Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-15MicrosoftMicrosoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence Center (MSTIC)
@online{team:20210915:analyzing:37b6528, author = {Microsoft 365 Defender Threat Intelligence Team and Microsoft Threat Intelligence Center (MSTIC)}, title = {{Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability}}, date = {2021-09-15}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/}, language = {English}, urldate = {2021-09-19} } Analyzing attacks that exploit the CVE-2021-40444 MSHTML vulnerability
Cobalt Strike
2021-08-26MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210826:widespread:16ba3cc, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Widespread credential phishing campaign abuses open redirector links}}, date = {2021-08-26}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/}, language = {English}, urldate = {2021-08-31} } Widespread credential phishing campaign abuses open redirector links
2021-07-29MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210729:bazacall:8d79cdf, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{BazaCall: Phony call centers lead to exfiltration and ransomware}}, date = {2021-07-29}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/07/29/bazacall-phony-call-centers-lead-to-exfiltration-and-ransomware/}, language = {English}, urldate = {2021-08-02} } BazaCall: Phony call centers lead to exfiltration and ransomware
BazarBackdoor Cobalt Strike
2021-07-29MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210729:when:5d75299, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks}}, date = {2021-07-29}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/07/29/when-coin-miners-evolve-part-2-hunting-down-lemonduck-and-lemoncat-attacks/}, language = {English}, urldate = {2021-08-02} } When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks
2021-07-22MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210722:when:d734e91, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure}}, date = {2021-07-22}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/}, language = {English}, urldate = {2021-07-22} } When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
2021-07-08Avast DecodedThreat Intelligence Team
@online{team:20210708:decoding:04acb98, author = {Threat Intelligence Team}, title = {{Decoding Cobalt Strike: Understanding Payloads}}, date = {2021-07-08}, organization = {Avast Decoded}, url = {https://decoded.avast.io/threatintel/decoding-cobalt-strike-understanding-payloads/}, language = {English}, urldate = {2021-07-08} } Decoding Cobalt Strike: Understanding Payloads
Cobalt Strike Empire Downloader
2021-06-01MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20210601:new:83aee4c, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{New sophisticated email-based attack from NOBELIUM}}, date = {2021-06-01}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/}, language = {English}, urldate = {2021-06-09} } New sophisticated email-based attack from NOBELIUM
Cobalt Strike
2021-05-20MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210520:phorpiex:1a8fb3c, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment}}, date = {2021-05-20}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/05/20/phorpiex-morphs-how-a-longstanding-botnet-persists-and-thrives-in-the-current-threat-environment/}, language = {English}, urldate = {2021-05-26} } Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment
Phorpiex
2021-04-22xorl %eax, %eaxAnastasios Pingios
@online{pingios:20210422:gentle:01201be, author = {Anastasios Pingios}, title = {{A gentle introduction to building a threat intelligence team}}, date = {2021-04-22}, organization = {xorl %eax, %eax}, url = {https://docs.google.com/presentation/d/1mrDttPZreFZg_q5RG9EGjtBzbd5cpyA1Y9CzhyQiDj0}, language = {English}, urldate = {2021-05-08} } A gentle introduction to building a threat intelligence team
2021-04-09MicrosoftEmily Hacker, Justin Carroll, Microsoft 365 Defender Threat Intelligence Team
@online{hacker:20210409:investigating:2b6f30a, author = {Emily Hacker and Justin Carroll and Microsoft 365 Defender Threat Intelligence Team}, title = {{Investigating a unique “form” of email delivery for IcedID malware}}, date = {2021-04-09}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/04/09/investigating-a-unique-form-of-email-delivery-for-icedid-malware/}, language = {English}, urldate = {2021-04-12} } Investigating a unique “form” of email delivery for IcedID malware
IcedID
2021-04-06MalwarebytesThreat Intelligence Team
@online{team:20210406:deep:6279974, author = {Threat Intelligence Team}, title = {{A deep dive into Saint Bot, a new downloader}}, date = {2021-04-06}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/04/a-deep-dive-into-saint-bot-downloader/}, language = {English}, urldate = {2021-04-12} } A deep dive into Saint Bot, a new downloader
Saint Bot
2021-03-25MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210325:analyzing:d9ddef0, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Analyzing attacks taking advantage of the Exchange Server vulnerabilities}}, date = {2021-03-25}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/25/analyzing-attacks-taking-advantage-of-the-exchange-server-vulnerabilities/}, language = {English}, urldate = {2021-03-30} } Analyzing attacks taking advantage of the Exchange Server vulnerabilities
CHINACHOPPER
2021-03-24MalwarebytesThreat Intelligence Team
@online{team:20210324:software:f896085, author = {Threat Intelligence Team}, title = {{Software renewal scammers unmasked}}, date = {2021-03-24}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2021/03/software-renewal-scammers-unmasked/}, language = {English}, urldate = {2021-03-25} } Software renewal scammers unmasked
2021-03-04WMC GlobalWMC Global Threat Intelligence Team
@online{team:20210304:compact:0e18165, author = {WMC Global Threat Intelligence Team}, title = {{The Compact Campaign}}, date = {2021-03-04}, organization = {WMC Global}, url = {https://www.wmcglobal.com/blog/the-compact-campaign}, language = {English}, urldate = {2021-03-06} } The Compact Campaign
2021-03-04MicrosoftRamin Nafisi, Andrea Lelli, Microsoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{nafisi:20210304:goldmax:3fa3f68, author = {Ramin Nafisi and Andrea Lelli and Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence}}, date = {2021-03-04}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware}, language = {English}, urldate = {2021-03-06} } GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
SUNBURST TEARDROP UNC2452
2021-03-02MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team, Microsoft 365 Security
@online{mstic:20210302:hafnium:c7d8588, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team and Microsoft 365 Security}, title = {{HAFNIUM targeting Exchange Servers with 0-day exploits}}, date = {2021-03-02}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers}, language = {English}, urldate = {2021-03-07} } HAFNIUM targeting Exchange Servers with 0-day exploits
CHINACHOPPER HAFNIUM
2021-02-12MalwarebytesThreat Intelligence Team
@online{team:20210212:malvertising:6f4c197, author = {Threat Intelligence Team}, title = {{Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams}}, date = {2021-02-12}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/cybercrime/2021/02/malvertising-campaign-on-top-adult-brands-exposes-users-to-tech-support-scams/}, language = {English}, urldate = {2021-02-18} } Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams
2021-02-01MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210201:what:2e12897, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{What tracking an attacker email infrastructure tells us about persistent cybercriminal operations}}, date = {2021-02-01}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/02/01/what-tracking-an-attacker-email-infrastructure-tells-us-about-persistent-cybercriminal-operations/}, language = {English}, urldate = {2021-02-02} } What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
Dridex Emotet Makop Ransomware SmokeLoader TrickBot
2021-01-29MalwarebytesThreat Intelligence Team
@online{team:20210129:cleaning:489c8b3, author = {Threat Intelligence Team}, title = {{Cleaning up after Emotet: the law enforcement file}}, date = {2021-01-29}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/}, language = {English}, urldate = {2021-02-02} } Cleaning up after Emotet: the law enforcement file
Emotet
2021-01-28MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20210128:zinc:9c8aff4, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{ZINC attacks against security researchers}}, date = {2021-01-28}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/}, language = {English}, urldate = {2021-01-29} } ZINC attacks against security researchers
ComeBacker Klackring