Today > 1 Critical | 6 High | 24 Medium vulnerabilities   -   You can now download lists of IOCs here!

Graph: Growing number of threats leveraging Microsoft API

May 3, 2024, 9:47 a.m.

Description

An increasing number of cyber threats have adopted the use of the Microsoft Graph API to facilitate covert communications with command-and-control infrastructure hosted on Microsoft cloud services. This technique helps attackers blend in with legitimate traffic to cloud platforms and obtain infrastructure at low cost.

Date

Published: May 3, 2024, 9:05 a.m.

Created: May 3, 2024, 9:05 a.m.

Modified: May 3, 2024, 9:47 a.m.

Indicators

fe8f99445ad139160a47b109a8f3291eef9c6a23b4869c48d341380d608ed4cb

f229a8eb6f5285a1762677c38175c71dead77768f6f5a6ebc320679068293231

afeaf8bd61f70fc51fbde7aa63f5d8ad96964f40b7d7fce1012a0b842c83273e

7fc54a287c08cde70fe860f7c65ff71ade24dfeedafdfea62a8a6ee57cc91950

5c430e2770b59cceba1f1587b34e686d586d2c8ba1908bb5d066a616466d2cc6

470cd1645d1da5566eef36c6e0b2a8ed510383657c4030180eb0083358813cd3

1a87e1b41341ad042711faa0c601e7b238a47fa647c325f66b1c8c7b313c8bdf

a78cc475c1875186dcd1908b55c2eeaf1bcd59dedaff920f262f12a3a9e9bfa8

4b78b1a3c162023f0c14498541cb6ae143fb01d8b50d6aa13ac302a84553e2d5

02e8ea9a58c13f216bdae478f9f007e20b45217742d0fbe47f66173f1b195ef5

Attack Patterns

Bluelight

BirdyClient

Graphon

SiestaGraph

Graphite

Graphican

Ketrican

T1573

T1071

T1102

T1132

T1041

T1566