Click here to download all references as Bib-File.•
2024-04-16
⋅
Mandiant
⋅
APT44: Unearthing Sandworm VPNFilter BlackEnergy CaddyWiper EternalPetya HermeticWiper Industroyer INDUSTROYER2 Olympic Destroyer PartyTicket RoarBAT Sandworm |
2024-04-04
⋅
Mandiant
⋅
Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies |
2024-01-12
⋅
Mandiant
⋅
Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation UTA0178 |
2023-11-09
⋅
Mandiant
⋅
Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology CaddyWiper |
2023-04-03
⋅
Mandiant
⋅
ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access LaZagne BlackCat MimiKatz |
2023-01-05
⋅
Mandiant
⋅
Turla: A Galaxy of Opportunity KopiLuwak Andromeda QUIETCANARY |
2022-05-04
⋅
Mandiant
⋅
Old Services, New Tricks: Cloud Metadata Abuse by UNC2903 WSO |
2022-05-02
⋅
Mandiant
⋅
UNC3524: Eye Spy on Your Email QUIETEXIT UNC3524 |
2022-04-29
⋅
Mandiant
⋅
Trello From the Other Side: Tracking APT29 Phishing Campaigns BEATDROP VaporRage |
2022-04-28
⋅
Mandiant
⋅
Trello From the Other Side: Tracking APT29 Phishing Campaigns Cobalt Strike |
2022-02-23
⋅
Mandiant
⋅
(Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware Cuba KillAV |
2021-11-29
⋅
Mandiant
⋅
Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again Cobalt Strike ROLLCOAST |
2021-11-21
⋅
Twitter (@tylabs)
⋅
Twitter Thread about UNC1500 phishing using QAKBOT QakBot |
2021-06-16
⋅
Mandiant
⋅
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise Cobalt Strike SMOKEDHAM |
2021-06-16
⋅
FireEye
⋅
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise Cobalt Strike SMOKEDHAM |
2021-04-29
⋅
FireEye
⋅
UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat Cobalt Strike FiveHands HelloKitty |