Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-06-02MandiantNader Zaveri, Jeremy Kennelly, Genevieve Stark, Matthew McWhirt, DAN NUTTING, Kimberly Goody, Justin Moore, JOE PISANO, Zander Work, PETER UKHANOV, Juraj Sucik, WILL SILVERSTONE, ZACH SCHRAMM, Greg Blaum, OLLIE STYLES, NICHOLAS BENNETT, Josh Murchie
@online{zaveri:20230602:zeroday:a5ec238, author = {Nader Zaveri and Jeremy Kennelly and Genevieve Stark and Matthew McWhirt and DAN NUTTING and Kimberly Goody and Justin Moore and JOE PISANO and Zander Work and PETER UKHANOV and Juraj Sucik and WILL SILVERSTONE and ZACH SCHRAMM and Greg Blaum and OLLIE STYLES and NICHOLAS BENNETT and Josh Murchie}, title = {{Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft}}, date = {2023-06-02}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft}, language = {English}, urldate = {2023-07-31} } Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft
2023-02-03MandiantKimberly Goody, Genevieve Stark
@online{goody:20230203:float:5150a2b, author = {Kimberly Goody and Genevieve Stark}, title = {{Float Like a Butterfly Sting Like a Bee}}, date = {2023-02-03}, organization = {Mandiant}, url = {https://www.youtube.com/watch?v=pIXl79IPkLI}, language = {English}, urldate = {2023-02-21} } Float Like a Butterfly Sting Like a Bee
BazarBackdoor BumbleBee Cobalt Strike
2021-10-07MandiantJoshua Shilko, Zach Riddle, Jennifer Brooks, Genevieve Stark, Adam Brunner, Kimberly Goody, Jeremy Kennelly
@online{shilko:20211007:fin12:43d89f5, author = {Joshua Shilko and Zach Riddle and Jennifer Brooks and Genevieve Stark and Adam Brunner and Kimberly Goody and Jeremy Kennelly}, title = {{FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets}}, date = {2021-10-07}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/fin12-ransomware-intrusion-actor-pursuing-healthcare-targets}, language = {English}, urldate = {2021-10-08} } FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets
BazarBackdoor GRIMAGENT Ryuk
2021-05-11FireEyeJordan Nuce, Jeremy Kennelly, Kimberly Goody, Andrew Moore, Alyssa Rahman, Brendan McKeague, Jared Wilson
@online{nuce:20210511:shining:339d137, author = {Jordan Nuce and Jeremy Kennelly and Kimberly Goody and Andrew Moore and Alyssa Rahman and Brendan McKeague and Jared Wilson}, title = {{Shining a Light on DARKSIDE Ransomware Operations}}, date = {2021-05-11}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html}, language = {English}, urldate = {2021-05-13} } Shining a Light on DARKSIDE Ransomware Operations
Cobalt Strike DarkSide
2021-02-22FireEyeAndrew Moore, Genevieve Stark, Isif Ibrahima, Van Ta, Kimberly Goody
@online{moore:20210222:cyber:a641e26, author = {Andrew Moore and Genevieve Stark and Isif Ibrahima and Van Ta and Kimberly Goody}, title = {{Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion}}, date = {2021-02-22}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html}, language = {English}, urldate = {2021-02-25} } Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion
DEWMODE Clop
2020-12-21IronNetAdam Hlavek, Kimberly Ortiz
@online{hlavek:20201221:russian:804662f, author = {Adam Hlavek and Kimberly Ortiz}, title = {{Russian cyber attack campaigns and actors}}, date = {2020-12-21}, organization = {IronNet}, url = {https://www.ironnet.com/blog/russian-cyber-attack-campaigns-and-actors}, language = {English}, urldate = {2021-01-05} } Russian cyber attack campaigns and actors
WellMail elf.wellmess Agent.BTZ BlackEnergy EternalPetya Havex RAT Industroyer Ryuk Triton WellMess
2020-10-28FireEyeKimberly Goody, Jeremy Kennelly, Joshua Shilko, Steve Elovitz, Douglas Bienstock
@online{goody:20201028:unhappy:c0d2e4b, author = {Kimberly Goody and Jeremy Kennelly and Joshua Shilko and Steve Elovitz and Douglas Bienstock}, title = {{Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser}}, date = {2020-10-28}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html}, language = {English}, urldate = {2020-11-02} } Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser
BazarBackdoor Cobalt Strike Ryuk UNC1878
2020-10-14FireEyeGenevieve Stark, Andrew Moore, Vincent Cannon, Jacqueline O’Leary, Nalani Fraser, Kimberly Goody
@online{stark:20201014:fin11:0473613, author = {Genevieve Stark and Andrew Moore and Vincent Cannon and Jacqueline O’Leary and Nalani Fraser and Kimberly Goody}, title = {{FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft}}, date = {2020-10-14}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/10/fin11-email-campaigns-precursor-for-ransomware-data-theft.html}, language = {English}, urldate = {2020-11-04} } FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft
FIN11
2020-05-21BrightTALK (FireEye)Kimberly Goody, Jeremy Kennelly
