Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-04-29MandiantJohn Wolfram, Sarah Hawley, Tyler McLellan, Nick Simonian, Anders Vejlby
@online{wolfram:20220429:trello:c078513, author = {John Wolfram and Sarah Hawley and Tyler McLellan and Nick Simonian and Anders Vejlby}, title = {{Trello From the Other Side: Tracking APT29 Phishing Campaigns}}, date = {2022-04-29}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/tracking-apt29-phishing-campaigns}, language = {English}, urldate = {2022-10-19} } Trello From the Other Side: Tracking APT29 Phishing Campaigns
BEATDROP VaporRage
2022-04-28MandiantJohn Wolfram, Sarah Hawley, Tyler McLellan, Nick Simonian, Anders Vejlby
@online{wolfram:20220428:trello:dab21ca, author = {John Wolfram and Sarah Hawley and Tyler McLellan and Nick Simonian and Anders Vejlby}, title = {{Trello From the Other Side: Tracking APT29 Phishing Campaigns}}, date = {2022-04-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns}, language = {English}, urldate = {2022-04-29} } Trello From the Other Side: Tracking APT29 Phishing Campaigns
Cobalt Strike
2022-04-18CitizenLabJohn Scott-Railton, Elies Campo, Bill Marczak, Bahr Abdul Razzak, Siena Anstis, Gözde Böcü, Salvatore Solimano, Ron Deibert
@online{scottrailton:20220418:catalangate:95aa638, author = {John Scott-Railton and Elies Campo and Bill Marczak and Bahr Abdul Razzak and Siena Anstis and Gözde Böcü and Salvatore Solimano and Ron Deibert}, title = {{CatalanGate Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru}}, date = {2022-04-18}, organization = {CitizenLab}, url = {https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/}, language = {English}, urldate = {2022-04-20} } CatalanGate Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru
Chrysaor
2022-04-12SophosAndrew Brandt, Angela Gunn, Melissa Kelly, Peter Mackenzie, Ferenc László Nagy, Mauricio Valdivieso, Sergio Bestulic, Johnathan Fern, Linda Smith, Matthew Everts
@online{brandt:20220412:attackers:f9f5c52, author = {Andrew Brandt and Angela Gunn and Melissa Kelly and Peter Mackenzie and Ferenc László Nagy and Mauricio Valdivieso and Sergio Bestulic and Johnathan Fern and Linda Smith and Matthew Everts}, title = {{Attackers linger on government agency computers before deploying Lockbit ransomware}}, date = {2022-04-12}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware/}, language = {English}, urldate = {2022-04-15} } Attackers linger on government agency computers before deploying Lockbit ransomware
LockBit
2022-04-05Medium jsecurity101Jonathan Johnson
@online{johnson:20220405:bypassing:2397ea1, author = {Jonathan Johnson}, title = {{Bypassing Access Mask Auditing Strategies}}, date = {2022-04-05}, organization = {Medium jsecurity101}, url = {https://jsecurity101.medium.com/bypassing-access-mask-auditing-strategies-480fb641c158}, language = {English}, urldate = {2022-04-15} } Bypassing Access Mask Auditing Strategies
2022-03-31TrellixJohn Fokker, Jambul Tologonov
@online{fokker:20220331:conti:3bc2974, author = {John Fokker and Jambul Tologonov}, title = {{Conti Leaks: Examining the Panama Papers of Ransomware}}, date = {2022-03-31}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/conti-leaks-examining-the-panama-papers-of-ransomware.html}, language = {English}, urldate = {2022-04-07} } Conti Leaks: Examining the Panama Papers of Ransomware
LockBit Amadey Buer Conti IcedID LockBit Mailto Maze PhotoLoader Ryuk TrickBot
2022-03-28MandiantGeoff Ackerman, Tufail Ahmed, James Maclachlan, Dallin Warne, John Wolfram, Brandon Wilbur
@online{ackerman:20220328:forged:3105d8e, author = {Geoff Ackerman and Tufail Ahmed and James Maclachlan and Dallin Warne and John Wolfram and Brandon Wilbur}, title = {{Forged in Fire: A Survey of MobileIron Log4Shell Exploitation}}, date = {2022-03-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/mobileiron-log4shell-exploitation}, language = {English}, urldate = {2022-03-30} } Forged in Fire: A Survey of MobileIron Log4Shell Exploitation
KEYPLUG
2022-03-23MandiantMichael Barnhart, Michelle Cantos, Jeffery Johnson, Elias fox, Gary Freas, Dan Scott
@online{barnhart:20220323:not:ca8438c, author = {Michael Barnhart and Michelle Cantos and Jeffery Johnson and Elias fox and Gary Freas and Dan Scott}, title = {{Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations}}, date = {2022-03-23}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/mapping-dprk-groups-to-government}, language = {English}, urldate = {2022-03-25} } Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations
2022-03-21IEEEPierce Ryan, John Fokker, Sorcha Healy, Andreas Amann
@online{ryan:20220321:dynamics:29d9088, author = {Pierce Ryan and John Fokker and Sorcha Healy and Andreas Amann}, title = {{Dynamics of Targeted Ransomware Negotiation}}, date = {2022-03-21}, organization = {IEEE}, url = {https://ieeexplore.ieee.org/document/9738625}, language = {English}, urldate = {2022-04-05} } Dynamics of Targeted Ransomware Negotiation
