{"id":91030,"date":"2020-05-14T11:00:44","date_gmt":"2020-05-14T18:00:44","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=91030"},"modified":"2023-05-19T09:19:32","modified_gmt":"2023-05-19T16:19:32","slug":"open-sourcing-covid-threat-intelligence","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/","title":{"rendered":"Open-sourcing new COVID-19 threat intelligence"},"content":{"rendered":"

A global threat requires a global response. While the world faces the common threat of COVID-19, defenders are working overtime to protect users all over the globe from cybercriminals using COVID-19 as a lure to mount attacks. As a security intelligence community, we are stronger when we share information that offers a more complete view of attackers\u2019 shifting techniques. This more complete view enables us all to be more proactive in protecting, detecting, and defending against attacks.<\/p>\n

At Microsoft, our security products provide built-in protections against these and other threats, and we\u2019ve published detailed guidance to help organizations combat current threats (Responding to COVID-19 together<\/a>). Our threat experts are sharing examples<\/a> of malicious lures<\/a> and we have enabled guided hunting of COVID-themed threats using Azure Sentinel Notebooks<\/a>. Microsoft processes trillions of signals each day across identities, endpoint, cloud, applications, and email, which provides visibility into a broad range of COVID-19-themed attacks, allowing us to detect, protect, and respond to them across our entire security stack. Today, we take our COVID-19 threat intelligence sharing a step further by making some of our own indicators available publicly for those that are not already protected by our solutions. Microsoft Threat Protection<\/a> (MTP) customers are already protected against the threats identified by these indicators across endpoints with Microsoft Defender Advanced Threat Protection (ATP) and email with Office 365 ATP.<\/p>\n

In addition, we are publishing these indicators for those not protected by Microsoft Threat Protection to raise awareness of attackers\u2019 shift in techniques, how to spot them, and how to enable your own custom hunting. These indicators are now available in two ways. They are available in the Azure Sentinel GitHub<\/a> and through the Microsoft Graph Security API<\/a>. For enterprise customers who use MISP<\/a> for storing and sharing threat intelligence, these indicators can easily be consumed via a MISP feed.<\/p>\n

This threat intelligence is provided for use by the wider security community, as well as customers who would like to perform additional hunting, as we all defend against malicious actors seeking to exploit the COVID crisis.<\/p>\n

This COVID-specific threat intelligence feed represents a start at sharing some of Microsoft\u2019s COVID-related IOCs. We will continue to explore ways to improve the data over the duration of the crisis. While some threats and actors are still best defended more discreetly, we are committed to greater transparency and taking community feedback on what types of information is most useful to defenders in protecting against COVID-related threats. This is a time-limited feed. We are maintaining this feed through the peak of the outbreak to help organizations focus on recovery.<\/p>\n

Protection in Azure Sentinel and Microsoft Threat Protection<\/h3>\n

Today\u2019s release includes file hash indicators related to email-based attachments identified as malicious and attempting to trick users with COVID-19 or Coronavirus-themed lures. The guidance below provides instructions on how to access and integrate this feed in your own environment.<\/p>\n

For Azure Sentinel<\/a> customers, these indicators can be either be imported directly into Azure Sentinel using a Playbook or accessed directly from queries.<\/p>\n

The Azure Sentinel Playbook that Microsoft has authored<\/a> will continuously monitor and import these indicators directly into your Azure Sentinel ThreatIntelligenceIndicator table. This Playbook will match with your event data and generate security incidents when the built-in threat intelligence analytic templates detect activity associated to these indicators.<\/p>\n

These indicators can also be accessed directly from Azure Sentinel queries as follows:<\/p>\n

let covidIndicators = (externaldata(TimeGenerated:datetime, FileHashValue:string, FileHashType: string )\n[@\"https:\/\/raw.githubusercontent.com\/Azure\/Azure-Sentinel\/master\/Sample%20Data\/Feeds\/Microsoft.Covid19.Indicators.csv\"]\nwith (format=\"csv\"));\ncovidIndicators<\/pre>\n

\"Azure<\/p>\n

A sample detection query<\/a> is also provided in the Azure Sentinel GitHub. With the table definition above, it is as simple as:<\/p>\n

    \n
  1. Join the indicators against the logs ingested into Azure Sentinel as follows:<\/li>\n<\/ol>\n
    covidIndicators\n| join ( CommonSecurityLog | where TimeGenerated >= ago(7d)\n| where isnotempty(FileHashValue)\n) on $left.FileHashValue == $right.FileHash<\/pre>\n
      \n
    1. Then, select “New alert rule” <\/strong>to configure Azure Sentinel to raise incidents based on this query returning results.<\/li>\n<\/ol>\n

      \"CyberSecurityDemo<\/a><\/p>\n

      You should begin to see Alerts in Azure Sentinel for any detections related to these COVID threat indicators.<\/p>\n

