Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-01-14MandiantMatthew McWhirt, Daniel Smith, Omar Toor, Bryan Turner
@online{mcwhirt:20220114:proactive:5ecb6a7, author = {Matthew McWhirt and Daniel Smith and Omar Toor and Bryan Turner}, title = {{Proactive Preparation and Hardening to Protect Against Destructive Attacks}}, date = {2022-01-14}, organization = {Mandiant}, url = {https://www.mandiant.com/media/14506/download}, language = {English}, urldate = {2022-01-18} } Proactive Preparation and Hardening to Protect Against Destructive Attacks
2021-12-15MandiantMatthew McWhirt, John Hultquist
@online{mcwhirt:20211215:log4shell:9216a09, author = {Matthew McWhirt and John Hultquist}, title = {{Log4Shell Initial Exploitation and Mitigation Recommendations}}, date = {2021-12-15}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/log4shell-recommendations}, language = {English}, urldate = {2021-12-31} } Log4Shell Initial Exploitation and Mitigation Recommendations
2021-12-15MandiantAlessandro Parilli, James Maclachlan
@online{parilli:20211215:no:b7a3405, author = {Alessandro Parilli and James Maclachlan}, title = {{No Unaccompanied Miners: Supply Chain Compromises Through Node.js Packages (UNC3379)}}, date = {2021-12-15}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/supply-chain-node-js}, language = {English}, urldate = {2021-12-31} } No Unaccompanied Miners: Supply Chain Compromises Through Node.js Packages (UNC3379)
DanaBot
2021-12-14MandiantAdrien Bataille, Anders Vejlby, Jared Scott Wilson, Nader Zaveri
@online{bataille:20211214:azure:bb96515, author = {Adrien Bataille and Anders Vejlby and Jared Scott Wilson and Nader Zaveri}, title = {{Azure Run Command for Dummies}}, date = {2021-12-14}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/azure-run-command-dummies}, language = {English}, urldate = {2022-01-03} } Azure Run Command for Dummies
2021-12-13MandiantAlyssa Rahman
@online{rahman:20211213:now:f5881cc, author = {Alyssa Rahman}, title = {{Now You Serial, Now You Don’t — Systematically Hunting for Deserialization Exploits}}, date = {2021-12-13}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/hunting-deserialization-exploits}, language = {English}, urldate = {2021-12-31} } Now You Serial, Now You Don’t — Systematically Hunting for Deserialization Exploits
2021-12-07MandiantVan Ta, Jake Nicastro, Rufus Brown, Nick Richard
@online{ta:20211207:fin13:e5e2255, author = {Van Ta and Jake Nicastro and Rufus Brown and Nick Richard}, title = {{FIN13: A Cybercriminal Threat Actor Focused on Mexico}}, date = {2021-12-07}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/fin13-cybercriminal-mexico}, language = {English}, urldate = {2021-12-08} } FIN13: A Cybercriminal Threat Actor Focused on Mexico
jspRAT win.rekoobe FIN13
2021-12-06MandiantLuke Jenkins, Sarah Hawley, Parnian Najafi, Doug Bienstock, Luis Rocha, Marius Fodoreanu, Mitchell Clarke, Manfred Erjak, Josh Madeley, Ashraf Abdalhalim, Juraj Sucik, Wojciech Ledzion, Gabriella Roncone, Jonathan Leathery, Ben Read, Microsoft Threat Intelligence Center (MSTIC), Microsoft Detection and Response Team (DART)
@online{jenkins:20211206:suspected:d9da4ec, author = {Luke Jenkins and Sarah Hawley and Parnian Najafi and Doug Bienstock and Luis Rocha and Marius Fodoreanu and Mitchell Clarke and Manfred Erjak and Josh Madeley and Ashraf Abdalhalim and Juraj Sucik and Wojciech Ledzion and Gabriella Roncone and Jonathan Leathery and Ben Read and Microsoft Threat Intelligence Center (MSTIC) and Microsoft Detection and Response Team (DART)}, title = {{Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)}}, date = {2021-12-06}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/russian-targeting-gov-business}, language = {English}, urldate = {2021-12-07} } Suspected Russian Activity Targeting Government and Business Entities Around the Globe (UNC2452)
Cobalt Strike CryptBot
2021-11-29MandiantTyler McLellan, Brandan Schondorfer
@online{mclellan:20211129:kittengif:efb8036, author = {Tyler McLellan and Brandan Schondorfer}, title = {{Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again}}, date = {2021-11-29}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/sabbath-ransomware-affiliate}, language = {English}, urldate = {2021-11-30} } Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again
Cobalt Strike
2021-11-18MandiantChris Sistrunk, Ken Proska, Glen Chason, Daniel Kapellmann
@online{sistrunk:20211118:introducing:5f08e41, author = {Chris Sistrunk and Ken Proska and Glen Chason and Daniel Kapellmann}, title = {{Introducing Mandiant's Digital Forensics and Incident Response Framework for Embedded OT Systems}}, date = {2021-11-18}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/mandiant-dfir-framework-ot}, language = {English}, urldate = {2021-11-19} } Introducing Mandiant's Digital Forensics and Incident Response Framework for Embedded OT Systems
2021-11-17MandiantJoshua Goddard
@online{goddard:20211117:proxynoshell:c2b592e, author = {Joshua Goddard}, title = {{ProxyNoShell: A Change in Tactics Exploiting ProxyShell Vulnerabilities}}, date = {2021-11-17}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/change-tactics-proxyshell-vulnerabilities}, language = {English}, urldate = {2021-11-19} } ProxyNoShell: A Change in Tactics Exploiting ProxyShell Vulnerabilities
