Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-07-20MandiantMandiant Intelligence
@online{intelligence:20230720:killnet:d435c7f, author = {Mandiant Intelligence}, title = {{KillNet Showcases New Capabilities While Repeating Older Tactics}}, date = {2023-07-20}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/killnet-new-capabilities-older-tactics}, language = {English}, urldate = {2023-07-31} } KillNet Showcases New Capabilities While Repeating Older Tactics
2023-07-18MandiantMandiant Intelligence
@online{intelligence:20230718:stealth:789e8b1, author = {Mandiant Intelligence}, title = {{Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection}}, date = {2023-07-18}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/chinese-espionage-tactics}, language = {English}, urldate = {2023-07-19} } Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection
BPFDoor SALTWATER SEASPY SideWalk ZuoRAT Daxin HyperBro HyperSSL Waterbear
2023-03-09MandiantMandiant Intelligence
@online{intelligence:20230309:stealing:3112fc7, author = {Mandiant Intelligence}, title = {{Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970}}, date = {2023-03-09}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/lightshow-north-korea-unc2970}, language = {English}, urldate = {2023-03-13} } Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970
CLOUDBURST TOUCHMOVE TOUCHSHIFT
2023-03-09MandiantMandiant Intelligence
@online{intelligence:20230309:stealing:649068b, author = {Mandiant Intelligence}, title = {{Stealing the LIGHTSHOW (Part Two) — LIGHTSHIFT and LIGHTSHOW}}, date = {2023-03-09}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/lightshift-and-lightshow}, language = {English}, urldate = {2023-07-05} } Stealing the LIGHTSHOW (Part Two) — LIGHTSHIFT and LIGHTSHOW
FudModule
2022-12-13MandiantMandiant Intelligence
@online{intelligence:20221213:i:70ab22a, author = {Mandiant Intelligence}, title = {{I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware}}, date = {2022-12-13}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware}, language = {English}, urldate = {2022-12-24} } I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware
POORTRY
2022-09-23MandiantMandiant Intelligence
@online{intelligence:20220923:gru:511ea47, author = {Mandiant Intelligence}, title = {{GRU: Rise of the (Telegram) MinIOns}}, date = {2022-09-23}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/gru-rise-telegram-minions}, language = {English}, urldate = {2022-09-26} } GRU: Rise of the (Telegram) MinIOns
ArguePatch CaddyWiper
2022-09-07MandiantMandiant Intelligence
@online{intelligence:20220907:apt42:6fe2ee4, author = {Mandiant Intelligence}, title = {{APT42: Crooked Charms, Cons and Compromises}}, date = {2022-09-07}, organization = {Mandiant}, url = {https://www.mandiant.com/media/17826}, language = {English}, urldate = {2022-09-08} } APT42: Crooked Charms, Cons and Compromises
PINEFLOWER VINETHORN VBREVSHELL BROKEYOLK DOSTEALER GHAMBAR SILENTUPLOADER
2022-09-07MandiantMandiant Intelligence
@online{intelligence:20220907:apt42:51f534e, author = {Mandiant Intelligence}, title = {{APT42: Crooked Charms, Cons, and Compromises}}, date = {2022-09-07}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/blog/apt42-charms-cons-compromises}, language = {English}, urldate = {2022-09-08} } APT42: Crooked Charms, Cons, and Compromises
2022-06-02MandiantMandiant Intelligence
@online{intelligence:20220602:to:e15831c, author = {Mandiant Intelligence}, title = {{To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions}}, date = {2022-06-02}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/unc2165-shifts-to-evade-sanctions}, language = {English}, urldate = {2022-06-04} } To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions
FAKEUPDATES Blister Cobalt Strike DoppelPaymer Dridex FriedEx Hades LockBit Macaw MimiKatz Phoenix Locker WastedLocker