Skip to main content Microsoft Defender Microsoft Entra Microsoft Intune Microsoft Purview Microsoft Security Copilot Microsoft Sentinel View all products AI-powered cybersecurity Cloud security Data security & governance Identity & network access Privacy & risk management Security for AI Small and medium business Unified SecOps Zero Trust Pricing Services Partners Why Microsoft Security Cybersecurity awareness Customer stories Security 101 Product trials How we protect Microsoft Industry recognition Microsoft Security Insider Microsoft Digital Defense Report Security Response Center Microsoft Security Blog Microsoft Security Events Microsoft Tech Community Documentation Technical Content Library Training & certifications Compliance Program for Microsoft Cloud Microsoft Trust Center Security Engineering Portal Service Trust Portal Microsoft Secure Future Initiative Business Solutions Hub Contact Sales Start free trial Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Teams Windows 365 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Education Automotive Financial services Government Healthcare Manufacturing Retail Find a partner Become a partner Partner Network Microsoft Marketplace Software companies Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap

Recently, we published our first case report (001: …And Then There Were Six) by the Microsoft Detection and Response Team (DART). We received significant positive response from our customers and colleagues and our team has been getting inquiries asking for more reports. We are glad to share the DART Case Report 002: Full Operational Shutdown.

In the report 002, we cover an actual incident response engagement where a polymorphic malware spread through the entire network of an organization. After a phishing email delivered Emotet, a polymorphic virus that propagates via network shares and legacy protocols, the virus shut down the organization’s core services. The virus avoided detection by antivirus solutions through regular updates from an attacker-controlled command-and-control (C2) infrastructure, and spread through the company’s systems, causing network outages and shutting down essential services for nearly a week. In our report, you can read the details of the attack and how DART responded, review the attack lateral progression diagram and learn best practices from DART experts.

Stay tuned for more DART case reports where you’ll find unique stories from our team’s engagements around the globe. As always, you can reach out to your Microsoft account manager or Premier Support contact for more information on DART services.

 

DART provides the most complete and thorough investigations by leveraging a combination of proprietary tools and Microsoft Security products, close connections with internal Microsoft threat intelligence and product groups, as well as strategic partnerships with security organizations around the world.