Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-08-25MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Research Team, Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20220825:mercury:a02a670, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team and Microsoft 365 Defender Threat Intelligence Team}, title = {{MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations}}, date = {2022-08-25}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/25/mercury-leveraging-log4j-2-vulnerabilities-in-unpatched-systems-to-target-israeli-organizations}, language = {English}, urldate = {2022-08-30} } MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
MimiKatz
2022-08-24MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Detection and Response Team (DART), Microsoft 365 Defender Team
@online{mstic:20220824:magicweb:1bb7204, author = {Microsoft Threat Intelligence Center (MSTIC) and Detection and Response Team (DART) and Microsoft 365 Defender Team}, title = {{MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone}}, date = {2022-08-24}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-authenticate-as-anyone/}, language = {English}, urldate = {2022-08-28} } MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
2022-08-15MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Office 365 Threat Research Team, Digital Threat Analysis Center (DTAC)
@online{mstic:20220815:disrupting:6429d3a, author = {Microsoft Threat Intelligence Center (MSTIC) and Office 365 Threat Research Team and Digital Threat Analysis Center (DTAC)}, title = {{Disrupting SEABORGIUM’s ongoing phishing operations}}, date = {2022-08-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations}, language = {English}, urldate = {2022-08-18} } Disrupting SEABORGIUM’s ongoing phishing operations
Callisto
2022-08-15MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Office 365 Threat Research Team, Digital Threat Analysis Center (DTAC)
@online{mstic:20220815:disrupting:528a65e, author = {Microsoft Threat Intelligence Center (MSTIC) and Office 365 Threat Research Team and Digital Threat Analysis Center (DTAC)}, title = {{Disrupting SEABORGIUM’s ongoing phishing operations}}, date = {2022-08-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/}, language = {English}, urldate = {2022-08-17} } Disrupting SEABORGIUM’s ongoing phishing operations
2022-07-27MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), RiskIQ
@online{mstic:20220727:untangling:27dd5d0, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) and RiskIQ}, title = {{Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits}}, date = {2022-07-27}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/}, language = {English}, urldate = {2022-08-15} } Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
Subzero
2022-07-14MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20220714:north:876e680, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{North Korean threat actor (H0lyGh0st /DEV-0530) targets small and midsize businesses with H0lyGh0st ransomware}}, date = {2022-07-14}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/14/north-korean-threat-actor-targets-small-and-midsize-businesses-with-h0lygh0st-ransomware/}, language = {English}, urldate = {2022-07-15} } North Korean threat actor (H0lyGh0st /DEV-0530) targets small and midsize businesses with H0lyGh0st ransomware
SiennaBlue SiennaPurple
2022-07-12MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Research Team
@online{mstic:20220712:from:3d3a8e3, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team}, title = {{From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud}}, date = {2022-07-12}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/}, language = {English}, urldate = {2022-07-15} } From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
2022-07-05MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20220705:hive:840b6e9, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Hive ransomware gets upgrades in Rust}}, date = {2022-07-05}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/07/05/hive-ransomware-gets-upgrades-in-rust/}, language = {English}, urldate = {2022-07-13} } Hive ransomware gets upgrades in Rust
Hive
2022-06-02MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20220602:exposing:b85423c, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{Exposing POLONIUM activity and infrastructure targeting Israeli organizations}}, date = {2022-06-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/06/02/exposing-polonium-activity-and-infrastructure-targeting-israeli-organizations/}, language = {English}, urldate = {2022-06-02} } Exposing POLONIUM activity and infrastructure targeting Israeli organizations
POLONIUM
2022-05-09MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20220509:ransomwareasaservice:13ec472, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself}}, date = {2022-05-09}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself}, language = {English}, urldate = {2022-05-17} } Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT
2022-05-09Microsoft SecurityMicrosoft Threat Intelligence Center, Microsoft 365 Defender Threat Intelligence Team
