Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-07-26MandiantDaniel Kapellmann Zafra, Jay Christiansen, Keith Lunden, Ken Proska, Thibault van Geluwe de Berlaere
Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers
Clop Industroyer MimiKatz Triton
2022-07-20MandiantMandiant Threat Intelligence
Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities
Cobalt Strike GraphSteel GrimPlant MicroBackdoor
2022-06-29MandiantJared Wilson
Burrowing your way into VPNs, Proxies, and Tunnels
DarkSide SMOKEDHAM
2022-06-28MandiantMandiant Threat Intelligence
Pro-PRC DRAGONBRIDGE Influence Campaign Targets Rare Earths Mining Companies in Attempt to Thwart Rivalry to PRC Market Dominance
2022-06-02MandiantMandiant
TRENDING EVIL Q2 2022
CloudEyE Cobalt Strike CryptBot Emotet IsaacWiper QakBot
2022-06-02MandiantMandiant Intelligence
To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions
FAKEUPDATES Blister Cobalt Strike DoppelPaymer Dridex FriedEx Hades LockBit Macaw MimiKatz Phoenix Locker WastedLocker
2022-05-19MandiantAlden Wahlstrom, Alice Revelli, David Mainor, Ryan Serabian, Sam Riddell
The IO Offensive: Information Operations Surrounding the Russian Invasion of Ukraine
HermeticWiper PartyTicket
2022-05-05BrightTALK (Mandiant)Christopher Gardner
The Sample: Beating the Malware Piñata
Jaku
2022-05-04MandiantBrandan Schondorfer, Jennifer Brito, Nader Zaveri, Tyler McLellan
Old Services, New Tricks: Cloud Metadata Abuse by UNC2903
WSO
2022-05-02MandiantChris Gardner, Doug Bienstock, Josh Madeley, Melissa Derr, Tyler McLellan
UNC3524: Eye Spy on Your Email
QUIETEXIT UNC3524
2022-04-29MandiantAnders Vejlby, John Wolfram, Nick Simonian, Sarah Hawley, Tyler McLellan
Trello From the Other Side: Tracking APT29 Phishing Campaigns
BEATDROP VaporRage
2022-04-28MandiantAnders Vejlby, John Wolfram, Nick Simonian, Sarah Hawley, Tyler McLellan
Trello From the Other Side: Tracking APT29 Phishing Campaigns
Cobalt Strike
2022-04-27MandiantMandiant
Assembling the Russian Nesting Doll: UNC2452 Merged into APT29
Cobalt Strike Raindrop SUNBURST TEARDROP
2022-04-25MandiantChris Sistrunk, Corey Hildebrandt, Daniel Kapellmann Zafra, Keith Lunden, Ken Proska, Nathan Brubaker, Raymond Leong
INDUSTROYER.V2: Old Malware Learns New Tricks
INDUSTROYER2
2022-04-22MandiantMandiant
FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7
POWERTRASH Carbanak DICELOADER STONEBOAT
2022-04-13MandiantCorey Hildebrandt, Daniel Kapellmann Zafra, Keith Lunden, Ken Proska, Muhammad Umair, Nathan Brubaker, Rob Caldwell
INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems
INCONTROLLER
2022-04-04MandiantBrendan McKeague, Bryce Abdo, Ioana Teaca, Zander Work
FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7
Griffon BABYMETAL Carbanak Cobalt Strike JSSLoader Termite
2022-03-28MandiantBrandon Wilbur, Dallin Warne, Geoff Ackerman, James Maclachlan, John Wolfram, Tufail Ahmed
Forged in Fire: A Survey of MobileIron Log4Shell Exploitation
KEYPLUG
2022-03-23MandiantDan Scott, Elias fox, Gary Freas, Jeffery Johnson, Michael Barnhart, Michelle Cantos
Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations
2022-03-18Recorded FutureInsikt Group®
Ghostwriter in the Shell: Expanding on Mandiant’s Attribution of UNC1151 to Belarus