Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-11-29MandiantDoug Bienstock, Luke Jenkins, Parnian Najafi, Sarah Hawley
Suspected Russian Activity Targeting Government and Business Entities Around the Globe
CEELOADER
2022-11-28MandiantGeoff Ackerman, John Wolfram, Ryan Tomcik, Tommy Dacanay
Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia
BLUEHAZE DARKDEW MISTCLOAK UNC4191
2022-10-26MandiantMandiant Intelligence
Pro-PRC DRAGONBRIDGE Influence Campaign Leverages New TTPs to Aggressively Target U.S. Interests, Including Midterm Elections
Dragonbridge
2022-10-19MandiantJesse Valdez, Sandor Nemes, Sulian Lebegue
From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind
LDR4
2022-09-29MandiantAlexander Marvi, Greg Blaum
Bad VIB(E)s Part Two: Detection and Hardening within ESXi Hypervisors
2022-09-29MandiantAlexander Marvi, Jeremy Koppen, Jonathan Lepore, Tufail Ahmed
Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors
UNC3886
2022-09-23MandiantMandiant Intelligence
GRU: Rise of the (Telegram) MinIOns
ArguePatch CaddyWiper XakNet
2022-09-14MandiantJames Maclachlan, Mathew Potaczek, Matt Williams, Nino Isakovic, Yash Gupta
It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp
BLINDINGCAN miniBlindingCan sRDI
2022-09-08MandiantAlden Wahlstrom, Alice Revelli, Cameron Sabel, Jon Ford, Kelli Vanderlee, Luke McNamara, Sam Riddell
What to Expect When You’re Electing: Preparing for Cyber Threats to the 2022 U.S. Midterm Elections
2022-09-07MandiantMandiant Intelligence
APT42: Crooked Charms, Cons and Compromises
PINEFLOWER VINETHORN VBREVSHELL BROKEYOLK DOSTEALER GHAMBAR SILENTUPLOADER
2022-09-07MandiantMandiant Intelligence
APT42: Crooked Charms, Cons, and Compromises
APT42
2022-08-18MandiantDouglas Bienstock
You Can’t Audit Me: APT29 Continues Targeting Microsoft 365
2022-08-17MandiantMandiant Israel Research Team
Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors
NorthStar SUGARDUMP SUGARRUSH UNC3890
2022-08-04MandiantAlice Revelli, Ben Read, Emiel Haeghebaert, Luke Jenkins
ROADSWEEP Ransomware - Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations
ROADSWEEP
2022-08-04MandiantMandiant
Advanced Persistent Threats (APTs)
APT1 APT10 APT12 APT14 APT15 APT16 APT17 APT18 APT19 APT2 APT20 APT21 APT22 APT23 APT24 APT27 APT3 APT30 APT31 APT4 APT40 APT5 APT9 Naikon
2022-08-04MandiantDaniel Kapellmann Zafra, Ryan Serabian
Pro-PRC “HaiEnergy” Information Operations Campaign Leverages Infrastructure from Public Relations Firm to Disseminate Content on Inauthentic News Sites
2022-08-04MandiantAlice Revelli, Ben Read, Emiel Haeghebaert, Luke Jenkins
Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations
2022-07-26MandiantDaniel Kapellmann Zafra, Jay Christiansen, Keith Lunden, Ken Proska, Thibault van Geluwe de Berlaere
Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers
Clop Industroyer MimiKatz Triton
2022-07-20MandiantMandiant Threat Intelligence
Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities
Cobalt Strike GraphSteel GrimPlant MicroBackdoor
2022-06-29MandiantJared Wilson
Burrowing your way into VPNs, Proxies, and Tunnels
DarkSide SMOKEDHAM