@online{center:20220509:ransomwareasaservice:3dac44d, author = {Microsoft Threat Intelligence Center and Microsoft 365 Defender Threat Intelligence Team}, title = {{Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself}}, date = {2022-05-09}, organization = {Microsoft Security}, url = {https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/}, language = {English}, urldate = {2022-06-02} } Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
Griffon BazarBackdoor BlackCat BlackMatter Blister Gozi LockBit Pandora Rook SystemBC TrickBot
2022-03-22MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Detection and Response Team (DART), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20220322:dev0537:eea56dc, author = {Microsoft Threat Intelligence Center (MSTIC) and Detection and Response Team (DART) and Microsoft 365 Defender Threat Intelligence Team}, title = {{DEV-0537 (UNC3661) criminal actor targeting organizations for data exfiltration and destruction}}, date = {2022-03-22}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/}, language = {English}, urldate = {2022-08-05} } DEV-0537 (UNC3661) criminal actor targeting organizations for data exfiltration and destruction
RedLine Stealer LAPSUS
2022-03-16MicrosoftMicrosoft Defender for IoT Research Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20220316:uncovering:aae61b5, author = {Microsoft Defender for IoT Research Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure}}, date = {2022-03-16}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/03/16/uncovering-trickbots-use-of-iot-devices-in-command-and-control-infrastructure/}, language = {English}, urldate = {2022-03-17} } Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
TrickBot
2022-02-04MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20220204:actinium:739151c, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{ACTINIUM targets Ukrainian organizations}}, date = {2022-02-04}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/}, language = {English}, urldate = {2022-02-07} } ACTINIUM targets Ukrainian organizations
DilongTrash DinoTrain Pteranodon QuietSieve Gamaredon Group
2022-02-04MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20220204:actinium:46543a2, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{ACTINIUM targets Ukrainian organizations}}, date = {2022-02-04}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations}, language = {English}, urldate = {2022-08-25} } ACTINIUM targets Ukrainian organizations
Pteranodon Gamaredon Group
2021-12-11MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20211211:guidance:fb6acc1, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability}}, date = {2021-12-11}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation}, language = {English}, urldate = {2022-07-25} } Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
Khonsari NightSky BRONZE STARLIGHT
2021-12-06MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20211206:nickel:115c365, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{NICKEL targeting government organizations across Latin America and Europe}}, date = {2021-12-06}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/12/06/nickel-targeting-government-organizations-across-latin-america-and-europe/}, language = {English}, urldate = {2021-12-08} } NICKEL targeting government organizations across Latin America and Europe
MimiKatz
2021-12-06MandiantLuke Jenkins, Sarah Hawley, Parnian Najafi, Doug Bienstock, Luis Rocha, Marius Fodoreanu, Mitchell Clarke, Manfred Erjak, Josh Madeley, Ashraf Abdalhalim, Juraj Sucik, Wojciech Ledzion, Gabriella Roncone, Jonathan Leathery, Ben Read, Microsoft Threat Intelligence Center (MSTIC), Microsoft Detection and Response Team (DART)
@online{jenkins:20211206:suspected:d9da4ec, author = {Luke Jenkins and Sarah Hawley and Parnian Najafi and Doug Bienstock and Luis Rocha and Marius Fodoreanu and Mitchell Clarke and Manfred Erjak and Josh Madeley and Ashraf Abdalhalim and Juraj Sucik and Wojciech Ledzion and Gabriella Roncone and Jonathan Leathery and Ben Read and Microsoft Threat Intelligence Center (MSTIC) and Microsoft Detection and Response Team (DART)}, title = {{Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)}}, date = {2021-12-06}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/russian-targeting-gov-business}, language = {English}, urldate = {2021-12-07} } Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)
Cobalt Strike CryptBot
2021-11-18MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft Digital Security Unit (DSU)
@online{mstic:20211118:iranian:911ab04, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU)}, title = {{Iranian targeting of IT sector on the rise}}, date = {2021-11-18}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/18/iranian-targeting-of-it-sector-on-the-rise/}, language = {English}, urldate = {2021-11-19} } Iranian targeting of IT sector on the rise
MimiKatz ShellClient RAT
2021-11-16MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20211116:evolving:9bd9d2e, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021}}, date = {2021-11-16}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/11/16/evolving-trends-in-iranian-threat-actor-activity-mstic-presentation-at-cyberwarcon-2021/}, language = {English}, urldate = {2021-11-17} } Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021