Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-11-16MandiantAlden Wahlstrom, Alice Revelli, Ben Read, David Mainor, Gabriella Roncone, Mandiant Research Team, Sam Riddell
UNC1151 Assessed with High Confidence to have Links to Belarus, Ghostwriter Campaign Aligned with Belarusian Government Interests
Ghostwriter
2021-10-27MandiantCorey Hildebrandt, Daniel Kapellmann Zafra, Ken Proska, Nathan Brubaker
Portable Executable File Infecting Malware Is Increasingly Found in OT Networks
CCleaner Backdoor Floxif neshta Ramnit Sality Virut
2021-10-20MandiantJacob Thompson
Hidden in Plain Sight: Identifying Cryptography in BLACKMATTER Ransomware
BlackMatter
2021-10-12MandiantAlyssa Rahman
Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis
Cobalt Strike
2021-10-07MandiantMandiant Research Team
FIN12 Group Profile: FIN12 Priotizes Speed to Deploy Ransomware Aginst High-Value Targets
Cobalt Strike Empire Downloader TrickBot
2021-10-07MandiantAdam Brunner, Genevieve Stark, Jennifer Brooks, Jeremy Kennelly, Joshua Shilko, Kimberly Goody, Zach Riddle
FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets
BazarBackdoor GRIMAGENT Ryuk
2021-09-02MandiantMandiant
Advanced Persistent Threats (APTs)
APT9
2021-06-16MandiantJared Wilson, Jordan Nuce, Justin Moore, Mike Hunhoff, Nick Harbour, Robert Dean, Tyler McLellan
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
DarkSide Cobalt Strike DarkSide SMOKEDHAM UNC2465
2021-06-16MandiantJared Wilson, Jordan Nuce, Justin Moore, Mike Hunhoff, Nick Harbour, Robert Dean, Tyler McLellan
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
Cobalt Strike SMOKEDHAM
2021-05-11MandiantAlyssa Rahman, Andrew Moore, Brendan McKeague, Jared Wilson, Jeremy Kennelly, Jordan Nuce, Kimberly Goody, Matt Williams
Shining a Light on DARKSIDE Ransomware Operations
DarkSide DarkSide UNC2465
2021-04-20Github (fireeye)FireEye, Mandiant
FireEye Mandiant PulseSecure Exploitation Countermeasures
2021-03-01FireEyeFireEye, Mandiant
ACCELLION, INC. File Transfer Appliance (FTA) Security Assessment
DEWMODE
2021-02-25MandiantBrendan McKeague, Bryce Abdo, Van Ta
So Unchill: Melting UNC2198 ICEDID to Ransomware Operations
IcedID TA2101
2021-02-25BrightTALK (FireEye)Andrew Rector, Mandiant, Matt Bromiley
Light in the Dark: Hunting for SUNBURST
SUNBURST
2021-01-19Github (fireeye)FireEye
Mandiant Azure AD Investigator: Focusing on UNC2452 TTPs
SUNBURST
2021-01-19MandiantDouglas Bienstock, Matthew McWhirt, Mike Burns, Nick Bennett
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 (WHITE PAPER)
2021-01-01MandiantMandiant
M-TRENDS 2021
Cobalt Strike SUNBURST
2020-12-17FireEyeKelli Vanderlee
DebUNCing Attribution: How Mandiant Tracks Uncategorized Threat Actors
2020-10-29MandiantAndrew Moore, Genevieve Stark
FIN11: A Widespread Ransomware and Extortion Operation (Webinar)
FIN11
2020-07-30FireEyeJoseph Hladik, Josh Fleischer
Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates