Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-02Youtube (Microsoft Security Response Center (MSRC))Daniel Taylor, Ben Magee
@online{taylor:20230302:bluehat:cdd75a0, author = {Daniel Taylor and Ben Magee}, title = {{BlueHat 2023: Hunting Qakbot with Daniel Taylor & Ben Magee}}, date = {2023-03-02}, organization = {Youtube (Microsoft Security Response Center (MSRC))}, url = {https://www.youtube.com/watch?v=OCRyEUhiEyw}, language = {English}, urldate = {2023-04-18} } BlueHat 2023: Hunting Qakbot with Daniel Taylor & Ben Magee
QakBot
2023-03-02YouTube (Microsoft Security)Laurie Kirk
@online{kirk:20230302:bluehat:e91d4c1, author = {Laurie Kirk}, title = {{BlueHat 2023 Lightning Talk: Android Malware Obfuscation}}, date = {2023-03-02}, organization = {YouTube (Microsoft Security)}, url = {https://www.youtube.com/watch?v=sP57_65hQbM}, language = {English}, urldate = {2023-03-13} } BlueHat 2023 Lightning Talk: Android Malware Obfuscation
2022-12-21MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221221:microsoft:3e9b011, author = {Microsoft Security Threat Intelligence}, title = {{Microsoft research uncovers new Zerobot capabilities}}, date = {2022-12-21}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities/}, language = {English}, urldate = {2022-12-29} } Microsoft research uncovers new Zerobot capabilities
ZeroBot SparkRAT
2022-11-17MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221117:dev0569:86675d7, author = {Microsoft Security Threat Intelligence}, title = {{DEV-0569 finds new ways to deliver Royal ransomware, various payloads}}, date = {2022-11-17}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2022/11/17/dev-0569-finds-new-ways-to-deliver-royal-ransomware-various-payloads/}, language = {English}, urldate = {2023-01-05} } DEV-0569 finds new ways to deliver Royal ransomware, various payloads
Royal Ransom
2022-10-27MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221027:raspberry:b6d1ce4, author = {Microsoft Security Threat Intelligence}, title = {{Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity}}, date = {2022-10-27}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/}, language = {English}, urldate = {2023-03-13} } Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
FAKEUPDATES BumbleBee Fauppod PhotoLoader Raspberry Robin Roshtyak
2022-10-25MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221025:dev0832:5d16a04, author = {Microsoft Security Threat Intelligence}, title = {{DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector}}, date = {2022-10-25}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2022/10/25/dev-0832-vice-society-opportunistic-ransomware-campaigns-impacting-us-education-sector/}, language = {English}, urldate = {2023-02-03} } DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector
BlackCat Mount Locker Zeppelin
2022-10-22MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221022:dev0952:21116ee, author = {Microsoft Security Threat Intelligence}, title = {{DEV-0952 deploys Daixin ransomware at hospitals}}, date = {2022-10-22}, organization = {Microsoft}, url = {https://community.riskiq.com/article/2f515d18}, language = {English}, urldate = {2022-10-24} } DEV-0952 deploys Daixin ransomware at hospitals
2022-10-14MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221014:new:96a6fbd, author = {Microsoft Security Threat Intelligence}, title = {{New “Prestige” ransomware impacts organizations in Ukraine and Poland}}, date = {2022-10-14}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/}, language = {English}, urldate = {2022-10-14} } New “Prestige” ransomware impacts organizations in Ukraine and Poland
Prestige
2022-10-05MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20221005:detecting:76c0e4f, author = {Microsoft Security Threat Intelligence}, title = {{Detecting and preventing LSASS credential dumping attacks}}, date = {2022-10-05}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/10/05/detecting-and-preventing-lsass-credential-dumping-attacks/}, language = {English}, urldate = {2022-10-17} } Detecting and preventing LSASS credential dumping attacks
2022-09-30MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20220930:analyzing:115d508, author = {Microsoft Security Threat Intelligence}, title = {{Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082}}, date = {2022-09-30}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082}, language = {English}, urldate = {2022-10-17} } Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082
2022-09-29MicrosoftMicrosoft Security Threat Intelligence, LinkedIn Threat Prevention and Defense
