Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-29MandiantAlexander Marvi, Jeremy Koppen, Tufail Ahmed, Jonathan Lepore
@online{marvi:20220929:bad:4f02da8, author = {Alexander Marvi and Jeremy Koppen and Tufail Ahmed and Jonathan Lepore}, title = {{Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors}}, date = {2022-09-29}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence}, language = {English}, urldate = {2022-09-30} } Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors
2022-09-29MandiantAlexander Marvi, Greg Blaum
@online{marvi:20220929:bad:8fc7be3, author = {Alexander Marvi and Greg Blaum}, title = {{Bad VIB(E)s Part Two: Detection and Hardening within ESXi Hypervisors}}, date = {2022-09-29}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/esxi-hypervisors-detection-hardening}, language = {English}, urldate = {2022-09-30} } Bad VIB(E)s Part Two: Detection and Hardening within ESXi Hypervisors
2022-09-23MandiantMandiant Intelligence
@online{intelligence:20220923:gru:511ea47, author = {Mandiant Intelligence}, title = {{GRU: Rise of the (Telegram) MinIOns}}, date = {2022-09-23}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/gru-rise-telegram-minions}, language = {English}, urldate = {2022-09-26} } GRU: Rise of the (Telegram) MinIOns
ArguePatch CaddyWiper
2022-09-14Mandiantmacla, Mathew Potaczek, Nino Isakovic, Matt Williams, Yash Gupta
@online{macla:20220914:its:1d63d78, author = {macla and Mathew Potaczek and Nino Isakovic and Matt Williams and Yash Gupta}, title = {{It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp}}, date = {2022-09-14}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/dprk-whatsapp-phishing}, language = {English}, urldate = {2022-09-19} } It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp
BLINDINGCAN
2022-09-08MandiantCameron Sabel, Kelli Vanderlee, Alice Revelli, Sam Riddell, Alden Wahlstrom, Jon Ford, Luke McNamara
@online{sabel:20220908:what:3293d01, author = {Cameron Sabel and Kelli Vanderlee and Alice Revelli and Sam Riddell and Alden Wahlstrom and Jon Ford and Luke McNamara}, title = {{What to Expect When You’re Electing: Preparing for Cyber Threats to the 2022 U.S. Midterm Elections}}, date = {2022-09-08}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/2022-midterm-election-threats}, language = {English}, urldate = {2022-09-19} } What to Expect When You’re Electing: Preparing for Cyber Threats to the 2022 U.S. Midterm Elections
2022-09-07MandiantMandiant Intelligence
@online{intelligence:20220907:apt42:51f534e, author = {Mandiant Intelligence}, title = {{APT42: Crooked Charms, Cons, and Compromises}}, date = {2022-09-07}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/apt42-charms-cons-compromises}, language = {English}, urldate = {2022-09-08} } APT42: Crooked Charms, Cons, and Compromises
2022-09-07MandiantMandiant Intelligence
@online{intelligence:20220907:apt42:6fe2ee4, author = {Mandiant Intelligence}, title = {{APT42: Crooked Charms, Cons and Compromises}}, date = {2022-09-07}, organization = {Mandiant}, url = {https://www.mandiant.com/media/17826}, language = {English}, urldate = {2022-09-08} } APT42: Crooked Charms, Cons and Compromises
2022-08-18MandiantDouglas Bienstock
@online{bienstock:20220818:you:f22ee5c, author = {Douglas Bienstock}, title = {{You Can’t Audit Me: APT29 Continues Targeting Microsoft 365}}, date = {2022-08-18}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/apt29-continues-targeting-microsoft}, language = {English}, urldate = {2022-08-18} } You Can’t Audit Me: APT29 Continues Targeting Microsoft 365
2022-08-17MandiantMandiant Israel Research Team
@online{team:20220817:suspected:ec23d9b, author = {Mandiant Israel Research Team}, title = {{Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors}}, date = {2022-08-17}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/suspected-iranian-actor-targeting-israeli-shipping}, language = {English}, urldate = {2022-08-19} } Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors
NorthStar SUGARDUMP SUGARRUSH
2022-08-04MandiantRyan Serabian, Daniel Kapellmann Zafra
@online{serabian:20220804:proprc:2b0de36, author = {Ryan Serabian and Daniel Kapellmann Zafra}, title = {{Pro-PRC “HaiEnergy” Information Operations Campaign Leverages Infrastructure from Public Relations Firm to Disseminate Content on Inauthentic News Sites}}, date = {2022-08-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/pro-prc-information-operations-campaign-haienergy}, language = {English}, urldate = {2022-08-11} } Pro-PRC “HaiEnergy” Information Operations Campaign Leverages Infrastructure from Public Relations Firm to Disseminate Content on Inauthentic News Sites
2022-08-04MandiantLuke Jenkins, Emiel Haeghebaert, Alice Revelli, Ben Read
