUSTOMERS
BabyShark Kimsuky
2019-12-12MicrosoftMicrosoft Threat Intelligence Center
@online{center:20191212:gallium:79f6460, author = {Microsoft Threat Intelligence Center}, title = {{GALLIUM: Targeting global telecom}}, date = {2019-12-12}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2019/12/12/gallium-targeting-global-telecom/}, language = {English}, urldate = {2020-01-07} } GALLIUM: Targeting global telecom
Ghost RAT HTran GALLIUM
2019-11-26MicrosoftMicrosoft Defender ATP Research Team
@online{team:20191126:insights:8fd4b6c, author = {Microsoft Defender ATP Research Team}, title = {{Insights from one year of tracking a polymorphic threat}}, date = {2019-11-26}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2019/11/26/insights-from-one-year-of-tracking-a-polymorphic-threat/}, language = {English}, urldate = {2020-01-08} } Insights from one year of tracking a polymorphic threat
Dexphot
2019-10-21ESET ResearchMathieu Tartare
@online{tartare:20191021:winnti:eb2c722, author = {Mathieu Tartare}, title = {{Winnti Group’s skip‑2.0: A Microsoft SQL Server backdoor}}, date = {2019-10-21}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2019/10/21/winnti-group-skip2-0-microsoft-sql-server-backdoor/}, language = {English}, urldate = {2019-11-14} } Winnti Group’s skip‑2.0: A Microsoft SQL Server backdoor
LOWKEY skip-2.0
2019-09-26MicrosoftMicrosoft Defender ATP Research Team
@online{team:20190926:bring:d73d53e, author = {Microsoft Defender ATP Research Team}, title = {{Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware}}, date = {2019-09-26}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2019/09/26/bring-your-own-lolbin-multi-stage-fileless-nodersok-campaign-delivers-rare-node-js-based-malware/}, language = {English}, urldate = {2020-05-18} } Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware
Divergent
2019-09-26ProofpointBryan Campbell, Jeremy Hedges, Proofpoint Threat Insight Team
@online{campbell:20190926:new:d228362, author = {Bryan Campbell and Jeremy Hedges and Proofpoint Threat Insight Team}, title = {{New WhiteShadow downloader uses Microsoft SQL to retrieve malware}}, date = {2019-09-26}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/new-whiteshadow-downloader-uses-microsoft-sql-retrieve-malware}, language = {English}, urldate = {2020-02-26} } New WhiteShadow downloader uses Microsoft SQL to retrieve malware
WhiteShadow Agent Tesla Azorult Crimson RAT Formbook Nanocore RAT NetWire RC NjRAT Remcos
2019-07-08MicrosoftMicrosoft Defender ATP Research Team
@online{team:20190708:dismantling:7570b60, author = {Microsoft Defender ATP Research Team}, title = {{Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack}}, date = {2019-07-08}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/}, language = {English}, urldate = {2019-12-02} } Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack
Astaroth
2019-06-05FireEyeSwapnil Patil
@online{patil:20190605:government:ad9e70d, author = {Swapnil Patil}, title = {{Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities}}, date = {2019-06-05}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2019/06/government-in-central-asia-targeted-with-hawkball-backdoor.html}, language = {English}, urldate = {2019-12-20} } Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities
HAWKBALL