Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-07-20MandiantMandiant Threat Intelligence
@online{intelligence:20220720:evacuation:edd478e, author = {Mandiant Threat Intelligence}, title = {{Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities}}, date = {2022-07-20}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/spear-phish-ukrainian-entities}, language = {English}, urldate = {2022-07-25} } Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities
Cobalt Strike GraphSteel GrimPlant MicroBackdoor
2022-06-29MandiantJared Wilson
@online{wilson:20220629:burrowing:d5ca9f1, author = {Jared Wilson}, title = {{Burrowing your way into VPNs, Proxies, and Tunnels}}, date = {2022-06-29}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/burrowing-your-way-into-vpns}, language = {English}, urldate = {2022-07-05} } Burrowing your way into VPNs, Proxies, and Tunnels
DarkSide SMOKEDHAM
2022-06-28MandiantMandiant Threat Intelligence
@online{intelligence:20220628:proprc:a0e2412, author = {Mandiant Threat Intelligence}, title = {{Pro-PRC DRAGONBRIDGE Influence Campaign Targets Rare Earths Mining Companies in Attempt to Thwart Rivalry to PRC Market Dominance}}, date = {2022-06-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/dragonbridge-targets-rare-earths-mining-companies}, language = {English}, urldate = {2022-07-05} } Pro-PRC DRAGONBRIDGE Influence Campaign Targets Rare Earths Mining Companies in Attempt to Thwart Rivalry to PRC Market Dominance
2022-06-02MandiantMandiant Intelligence
@online{intelligence:20220602:to:e15831c, author = {Mandiant Intelligence}, title = {{To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions}}, date = {2022-06-02}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc2165-shifts-to-evade-sanctions}, language = {English}, urldate = {2022-06-04} } To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions
FAKEUPDATES Blister Cobalt Strike DoppelPaymer Dridex FriedEx Hades LockBit Macaw MimiKatz Phoenix Locker WastedLocker
2022-06-02MandiantMandiant
@online{mandiant:20220602:trending:0bcdbc4, author = {Mandiant}, title = {{TRENDING EVIL Q2 2022}}, date = {2022-06-02}, organization = {Mandiant}, url = {https://experience.mandiant.com/trending-evil-2/p/1}, language = {English}, urldate = {2022-06-07} } TRENDING EVIL Q2 2022
CloudEyE Cobalt Strike CryptBot Emotet IsaacWiper QakBot
2022-05-19MandiantAlden Wahlstrom, Alice Revelli, Sam Riddell, David Mainor, Ryan Serabian
@online{wahlstrom:20220519:io:eacf6cd, author = {Alden Wahlstrom and Alice Revelli and Sam Riddell and David Mainor and Ryan Serabian}, title = {{The IO Offensive: Information Operations Surrounding the Russian Invasion of Ukraine}}, date = {2022-05-19}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/information-operations-surrounding-ukraine}, language = {English}, urldate = {2022-05-25} } The IO Offensive: Information Operations Surrounding the Russian Invasion of Ukraine
HermeticWiper PartyTicket
2022-05-05BrightTALK (Mandiant)Christopher Gardner
@online{gardner:20220505:sample:66178f9, author = {Christopher Gardner}, title = {{The Sample: Beating the Malware Piñata}}, date = {2022-05-05}, organization = {BrightTALK (Mandiant)}, url = {https://www.brighttalk.com/webcast/7451/538775}, language = {English}, urldate = {2022-06-09} } The Sample: Beating the Malware Piñata
Jaku
2022-05-04MandiantBrandan Schondorfer, Nader Zaveri, Tyler McLellan, Jennifer Brito
@online{schondorfer:20220504:old:47943c4, author = {Brandan Schondorfer and Nader Zaveri and Tyler McLellan and Jennifer Brito}, title = {{Old Services, New Tricks: Cloud Metadata Abuse by UNC2903}}, date = {2022-05-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/cloud-metadata-abuse-unc2903}, language = {English}, urldate = {2022-05-05} } Old Services, New Tricks: Cloud Metadata Abuse by UNC2903
WSO
2022-05-02MandiantDoug Bienstock, Melissa Derr, Josh Madeley, Tyler McLellan, Chris Gardner
@online{bienstock:20220502:unc3524:5948892, author = {Doug Bienstock and Melissa Derr and Josh Madeley and Tyler McLellan and Chris Gardner}, title = {{UNC3524: Eye Spy on Your Email}}, date = {2022-05-02}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc3524-eye-spy-email}, language = {English}, urldate = {2022-05-03} } UNC3524: Eye Spy on Your Email
QUIETEXIT UNC3524
2022-04-29MandiantJohn Wolfram, Sarah Hawley, Tyler McLellan, Nick Simonian, Anders Vejlby
@online{wolfram:20220429:trello:c078513, author = {John Wolfram and Sarah Hawley and Tyler McLellan and Nick Simonian and Anders Vejlby}, title = {{Trello From the Other Side: Tracking APT29 Phishing Campaigns}}, date = {2022-04-29}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/tracking-apt29-phishing-campaigns}, language = {English}, urldate = {2022-10-19} } Trello From the Other Side: Tracking APT29 Phishing Campaigns
BEATDROP VaporRage
2022-04-28MandiantJohn Wolfram, Sarah Hawley, Tyler McLellan, Nick Simonian, Anders Vejlby