@online{jenkins:20220804:likely:37b622e, author = {Luke Jenkins and Emiel Haeghebaert and Alice Revelli and Ben Read}, title = {{Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations}}, date = {2022-08-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/likely-iranian-threat-actor-conducts-politically-motivated-disruptive-activity-against}, language = {English}, urldate = {2022-08-08} } Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations
2022-08-04MandiantMandiant
@online{mandiant:20220804:advanced:afb8956, author = {Mandiant}, title = {{Advanced Persistent Threats (APTs)}}, date = {2022-08-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/insights/apt-groups}, language = {English}, urldate = {2022-08-30} } Advanced Persistent Threats (APTs)
APT1 APT10 APT12 APT14 APT15 APT16 APT17 APT18 APT19 APT2 APT20 APT21 APT22 APT23 APT24 APT27 APT3 APT30 APT31 APT4 APT40 APT5 APT9
2022-07-26MandiantThibault van Geluwe de Berlaere, Jay Christiansen, Daniel Kapellmann Zafra, Ken Proska, Keith Lunden
@online{berlaere:20220726:mandiant:c1c4498, author = {Thibault van Geluwe de Berlaere and Jay Christiansen and Daniel Kapellmann Zafra and Ken Proska and Keith Lunden}, title = {{Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers}}, date = {2022-07-26}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/mandiant-red-team-emulates-fin11-tactics}, language = {English}, urldate = {2022-08-09} } Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers
MimiKatz
2022-07-20MandiantMandiant Threat Intelligence
@online{intelligence:20220720:evacuation:edd478e, author = {Mandiant Threat Intelligence}, title = {{Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities}}, date = {2022-07-20}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/spear-phish-ukrainian-entities}, language = {English}, urldate = {2022-07-25} } Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities
Cobalt Strike GraphSteel GrimPlant MicroBackdoor
2022-06-29MandiantJared Wilson
@online{wilson:20220629:burrowing:d5ca9f1, author = {Jared Wilson}, title = {{Burrowing your way into VPNs, Proxies, and Tunnels}}, date = {2022-06-29}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/burrowing-your-way-into-vpns}, language = {English}, urldate = {2022-07-05} } Burrowing your way into VPNs, Proxies, and Tunnels
DarkSide SMOKEDHAM
2022-06-28MandiantMandiant Threat Intelligence
@online{intelligence:20220628:proprc:a0e2412, author = {Mandiant Threat Intelligence}, title = {{Pro-PRC DRAGONBRIDGE Influence Campaign Targets Rare Earths Mining Companies in Attempt to Thwart Rivalry to PRC Market Dominance}}, date = {2022-06-28}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/dragonbridge-targets-rare-earths-mining-companies}, language = {English}, urldate = {2022-07-05} } Pro-PRC DRAGONBRIDGE Influence Campaign Targets Rare Earths Mining Companies in Attempt to Thwart Rivalry to PRC Market Dominance
2022-06-02MandiantMandiant Intelligence
@online{intelligence:20220602:to:e15831c, author = {Mandiant Intelligence}, title = {{To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions}}, date = {2022-06-02}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc2165-shifts-to-evade-sanctions}, language = {English}, urldate = {2022-06-04} } To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions
FAKEUPDATES Blister Cobalt Strike DoppelPaymer Dridex FriedEx Hades LockBit Macaw MimiKatz Phoenix Locker WastedLocker
2022-06-02MandiantMandiant
@online{mandiant:20220602:trending:0bcdbc4, author = {Mandiant}, title = {{TRENDING EVIL Q2 2022}}, date = {2022-06-02}, organization = {Mandiant}, url = {https://experience.mandiant.com/trending-evil-2/p/1}, language = {English}, urldate = {2022-06-07} } TRENDING EVIL Q2 2022
CloudEyE Cobalt Strike CryptBot Emotet IsaacWiper QakBot
2022-05-19MandiantAlden Wahlstrom, Alice Revelli, Sam Riddell, David Mainor, Ryan Serabian
@online{wahlstrom:20220519:io:eacf6cd, author = {Alden Wahlstrom and Alice Revelli and Sam Riddell and David Mainor and Ryan Serabian}, title = {{The IO Offensive: Information Operations Surrounding the Russian Invasion of Ukraine}}, date = {2022-05-19}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/information-operations-surrounding-ukraine}, language = {English}, urldate = {2022-05-25} } The IO Offensive: Information Operations Surrounding the Russian Invasion of Ukraine
HermeticWiper PartyTicket
2022-05-05BrightTALK (Mandiant)Christopher Gardner
@online{gardner:20220505:sample:66178f9, author = {Christopher Gardner}, title = {{The Sample: Beating the Malware Piñata}}, date = {2022-05-05}, organization = {BrightTALK (Mandiant)}, url = {https://www.brighttalk.com/webcast/7451/538775}, language = {English}, urldate = {2022-06-09} } The Sample: Beating the Malware Piñata
Jaku