Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-14MandiantJames Maclachlan, Mathew Potaczek, Matt Williams, Nino Isakovic, Yash Gupta
It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp
BLINDINGCAN miniBlindingCan sRDI
2022-09-08MandiantAlden Wahlstrom, Alice Revelli, Cameron Sabel, Jon Ford, Kelli Vanderlee, Luke McNamara, Sam Riddell
What to Expect When You’re Electing: Preparing for Cyber Threats to the 2022 U.S. Midterm Elections
2022-09-07MandiantMandiant Intelligence
APT42: Crooked Charms, Cons and Compromises
PINEFLOWER VINETHORN VBREVSHELL BROKEYOLK DOSTEALER GHAMBAR SILENTUPLOADER
2022-09-07MandiantMandiant Intelligence
APT42: Crooked Charms, Cons, and Compromises
APT42
2022-08-18MandiantDouglas Bienstock
You Can’t Audit Me: APT29 Continues Targeting Microsoft 365
2022-08-17MandiantMandiant Israel Research Team
Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors
NorthStar SUGARDUMP SUGARRUSH UNC3890
2022-08-04MandiantAlice Revelli, Ben Read, Emiel Haeghebaert, Luke Jenkins
ROADSWEEP Ransomware - Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations
ROADSWEEP
2022-08-04MandiantMandiant
Advanced Persistent Threats (APTs)
APT1 APT10 APT12 APT14 APT15 APT16 APT17 APT18 APT19 APT2 APT20 APT21 APT22 APT23 APT24 APT27 APT3 APT30 APT31 APT4 APT40 APT5 APT9 Naikon
2022-08-04MandiantDaniel Kapellmann Zafra, Ryan Serabian
Pro-PRC “HaiEnergy” Information Operations Campaign Leverages Infrastructure from Public Relations Firm to Disseminate Content on Inauthentic News Sites
2022-08-04MandiantAlice Revelli, Ben Read, Emiel Haeghebaert, Luke Jenkins
Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations
2022-07-26MandiantDaniel Kapellmann Zafra, Jay Christiansen, Keith Lunden, Ken Proska, Thibault van Geluwe de Berlaere
Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers
Clop Industroyer MimiKatz Triton
2022-07-20MandiantMandiant Threat Intelligence
Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities
Cobalt Strike GraphSteel GrimPlant MicroBackdoor
2022-06-29MandiantJared Wilson
Burrowing your way into VPNs, Proxies, and Tunnels
DarkSide SMOKEDHAM
2022-06-28MandiantMandiant Threat Intelligence
Pro-PRC DRAGONBRIDGE Influence Campaign Targets Rare Earths Mining Companies in Attempt to Thwart Rivalry to PRC Market Dominance
2022-06-02MandiantMandiant
TRENDING EVIL Q2 2022
CloudEyE Cobalt Strike CryptBot Emotet IsaacWiper QakBot
2022-06-02MandiantMandiant Intelligence
To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions
FAKEUPDATES Blister Cobalt Strike DoppelPaymer Dridex FriedEx Hades LockBit Macaw MimiKatz Phoenix Locker WastedLocker
2022-05-19MandiantAlden Wahlstrom, Alice Revelli, David Mainor, Ryan Serabian, Sam Riddell
The IO Offensive: Information Operations Surrounding the Russian Invasion of Ukraine
HermeticWiper PartyTicket
2022-05-05BrightTALK (Mandiant)Christopher Gardner
The Sample: Beating the Malware Piñata
Jaku
2022-05-04MandiantBrandan Schondorfer, Jennifer Brito, Nader Zaveri, Tyler McLellan
Old Services, New Tricks: Cloud Metadata Abuse by UNC2903
WSO
2022-05-02MandiantChris Gardner, Doug Bienstock, Josh Madeley, Melissa Derr, Tyler McLellan
UNC3524: Eye Spy on Your Email
QUIETEXIT UNC3524