@online{goody:20200521:navigating:a2eae5f, author = {Kimberly Goody and Jeremy Kennelly}, title = {{Navigating MAZE: Analysis of a Rising Ransomware Threat}}, date = {2020-05-21}, organization = {BrightTALK (FireEye)}, url = {https://www.brighttalk.com/webcast/7451/408167/navigating-maze-analysis-of-a-rising-ransomware-threat}, language = {English}, urldate = {2020-06-05} } Navigating MAZE: Analysis of a Rising Ransomware Threat
Maze
2020-05-07FireEye IncKimberly Goody, Jeremy Kennelly, Joshua Shilko
@online{goody:20200507:navigating:7147cb7, author = {Kimberly Goody and Jeremy Kennelly and Joshua Shilko}, title = {{Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents}}, date = {2020-05-07}, organization = {FireEye Inc}, url = {https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html}, language = {English}, urldate = {2020-05-11} } Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents
Maze
2019-10-10Twitter (@StopMalvertisin)Kimberly
@online{kimberly:20191010:malware:032ed3c, author = {Kimberly}, title = {{Tweet on Malware Sample}}, date = {2019-10-10}, organization = {Twitter (@StopMalvertisin)}, url = {https://twitter.com/StopMalvertisin/status/1182505434231398401}, language = {English}, urldate = {2020-01-10} } Tweet on Malware Sample
Buer
2019-10-10FireEyeNick Carr, Josh Yoder, Kimberly Goody, Scott Runnels, Jeremy Kennelly, Jordan Nuce
@online{carr:20191010:mahalo:917c5b2, author = {Nick Carr and Josh Yoder and Kimberly Goody and Scott Runnels and Jeremy Kennelly and Jordan Nuce}, title = {{Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques}}, date = {2019-10-10}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2019/10/mahalo-fin7-responding-to-new-tools-and-techniques.html}, language = {English}, urldate = {2019-11-18} } Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques
BOOSTWRITE
2019-01-11FireEyeKimberly Goody, Jeremy Kennelly, Jaideep Natu, Christopher Glyer
@online{goody:20190111:nasty:3c872d4, author = {Kimberly Goody and Jeremy Kennelly and Jaideep Natu and Christopher Glyer}, title = {{A Nasty Trick: From Credential Theft Malware to Business Disruption}}, date = {2019-01-11}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2019/01/a-nasty-trick-from-credential-theft-malware-to-business-disruption.html}, language = {English}, urldate = {2019-12-20} } A Nasty Trick: From Credential Theft Malware to Business Disruption
Ryuk TrickBot GRIM SPIDER WIZARD SPIDER
2018-08-01FireEyeNick Carr, Kimberly Goody, Steve Miller, Barry Vengerik
@online{carr:20180801:hunt:0fe0e15, author = {Nick Carr and Kimberly Goody and Steve Miller and Barry Vengerik}, title = {{On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation}}, date = {2018-08-01}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html}, language = {English}, urldate = {2019-12-20} } On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operation
BELLHOP POWERPIPE BABYMETAL SocksBot FIN7
2014-08-31StopMalvertisingKimberly
@online{kimberly:20140831:introduction:eb2cc6b, author = {Kimberly}, title = {{Introduction to the ZeroLocker ransomware}}, date = {2014-08-31}, organization = {StopMalvertising}, url = {http://stopmalvertising.com/malware-reports/introduction-to-the-zerolocker-ransomware.html}, language = {English}, urldate = {2020-01-13} } Introduction to the ZeroLocker ransomware
ZeroLocker
2014-07-16StopMalvertisingKimberly
@online{kimberly:20140716:mini:58ac768, author = {Kimberly}, title = {{Mini Analysis of the TinyBanker Tinba}}, date = {2014-07-16}, organization = {StopMalvertising}, url = {http://stopmalvertising.com/malware-reports/mini-analysis-of-the-tinybanker-tinba.html}, language = {English}, urldate = {2020-01-08} } Mini Analysis of the TinyBanker Tinba
Tinba
2014-04-27StopMalvertisingKimberly
@online{kimberly:20140427:analysis:a034e60, author = {Kimberly}, title = {{Analysis of the Predator Pain Keylogger}}, date = {2014-04-27}, organization = {StopMalvertising}, url = {http://stopmalvertising.com/malware-reports/analysis-of-the-predator-pain-keylogger.html}, language = {English}, urldate = {2019-11-24} } Analysis of the Predator Pain Keylogger
HawkEye Keylogger
2012-04-20StopMalvertisingKimberly
@online{kimberly:20120420:analysis:6fe646f, author = {Kimberly}, title = {{Analysis of DarkMegi aka NpcDark}}, date = {2012-04-20}, organization = {StopMalvertising}, url = {http://stopmalvertising.com/rootkits/analysis-of-darkmegi-aka-npcdark.html}, language = {English}, urldate = {2020-01-09} } Analysis of DarkMegi aka NpcDark
DarkMegi
2011-08-04Stop Malvertising RootkitsKimberly
@online{kimberly:20110804:analysis:fcb91de, author = {Kimberly}, title = {{Analysis of ngrBot}}, date = {2011-08-04}, organization = {Stop Malvertising Rootkits}, url = {http://stopmalvertising.com/rootkits/analysis-of-ngrbot.html}, language = {English}, urldate = {2019-12-04} } Analysis of ngrBot
NgrBot