Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-29MicrosoftMicrosoft Security Threat Intelligence, LinkedIn Threat Prevention and Defense
@online{intelligence:20220929:zinc:4b8e6c0, author = {Microsoft Security Threat Intelligence and LinkedIn Threat Prevention and Defense}, title = {{ZINC weaponizing open-source software}}, date = {2022-09-29}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/29/zinc-weaponizing-open-source-software/}, language = {English}, urldate = {2022-09-30} } ZINC weaponizing open-source software
2022-09-21MicrosoftMicrosoft Security Experts, Microsoft Detection and Response Team (DART)
@online{experts:20220921:art:657254d, author = {Microsoft Security Experts and Microsoft Detection and Response Team (DART)}, title = {{The art and science behind Microsoft threat hunting: Part 2}}, date = {2022-09-21}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/21/the-art-and-science-behind-microsoft-threat-hunting-part-2/}, language = {English}, urldate = {2022-09-26} } The art and science behind Microsoft threat hunting: Part 2
2022-09-08MicrosoftMicrosoft Security Experts, Microsoft Detection and Response Team (DART)
@online{experts:20220908:art:b42106d, author = {Microsoft Security Experts and Microsoft Detection and Response Team (DART)}, title = {{The art and science behind Microsoft threat hunting: Part 1}}, date = {2022-09-08}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/08/part-1-the-art-and-science-of-threat-hunting/}, language = {English}, urldate = {2022-09-13} } The art and science behind Microsoft threat hunting: Part 1
2022-09-08MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20220908:microsoft:66fa6e4, author = {Microsoft Security Threat Intelligence}, title = {{Microsoft investigates Iranian attacks against the Albanian government}}, date = {2022-09-08}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/08/microsoft-investigates-iranian-attacks-against-the-albanian-government}, language = {English}, urldate = {2022-09-13} } Microsoft investigates Iranian attacks against the Albanian government
ZeroCleare
2022-09-07MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20220907:profiling:26b424d, author = {Microsoft Security Threat Intelligence}, title = {{Profiling DEV-0270: PHOSPHORUS’ ransomware operations}}, date = {2022-09-07}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/07/profiling-dev-0270-phosphorus-ransomware-operations/}, language = {English}, urldate = {2022-09-13} } Profiling DEV-0270: PHOSPHORUS’ ransomware operations
2022-08-24MicrosoftMicrosoft Security Experts
@online{experts:20220824:looking:599689a, author = {Microsoft Security Experts}, title = {{Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks}}, date = {2022-08-24}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/24/looking-for-the-sliver-lining-hunting-for-emerging-command-and-control-frameworks}, language = {English}, urldate = {2022-08-30} } Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
BumbleBee Sliver
2022-08-04YouTube (Arda Büyükkaya)Arda Büyükkaya
@online{bykkaya:20220804:lockbit:15879e8, author = {Arda Büyükkaya}, title = {{LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool}}, date = {2022-08-04}, organization = {YouTube (Arda Büyükkaya)}, url = {https://www.youtube.com/watch?v=C733AyPzkoc}, language = {English}, urldate = {2022-08-08} } LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool
Cobalt Strike LockBit
2022-07-28SentinelOneJúlio Dantas, James Haughom, Julien Reisdorffer
@online{dantas:20220728:living:3cc6f4f, author = {Júlio Dantas and James Haughom and Julien Reisdorffer}, title = {{Living Off Windows Defender | LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool}}, date = {2022-07-28}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-security-tool/}, language = {English}, urldate = {2022-08-01} } Living Off Windows Defender | LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool
Cobalt Strike LockBit
2022-07-27MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), RiskIQ
@online{mstic:20220727:untangling:27dd5d0, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) and RiskIQ}, title = {{Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits}}, date = {2022-07-27}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/}, language = {English}, urldate = {2022-08-15} } Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
Subzero
2022-05-17Microsoft SecurityBerman Enconado, Laurie Kirk
@online{enconado:20220517:in:c234e4d, author = {Berman Enconado and Laurie Kirk}, title = {{In hot pursuit of ‘cryware’: Defending hot wallets from attacks}}, date = {2022-05-17}, organization = {Microsoft Security}, url = {https://www.microsoft.com/security/blog/2022/05/17/in-hot-pursuit-of-cryware-defending-hot-wallets-from-attacks/}, language = {English}, urldate = {2022-05-25} } In hot pursuit of ‘cryware’: Defending hot wallets from attacks
Mars Stealer RedLine Stealer
2022-05-09Microsoft SecurityMicrosoft Threat Intelligence Center, Microsoft 365 Defender Threat Intelligence Team