@online{wolfram:20220428:trello:dab21ca, author = {John Wolfram and Sarah Hawley and Tyler McLellan and Nick Simonian and Anders Vejlby}, title = {{Trello From the Other Side: Tracking APT29 Phishing Campaigns}}, date = {2022-04-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns}, language = {English}, urldate = {2022-04-29} } Trello From the Other Side: Tracking APT29 Phishing Campaigns
Cobalt Strike
2022-04-27MandiantMandiant
@online{mandiant:20220427:assembling:a7068b9, author = {Mandiant}, title = {{Assembling the Russian Nesting Doll: UNC2452 Merged into APT29}}, date = {2022-04-27}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc2452-merged-into-apt29}, language = {English}, urldate = {2022-04-29} } Assembling the Russian Nesting Doll: UNC2452 Merged into APT29
Cobalt Strike Raindrop SUNBURST TEARDROP
2022-04-25MandiantDaniel Kapellmann Zafra, Raymond Leong, Chris Sistrunk, Ken Proska, Corey Hildebrandt, Keith Lunden, Nathan Brubaker
@online{zafra:20220425:industroyerv2:5548d98, author = {Daniel Kapellmann Zafra and Raymond Leong and Chris Sistrunk and Ken Proska and Corey Hildebrandt and Keith Lunden and Nathan Brubaker}, title = {{INDUSTROYER.V2: Old Malware Learns New Tricks}}, date = {2022-04-25}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/industroyer-v2-old-malware-new-tricks}, language = {English}, urldate = {2022-04-29} } INDUSTROYER.V2: Old Malware Learns New Tricks
INDUSTROYER2
2022-04-13MandiantNathan Brubaker, Keith Lunden, Ken Proska, Muhammad Umair, Daniel Kapellmann Zafra, Corey Hildebrandt, Rob Caldwell
@online{brubaker:20220413:incontroller:0f05d07, author = {Nathan Brubaker and Keith Lunden and Ken Proska and Muhammad Umair and Daniel Kapellmann Zafra and Corey Hildebrandt and Rob Caldwell}, title = {{INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems}}, date = {2022-04-13}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/incontroller-state-sponsored-ics-tool}, language = {English}, urldate = {2022-04-15} } INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems
2022-04-04MandiantBryce Abdo, Zander Work, Ioana Teaca, Brendan McKeague
@online{abdo:20220404:fin7:305d62b, author = {Bryce Abdo and Zander Work and Ioana Teaca and Brendan McKeague}, title = {{FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7}}, date = {2022-04-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/evolution-of-fin7}, language = {English}, urldate = {2022-06-27} } FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7
Griffon BABYMETAL Carbanak Cobalt Strike JSSLoader Termite
2022-03-28MandiantGeoff Ackerman, Tufail Ahmed, James Maclachlan, Dallin Warne, John Wolfram, Brandon Wilbur
@online{ackerman:20220328:forged:3105d8e, author = {Geoff Ackerman and Tufail Ahmed and James Maclachlan and Dallin Warne and John Wolfram and Brandon Wilbur}, title = {{Forged in Fire: A Survey of MobileIron Log4Shell Exploitation}}, date = {2022-03-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/mobileiron-log4shell-exploitation}, language = {English}, urldate = {2022-03-30} } Forged in Fire: A Survey of MobileIron Log4Shell Exploitation
KEYPLUG
2022-03-23MandiantMichael Barnhart, Michelle Cantos, Jeffery Johnson, Elias fox, Gary Freas, Dan Scott
@online{barnhart:20220323:not:ca8438c, author = {Michael Barnhart and Michelle Cantos and Jeffery Johnson and Elias fox and Gary Freas and Dan Scott}, title = {{Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations}}, date = {2022-03-23}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/mapping-dprk-groups-to-government}, language = {English}, urldate = {2022-03-25} } Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations
2022-03-18Recorded FutureInsikt Group®
@techreport{group:20220318:ghostwriter:907199b, author = {Insikt Group®}, title = {{Ghostwriter in the Shell: Expanding on Mandiant’s Attribution of UNC1151 to Belarus}}, date = {2022-03-18}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2022-0318.pdf}, language = {English}, urldate = {2022-03-22} } Ghostwriter in the Shell: Expanding on Mandiant’s Attribution of UNC1151 to Belarus
2022-03-16MandiantMathew Potaczek, Takahiro Sugiyama, Logeswaran Nadarajan, Yu Nakamura, Joshua Homan, Martin Co, Sylvain Hirsch
@online{potaczek:20220316:have:42cad90, author = {Mathew Potaczek and Takahiro Sugiyama and Logeswaran Nadarajan and Yu Nakamura and Joshua Homan and Martin Co and Sylvain Hirsch}, title = {{Have Your Cake and Eat it Too? An Overview of UNC2891}}, date = {2022-03-16}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc2891-overview}, language = {English}, urldate = {2022-03-17} } Have Your Cake and Eat it Too? An Overview of UNC2891
SLAPSTICK STEELCORGI
2022-03-13MandiantMandiant
@online{mandiant:20220313:apt41:988051c, author = {Mandiant}, title = {{APT41 (Double Dragon): A Dual Espionage and Cyber Crime Operation}}, date = {2022-03-13}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/report-apt41-double-dragon-a-dual-espionage-and-cyber-crime-operation}, language = {English}, urldate = {2022-08-30} } APT41 (Double Dragon): A Dual Espionage and Cyber Crime Operation
APT41