Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-08-18MandiantDouglas Bienstock
@online{bienstock:20220818:you:f22ee5c, author = {Douglas Bienstock}, title = {{You Can’t Audit Me: APT29 Continues Targeting Microsoft 365}}, date = {2022-08-18}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/apt29-continues-targeting-microsoft}, language = {English}, urldate = {2022-08-18} } You Can’t Audit Me: APT29 Continues Targeting Microsoft 365
2022-03-08MandiantRufus Brown, Van Ta, Douglas Bienstock, Geoff Ackerman, John Wolfram
@online{brown:20220308:does:94c6c3e, author = {Rufus Brown and Van Ta and Douglas Bienstock and Geoff Ackerman and John Wolfram}, title = {{Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments}}, date = {2022-03-08}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/apt41-us-state-governments}, language = {English}, urldate = {2022-03-10} } Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments
KEYPLUG Cobalt Strike LOWKEY
2021-01-19FireEyeMike Burns, Matthew McWhirt, Douglas Bienstock, Nick Bennett
@online{burns:20210119:remediation:76c7695, author = {Mike Burns and Matthew McWhirt and Douglas Bienstock and Nick Bennett}, title = {{Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452}}, date = {2021-01-19}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/01/remediation-and-hardening-strategies-for-microsoft-365-to-defend-against-unc2452.html}, language = {English}, urldate = {2021-01-21} } Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
2021-01-19MandiantMike Burns, Matthew McWhirt, Douglas Bienstock, Nick Bennett
@techreport{burns:20210119:remediation:044c1db, author = {Mike Burns and Matthew McWhirt and Douglas Bienstock and Nick Bennett}, title = {{Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 (WHITE PAPER)}}, date = {2021-01-19}, institution = {Mandiant}, url = {https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/wp-m-unc2452-2021-000343-01.pdf}, language = {English}, urldate = {2021-01-21} } Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 (WHITE PAPER)
2020-10-28FireEyeKimberly Goody, Jeremy Kennelly, Joshua Shilko, Steve Elovitz, Douglas Bienstock
@online{goody:20201028:unhappy:c0d2e4b, author = {Kimberly Goody and Jeremy Kennelly and Joshua Shilko and Steve Elovitz and Douglas Bienstock}, title = {{Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser}}, date = {2020-10-28}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html}, language = {English}, urldate = {2020-11-02} } Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser
BazarBackdoor Cobalt Strike Ryuk UNC1878
2019-04-05FireEyeBrendan McKeague, Van Ta, Ben Fedore, Geoff Ackerman, Alex Pennino, Andrew Thompson, Douglas Bienstock
@online{mckeague:20190405:picksix:d101a59, author = {Brendan McKeague and Van Ta and Ben Fedore and Geoff Ackerman and Alex Pennino and Andrew Thompson and Douglas Bienstock}, title = {{Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware}}, date = {2019-04-05}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html}, language = {English}, urldate = {2019-12-20} } Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware
LockerGoga Ryuk FIN6