@online{intelligence:20220929:zinc:4b8e6c0, author = {Microsoft Security Threat Intelligence and LinkedIn Threat Prevention and Defense}, title = {{ZINC weaponizing open-source software}}, date = {2022-09-29}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/29/zinc-weaponizing-open-source-software/}, language = {English}, urldate = {2022-09-30} } ZINC weaponizing open-source software
2022-09-21MicrosoftMicrosoft Security Experts, Microsoft Detection and Response Team (DART)
@online{experts:20220921:art:657254d, author = {Microsoft Security Experts and Microsoft Detection and Response Team (DART)}, title = {{The art and science behind Microsoft threat hunting: Part 2}}, date = {2022-09-21}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/21/the-art-and-science-behind-microsoft-threat-hunting-part-2/}, language = {English}, urldate = {2022-09-26} } The art and science behind Microsoft threat hunting: Part 2
2022-09-08MicrosoftMicrosoft Security Experts, Microsoft Detection and Response Team (DART)
@online{experts:20220908:art:b42106d, author = {Microsoft Security Experts and Microsoft Detection and Response Team (DART)}, title = {{The art and science behind Microsoft threat hunting: Part 1}}, date = {2022-09-08}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/08/part-1-the-art-and-science-of-threat-hunting/}, language = {English}, urldate = {2022-09-13} } The art and science behind Microsoft threat hunting: Part 1
2022-09-08MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20220908:microsoft:66fa6e4, author = {Microsoft Security Threat Intelligence}, title = {{Microsoft investigates Iranian attacks against the Albanian government}}, date = {2022-09-08}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/08/microsoft-investigates-iranian-attacks-against-the-albanian-government}, language = {English}, urldate = {2022-09-13} } Microsoft investigates Iranian attacks against the Albanian government
ZeroCleare
2022-09-07MicrosoftMicrosoft Security Threat Intelligence
@online{intelligence:20220907:profiling:26b424d, author = {Microsoft Security Threat Intelligence}, title = {{Profiling DEV-0270: PHOSPHORUS’ ransomware operations}}, date = {2022-09-07}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/09/07/profiling-dev-0270-phosphorus-ransomware-operations/}, language = {English}, urldate = {2022-09-13} } Profiling DEV-0270: PHOSPHORUS’ ransomware operations
2022-08-24MicrosoftMicrosoft Security Experts
@online{experts:20220824:looking:599689a, author = {Microsoft Security Experts}, title = {{Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks}}, date = {2022-08-24}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/24/looking-for-the-sliver-lining-hunting-for-emerging-command-and-control-frameworks}, language = {English}, urldate = {2022-08-30} } Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
BumbleBee Sliver
2022-08-04YouTube (Arda Büyükkaya)Arda Büyükkaya
@online{bykkaya:20220804:lockbit:15879e8, author = {Arda Büyükkaya}, title = {{LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool}}, date = {2022-08-04}, organization = {YouTube (Arda Büyükkaya)}, url = {https://www.youtube.com/watch?v=C733AyPzkoc}, language = {English}, urldate = {2022-08-08} } LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool
Cobalt Strike LockBit
2022-07-28SentinelOneJúlio Dantas, James Haughom, Julien Reisdorffer
@online{dantas:20220728:living:3cc6f4f, author = {Júlio Dantas and James Haughom and Julien Reisdorffer}, title = {{Living Off Windows Defender | LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool}}, date = {2022-07-28}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-security-tool/}, language = {English}, urldate = {2022-08-01} } Living Off Windows Defender | LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool
Cobalt Strike LockBit
2022-07-27MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), RiskIQ
@online{mstic:20220727:untangling:27dd5d0, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) and RiskIQ}, title = {{Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits}}, date = {2022-07-27}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/}, language = {English}, urldate = {2022-08-15} } Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
Subzero
2022-05-17Microsoft SecurityBerman Enconado, Laurie Kirk
@online{enconado:20220517:in:c234e4d, author = {Berman Enconado and Laurie Kirk}, title = {{In hot pursuit of ‘cryware’: Defending hot wallets from attacks}}, date = {2022-05-17}, organization = {Microsoft Security}, url = {https://www.microsoft.com/security/blog/2022/05/17/in-hot-pursuit-of-cryware-defending-hot-wallets-from-attacks/}, language = {English}, urldate = {2022-05-25} } In hot pursuit of ‘cryware’: Defending hot wallets from attacks
Mars Stealer RedLine Stealer