2021-11-16MandiantGabriella Roncone, Alden Wahlstrom, Alice Revelli, David Mainor, Sam Riddell, Ben Read, Mandiant Research Team
@online{roncone:20211116:unc1151:a2da6dc, author = {Gabriella Roncone and Alden Wahlstrom and Alice Revelli and David Mainor and Sam Riddell and Ben Read and Mandiant Research Team}, title = {{UNC1151 Assessed with High Confidence to have Links to Belarus, Ghostwriter Campaign Aligned with Belarusian Government Interests}}, date = {2021-11-16}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc1151-linked-to-belarus-government}, language = {English}, urldate = {2021-11-17} } UNC1151 Assessed with High Confidence to have Links to Belarus, Ghostwriter Campaign Aligned with Belarusian Government Interests
2021-10-27MandiantKen Proska, Corey Hildebrandt, Daniel Kapellmann Zafra, Nathan Brubaker
@online{proska:20211027:portable:437b9c1, author = {Ken Proska and Corey Hildebrandt and Daniel Kapellmann Zafra and Nathan Brubaker}, title = {{Portable Executable File Infecting Malware Is Increasingly Found in OT Networks}}, date = {2021-10-27}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/pe-file-infecting-malware-ot}, language = {English}, urldate = {2021-11-08} } Portable Executable File Infecting Malware Is Increasingly Found in OT Networks
CCleaner Backdoor Floxif neshta Ramnit Sality Virut
2021-10-20MandiantJacob Thompson
@online{thompson:20211020:hidden:c64ea48, author = {Jacob Thompson}, title = {{Hidden in Plain Sight: Identifying Cryptography in BLACKMATTER Ransomware}}, date = {2021-10-20}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/cryptography-blackmatter-ransomware}, language = {English}, urldate = {2021-11-02} } Hidden in Plain Sight: Identifying Cryptography in BLACKMATTER Ransomware
BlackMatter
2021-10-12MandiantAlyssa Rahman
@online{rahman:20211012:defining:df3f43c, author = {Alyssa Rahman}, title = {{Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis}}, date = {2021-10-12}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/defining-cobalt-strike-components}, language = {English}, urldate = {2021-11-02} } Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis
Cobalt Strike
2021-10-07MandiantMandiant Research Team
@online{team:20211007:fin12:505a3a8, author = {Mandiant Research Team}, title = {{FIN12 Group Profile: FIN12 Priotizes Speed to Deploy Ransomware Aginst High-Value Targets}}, date = {2021-10-07}, organization = {Mandiant}, url = {https://www.mandiant.com/media/12596/download}, language = {English}, urldate = {2021-11-27} } FIN12 Group Profile: FIN12 Priotizes Speed to Deploy Ransomware Aginst High-Value Targets
Cobalt Strike Empire Downloader TrickBot
2021-10-07MandiantJoshua Shilko, Zach Riddle, Jennifer Brooks, Genevieve Stark, Adam Brunner, Kimberly Goody, Jeremy Kennelly
@online{shilko:20211007:fin12:43d89f5, author = {Joshua Shilko and Zach Riddle and Jennifer Brooks and Genevieve Stark and Adam Brunner and Kimberly Goody and Jeremy Kennelly}, title = {{FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets}}, date = {2021-10-07}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/fin12-ransomware-intrusion-actor-pursuing-healthcare-targets}, language = {English}, urldate = {2021-10-08} } FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets
BazarBackdoor GRIMAGENT Ryuk
2021-06-16MandiantTyler McLellan, Robert Dean, Justin Moore, Nick Harbour, Mike Hunhoff, Jared Wilson, Jordan Nuce
@online{mclellan:20210616:smoking:a03a78c, author = {Tyler McLellan and Robert Dean and Justin Moore and Nick Harbour and Mike Hunhoff and Jared Wilson and Jordan Nuce}, title = {{Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise}}, date = {2021-06-16}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/darkside-affiliate-supply-chain-software-compromise}, language = {English}, urldate = {2021-12-01} } Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
Cobalt Strike SMOKEDHAM
2021-04-20Github (fireeye)FireEye, Mandiant
@online{fireeye:20210420:fireeye:287db5f, author = {FireEye and Mandiant}, title = {{FireEye Mandiant PulseSecure Exploitation Countermeasures}}, date = {2021-04-20}, organization = {Github (fireeye)}, url = {https://github.com/fireeye/pulsesecure_exploitation_countermeasures/}, language = {English}, urldate = {2021-04-20} } FireEye Mandiant PulseSecure Exploitation Countermeasures
2021-03-01FireEyeFireEye, Mandiant
@techreport{fireeye:20210301:accellion:46e70cd, author = {FireEye and Mandiant}, title = {{ACCELLION, INC. File Transfer Appliance (FTA) Security Assessment}}, date = {2021-03-01}, institution = {FireEye}, url = {https://www.accellion.com/sites/default/files/trust-center/accellion-fta-attack-mandiant-report-full.pdf}, language = {English}, urldate = {2021-03-11} } ACCELLION, INC. File Transfer Appliance (FTA) Security Assessment
DEWMODE
2021-02-25BrightTALK (FireEye)Andrew Rector, Matt Bromiley, Mandiant
@online{rector:20210225:light:005aa58, author = {Andrew Rector and Matt Bromiley and Mandiant}, title = {{Light in the Dark: Hunting for SUNBURST}}, date = {2021-02-25}, organization = {BrightTALK (FireEye)}, url = {https://www.brighttalk.com/webcast/7451/469525}, language = {English}, urldate = {2021-02-20} } Light in the Dark: Hunting for SUNBURST
SUNBURST