Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-10-27MandiantCorey Hildebrandt, Daniel Kapellmann Zafra, Ken Proska, Nathan Brubaker
Portable Executable File Infecting Malware Is Increasingly Found in OT Networks
CCleaner Backdoor Floxif neshta Ramnit Sality Virut
2021-10-20MandiantJacob Thompson
Hidden in Plain Sight: Identifying Cryptography in BLACKMATTER Ransomware
BlackMatter
2021-10-12MandiantAlyssa Rahman
Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis
Cobalt Strike
2021-10-07MandiantMandiant Research Team
FIN12 Group Profile: FIN12 Priotizes Speed to Deploy Ransomware Aginst High-Value Targets
Cobalt Strike Empire Downloader TrickBot
2021-10-07MandiantAdam Brunner, Genevieve Stark, Jennifer Brooks, Jeremy Kennelly, Joshua Shilko, Kimberly Goody, Zach Riddle
FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets
BazarBackdoor GRIMAGENT Ryuk
2021-09-02MandiantMandiant
Advanced Persistent Threats (APTs)
APT9
2021-06-16MandiantJared Wilson, Jordan Nuce, Justin Moore, Mike Hunhoff, Nick Harbour, Robert Dean, Tyler McLellan
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
DarkSide Cobalt Strike DarkSide SMOKEDHAM UNC2465
2021-06-16MandiantJared Wilson, Jordan Nuce, Justin Moore, Mike Hunhoff, Nick Harbour, Robert Dean, Tyler McLellan
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
Cobalt Strike SMOKEDHAM
2021-05-11MandiantAlyssa Rahman, Andrew Moore, Brendan McKeague, Jared Wilson, Jeremy Kennelly, Jordan Nuce, Kimberly Goody, Matt Williams
Shining a Light on DARKSIDE Ransomware Operations
DarkSide DarkSide UNC2465
2021-04-20Github (fireeye)FireEye, Mandiant
FireEye Mandiant PulseSecure Exploitation Countermeasures
2021-03-01FireEyeFireEye, Mandiant
ACCELLION, INC. File Transfer Appliance (FTA) Security Assessment
DEWMODE
2021-02-25MandiantBrendan McKeague, Bryce Abdo, Van Ta
So Unchill: Melting UNC2198 ICEDID to Ransomware Operations
IcedID TA2101
2021-02-25BrightTALK (FireEye)Andrew Rector, Mandiant, Matt Bromiley
Light in the Dark: Hunting for SUNBURST
SUNBURST
2021-01-19Github (fireeye)FireEye
Mandiant Azure AD Investigator: Focusing on UNC2452 TTPs
SUNBURST
2021-01-19MandiantDouglas Bienstock, Matthew McWhirt, Mike Burns, Nick Bennett
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 (WHITE PAPER)
2021-01-01MandiantMandiant
M-TRENDS 2021
Cobalt Strike SUNBURST
2020-12-17FireEyeKelli Vanderlee
DebUNCing Attribution: How Mandiant Tracks Uncategorized Threat Actors
2020-10-29MandiantAndrew Moore, Genevieve Stark
FIN11: A Widespread Ransomware and Extortion Operation (Webinar)
FIN11
2020-07-30FireEyeJoseph Hladik, Josh Fleischer
Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates
2020-07-29MandiantMandiant
‘Ghostwriter’ Influence Campaign: Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned with Russian Security Interests