Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-03-23MicrosoftMicrosoft Defender ATP Research Team
@online{team:20200323:latest:c58e3ed, author = {Microsoft Defender ATP Research Team}, title = {{Latest Astaroth living-off-the-land attacks are even more invisible but not less observable}}, date = {2020-03-23}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/03/23/latest-astaroth-living-off-the-land-attacks-are-even-more-invisible-but-not-less-observable/}, language = {English}, urldate = {2020-03-26} } Latest Astaroth living-off-the-land attacks are even more invisible but not less observable
Astaroth
2020-01-21MicrosoftMicrosoft Defender ATP Research Team
@online{team:20200121:sload:2a2962b, author = {Microsoft Defender ATP Research Team}, title = {{sLoad launches version 2.0, Starslord}}, date = {2020-01-21}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/01/21/sload-launches-version-2-0-starslord/}, language = {English}, urldate = {2020-01-22} } sLoad launches version 2.0, Starslord
sLoad
2019-11-26MicrosoftMicrosoft Defender ATP Research Team
@online{team:20191126:insights:8fd4b6c, author = {Microsoft Defender ATP Research Team}, title = {{Insights from one year of tracking a polymorphic threat}}, date = {2019-11-26}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2019/11/26/insights-from-one-year-of-tracking-a-polymorphic-threat/}, language = {English}, urldate = {2020-01-08} } Insights from one year of tracking a polymorphic threat
Dexphot
2019-09-26MicrosoftMicrosoft Defender ATP Research Team
@online{team:20190926:bring:d73d53e, author = {Microsoft Defender ATP Research Team}, title = {{Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware}}, date = {2019-09-26}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2019/09/26/bring-your-own-lolbin-multi-stage-fileless-nodersok-campaign-delivers-rare-node-js-based-malware/}, language = {English}, urldate = {2020-05-18} } Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware
Divergent
2019-07-08MicrosoftMicrosoft Defender ATP Research Team
@online{team:20190708:dismantling:7570b60, author = {Microsoft Defender ATP Research Team}, title = {{Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack}}, date = {2019-07-08}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/}, language = {English}, urldate = {2019-12-02} } Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack
Astaroth
2018-12-03MicrosoftMicrosoft Defender ATP Research Team
@online{team:20181203:analysis:828df29, author = {Microsoft Defender ATP Research Team}, title = {{Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers}}, date = {2018-12-03}, organization = {Microsoft}, url = {https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/analysis-of-cyberattack-on-u-s-think-tanks-non-profits-public-sector-by-unidentified-attackers/}, language = {English}, urldate = {2020-01-09} } Analysis of cyberattack on U.S. think tanks, non-profits, public sector by unidentified attackers
APT29
2018-04-04MicrosoftMicrosoft Defender ATP Research Team
@online{team:20180404:hunting:fe0f809, author = {Microsoft Defender ATP Research Team}, title = {{Hunting down Dofoil with Windows Defender ATP}}, date = {2018-04-04}, organization = {Microsoft}, url = {https://cloudblogs.microsoft.com/microsoftsecure/2018/04/04/hunting-down-dofoil-with-windows-defender-atp/}, language = {English}, urldate = {2020-01-08} } Hunting down Dofoil with Windows Defender ATP
SmokeLoader
2018-03-01MicrosoftOffice 365 Threat Research Team, Microsoft Defender ATP Research Team
@online{team:20180301:finfisher:e1de78f, author = {Office 365 Threat Research Team and Microsoft Defender ATP Research Team}, title = {{FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines}}, date = {2018-03-01}, organization = {Microsoft}, url = {https://cloudblogs.microsoft.com/microsoftsecure/2018/03/01/finfisher-exposed-a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/}, language = {English}, urldate = {2020-01-08} } FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines
FinFisher RAT
2017-12-04MicrosoftMicrosoft Defender ATP Research Team, Microsoft Digital Crimes Unit
@online{team:20171204:microsoft:0cab56d, author = {Microsoft Defender ATP Research Team and Microsoft Digital Crimes Unit}, title = {{Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)}}, date = {2017-12-04}, organization = {Microsoft}, url = {https://blogs.technet.microsoft.com/mmpc/2017/12/04/microsoft-teams-up-with-law-enforcement-and-other-partners-to-disrupt-gamarue-andromeda/}, language = {English}, urldate = {2020-01-13} } Microsoft teams up with law enforcement and other partners to disrupt Gamarue (Andromeda)
Andromeda
2017-11-06MicrosoftMicrosoft Defender ATP Research Team
@online{team:20171106:mitigating:b623a70, author = {Microsoft Defender ATP Research Team}, title = {{Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks}}, date = {2017-11-06}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2017/11/06/mitigating-and-eliminating-info-stealing-qakbot-and-emotet-in-corporate-networks/}, language = {English}, urldate = {2020-10-23} } Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