2022-03-17TrellixThibault Seret, John Fokker
@online{seret:20220317:suspected:f30741a, author = {Thibault Seret and John Fokker}, title = {{Suspected DarkHotel APT activity update}}, date = {2022-03-17}, organization = {Trellix}, url = {https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/suspected-darkhotel-apt-activity-update.html}, language = {English}, urldate = {2022-03-18} } Suspected DarkHotel APT activity update
RMOT
2022-03-15SecurityIntelligenceChristopher Del Fierro, John Dwyer
@online{fierro:20220315:caddywiper:6504bd2, author = {Christopher Del Fierro and John Dwyer}, title = {{CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations}}, date = {2022-03-15}, organization = {SecurityIntelligence}, url = {https://securityintelligence.com/posts/caddywiper-malware-targeting-ukrainian-organizations/}, language = {English}, urldate = {2022-03-16} } CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations
CaddyWiper
2022-03-08MandiantRufus Brown, Van Ta, Douglas Bienstock, Geoff Ackerman, John Wolfram
@online{brown:20220308:does:94c6c3e, author = {Rufus Brown and Van Ta and Douglas Bienstock and Geoff Ackerman and John Wolfram}, title = {{Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments}}, date = {2022-03-08}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/apt41-us-state-governments}, language = {English}, urldate = {2022-03-10} } Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments
KEYPLUG Cobalt Strike LOWKEY
2022-03-04IBMJohn Dwyer, Kevin Henson
@online{dwyer:20220304:new:c661960, author = {John Dwyer and Kevin Henson}, title = {{New Wiper Malware Used Against Ukranian Organizations}}, date = {2022-03-04}, organization = {IBM}, url = {https://securityintelligence.com/posts/new-wiper-malware-used-against-ukranian-organizations/}, language = {English}, urldate = {2022-03-07} } New Wiper Malware Used Against Ukranian Organizations
IsaacWiper
2022-03-01Huntress LabsJohn Hammond
@online{hammond:20220301:targeted:c462269, author = {John Hammond}, title = {{Targeted APT Activity: BABYSHARK Is Out for Blood}}, date = {2022-03-01}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/targeted-apt-activity-babyshark-is-out-for-blood}, language = {English}, urldate = {2022-03-07} } Targeted APT Activity: BABYSHARK Is Out for Blood
BabyShark
2022-02-24IBMAnne Jobmann, Claire Zaboeva, Richard Emerson, Christopher Del Fierro, John Dwyer
@online{jobmann:20220224:ibm:deaac04, author = {Anne Jobmann and Claire Zaboeva and Richard Emerson and Christopher Del Fierro and John Dwyer}, title = {{IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine}}, date = {2022-02-24}, organization = {IBM}, url = {https://securityintelligence.com/posts/new-destructive-malware-cyber-attacks-ukraine/}, language = {English}, urldate = {2022-03-02} } IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine
HermeticWiper
2022-02-18YouTube (John Hammond)John Hammond
@online{hammond:20220218:uncovering:1c5162c, author = {John Hammond}, title = {{Uncovering NETWIRE Malware - Discovery & Deobfuscation}}, date = {2022-02-18}, organization = {YouTube (John Hammond)}, url = {https://www.youtube.com/watch?v=TeQdZxP0RYY}, language = {English}, urldate = {2022-02-19} } Uncovering NETWIRE Malware - Discovery & Deobfuscation
NetWire RC
2022-01-27Recorded FutureJohn Wetzel
@techreport{wetzel:20220127:russias:e336cc8, author = {John Wetzel}, title = {{Russia’s Biggest Threat Is Its Instability}}, date = {2022-01-27}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/pov-2022-0127.pdf}, language = {English}, urldate = {2022-02-04} } Russia’s Biggest Threat Is Its Instability
WhisperGate
2022-01-20BrightTALK (Mandiant)John Hultquist, Matthew McWhirt
@online{hultquist:20220120:anticipating:b2d356a, author = {John Hultquist and Matthew McWhirt}, title = {{Anticipating and Preparing for Russian Cyber Activity}}, date = {2022-01-20}, organization = {BrightTALK (Mandiant)}, url = {https://www.brighttalk.com/webcast/7451/527124}, language = {English}, urldate = {2022-02-14} } Anticipating and Preparing for Russian Cyber Activity
2022-01-20MandiantJohn Hultquist
@online{hultquist:20220120:anticipating:8005282, author = {John Hultquist}, title = {{Anticipating Cyber Threats as the Ukraine Crisis Escalates}}, date = {2022-01-20}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/ukraine-crisis-cyber-threats}, language = {English}, urldate = {2022-01-24} } Anticipating Cyber Threats as the Ukraine Crisis Escalates
2022-01-04The Cyber Security TimesJohn Greenwood
@online{greenwood:20220104:purple:98da376, author = {John Greenwood}, title = {{Purple Fox malware is actively distributed via Telegram Installers}}, date = {2022-01-04}, organization = {The Cyber Security Times}, url = {https://www.thecybersecuritytimes.com/purple-fox-malware-is-actively-distributed-via-telegram-installers/}, language = {English}, urldate = {2022-01-06} } Purple Fox malware is actively distributed via Telegram Installers
PurpleFox