Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-12-15MandiantJohn Hultquist, Matthew McWhirt
Log4Shell Initial Exploitation and Mitigation Recommendations
2021-12-15MandiantAlessandro Parilli, James Maclachlan
No Unaccompanied Miners: Supply Chain Compromises Through Node.js Packages (UNC3379)
DanaBot
2021-12-14MandiantAdrien Bataille, Anders Vejlby, Jared Scott Wilson, Nader Zaveri
Azure Run Command for Dummies
2021-12-13MandiantAlyssa Rahman
Now You Serial, Now You Don’t — Systematically Hunting for Deserialization Exploits
2021-12-07MandiantJake Nicastro, Nick Richard, Rufus Brown, Van Ta
FIN13: A Cybercriminal Threat Actor Focused on Mexico
jspRAT win.rekoobe FIN13
2021-12-06MandiantAshraf Abdalhalim, Ben Read, Doug Bienstock, Gabriella Roncone, Jonathan Leathery, Josh Madeley, Juraj Sucik, Luis Rocha, Luke Jenkins, Manfred Erjak, Marius Fodoreanu, Microsoft Detection and Response Team (DART), Microsoft Threat Intelligence Center (MSTIC), Mitchell Clarke, Parnian Najafi, Sarah Hawley, Wojciech Ledzion
Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)
Cobalt Strike CryptBot
2021-11-29MandiantBrandan Schondorfer, Tyler McLellan
Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again
Cobalt Strike ROLLCOAST
2021-11-18MandiantChris Sistrunk, Daniel Kapellmann, Glen Chason, Ken Proska
Introducing Mandiant's Digital Forensics and Incident Response Framework for Embedded OT Systems
2021-11-17MandiantJoshua Goddard
ProxyNoShell: A Change in Tactics Exploiting ProxyShell Vulnerabilities
2021-11-16MandiantAlden Wahlstrom, Alice Revelli, Ben Read, David Mainor, Gabriella Roncone, Mandiant Research Team, Sam Riddell
UNC1151 Assessed with High Confidence to have Links to Belarus, Ghostwriter Campaign Aligned with Belarusian Government Interests
Ghostwriter
2021-10-27MandiantCorey Hildebrandt, Daniel Kapellmann Zafra, Ken Proska, Nathan Brubaker
Portable Executable File Infecting Malware Is Increasingly Found in OT Networks
CCleaner Backdoor Floxif neshta Ramnit Sality Virut
2021-10-20MandiantJacob Thompson
Hidden in Plain Sight: Identifying Cryptography in BLACKMATTER Ransomware
BlackMatter
2021-10-12MandiantAlyssa Rahman
Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis
Cobalt Strike
2021-10-07MandiantMandiant Research Team
FIN12 Group Profile: FIN12 Priotizes Speed to Deploy Ransomware Aginst High-Value Targets
Cobalt Strike Empire Downloader TrickBot
2021-10-07MandiantAdam Brunner, Genevieve Stark, Jennifer Brooks, Jeremy Kennelly, Joshua Shilko, Kimberly Goody, Zach Riddle
FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets
BazarBackdoor GRIMAGENT Ryuk
2021-09-02MandiantMandiant
Advanced Persistent Threats (APTs)
APT9
2021-06-16MandiantJared Wilson, Jordan Nuce, Justin Moore, Mike Hunhoff, Nick Harbour, Robert Dean, Tyler McLellan
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
DarkSide Cobalt Strike DarkSide SMOKEDHAM UNC2465
2021-06-16MandiantJared Wilson, Jordan Nuce, Justin Moore, Mike Hunhoff, Nick Harbour, Robert Dean, Tyler McLellan
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
Cobalt Strike SMOKEDHAM
2021-05-11MandiantAlyssa Rahman, Andrew Moore, Brendan McKeague, Jared Wilson, Jeremy Kennelly, Jordan Nuce, Kimberly Goody, Matt Williams
Shining a Light on DARKSIDE Ransomware Operations
DarkSide DarkSide UNC2465
2021-04-20Github (fireeye)FireEye, Mandiant
FireEye Mandiant PulseSecure Exploitation Countermeasures