Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-01-26MandiantGovand Sinjari, Andy Morales
@online{sinjari:20230126:welcome:3e0ada1, author = {Govand Sinjari and Andy Morales}, title = {{Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations}}, date = {2023-01-26}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/tracking-evolution-gootloader-operations}, language = {English}, urldate = {2023-01-31} } Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations
GootLoader
2023-01-19MandiantScott Henderson, Cristiana Kittner, Sarah Hawley, Mark Lechtik
@online{henderson:20230119:suspected:39b0731, author = {Scott Henderson and Cristiana Kittner and Sarah Hawley and Mark Lechtik}, title = {{Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)}}, date = {2023-01-19}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw}, language = {English}, urldate = {2023-01-20} } Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)
BOLDMOVE BOLDMOVE
2023-01-05MandiantSarah Hawley, Gabby Roncone, Tyler McLellan, Eduardo Mattos, John Wolfram
@online{hawley:20230105:turla:f1d8f9b, author = {Sarah Hawley and Gabby Roncone and Tyler McLellan and Eduardo Mattos and John Wolfram}, title = {{Turla: A Galaxy of Opportunity}}, date = {2023-01-05}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/turla-galaxy-opportunity}, language = {English}, urldate = {2023-01-05} } Turla: A Galaxy of Opportunity
KopiLuwak Andromeda QUIETCANARY
2022-12-15MandiantMandiant
@online{mandiant:20221215:trojanized:07a1d55, author = {Mandiant}, title = {{Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government}}, date = {2022-12-15}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government}, language = {English}, urldate = {2022-12-20} } Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government
Cobalt Strike STOWAWAY
2022-12-13MandiantMandiant Intelligence
@online{intelligence:20221213:i:70ab22a, author = {Mandiant Intelligence}, title = {{I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware}}, date = {2022-12-13}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware}, language = {English}, urldate = {2022-12-24} } I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware
POORTRY
2022-11-28MandiantRyan Tomcik, John Wolfram, Tommy Dacanay, Geoff Ackerman
@online{tomcik:20221128:always:f073a0d, author = {Ryan Tomcik and John Wolfram and Tommy Dacanay and Geoff Ackerman}, title = {{Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia}}, date = {2022-11-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/china-nexus-espionage-southeast-asia}, language = {English}, urldate = {2022-12-02} } Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia
BLUEHAZE DARKDEW MISTCLOAK
2022-10-19MandiantSandor Nemes, Sulian Lebegue, Jesse Valdez
@online{nemes:20221019:from:e7513af, author = {Sandor Nemes and Sulian Lebegue and Jesse Valdez}, title = {{From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind}}, date = {2022-10-19}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/rm3-ldr4-ursnif-banking-fraud}, language = {English}, urldate = {2023-01-13} } From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind
LDR4
2022-09-29MandiantAlexander Marvi, Jeremy Koppen, Tufail Ahmed, Jonathan Lepore
@online{marvi:20220929:bad:4f02da8, author = {Alexander Marvi and Jeremy Koppen and Tufail Ahmed and Jonathan Lepore}, title = {{Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors}}, date = {2022-09-29}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence}, language = {English}, urldate = {2022-09-30} } Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors
2022-09-29MandiantAlexander Marvi, Greg Blaum
@online{marvi:20220929:bad:8fc7be3, author = {Alexander Marvi and Greg Blaum}, title = {{Bad VIB(E)s Part Two: Detection and Hardening within ESXi Hypervisors}}, date = {2022-09-29}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/esxi-hypervisors-detection-hardening}, language = {English}, urldate = {2022-09-30} } Bad VIB(E)s Part Two: Detection and Hardening within ESXi Hypervisors
2022-09-23MandiantMandiant Intelligence
@online{intelligence:20220923:gru:511ea47, author = {Mandiant Intelligence}, title = {{GRU: Rise of the (Telegram) MinIOns}}, date = {2022-09-23}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/gru-rise-telegram-minions}, language = {English}, urldate = {2022-09-26} } GRU: Rise of the (Telegram) MinIOns
ArguePatch CaddyWiper
2022-09-14Mandiantmacla, Mathew Potaczek, Nino Isakovic, Matt Williams, Yash Gupta
