Hunting Emotet campaigns with Kusto

Introduction Emotet doesn't need an introduction anymore - it is one of the more prolific cybercriminal gangs and has been around for many years. In January 2021, a disruption effort took place via Europol and other law enforcement authorities to take Emotet down for good. [1] Indeed, there was a significant decrease in Emotet malicious … Continue reading Hunting Emotet campaigns with Kusto

Drilling down on phishing campaigns with UrlClickEvents

Introduction On March 2nd 2022, I observed a new Advanced Hunting table in Microsoft 365 Defender: UrlClickEvents Figure 1 - UrlClickEvents table At time of writing, this table is not yet present in every Office 365 tenant, and the official documentation does not contain information about it. A quick peak at the events it contains … Continue reading Drilling down on phishing campaigns with UrlClickEvents