@online{center:20220509:ransomwareasaservice:3dac44d, author = {Microsoft Threat Intelligence Center and Microsoft 365 Defender Threat Intelligence Team}, title = {{Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself}}, date = {2022-05-09}, organization = {Microsoft Security}, url = {https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/}, language = {English}, urldate = {2022-06-02} } Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
Griffon BazarBackdoor BlackCat BlackMatter Blister Gozi LockBit Pandora Rook SystemBC TrickBot
2022-05-06Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20220506:twitter:7a00df8, author = {Microsoft Security Intelligence}, title = {{Twitter Thread on initial infeciton of SocGholish/ FAKEUPDATES campaigns lead to BLISTER Loader, CobaltStrike, Lockbit and followed by Hands On Keyboard activity}}, date = {2022-05-06}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1522690116979855360}, language = {English}, urldate = {2022-05-09} } Twitter Thread on initial infeciton of SocGholish/ FAKEUPDATES campaigns lead to BLISTER Loader, CobaltStrike, Lockbit and followed by Hands On Keyboard activity
FAKEUPDATES Blister Cobalt Strike LockBit
2022-04-12Microsoft SecurityDetection and Response Team (DART)
@online{dart:20220412:tarrask:4789795, author = {Detection and Response Team (DART)}, title = {{Tarrask malware uses scheduled tasks for defense evasion}}, date = {2022-04-12}, organization = {Microsoft Security}, url = {https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/}, language = {English}, urldate = {2022-05-04} } Tarrask malware uses scheduled tasks for defense evasion
Godzilla Webshell
2022-01-15MicrosoftMicrosoft, Microsoft Security Intelligence, Microsoft Digital Security Unit (DSU), Microsoft Detection and Response Team (DART), Microsoft 365 Defender Threat Intelligence Team
@online{microsoft:20220115:destructive:77ac2f5, author = {Microsoft and Microsoft Security Intelligence and Microsoft Digital Security Unit (DSU) and Microsoft Detection and Response Team (DART) and Microsoft 365 Defender Threat Intelligence Team}, title = {{Destructive malware targeting Ukrainian organizations (DEV-0586)}}, date = {2022-01-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/}, language = {English}, urldate = {2022-01-18} } Destructive malware targeting Ukrainian organizations (DEV-0586)
WhisperGate DEV-0586
2021-10-21Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20211021:new:11cf9aa, author = {Microsoft Security Intelligence}, title = {{Tweet on new variant of mac malware UpdateAgent/WizardUpdate}}, date = {2021-10-21}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1451279679059488773}, language = {English}, urldate = {2021-10-26} } Tweet on new variant of mac malware UpdateAgent/WizardUpdate
Vigram
2021-09-25Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210925:thread:afea874, author = {Microsoft Security Intelligence}, title = {{Thread on Malicious Android apps posing as bank loan services are being widely distributed to targets in Asia}}, date = {2021-09-25}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1441524497924833282?s=20}, language = {English}, urldate = {2021-09-28} } Thread on Malicious Android apps posing as bank loan services are being widely distributed to targets in Asia
Unidentified APK 006
2021-07-24Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210724:attackers:4a3d443, author = {Microsoft Security Intelligence}, title = {{Tweet on attackers increasingly using HTML smuggling in phishing and other email campaigns to deliver Casbaneiro}}, date = {2021-07-24}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1418706916922986504}, language = {English}, urldate = {2021-08-02} } Tweet on attackers increasingly using HTML smuggling in phishing and other email campaigns to deliver Casbaneiro
Metamorfo
2021-06-11Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210611:solarmarkerjupyter:86c4f14, author = {Microsoft Security Intelligence}, title = {{Tweet on solarmarker/Jupyter malware}}, date = {2021-06-11}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1403461397283950597}, language = {English}, urldate = {2021-06-21} } Tweet on solarmarker/Jupyter malware
solarmarker
2021-05-20Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210520:javabased:ce966f5, author = {Microsoft Security Intelligence}, title = {{Tweet on Java-based STRRAT malware campaign distributed via email}}, date = {2021-05-20}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1395138347601854465}, language = {English}, urldate = {2021-05-25} } Tweet on Java-based STRRAT malware campaign distributed via email
STRRAT
2021-05-11Twitter (@MsftSecIntel)Microsoft Security Intelligence
@online{intelligence:20210511:snip3:69a4650, author = {Microsoft Security Intelligence}, title = {{Tweet on Snip3 crypter delivering AsyncRAT or AgentTesla}}, date = {2021-05-11}, organization = {Twitter (@MsftSecIntel)}, url = {https://twitter.com/MsftSecIntel/status/1392219299696152578}, language = {English}, urldate = {2021-05-13} } Tweet on Snip3 crypter delivering AsyncRAT or AgentTesla
Agent Tesla AsyncRAT