@online{macla:20220914:its:1d63d78, author = {macla and Mathew Potaczek and Nino Isakovic and Matt Williams and Yash Gupta}, title = {{It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp}}, date = {2022-09-14}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/dprk-whatsapp-phishing}, language = {English}, urldate = {2022-09-19} } It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp
BLINDINGCAN
2022-09-08MandiantCameron Sabel, Kelli Vanderlee, Alice Revelli, Sam Riddell, Alden Wahlstrom, Jon Ford, Luke McNamara
@online{sabel:20220908:what:3293d01, author = {Cameron Sabel and Kelli Vanderlee and Alice Revelli and Sam Riddell and Alden Wahlstrom and Jon Ford and Luke McNamara}, title = {{What to Expect When You’re Electing: Preparing for Cyber Threats to the 2022 U.S. Midterm Elections}}, date = {2022-09-08}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/2022-midterm-election-threats}, language = {English}, urldate = {2022-09-19} } What to Expect When You’re Electing: Preparing for Cyber Threats to the 2022 U.S. Midterm Elections
2022-09-07MandiantMandiant Intelligence
@online{intelligence:20220907:apt42:51f534e, author = {Mandiant Intelligence}, title = {{APT42: Crooked Charms, Cons, and Compromises}}, date = {2022-09-07}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/apt42-charms-cons-compromises}, language = {English}, urldate = {2022-09-08} } APT42: Crooked Charms, Cons, and Compromises
2022-09-07MandiantMandiant Intelligence
@online{intelligence:20220907:apt42:6fe2ee4, author = {Mandiant Intelligence}, title = {{APT42: Crooked Charms, Cons and Compromises}}, date = {2022-09-07}, organization = {Mandiant}, url = {https://www.mandiant.com/media/17826}, language = {English}, urldate = {2022-09-08} } APT42: Crooked Charms, Cons and Compromises
2022-08-18MandiantDouglas Bienstock
@online{bienstock:20220818:you:f22ee5c, author = {Douglas Bienstock}, title = {{You Can’t Audit Me: APT29 Continues Targeting Microsoft 365}}, date = {2022-08-18}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/apt29-continues-targeting-microsoft}, language = {English}, urldate = {2022-08-18} } You Can’t Audit Me: APT29 Continues Targeting Microsoft 365
2022-08-17MandiantMandiant Israel Research Team
@online{team:20220817:suspected:ec23d9b, author = {Mandiant Israel Research Team}, title = {{Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors}}, date = {2022-08-17}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/suspected-iranian-actor-targeting-israeli-shipping}, language = {English}, urldate = {2022-08-19} } Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors
NorthStar SUGARDUMP SUGARRUSH
2022-08-04MandiantRyan Serabian, Daniel Kapellmann Zafra
@online{serabian:20220804:proprc:2b0de36, author = {Ryan Serabian and Daniel Kapellmann Zafra}, title = {{Pro-PRC “HaiEnergy” Information Operations Campaign Leverages Infrastructure from Public Relations Firm to Disseminate Content on Inauthentic News Sites}}, date = {2022-08-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/pro-prc-information-operations-campaign-haienergy}, language = {English}, urldate = {2022-08-11} } Pro-PRC “HaiEnergy” Information Operations Campaign Leverages Infrastructure from Public Relations Firm to Disseminate Content on Inauthentic News Sites
2022-08-04MandiantLuke Jenkins, Emiel Haeghebaert, Alice Revelli, Ben Read
@online{jenkins:20220804:likely:37b622e, author = {Luke Jenkins and Emiel Haeghebaert and Alice Revelli and Ben Read}, title = {{Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations}}, date = {2022-08-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/likely-iranian-threat-actor-conducts-politically-motivated-disruptive-activity-against}, language = {English}, urldate = {2022-08-08} } Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations
2022-08-04MandiantMandiant
@online{mandiant:20220804:advanced:afb8956, author = {Mandiant}, title = {{Advanced Persistent Threats (APTs)}}, date = {2022-08-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/insights/apt-groups}, language = {English}, urldate = {2022-08-30} } Advanced Persistent Threats (APTs)
APT1 APT10 APT12 APT14 APT15 APT16 APT17 APT18 APT19 APT2 APT20 APT21 APT22 APT23 APT24 APT27 APT3 APT30 APT31 APT4 APT40 APT5 APT9
2022-07-26MandiantThibault van Geluwe de Berlaere, Jay Christiansen, Daniel Kapellmann Zafra, Ken Proska, Keith Lunden
@online{berlaere:20220726:mandiant:c1c4498, author = {Thibault van Geluwe de Berlaere and Jay Christiansen and Daniel Kapellmann Zafra and Ken Proska and Keith Lunden}, title = {{Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers}}, date = {2022-07-26}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/mandiant-red-team-emulates-fin11-tactics}, language = {English}, urldate = {2023-01-19} } Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers
Clop Industroyer MimiKatz Triton