{
  "name": "Graph: Growing number of threats leveraging Microsoft API",
  "slug": "graph-growing-number-of-threats-leveraging-microsoft-api",
  "description": "An increasing number of cyber threats have adopted the use of the Microsoft Graph API to facilitate covert communications with command-and-control infrastructure hosted on Microsoft cloud services. This technique helps attackers blend in with legitimate traffic to cloud platforms and obtain infrastructure at low cost.",
  "published": "2024-05-03T07:05:28+00:00",
  "created_at": "2024-05-03T07:05:28+00:00",
  "modified_at": "2024-05-03T07:47:06+00:00",
  "created_at_opencti": "2024-05-03T07:05:28+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-05-03",
    "birdyclient",
    "bluelight",
    "bs2005",
    "espionage",
    "graphican",
    "graphite",
    "graphon",
    "ketrican",
    "onedrivebirdyclient",
    "siestagraph"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "fe8f99445ad139160a47b109a8f3291eef9c6a23b4869c48d341380d608ed4cb"
      },
      {
        "id": "",
        "name": "f229a8eb6f5285a1762677c38175c71dead77768f6f5a6ebc320679068293231"
      },
      {
        "id": "",
        "name": "afeaf8bd61f70fc51fbde7aa63f5d8ad96964f40b7d7fce1012a0b842c83273e"
      },
      {
        "id": "",
        "name": "7fc54a287c08cde70fe860f7c65ff71ade24dfeedafdfea62a8a6ee57cc91950"
      },
      {
        "id": "",
        "name": "5c430e2770b59cceba1f1587b34e686d586d2c8ba1908bb5d066a616466d2cc6"
      },
      {
        "id": "",
        "name": "470cd1645d1da5566eef36c6e0b2a8ed510383657c4030180eb0083358813cd3"
      },
      {
        "id": "",
        "name": "1a87e1b41341ad042711faa0c601e7b238a47fa647c325f66b1c8c7b313c8bdf"
      },
      {
        "id": "",
        "name": "a78cc475c1875186dcd1908b55c2eeaf1bcd59dedaff920f262f12a3a9e9bfa8"
      },
      {
        "id": "",
        "name": "4b78b1a3c162023f0c14498541cb6ae143fb01d8b50d6aa13ac302a84553e2d5"
      },
      {
        "id": "",
        "name": "02e8ea9a58c13f216bdae478f9f007e20b45217742d0fbe47f66173f1b195ef5"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:2539b75316125b2d",
        "name": "Bluelight",
        "slug": "bluelight"
      },
      {
        "id": "e09a9ca4-d88a-4fea-a199-2dd3f5c40f40",
        "name": "BirdyClient",
        "slug": "birdyclient"
      },
      {
        "id": "legacy:malware:58294bef99dae101",
        "name": "Graphon",
        "slug": "graphon"
      },
      {
        "id": "legacy:malware:4b3f10ed809e47d1",
        "name": "SiestaGraph",
        "slug": "siestagraph"
      },
      {
        "id": "legacy:malware:d978df869fd4195f",
        "name": "Graphite",
        "slug": "graphite"
      },
      {
        "id": "legacy:malware:ae48b26a48039f7e",
        "name": "Graphican",
        "slug": "graphican"
      },
      {
        "id": "legacy:malware:7cfdf02e4fd468d2",
        "name": "Ketrican",
        "slug": "ketrican"
      }
    ],
    "attack_patterns": [
      {
        "id": "a72ebeae-8e62-4039-8135-e9c611011fdc",
        "name": "T1573"
      },
      {
        "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e",
        "name": "T1071"
      },
      {
        "id": "870bd958-53a3-4d25-9f23-00aa8bd6674d",
        "name": "T1102"
      },
      {
        "id": "81ee4813-4f68-4984-bec1-980d7c5b56eb",
        "name": "T1132"
      },
      {
        "id": "fa3b8b48-d97c-4242-83a6-07d435a5a79e",
        "name": "T1041"
      },
      {
        "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d",
        "name": "T1566"
      }
    ]
  },
  "external_refs": [
    "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/graph-api-threats",
    "https://otx.alienvault.com/pulse/6634a8d8731e63a10976c584"
  ]
}