Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-09MandiantMandiant Intelligence
@online{intelligence:20230309:stealing:3112fc7, author = {Mandiant Intelligence}, title = {{Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970}}, date = {2023-03-09}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/lightshow-north-korea-unc2970}, language = {English}, urldate = {2023-03-13} } Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970
CLOUDBURST TOUCHMOVE TOUCHSHIFT
2023-03-09MandiantMandiant Intelligence
@online{intelligence:20230309:stealing:649068b, author = {Mandiant Intelligence}, title = {{Stealing the LIGHTSHOW (Part Two) — LIGHTSHIFT and LIGHTSHOW}}, date = {2023-03-09}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/lightshift-and-lightshow}, language = {English}, urldate = {2023-03-13} } Stealing the LIGHTSHOW (Part Two) — LIGHTSHIFT and LIGHTSHOW
2023-02-15GoogleGoogle Threat Analysis Group, Mandiant
@techreport{group:20230215:fog:0d99aaa, author = {Google Threat Analysis Group and Mandiant}, title = {{Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape}}, date = {2023-02-15}, institution = {Google}, url = {https://services.google.com/fh/files/blogs/google_fog_of_war_research_report.pdf}, language = {English}, urldate = {2023-03-13} } Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape
CaddyWiper Dharma HermeticWiper INDUSTROYER2 PartyTicket WhisperGate
2023-02-03MandiantKimberly Goody, Genevieve Stark
@online{goody:20230203:float:5150a2b, author = {Kimberly Goody and Genevieve Stark}, title = {{Float Like a Butterfly Sting Like a Bee}}, date = {2023-02-03}, organization = {Mandiant}, url = {https://www.youtube.com/watch?v=pIXl79IPkLI}, language = {English}, urldate = {2023-02-21} } Float Like a Butterfly Sting Like a Bee
BazarBackdoor BumbleBee Cobalt Strike
2023-01-26MandiantGovand Sinjari, Andy Morales
@online{sinjari:20230126:welcome:3e0ada1, author = {Govand Sinjari and Andy Morales}, title = {{Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations}}, date = {2023-01-26}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/tracking-evolution-gootloader-operations}, language = {English}, urldate = {2023-01-31} } Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations
GootLoader
2023-01-19MandiantScott Henderson, Cristiana Kittner, Sarah Hawley, Mark Lechtik
@online{henderson:20230119:suspected:39b0731, author = {Scott Henderson and Cristiana Kittner and Sarah Hawley and Mark Lechtik}, title = {{Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)}}, date = {2023-01-19}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw}, language = {English}, urldate = {2023-01-20} } Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)
BOLDMOVE BOLDMOVE
2023-01-05MandiantSarah Hawley, Gabby Roncone, Tyler McLellan, Eduardo Mattos, John Wolfram
@online{hawley:20230105:turla:f1d8f9b, author = {Sarah Hawley and Gabby Roncone and Tyler McLellan and Eduardo Mattos and John Wolfram}, title = {{Turla: A Galaxy of Opportunity}}, date = {2023-01-05}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/turla-galaxy-opportunity}, language = {English}, urldate = {2023-01-05} } Turla: A Galaxy of Opportunity
KopiLuwak Andromeda QUIETCANARY
2022-12-15MandiantMandiant
@online{mandiant:20221215:trojanized:07a1d55, author = {Mandiant}, title = {{Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government}}, date = {2022-12-15}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government}, language = {English}, urldate = {2022-12-20} } Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government
Cobalt Strike STOWAWAY
2022-12-13MandiantMandiant Intelligence
@online{intelligence:20221213:i:70ab22a, author = {Mandiant Intelligence}, title = {{I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware}}, date = {2022-12-13}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware}, language = {English}, urldate = {2022-12-24} } I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware
POORTRY
2022-11-29MandiantLuke Jenkins, Sarah Hawley, Parnian Najafi, Doug Bienstock
@online{jenkins:20221129:suspected:fe09dd8, author = {Luke Jenkins and Sarah Hawley and Parnian Najafi and Doug Bienstock}, title = {{Suspected Russian Activity Targeting Government and Business Entities Around the Globe}}, date = {2022-11-29}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/russian-targeting-gov-business}, language = {English}, urldate = {2023-02-21} } Suspected Russian Activity Targeting Government and Business Entities Around the Globe
CEELOADER
