Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2025-11-10MandiantBill Glynn, Kevin O'Flynn, Praveeth DSouza, Stallone D'Souza, Yash Gupta
No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480
UNC6485
2025-10-16MandiantBlas Kojusner, Joseph Dobson, Robert Wallace
DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains
JADESNOW UNC5342
2025-07-23MandiantMandiant Incident Response
From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944
2025-07-16MandiantDimiter Andonov, Josh Goddard, Zander Work
Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor
UNC6148
2025-06-05MandiantMandiant
Hello, Operator? A Technical Analysis of Vishing Threats
UNC6040
2025-05-27MandiantDiana Ion, Rommel Joven, Yash Gupta
Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites
UNC6032
2025-05-06MandiantMandiant
Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
BlackCat DragonForce RansomHub
2025-05-06MandiantMandiant
Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
BlackCat DragonForce RansomHub
2025-04-24MandiantMandiant
M-Trends 2025 Report
Akira Black Basta LockBit SystemBC GootLoader LockBit WIREFIRE Akira Black Basta Cobalt Strike LockBit RansomHub SystemBC Pink Sandstorm
2025-04-03MandiantJacob Thompson, John Wolfram, Josh Murchie, Matt Lin, Michael Edie
Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)
SPAWNSNARE
2025-03-12MandiantFrank Tse, Jakub Jozwiak, Logeswaran Nadarajan, Lukasz Lamparski, Mathew Potaczek, Mustafa Nasser, Nick Harbour, Punsaen Boonyakarn, Shawn Chew
Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers
tsh
2024-10-24MandiantFoti Castelan, Gabby Roncone, Jared Wilson, JP Glab, Max Thauer, Tufail Ahmed
Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)
UNC5820
2024-10-24MandiantFoti Castelan, Gabby Roncone, Jared Wilson, JP Glab, Mandiant, Max Thauer, Tufail Ahmed
Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)
2024-09-19MandiantMark Lechtik, Matan Mimran, Sarah Bock, Stav Shulman
UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks
OATBOAT
2024-09-19MandiantMark Lechtik, Matan Mimran, Sarah Bock, Stav Shulman
UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks
CRYPTOSLAY PipeSnoop TEMPLEDOOR UNC1860
2024-09-17MandiantMandiant
An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader
BURNBOOK MISTPEN
2024-08-22MandiantAaron Lee, Praveeth DSouza
PEAKLIGHT: Decoding the Stealthy Memory-Only Malware
CryptBot Emmenhtal HijackLoader Lumma Stealer
2024-07-29MandiantAshley Pearson, Jake Nicastro, Joseph Pisano, Josh Murchie, Joshua Shilko, Raymond Leong
UNC4393 Goes Gently into the SILENTNIGHT
Black Basta QakBot sRDI SystemBC Zloader UNC3973 UNC4393
2024-07-18MandiantMike Stokkel
APT41 Has Arisen From the DUST
DUSTTRAP PINEGROVE
2024-07-18MandiantJared Wilson, Jonathan Lepore, Luis Rocha, Mike Stokkel, Pierre Gerlings, RENATO FONTANA, Stephen Eckels
APT41 Has Arisen From the DUST
Cobalt Strike