      Microsoft Threat Protection<\/a> provides protection for the threats associated with these indicators. Attacks with these Covid-19-themed indicators are blocked by Office 365 ATP and Microsoft Defender ATP.<\/p>\n

      While MTP customers are already protected, they can also make use of these indicators for additional hunting scenarios using the MTP Advanced Hunting capabilities.<\/p>\n

      Here is a hunting query<\/a> to see if any process created a file matching a hash on the list.<\/p>\n

      let covidIndicators = (externaldata(TimeGenerated:datetime, FileHashValue:string, FileHashType: string )\n[@\"https:\/\/raw.githubusercontent.com\/Azure\/Azure-Sentinel\/master\/Sample%20Data\/Feeds\/Microsoft.Covid19.Indicators.csv\"]\nwith (format=\"csv\"))\n| where FileHashType == 'sha256' and TimeGenerated > ago(1d);\ncovidIndicators\n| join (DeviceFileEvents\n| where Timestamp > ago(1d)\n| where ActionType == 'FileCreated'\n| take 100) on $left.FileHashValue  == $right.SHA256<\/pre>\n

      \"Advanced<\/a><\/p>\n

      This is an Advanced Hunting query in MTP<\/a> that searches for any recipient of an attachment on the indicator list and sees if any recent anomalous log-ons happened on their machine. While COVID threats are blocked by MTP, users targeted by these threats may be at risk for non-COVID related attacks and MTP is able to join data across device and email to investigate them.<\/p>\n

      let covidIndicators = (externaldata(TimeGenerated:datetime, FileHashValue:string, FileHashType: string )    [@\"https:\/\/raw.githubusercontent.com\/Azure\/Azure-Sentinel\/master\/Sample%20Data\/Feeds\/Microsoft.Covid19.Indicators.csv\"] with (format=\"csv\"))\n| where FileHashType == 'sha256' and TimeGenerated > ago(1d);\ncovidIndicators\n| join (  EmailAttachmentInfo  | where Timestamp > ago(1d)\n| project NetworkMessageId , SHA256\n) on $left.FileHashValue  == $right.SHA256\n| join (\nEmailEvents\n| where Timestamp > ago (1d)\n) on NetworkMessageId\n| project TimeEmail = Timestamp, Subject, SenderFromAddress, AccountName = tostring(split(RecipientEmailAddress, \"@\")[0])\n| join (\nDeviceLogonEvents\n| project LogonTime = Timestamp, AccountName, DeviceName\n) on AccountName\n| where (LogonTime - TimeEmail) between (0min.. 90min)\n| take 10<\/pre>\n

      \"Advanced<\/a><\/p>\n

      Connecting an MISP instance to Azure Sentinel<\/h3>\n

      The indicators published on the Azure Sentinel GitHub page can be consumed directly via MISP\u2019s feed functionality. We have published details on doing this at this URL: https:\/\/aka.ms\/msft-covid19-misp<\/a>. Please refer to the Azure Sentinel documentation on connecting data from threat intelligence providers<\/a>.<\/p>\n

      Using the indicators if you are not an Azure Sentinel or MTP customer<\/h3>\n

      Yes, the Azure Sentinel GitHub<\/a> is public: https:\/\/aka.ms\/msft-covid19-Indicators<\/a><\/p>\n

      Examples of phishing campaigns in this threat intelligence<\/h3>\n

      The following is a small sample set of the types of COVID-themed phishing lures using email attachments that will be represented in this feed. Beneath each screenshot are the relevant hashes and metadata.<\/p>\n

      Figure 1: Spoofing WHO branding with \u201ccure\u201d and \u201cvaccine\u201d messaging with a malicious .gz file.<\/em><\/p>\n

      Name:<\/strong> CURE FOR CORONAVIRUS_pdf.gz<\/p>\n

      \"World<\/a><\/p>\n

      Figure 2: Spoofing Red Cross Safety Tips with malicious .docm file.<\/em><\/p>\n

      Name:<\/strong> COVID-19 SAFETY TIPS.docm<\/p>\n

      \"Red<\/a><\/p>\n

      Figure 3: South African banking lure promoting COVID-19 financial relief with malicious .html files.<\/em><\/p>\n

      Name:<\/strong> SBSA-COVID-19-Financial Relief.html<\/p>\n

      \"Financial<\/a><\/p>\n

      Figure 4: French language spoofed correspondence from the WHO with malicious XLS Macro file.<\/em><\/p>\n

      Name:<\/strong> -\u2709-Covid-19 Relief Plan5558-23636sd.htm<\/p>\n

      \"Coronavirus-themed<\/a><\/p>\n

      If you have questions or feedback on this COVID-19 feed, please email msft-covid19-ti@microsoft.com<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