2022-11-28MandiantRyan Tomcik, John Wolfram, Tommy Dacanay, Geoff Ackerman
@online{tomcik:20221128:always:f073a0d, author = {Ryan Tomcik and John Wolfram and Tommy Dacanay and Geoff Ackerman}, title = {{Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia}}, date = {2022-11-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/china-nexus-espionage-southeast-asia}, language = {English}, urldate = {2022-12-02} } Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia
BLUEHAZE DARKDEW MISTCLOAK
2022-10-19MandiantSandor Nemes, Sulian Lebegue, Jesse Valdez
@online{nemes:20221019:from:e7513af, author = {Sandor Nemes and Sulian Lebegue and Jesse Valdez}, title = {{From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind}}, date = {2022-10-19}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/rm3-ldr4-ursnif-banking-fraud}, language = {English}, urldate = {2023-01-13} } From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind
LDR4
2022-09-29MandiantAlexander Marvi, Jeremy Koppen, Tufail Ahmed, Jonathan Lepore
@online{marvi:20220929:bad:4f02da8, author = {Alexander Marvi and Jeremy Koppen and Tufail Ahmed and Jonathan Lepore}, title = {{Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors}}, date = {2022-09-29}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence}, language = {English}, urldate = {2022-09-30} } Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors
2022-09-29MandiantAlexander Marvi, Greg Blaum
@online{marvi:20220929:bad:8fc7be3, author = {Alexander Marvi and Greg Blaum}, title = {{Bad VIB(E)s Part Two: Detection and Hardening within ESXi Hypervisors}}, date = {2022-09-29}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/esxi-hypervisors-detection-hardening}, language = {English}, urldate = {2022-09-30} } Bad VIB(E)s Part Two: Detection and Hardening within ESXi Hypervisors
2022-09-23MandiantMandiant Intelligence
@online{intelligence:20220923:gru:511ea47, author = {Mandiant Intelligence}, title = {{GRU: Rise of the (Telegram) MinIOns}}, date = {2022-09-23}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/gru-rise-telegram-minions}, language = {English}, urldate = {2022-09-26} } GRU: Rise of the (Telegram) MinIOns
ArguePatch CaddyWiper
2022-09-14Mandiantmacla, Mathew Potaczek, Nino Isakovic, Matt Williams, Yash Gupta
@online{macla:20220914:its:1d63d78, author = {macla and Mathew Potaczek and Nino Isakovic and Matt Williams and Yash Gupta}, title = {{It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp}}, date = {2022-09-14}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/dprk-whatsapp-phishing}, language = {English}, urldate = {2022-09-19} } It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp
BLINDINGCAN
2022-09-08MandiantCameron Sabel, Kelli Vanderlee, Alice Revelli, Sam Riddell, Alden Wahlstrom, Jon Ford, Luke McNamara
@online{sabel:20220908:what:3293d01, author = {Cameron Sabel and Kelli Vanderlee and Alice Revelli and Sam Riddell and Alden Wahlstrom and Jon Ford and Luke McNamara}, title = {{What to Expect When You’re Electing: Preparing for Cyber Threats to the 2022 U.S. Midterm Elections}}, date = {2022-09-08}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/2022-midterm-election-threats}, language = {English}, urldate = {2022-09-19} } What to Expect When You’re Electing: Preparing for Cyber Threats to the 2022 U.S. Midterm Elections
2022-09-07MandiantMandiant Intelligence
@online{intelligence:20220907:apt42:51f534e, author = {Mandiant Intelligence}, title = {{APT42: Crooked Charms, Cons, and Compromises}}, date = {2022-09-07}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/apt42-charms-cons-compromises}, language = {English}, urldate = {2022-09-08} } APT42: Crooked Charms, Cons, and Compromises
2022-09-07MandiantMandiant Intelligence
@online{intelligence:20220907:apt42:6fe2ee4, author = {Mandiant Intelligence}, title = {{APT42: Crooked Charms, Cons and Compromises}}, date = {2022-09-07}, organization = {Mandiant}, url = {https://www.mandiant.com/media/17826}, language = {English}, urldate = {2022-09-08} } APT42: Crooked Charms, Cons and Compromises
PINEFLOWER VINETHORN VBREVSHELL BROKEYOLK DOSTEALER GHAMBAR SILENTUPLOADER
2022-08-18MandiantDouglas Bienstock
@online{bienstock:20220818:you:f22ee5c, author = {Douglas Bienstock}, title = {{You Can’t Audit Me: APT29 Continues Targeting Microsoft 365}}, date = {2022-08-18}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/apt29-continues-targeting-microsoft}, language = {English}, urldate = {2022-08-18} } You Can’t Audit Me: APT29 Continues Targeting Microsoft 365