Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-03-08MandiantRufus Brown, Van Ta, Douglas Bienstock, Geoff Ackerman, John Wolfram
@online{brown:20220308:does:94c6c3e, author = {Rufus Brown and Van Ta and Douglas Bienstock and Geoff Ackerman and John Wolfram}, title = {{Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments}}, date = {2022-03-08}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/apt41-us-state-governments}, language = {English}, urldate = {2022-03-10} } Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments
KEYPLUG Cobalt Strike LOWKEY
2022-03-04MandiantJames Sadowski, Ryan Hall
@online{sadowski:20220304:responses:0b94dae, author = {James Sadowski and Ryan Hall}, title = {{Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation}}, date = {2022-03-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/russia-invasion-ukraine-retaliation}, language = {English}, urldate = {2022-03-07} } Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation
HermeticWiper PartyTicket WhisperGate
2022-02-26MandiantMandiant
@online{mandiant:20220226:trending:a445d4a, author = {Mandiant}, title = {{TRENDING EVIL Q1 2022}}, date = {2022-02-26}, organization = {Mandiant}, url = {https://experience.mandiant.com/trending-evil/p/1}, language = {English}, urldate = {2022-03-14} } TRENDING EVIL Q1 2022
KEYPLUG FAKEUPDATES GootLoader BazarBackdoor QakBot
2022-02-24MandiantRyan Tomcik, Emiel Haeghebaert, Tufail Ahmed
@online{tomcik:20220224:left:dfe77e0, author = {Ryan Tomcik and Emiel Haeghebaert and Tufail Ahmed}, title = {{Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity}}, date = {2022-02-24}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/telegram-malware-iranian-espionage}, language = {English}, urldate = {2022-03-01} } Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity
STARWHALE GRAMDOOR
2022-02-23MandiantTyler McLellan, Joshua Shilko, Shambavi Sadayappan
@online{mclellan:20220223:exchange:9b09c31, author = {Tyler McLellan and Joshua Shilko and Shambavi Sadayappan}, title = {{(Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware}}, date = {2022-02-23}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc2596-cuba-ransomware}, language = {English}, urldate = {2022-02-26} } (Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware
Cuba
2022-02-01MandiantNg Choon Kiat, Angelo Del Rosario, Martin Co
@online{kiat:20220201:zoom:c13e3eb, author = {Ng Choon Kiat and Angelo Del Rosario and Martin Co}, title = {{Zoom For You — SEO Poisoning to Distribute BATLOADER and Atera Agent}}, date = {2022-02-01}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/seo-poisoning-batloader-atera}, language = {English}, urldate = {2022-12-08} } Zoom For You — SEO Poisoning to Distribute BATLOADER and Atera Agent
BATLOADER
2022-01-31MandiantDaniel Kapellmann Zafra, Corey Hidelbrandt, Nathan Brubaker, Keith Lunden
@online{zafra:20220131:1:e0f6f31, author = {Daniel Kapellmann Zafra and Corey Hidelbrandt and Nathan Brubaker and Keith Lunden}, title = {{1 in 7 Ransomware Extortion Attacks Leak Critical Operational Technology Information}}, date = {2022-01-31}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/ransomware-extortion-ot-docs}, language = {English}, urldate = {2022-02-02} } 1 in 7 Ransomware Extortion Attacks Leak Critical Operational Technology Information
2022-01-20BrightTALK (Mandiant)John Hultquist, Matthew McWhirt
@online{hultquist:20220120:anticipating:b2d356a, author = {John Hultquist and Matthew McWhirt}, title = {{Anticipating and Preparing for Russian Cyber Activity}}, date = {2022-01-20}, organization = {BrightTALK (Mandiant)}, url = {https://www.brighttalk.com/webcast/7451/527124}, language = {English}, urldate = {2022-02-14} } Anticipating and Preparing for Russian Cyber Activity
2022-01-20MandiantJohn Hultquist
@online{hultquist:20220120:anticipating:8005282, author = {John Hultquist}, title = {{Anticipating Cyber Threats as the Ukraine Crisis Escalates}}, date = {2022-01-20}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/ukraine-crisis-cyber-threats}, language = {English}, urldate = {2022-01-24} } Anticipating Cyber Threats as the Ukraine Crisis Escalates
2022-01-19MandiantAdrian Sanchez Hernandez, Paul Tarter, Ervin James Ocampo
@online{hernandez:20220119:one:b4b3bf7, author = {Adrian Sanchez Hernandez and Paul Tarter and Ervin James Ocampo}, title = {{One Source to Rule Them All: Chasing AVADDON Ransomware}}, date = {2022-01-19}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/chasing-avaddon-ransomware}, language = {English}, urldate = {2022-01-24} } One Source to Rule Them All: Chasing AVADDON Ransomware
BlackMatter Avaddon BlackMatter MedusaLocker SystemBC ThunderX
2022-01-14MandiantMatthew McWhirt, Daniel Smith, Omar Toor, Bryan Turner
