Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-02MandiantMandiant Intelligence
@online{intelligence:20220602:to:e15831c, author = {Mandiant Intelligence}, title = {{To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions}}, date = {2022-06-02}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc2165-shifts-to-evade-sanctions}, language = {English}, urldate = {2022-06-04} } To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions
FAKEUPDATES Blister Cobalt Strike DoppelPaymer Dridex FriedEx Hades LockBit Macaw MimiKatz Phoenix Locker WastedLocker
2022-06-02MandiantMandiant
@online{mandiant:20220602:trending:0bcdbc4, author = {Mandiant}, title = {{TRENDING EVIL Q2 2022}}, date = {2022-06-02}, organization = {Mandiant}, url = {https://experience.mandiant.com/trending-evil-2/p/1}, language = {English}, urldate = {2022-06-07} } TRENDING EVIL Q2 2022
CloudEyE Cobalt Strike CryptBot Emotet IsaacWiper QakBot
2022-05-19MandiantAlden Wahlstrom, Alice Revelli, Sam Riddell, David Mainor, Ryan Serabian
@online{wahlstrom:20220519:io:eacf6cd, author = {Alden Wahlstrom and Alice Revelli and Sam Riddell and David Mainor and Ryan Serabian}, title = {{The IO Offensive: Information Operations Surrounding the Russian Invasion of Ukraine}}, date = {2022-05-19}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/information-operations-surrounding-ukraine}, language = {English}, urldate = {2022-05-25} } The IO Offensive: Information Operations Surrounding the Russian Invasion of Ukraine
HermeticWiper PartyTicket
2022-05-05BrightTALK (Mandiant)Christopher Gardner
@online{gardner:20220505:sample:66178f9, author = {Christopher Gardner}, title = {{The Sample: Beating the Malware Piñata}}, date = {2022-05-05}, organization = {BrightTALK (Mandiant)}, url = {https://www.brighttalk.com/webcast/7451/538775}, language = {English}, urldate = {2022-06-09} } The Sample: Beating the Malware Piñata
Jaku
2022-05-04MandiantBrandan Schondorfer, Nader Zaveri, Tyler McLellan, Jennifer Brito
@online{schondorfer:20220504:old:47943c4, author = {Brandan Schondorfer and Nader Zaveri and Tyler McLellan and Jennifer Brito}, title = {{Old Services, New Tricks: Cloud Metadata Abuse by UNC2903}}, date = {2022-05-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/cloud-metadata-abuse-unc2903}, language = {English}, urldate = {2022-05-05} } Old Services, New Tricks: Cloud Metadata Abuse by UNC2903
WSO
2022-05-02MandiantDoug Bienstock, Melissa Derr, Josh Madeley, Tyler McLellan, Chris Gardner
@online{bienstock:20220502:unc3524:5948892, author = {Doug Bienstock and Melissa Derr and Josh Madeley and Tyler McLellan and Chris Gardner}, title = {{UNC3524: Eye Spy on Your Email}}, date = {2022-05-02}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc3524-eye-spy-email}, language = {English}, urldate = {2022-05-03} } UNC3524: Eye Spy on Your Email
QUIETEXIT UNC3524
2022-04-28MandiantJohn Wolfram, Sarah Hawley, Tyler McLellan, Nick Simonian, Anders Vejlby
@online{wolfram:20220428:trello:dab21ca, author = {John Wolfram and Sarah Hawley and Tyler McLellan and Nick Simonian and Anders Vejlby}, title = {{Trello From the Other Side: Tracking APT29 Phishing Campaigns}}, date = {2022-04-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns}, language = {English}, urldate = {2022-04-29} } Trello From the Other Side: Tracking APT29 Phishing Campaigns
Cobalt Strike
2022-04-27MandiantMandiant
@online{mandiant:20220427:assembling:a7068b9, author = {Mandiant}, title = {{Assembling the Russian Nesting Doll: UNC2452 Merged into APT29}}, date = {2022-04-27}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc2452-merged-into-apt29}, language = {English}, urldate = {2022-04-29} } Assembling the Russian Nesting Doll: UNC2452 Merged into APT29
Cobalt Strike Raindrop SUNBURST TEARDROP
2022-04-25MandiantDaniel Kapellmann Zafra, Raymond Leong, Chris Sistrunk, Ken Proska, Corey Hildebrandt, Keith Lunden, Nathan Brubaker
@online{zafra:20220425:industroyerv2:5548d98, author = {Daniel Kapellmann Zafra and Raymond Leong and Chris Sistrunk and Ken Proska and Corey Hildebrandt and Keith Lunden and Nathan Brubaker}, title = {{INDUSTROYER.V2: Old Malware Learns New Tricks}}, date = {2022-04-25}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/industroyer-v2-old-malware-new-tricks}, language = {English}, urldate = {2022-04-29} } INDUSTROYER.V2: Old Malware Learns New Tricks
INDUSTROYER2
2022-04-13MandiantNathan Brubaker, Keith Lunden, Ken Proska, Muhammad Umair, Daniel Kapellmann Zafra, Corey Hildebrandt, Rob Caldwell
@online{brubaker:20220413:incontroller:0f05d07, author = {Nathan Brubaker and Keith Lunden and Ken Proska and Muhammad Umair and Daniel Kapellmann Zafra and Corey Hildebrandt and Rob Caldwell}, title = {{INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems}}, date = {2022-04-13}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/incontroller-state-sponsored-ics-tool}, language = {English}, urldate = {2022-04-15} } INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems
2022-04-04MandiantBryce Abdo, Zander Work, Ioana Teaca, Brendan McKeague
@online{abdo:20220404:fin7:305d62b, author = {Bryce Abdo and Zander Work and Ioana Teaca and Brendan McKeague}, title = {{FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7}}, date = {2022-04-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/evolution-of-fin7}, language = {English}, urldate = {2022-06-27} } FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7
Griffon BABYMETAL Carbanak Cobalt Strike JSSLoader Termite
2022-03-28MandiantGeoff Ackerman, Tufail Ahmed, James Maclachlan, Dallin Warne, John Wolfram, Brandon Wilbur
@online{ackerman:20220328:forged:3105d8e, author = {Geoff Ackerman and Tufail Ahmed and James Maclachlan and Dallin Warne and John Wolfram and Brandon Wilbur}, title = {{Forged in Fire: A Survey of MobileIron Log4Shell Exploitation}}, date = {2022-03-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/mobileiron-log4shell-exploitation}, language = {English}, urldate = {2022-03-30} } Forged in Fire: A Survey of MobileIron Log4Shell Exploitation
KEYPLUG
2022-03-23MandiantMichael Barnhart, Michelle Cantos, Jeffery Johnson, Elias fox, Gary Freas, Dan Scott
@online{barnhart:20220323:not:ca8438c, author = {Michael Barnhart and Michelle Cantos and Jeffery Johnson and Elias fox and Gary Freas and Dan Scott}, title = {{Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations}}, date = {2022-03-23}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/mapping-dprk-groups-to-government}, language = {English}, urldate = {2022-03-25} } Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations
2022-03-18Recorded FutureInsikt Group®
@techreport{group:20220318:ghostwriter:907199b, author = {Insikt Group®}, title = {{Ghostwriter in the Shell: Expanding on Mandiant’s Attribution of UNC1151 to Belarus}}, date = {2022-03-18}, institution = {Recorded Future}, url = {https://go.recordedfuture.com/hubfs/reports/cta-2022-0318.pdf}, language = {English}, urldate = {2022-03-22} } Ghostwriter in the Shell: Expanding on Mandiant’s Attribution of UNC1151 to Belarus
2022-03-16MandiantMathew Potaczek, Takahiro Sugiyama, Logeswaran Nadarajan, Yu Nakamura, Joshua Homan, Martin Co, Sylvain Hirsch
@online{potaczek:20220316:have:42cad90, author = {Mathew Potaczek and Takahiro Sugiyama and Logeswaran Nadarajan and Yu Nakamura and Joshua Homan and Martin Co and Sylvain Hirsch}, title = {{Have Your Cake and Eat it Too? An Overview of UNC2891}}, date = {2022-03-16}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc2891-overview}, language = {English}, urldate = {2022-03-17} } Have Your Cake and Eat it Too? An Overview of UNC2891
SLAPSTICK STEELCORGI
2022-03-08MandiantRufus Brown, Van Ta, Douglas Bienstock, Geoff Ackerman, John Wolfram
@online{brown:20220308:does:94c6c3e, author = {Rufus Brown and Van Ta and Douglas Bienstock and Geoff Ackerman and John Wolfram}, title = {{Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments}}, date = {2022-03-08}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/apt41-us-state-governments}, language = {English}, urldate = {2022-03-10} } Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments
KEYPLUG Cobalt Strike LOWKEY
2022-03-04MandiantJames Sadowski, Ryan Hall
@online{sadowski:20220304:responses:0b94dae, author = {James Sadowski and Ryan Hall}, title = {{Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation}}, date = {2022-03-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/russia-invasion-ukraine-retaliation}, language = {English}, urldate = {2022-03-07} } Responses to Russia's Invasion of Ukraine Likely to Spur Retaliation
HermeticWiper PartyTicket WhisperGate
2022-02-26MandiantMandiant
@online{mandiant:20220226:trending:a445d4a, author = {Mandiant}, title = {{TRENDING EVIL Q1 2022}}, date = {2022-02-26}, organization = {Mandiant}, url = {https://experience.mandiant.com/trending-evil/p/1}, language = {English}, urldate = {2022-03-14} } TRENDING EVIL Q1 2022
KEYPLUG FAKEUPDATES GootLoader BazarBackdoor QakBot
2022-02-24MandiantRyan Tomcik, Emiel Haeghebaert, Tufail Ahmed
@online{tomcik:20220224:left:dfe77e0, author = {Ryan Tomcik and Emiel Haeghebaert and Tufail Ahmed}, title = {{Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity}}, date = {2022-02-24}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/telegram-malware-iranian-espionage}, language = {English}, urldate = {2022-03-01} } Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity
STARWHALE GRAMDOOR
2022-02-23MandiantTyler McLellan, Joshua Shilko, Shambavi Sadayappan
@online{mclellan:20220223:exchange:9b09c31, author = {Tyler McLellan and Joshua Shilko and Shambavi Sadayappan}, title = {{(Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware}}, date = {2022-02-23}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc2596-cuba-ransomware}, language = {English}, urldate = {2022-02-26} } (Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware
Cuba