Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-03-08MandiantRufus Brown, Van Ta, Douglas Bienstock, Geoff Ackerman, John Wolfram
@online{brown:20220308:does:94c6c3e, author = {Rufus Brown and Van Ta and Douglas Bienstock and Geoff Ackerman and John Wolfram}, title = {{Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments}}, date = {2022-03-08}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/apt41-us-state-governments}, language = {English}, urldate = {2022-03-10} } Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments
KEYPLUG Cobalt Strike LOWKEY
2021-12-07MandiantVan Ta, Jake Nicastro, Rufus Brown, Nick Richard
@online{ta:20211207:fin13:e5e2255, author = {Van Ta and Jake Nicastro and Rufus Brown and Nick Richard}, title = {{FIN13: A Cybercriminal Threat Actor Focused on Mexico}}, date = {2021-12-07}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/fin13-cybercriminal-mexico}, language = {English}, urldate = {2021-12-08} } FIN13: A Cybercriminal Threat Actor Focused on Mexico
jspRAT win.rekoobe FIN13
2021-02-25FireEyeBryce Abdo, Brendan McKeague, Van Ta
@online{abdo:20210225:so:88f3400, author = {Bryce Abdo and Brendan McKeague and Van Ta}, title = {{So Unchill: Melting UNC2198 ICEDID to Ransomware Operations}}, date = {2021-02-25}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html}, language = {English}, urldate = {2021-03-02} } So Unchill: Melting UNC2198 ICEDID to Ransomware Operations
MOUSEISLAND Cobalt Strike Egregor IcedID Maze SystemBC
2021-02-22FireEyeAndrew Moore, Genevieve Stark, Isif Ibrahima, Van Ta, Kimberly Goody
@online{moore:20210222:cyber:a641e26, author = {Andrew Moore and Genevieve Stark and Isif Ibrahima and Van Ta and Kimberly Goody}, title = {{Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion}}, date = {2021-02-22}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html}, language = {English}, urldate = {2021-02-25} } Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion
DEWMODE Clop
2020-10-28Youtube (SANS Institute)Katie Nickels, Van Ta, Aaron Stephens
@online{nickels:20201028:spooky:3bf0a0a, author = {Katie Nickels and Van Ta and Aaron Stephens}, title = {{Spooky RYUKy: The Return of UNC1878 | SANS STAR Webcast}}, date = {2020-10-28}, organization = {Youtube (SANS Institute)}, url = {https://www.youtube.com/watch?v=CgDtm05qApE}, language = {English}, urldate = {2020-11-04} } Spooky RYUKy: The Return of UNC1878 | SANS STAR Webcast
Ryuk UNC1878
2020-10-28Youtube (SANS Digital Forensics and Incident Response)Van Ta, Aaron Stephens, Katie Nickels
@online{ta:20201028:star:16965fb, author = {Van Ta and Aaron Stephens and Katie Nickels}, title = {{STAR Webcast: Spooky RYUKy: The Return of UNC1878}}, date = {2020-10-28}, organization = {Youtube (SANS Digital Forensics and Incident Response)}, url = {https://www.youtube.com/watch?v=BhjQ6zsCVSc}, language = {English}, urldate = {2020-11-02} } STAR Webcast: Spooky RYUKy: The Return of UNC1878
Ryuk
2020-03-31FireEyeVan Ta, Aaron Stephens
@online{ta:20200331:its:632dfca, author = {Van Ta and Aaron Stephens}, title = {{It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit}}, date = {2020-03-31}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/03/the-cycle-of-adversary-pursuit.html}, language = {English}, urldate = {2020-04-06} } It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit
Ryuk TrickBot UNC1878
2019-04-05FireEyeBrendan McKeague, Van Ta, Ben Fedore, Geoff Ackerman, Alex Pennino, Andrew Thompson, Douglas Bienstock
@online{mckeague:20190405:picksix:d101a59, author = {Brendan McKeague and Van Ta and Ben Fedore and Geoff Ackerman and Alex Pennino and Andrew Thompson and Douglas Bienstock}, title = {{Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware}}, date = {2019-04-05}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html}, language = {English}, urldate = {2019-12-20} } Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware
LockerGoga Ryuk FIN6