@online{mcwhirt:20220114:proactive:5ecb6a7, author = {Matthew McWhirt and Daniel Smith and Omar Toor and Bryan Turner}, title = {{Proactive Preparation and Hardening to Protect Against Destructive Attacks}}, date = {2022-01-14}, organization = {Mandiant}, url = {https://www.mandiant.com/media/14506/download}, language = {English}, urldate = {2022-01-18} } Proactive Preparation and Hardening to Protect Against Destructive Attacks
2021-12-15MandiantAlessandro Parilli, James Maclachlan
@online{parilli:20211215:no:b7a3405, author = {Alessandro Parilli and James Maclachlan}, title = {{No Unaccompanied Miners: Supply Chain Compromises Through Node.js Packages (UNC3379)}}, date = {2021-12-15}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/supply-chain-node-js}, language = {English}, urldate = {2021-12-31} } No Unaccompanied Miners: Supply Chain Compromises Through Node.js Packages (UNC3379)
DanaBot
2021-12-15MandiantMatthew McWhirt, John Hultquist
@online{mcwhirt:20211215:log4shell:9216a09, author = {Matthew McWhirt and John Hultquist}, title = {{Log4Shell Initial Exploitation and Mitigation Recommendations}}, date = {2021-12-15}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/log4shell-recommendations}, language = {English}, urldate = {2021-12-31} } Log4Shell Initial Exploitation and Mitigation Recommendations
2021-12-14MandiantAdrien Bataille, Anders Vejlby, Jared Scott Wilson, Nader Zaveri
@online{bataille:20211214:azure:bb96515, author = {Adrien Bataille and Anders Vejlby and Jared Scott Wilson and Nader Zaveri}, title = {{Azure Run Command for Dummies}}, date = {2021-12-14}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/azure-run-command-dummies}, language = {English}, urldate = {2022-01-03} } Azure Run Command for Dummies
2021-12-13MandiantAlyssa Rahman
@online{rahman:20211213:now:f5881cc, author = {Alyssa Rahman}, title = {{Now You Serial, Now You Don’t — Systematically Hunting for Deserialization Exploits}}, date = {2021-12-13}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/hunting-deserialization-exploits}, language = {English}, urldate = {2021-12-31} } Now You Serial, Now You Don’t — Systematically Hunting for Deserialization Exploits
2021-12-07MandiantVan Ta, Jake Nicastro, Rufus Brown, Nick Richard
@online{ta:20211207:fin13:e5e2255, author = {Van Ta and Jake Nicastro and Rufus Brown and Nick Richard}, title = {{FIN13: A Cybercriminal Threat Actor Focused on Mexico}}, date = {2021-12-07}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/fin13-cybercriminal-mexico}, language = {English}, urldate = {2021-12-08} } FIN13: A Cybercriminal Threat Actor Focused on Mexico
jspRAT win.rekoobe FIN13
2021-12-06MandiantLuke Jenkins, Sarah Hawley, Parnian Najafi, Doug Bienstock, Luis Rocha, Marius Fodoreanu, Mitchell Clarke, Manfred Erjak, Josh Madeley, Ashraf Abdalhalim, Juraj Sucik, Wojciech Ledzion, Gabriella Roncone, Jonathan Leathery, Ben Read, Microsoft Threat Intelligence Center (MSTIC), Microsoft Detection and Response Team (DART)
@online{jenkins:20211206:suspected:d9da4ec, author = {Luke Jenkins and Sarah Hawley and Parnian Najafi and Doug Bienstock and Luis Rocha and Marius Fodoreanu and Mitchell Clarke and Manfred Erjak and Josh Madeley and Ashraf Abdalhalim and Juraj Sucik and Wojciech Ledzion and Gabriella Roncone and Jonathan Leathery and Ben Read and Microsoft Threat Intelligence Center (MSTIC) and Microsoft Detection and Response Team (DART)}, title = {{Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)}}, date = {2021-12-06}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/russian-targeting-gov-business}, language = {English}, urldate = {2021-12-07} } Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)
Cobalt Strike CryptBot
2021-11-29MandiantTyler McLellan, Brandan Schondorfer
@online{mclellan:20211129:kittengif:efb8036, author = {Tyler McLellan and Brandan Schondorfer}, title = {{Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again}}, date = {2021-11-29}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/sabbath-ransomware-affiliate}, language = {English}, urldate = {2021-11-30} } Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again
Cobalt Strike ROLLCOAST
2021-11-18MandiantChris Sistrunk, Ken Proska, Glen Chason, Daniel Kapellmann
@online{sistrunk:20211118:introducing:5f08e41, author = {Chris Sistrunk and Ken Proska and Glen Chason and Daniel Kapellmann}, title = {{Introducing Mandiant's Digital Forensics and Incident Response Framework for Embedded OT Systems}}, date = {2021-11-18}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/mandiant-dfir-framework-ot}, language = {English}, urldate = {2021-11-19} } Introducing Mandiant's Digital Forensics and Incident Response Framework for Embedded OT Systems
2021-11-17MandiantJoshua Goddard
@online{goddard:20211117:proxynoshell:c2b592e, author = {Joshua Goddard}, title = {{ProxyNoShell: A Change in Tactics Exploiting ProxyShell Vulnerabilities}}, date = {2021-11-17}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/change-tactics-proxyshell-vulnerabilities}, language = {English}, urldate = {2021-11-19} } ProxyNoShell: A Change in Tactics Exploiting ProxyShell Vulnerabilities