Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-16MandiantGabriella Roncone, Alden Wahlstrom, Alice Revelli, David Mainor, Sam Riddell, Ben Read, Mandiant Research Team
@online{roncone:20211116:unc1151:a2da6dc, author = {Gabriella Roncone and Alden Wahlstrom and Alice Revelli and David Mainor and Sam Riddell and Ben Read and Mandiant Research Team}, title = {{UNC1151 Assessed with High Confidence to have Links to Belarus, Ghostwriter Campaign Aligned with Belarusian Government Interests}}, date = {2021-11-16}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc1151-linked-to-belarus-government}, language = {English}, urldate = {2021-11-17} } UNC1151 Assessed with High Confidence to have Links to Belarus, Ghostwriter Campaign Aligned with Belarusian Government Interests
Ghostwriter
2021-10-27MandiantKen Proska, Corey Hildebrandt, Daniel Kapellmann Zafra, Nathan Brubaker
@online{proska:20211027:portable:437b9c1, author = {Ken Proska and Corey Hildebrandt and Daniel Kapellmann Zafra and Nathan Brubaker}, title = {{Portable Executable File Infecting Malware Is Increasingly Found in OT Networks}}, date = {2021-10-27}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/pe-file-infecting-malware-ot}, language = {English}, urldate = {2021-11-08} } Portable Executable File Infecting Malware Is Increasingly Found in OT Networks
CCleaner Backdoor Floxif neshta Ramnit Sality Virut
2021-10-20MandiantJacob Thompson
@online{thompson:20211020:hidden:c64ea48, author = {Jacob Thompson}, title = {{Hidden in Plain Sight: Identifying Cryptography in BLACKMATTER Ransomware}}, date = {2021-10-20}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/cryptography-blackmatter-ransomware}, language = {English}, urldate = {2021-11-02} } Hidden in Plain Sight: Identifying Cryptography in BLACKMATTER Ransomware
BlackMatter
2021-10-12MandiantAlyssa Rahman
@online{rahman:20211012:defining:df3f43c, author = {Alyssa Rahman}, title = {{Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis}}, date = {2021-10-12}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/defining-cobalt-strike-components}, language = {English}, urldate = {2021-11-02} } Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis
Cobalt Strike
2021-10-07MandiantJoshua Shilko, Zach Riddle, Jennifer Brooks, Genevieve Stark, Adam Brunner, Kimberly Goody, Jeremy Kennelly
@online{shilko:20211007:fin12:43d89f5, author = {Joshua Shilko and Zach Riddle and Jennifer Brooks and Genevieve Stark and Adam Brunner and Kimberly Goody and Jeremy Kennelly}, title = {{FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets}}, date = {2021-10-07}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/fin12-ransomware-intrusion-actor-pursuing-healthcare-targets}, language = {English}, urldate = {2021-10-08} } FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets
BazarBackdoor GRIMAGENT Ryuk
2021-10-07MandiantMandiant Research Team
@online{team:20211007:fin12:505a3a8, author = {Mandiant Research Team}, title = {{FIN12 Group Profile: FIN12 Priotizes Speed to Deploy Ransomware Aginst High-Value Targets}}, date = {2021-10-07}, organization = {Mandiant}, url = {https://www.mandiant.com/media/12596/download}, language = {English}, urldate = {2021-11-27} } FIN12 Group Profile: FIN12 Priotizes Speed to Deploy Ransomware Aginst High-Value Targets
Cobalt Strike Empire Downloader TrickBot
2021-09-02MandiantMandiant
@online{mandiant:20210902:advanced:5263576, author = {Mandiant}, title = {{Advanced Persistent Threats (APTs)}}, date = {2021-09-02}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/apt-groups#apt19}, language = {English}, urldate = {2022-07-25} } Advanced Persistent Threats (APTs)
APT9
2021-06-16MandiantTyler McLellan, Robert Dean, Justin Moore, Nick Harbour, Mike Hunhoff, Jared Wilson, Jordan Nuce
@online{mclellan:20210616:smoking:a03a78c, author = {Tyler McLellan and Robert Dean and Justin Moore and Nick Harbour and Mike Hunhoff and Jared Wilson and Jordan Nuce}, title = {{Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise}}, date = {2021-06-16}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/darkside-affiliate-supply-chain-software-compromise}, language = {English}, urldate = {2021-12-01} } Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
Cobalt Strike SMOKEDHAM
2021-04-20Github (fireeye)FireEye, Mandiant
@online{fireeye:20210420:fireeye:287db5f, author = {FireEye and Mandiant}, title = {{FireEye Mandiant PulseSecure Exploitation Countermeasures}}, date = {2021-04-20}, organization = {Github (fireeye)}, url = {https://github.com/fireeye/pulsesecure_exploitation_countermeasures/}, language = {English}, urldate = {2021-04-20} } FireEye Mandiant PulseSecure Exploitation Countermeasures
2021-03-01FireEyeFireEye, Mandiant
