Latest Threat Intelligence (April, 2021)

Microsoft has released the April 2021 Threat Intelligence update package. The package is available for download from the Azure Defender for IoT portal (click Updates, then Download file). 

Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. 

In addition to the updated IOC artifacts in the package for the month of March, there are also detection rules for Solorigate associated malware (GoldMax, GoldFinder, and Sibot), follow this link to read more.

Update your system with the latest TI package:

The package can be downloaded from the Azure Defender for IoT Portal, Updates page:

To update a package on a single sensor:

1. Go to the Azure Defender for IoT Updates page.
2. Download and save the Threat Intelligence package.
3. Sign into the sensor console.
4. On the side menu, select System Settings.
5. Select Threat Intelligence Data, and then select Update.
6. Upload the new package.

To update a package on multiple sensors simultaneously:

1. Go to the Azure Defender for IoT Updates page.
2. Download and save the Threat Intelligence package.
3. Sign into the management console.
4. On the side menu, select System Settings.
5. In the Sensor Engine Configuration section, select the sensors that should receive the updated packages.
6. In the Select Threat Intelligence Data section, select the plus sign (+).
7. Upload the package.

For more information, please review Update threat intelligence data | Microsoft Docs