cR0w@cR0w@infosec.exchange
Picus Security has a write-up on UNC3886. This one is definitely more ATT&CK and TTP focused than others I've read and is only based on their attacks against Linux endpoints.
https://www.picussecurity.com/resource/blog/unc3886-tactics-techniques-and-procedures-ttps-full-technical-breakdown
#threatIntel