@techreport{fireeye:20210301:accellion:46e70cd, author = {FireEye and Mandiant}, title = {{ACCELLION, INC. File Transfer Appliance (FTA) Security Assessment}}, date = {2021-03-01}, institution = {FireEye}, url = {https://www.accellion.com/sites/default/files/trust-center/accellion-fta-attack-mandiant-report-full.pdf}, language = {English}, urldate = {2021-03-11} } ACCELLION, INC. File Transfer Appliance (FTA) Security Assessment
DEWMODE
2021-02-25BrightTALK (FireEye)Andrew Rector, Matt Bromiley, Mandiant
@online{rector:20210225:light:005aa58, author = {Andrew Rector and Matt Bromiley and Mandiant}, title = {{Light in the Dark: Hunting for SUNBURST}}, date = {2021-02-25}, organization = {BrightTALK (FireEye)}, url = {https://www.brighttalk.com/webcast/7451/469525}, language = {English}, urldate = {2021-02-20} } Light in the Dark: Hunting for SUNBURST
SUNBURST
2021-01-19Github (fireeye)FireEye
@online{fireeye:20210119:mandiant:26223c8, author = {FireEye}, title = {{Mandiant Azure AD Investigator: Focusing on UNC2452 TTPs}}, date = {2021-01-19}, organization = {Github (fireeye)}, url = {https://github.com/fireeye/Mandiant-Azure-AD-Investigator}, language = {English}, urldate = {2021-01-21} } Mandiant Azure AD Investigator: Focusing on UNC2452 TTPs
SUNBURST
2021-01-19MandiantMike Burns, Matthew McWhirt, Douglas Bienstock, Nick Bennett
@techreport{burns:20210119:remediation:044c1db, author = {Mike Burns and Matthew McWhirt and Douglas Bienstock and Nick Bennett}, title = {{Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 (WHITE PAPER)}}, date = {2021-01-19}, institution = {Mandiant}, url = {https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/wp-m-unc2452-2021-000343-01.pdf}, language = {English}, urldate = {2021-01-21} } Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 (WHITE PAPER)
2021MandiantMandiant
@online{mandiant:2021:mtrends:4d981a4, author = {Mandiant}, title = {{M-TRENDS 2021}}, date = {2021}, organization = {Mandiant}, url = {https://www.mandiant.com/media/10916/download}, language = {English}, urldate = {2021-11-02} } M-TRENDS 2021
Cobalt Strike SUNBURST
2020-12-17FireEyeKelli Vanderlee
@online{vanderlee:20201217:debuncing:18468be, author = {Kelli Vanderlee}, title = {{DebUNCing Attribution: How Mandiant Tracks Uncategorized Threat Actors}}, date = {2020-12-17}, organization = {FireEye}, url = {https://www.fireeye.com/blog/products-and-services/2020/12/how-mandiant-tracks-uncategorized-threat-actors.html}, language = {English}, urldate = {2020-12-19} } DebUNCing Attribution: How Mandiant Tracks Uncategorized Threat Actors
2020-10-29MandiantGenevieve Stark, Andrew Moore
@online{stark:20201029:fin11:7b1b75a, author = {Genevieve Stark and Andrew Moore}, title = {{FIN11: A Widespread Ransomware and Extortion Operation (Webinar)}}, date = {2020-10-29}, organization = {Mandiant}, url = {https://www.brighttalk.com/webcast/7451/447347}, language = {English}, urldate = {2020-11-04} } FIN11: A Widespread Ransomware and Extortion Operation (Webinar)
FIN11
2020-07-30FireEyeJoseph Hladik, Josh Fleischer
@online{hladik:20200730:obscured:41a50f3, author = {Joseph Hladik and Josh Fleischer}, title = {{Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates}}, date = {2020-07-30}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/07/insights-into-office-365-attacks-and-how-managed-defense-investigates.html}, language = {English}, urldate = {2020-08-05} } Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates
2020-07-29MandiantMandiant
@techreport{mandiant:20200729:ghostwriter:c81a10a, author = {Mandiant}, title = {{‘Ghostwriter’ Influence Campaign: Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned with Russian Security Interests}}, date = {2020-07-29}, institution = {Mandiant}, url = {https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/Ghostwriter-Influence-Campaign.pdf}, language = {English}, urldate = {2020-07-30} } ‘Ghostwriter’ Influence Campaign: Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned with Russian Security Interests
2020-07-15MandiantNathan Brubaker, Daniel Kapellmann Zafra, Keith Lunden, Ken Proska, Corey Hildebrandt
@online{brubaker:20200715:financially:f217555, author = {Nathan Brubaker and Daniel Kapellmann Zafra and Keith Lunden and Ken Proska and Corey Hildebrandt}, title = {{Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families}}, date = {2020-07-15}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/financially-motivated-actors-are-expanding-access-into-ot}, language = {English}, urldate = {2022-07-28} } Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families
Clop DoppelPaymer LockerGoga Maze MegaCortex Nefilim Snake
2020-03-16MandiantKelli Vanderlee
@online{vanderlee:20200316:they:41fc7ba, author = {Kelli Vanderlee}, title = {{They Come in the Night: Ransomware Deployment Trends}}, date = {2020-03-16}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/they-come-in-the-night-ransomware-deployment-trends}, language = {English}, urldate = {2022-03-08} } They Come in the Night: Ransomware Deployment Trends
FAKEUPDATES