Emotet QakBot
2017-11-06MicrosoftMicrosoft Defender ATP Research Team
@online{team:20171106:mitigating:f52d1d9, author = {Microsoft Defender ATP Research Team}, title = {{Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks}}, date = {2017-11-06}, organization = {Microsoft}, url = {https://cloudblogs.microsoft.com/microsoftsecure/2017/11/06/mitigating-and-eliminating-info-stealing-qakbot-and-emotet-in-corporate-networks/?source=mmpc}, language = {English}, urldate = {2019-12-18} } Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
Emotet
2017-06-29MicrosoftMicrosoft Defender ATP Research Team
@online{team:20170629:windows:f957ff3, author = {Microsoft Defender ATP Research Team}, title = {{Windows 10 platform resilience against the Petya ransomware attack}}, date = {2017-06-29}, organization = {Microsoft}, url = {https://blogs.technet.microsoft.com/mmpc/2017/06/29/windows-10-platform-resilience-against-the-petya-ransomware-attack/}, language = {English}, urldate = {2020-01-07} } Windows 10 platform resilience against the Petya ransomware attack
EternalPetya
2017-06-27MicrosoftMicrosoft Defender ATP Research Team
@online{team:20170627:new:385fe97, author = {Microsoft Defender ATP Research Team}, title = {{New ransomware, old techniques: Petya adds worm capabilities}}, date = {2017-06-27}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/}, language = {English}, urldate = {2020-03-06} } New ransomware, old techniques: Petya adds worm capabilities
Petya
2017-06-07MicrosoftMicrosoft Defender ATP Research Team
@online{team:20170607:platinum:38b4122, author = {Microsoft Defender ATP Research Team}, title = {{PLATINUM continues to evolve, find ways to maintain invisibility}}, date = {2017-06-07}, organization = {Microsoft}, url = {https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/}, language = {English}, urldate = {2019-11-25} } PLATINUM continues to evolve, find ways to maintain invisibility
AMTsol
2017-03-27MicrosoftMicrosoft Defender ATP Research Team
@online{team:20170327:detecting:46740f0, author = {Microsoft Defender ATP Research Team}, title = {{Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005}}, date = {2017-03-27}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/}, language = {English}, urldate = {2020-01-08} } Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005
APT31
2017-01-25MicrosoftMicrosoft Defender ATP Research Team
@online{team:20170125:detecting:92af610, author = {Microsoft Defender ATP Research Team}, title = {{Detecting threat actors in recent German industrial attacks with Windows Defender ATP}}, date = {2017-01-25}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2017/01/25/detecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp/}, language = {English}, urldate = {2020-01-06} } Detecting threat actors in recent German industrial attacks with Windows Defender ATP
APT41
2016-12-14MicrosoftMicrosoft Defender ATP Research Team
@online{team:20161214:twin:d8711b9, author = {Microsoft Defender ATP Research Team}, title = {{Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe}}, date = {2016-12-14}, organization = {Microsoft}, url = {https://blogs.technet.microsoft.com/mmpc/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/}, language = {English}, urldate = {2020-01-09} } Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe
NEODYMIUM
2016-12-14MicrosoftMicrosoft Defender ATP Research Team
@online{team:20161214:twin:17e1d49, author = {Microsoft Defender ATP Research Team}, title = {{Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe}}, date = {2016-12-14}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2016/12/14/twin-zero-day-attacks-promethium-and-neodymium-target-individuals-in-europe/}, language = {English}, urldate = {2020-01-13} } Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe
PROMETHIUM
2016-12-09MicrosoftMicrosoft Defender ATP Research Team
@online{team:20161209:windows:d74c9b6, author = {Microsoft Defender ATP Research Team}, title = {{Windows 10: protection, detection, and response against recent Depriz malware attacks}}, date = {2016-12-09}, organization = {Microsoft}, url = {https://blogs.technet.microsoft.com/mmpc/2016/12/09/windows-10-protection-detection-and-response-against-recent-attacks/}, language = {English}, urldate = {2020-01-08} } Windows 10: protection, detection, and response against recent Depriz malware attacks
TERBIUM
2016-07-13MicrosoftMicrosoft Defender ATP Research Team
@online{team:20160713:troldesh:52c2dc3, author = {Microsoft Defender ATP Research Team}, title = {{Troldesh ransomware influenced by (the) Da Vinci code}}, date = {2016-07-13}, organization = {Microsoft}, url = {https://blogs.technet.microsoft.com/mmpc/2016/07/13/troldesh-ransomware-influenced-by-the-da-vinci-code/}, language = {English}, urldate = {2020-01-13} } Troldesh ransomware influenced by (the) Da Vinci code
Troldesh