      While the world faces the common threat of COVID-19, defenders are working overtime to protect users all over the globe from cyber-criminals using COVID-19 as a lure to mount attacks.<\/p>\n","protected":false},"author":96,"featured_media":91039,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3682,3685,3688],"products":[3726],"threat-intelligence":[],"tags":[3742],"coauthors":[3380],"class_list":["post-91030","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","topic-secure-remote-work","topic-siem-and-xdr","topic-threat-trends","products-microsoft-sentinel","tag-azure"],"yoast_head":"\nOpen-sourcing new COVID-19 threat intelligence | Microsoft Security Blog<\/title>\n<meta name=\"description\" content=\"While the world faces the common threat of COVID-19, defenders are working overtime to protect users all over the globe from cyber-criminals using COVID-19 as a lure to mount attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Open-sourcing new COVID-19 threat intelligence\" \/>\n<meta property=\"og:description\" content=\"While the world faces the common threat of COVID-19, defenders are working overtime to protect users all over the globe from cyber-criminals using COVID-19 as a lure to mount attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-14T18:00:44+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-19T16:19:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/05\/Open-sourcing-new-COVID-image.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1038\" \/>\n\t<meta property=\"og:image:height\" content=\"692\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Microsoft Threat Intelligence\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Open-sourcing new COVID-19 threat intelligence\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/05\/Open-sourcing-new-COVID-image.png\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Microsoft Threat Intelligence\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/microsoft-security-threat-intelligence\/\",\"@type\":\"Person\",\"@name\":\"Microsoft Threat Intelligence\"}],\"headline\":\"Open-sourcing new COVID-19 threat intelligence\",\"datePublished\":\"2020-05-14T18:00:44+00:00\",\"dateModified\":\"2023-05-19T16:19:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/\"},\"wordCount\":984,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/05\/Open-sourcing-new-COVID-image.png\",\"keywords\":[\"Azure\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/\",\"name\":\"Open-sourcing new COVID-19 threat intelligence | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/05\/Open-sourcing-new-COVID-image.png\",\"datePublished\":\"2020-05-14T18:00:44+00:00\",\"dateModified\":\"2023-05-19T16:19:32+00:00\",\"description\":\"While the world faces the common threat of COVID-19, defenders are working overtime to protect users all over the globe from cyber-criminals using COVID-19 as a lure to mount attacks.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/05\/Open-sourcing-new-COVID-image.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/05\/Open-sourcing-new-COVID-image.png\",\"width\":1038,\"height\":692,\"caption\":\"Women looking at Surface laptop with background of a conference room.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Open-sourcing new COVID-19 threat intelligence\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Open-sourcing new COVID-19 threat intelligence | Microsoft Security Blog","description":"While the world faces the common threat of COVID-19, defenders are working overtime to protect users all over the globe from cyber-criminals using COVID-19 as a lure to mount attacks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/","og_locale":"en_US","og_type":"article","og_title":"Open-sourcing new COVID-19 threat intelligence","og_description":"While the world faces the common threat of COVID-19, defenders are working overtime to protect users all over the globe from cyber-criminals using COVID-19 as a lure to mount attacks.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/","og_site_name":"Microsoft Security Blog","article_published_time":"2020-05-14T18:00:44+00:00","article_modified_time":"2023-05-19T16:19:32+00:00","og_image":[{"width":1038,"height":692,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/05\/Open-sourcing-new-COVID-image.png","type":"image\/png"}],"author":"Microsoft Threat Intelligence","twitter_card":"summary_large_image","twitter_title":"Open-sourcing new COVID-19 threat intelligence","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/05\/Open-sourcing-new-COVID-image.png","twitter_misc":{"Written by":"Microsoft Threat Intelligence","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/microsoft-security-threat-intelligence\/","@type":"Person","@name":"Microsoft Threat Intelligence"}],"headline":"Open-sourcing new COVID-19 threat intelligence","datePublished":"2020-05-14T18:00:44+00:00","dateModified":"2023-05-19T16:19:32+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/"},"wordCount":984,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/05\/Open-sourcing-new-COVID-image.png","keywords":["Azure"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/","name":"Open-sourcing new COVID-19 threat intelligence | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/05\/Open-sourcing-new-COVID-image.png","datePublished":"2020-05-14T18:00:44+00:00","dateModified":"2023-05-19T16:19:32+00:00","description":"While the world faces the common threat of COVID-19, defenders are working overtime to protect users all over the globe from cyber-criminals using COVID-19 as a lure to mount attacks.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/05\/Open-sourcing-new-COVID-image.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2020\/05\/Open-sourcing-new-COVID-image.png","width":1038,"height":692,"caption":"Women looking at Surface laptop with background of a conference room."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/05\/14\/open-sourcing-covid-threat-intelligence\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Open-sourcing new COVID-19 threat intelligence"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/91030"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=91030"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/91030\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/91039"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=91030"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=91030"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=91030"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=91030"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=91030"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=91030"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=91030"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}