Lucene search
+L
FireeyeMost viewed

545 matches found

FireEye
FireEye
added 2017/10/10 10:30 p.m.293 views

North Korean Actors Spear Phish U.S. Electric Companies

We can confirm that FireEye devices detected and stopped spear phishing emails sent on Sept. 22, 2017, to U.S. electric companies by known cyber threat actors likely affiliated with the North Korean government. This activity was early-stage reconnaissance, and not necessarily indicative of an...

7.3AI score
Exploits0
FireEye
FireEye
added 2015/12/20 7:45 p.m.289 views

The EPS Awakens - Part 2

On Wednesday, Dec. 16, 2015, FireEye published The EPS Awakens, detailing an exploit targeting a previously unknown Microsoft Encapsulated Postscript EPS dict copy use-after-free vulnerability that was silently patched by Microsoft on November 10, 2015. The blog described the technical details of...

7.2CVSS8.3AI score0.562EPSS
Exploits38
FireEye
FireEye
added 2016/05/03 8:30 a.m.280 views

Deobfuscating Python Bytecode

Introduction During an investigation, the FLARE team came across an interesting Python malware sample MD5: 61a9f80612d3f7566db5bdf37bbf22cf that is packaged using py2exe. Py2exe is a popular way to compile and package Python scripts into executables. When we encounter this type of malware we...

0.2AI score
Exploits0
FireEye
FireEye
added 2021/03/03 12:0 a.m.277 views

Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory

Continuing our discussion of image parsing vulnerabilities in Windows, we take a look at a comparatively less popular vulnerability class: uninitialized memory. In this post, we will look at Windows’ inbuilt image parsers—specifically for vulnerabilities involving the use of uninitialized memory...

4.3CVSS0.5AI score0.0642EPSS
Exploits1References4
FireEye
FireEye
added 2016/04/07 8:30 a.m.272 views

CVE-2016-1019: A New Flash Exploit Included in Magnitude Exploit Kit

On April 2, security researcher @Kafeine at Proofpoint discovered a change to the Magnitude Exploit Kit. Thanks to their collaboration, we analyzed the sample and discovered that Magnitude EK was exploiting a previously unknown vulnerability in Adobe Flash Player CVE-2016-1019. The in-the-wild...

10CVSS0.2AI score0.44537EPSS
Exploits1
FireEye
FireEye
added 2018/10/05 8:0 p.m.267 views

2018 Flare-On Challenge Solutions

We are pleased to announce the conclusion of the fifth annual Flare-On Challenge. The numbers are in and we can safely say that this was by far the most difficult challenge we’ve ever hosted. We plan to reduce the difficulty next year, so it may be that the 114 people who solved this year’s...

1AI score
Exploits0
FireEye
FireEye
added 2021/02/17 12:0 a.m.266 views

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part Two)

In this post, we continue our analysis of the SolarCity ConnectPort X2e Zigbee device referred to throughout as X2e device. In Part One, we discussed the X2e at a high level, performed initial network-based attacks, then discussed the hardware techniques used to gain a remote shell on the X2e...

7.2CVSS8.6AI score0.01165EPSS
Exploits2References8
FireEye
FireEye
added 2018/12/21 2:0 p.m.266 views

OVERRULED: Containing a Potentially Destructive Adversary

Introduction FireEye assesses APT33 may be behind a series of intrusions and attempted intrusions within the engineering industry. Public reporting indicates this activity may be related to recent destructive attacks. FireEye's Managed Defense has responded to and contained numerous intrusions th...

6.8CVSS0.4AI score0.84138EPSS
Exploits15
FireEye
FireEye
added 2020/10/28 12:0 a.m.258 views

Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser

Throughout 2020, ransomware activity has become increasingly prolific, relying on an ecosystem of distinct but co-enabling operations to gain access to targets of interest before conducting extortion. Mandiant Threat Intelligence has tracked several loader and backdoor campaigns that lead to the...

9.3CVSS1.6AI score0.99512EPSS
Exploits75References9
FireEye
FireEye
added 2016/07/14 8:37 p.m.258 views

Exploit Kits Quickly Adopt Exploit Thanks to Open Source Release

A security researcher recently published source code for a working exploit for CVE-2016-0189 and the Neutrino Exploit Kit EK quickly adopted it. CVE-2016-0189 was originally exploited as a zero-day vulnerability in targeted attacks in Asia. The vulnerability resides within scripting engines in...

10CVSS9.6AI score0.94996EPSS
Exploits55References3
FireEye
FireEye
added 2019/08/19 12:0 a.m.257 views

GAME OVER: Detecting and Stopping an APT41 Operation

In August 2019, FireEye released the “Double Dragon” report on our newest graduated threat group, APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services. APT41 is...

10CVSS0.4AI score0.99913EPSS
Exploits20References9
FireEye
FireEye
added 2021/02/22 12:0 a.m.253 views

Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion

Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance FTA to install a newly discovered web shell named DEWMODE. The motivation of UNC2546 was not immediately apparent, but starting...

10CVSS1AI score0.56411EPSS
Exploits0References10
FireEye
FireEye
added 2018/10/05 10:30 a.m.253 views

FLARE Script Series: Reverse Engineering WebAssembly Modules Using the idawasm IDA Pro Plugin

Introduction This post continues the FireEye Labs Advanced Reverse Engineering FLARE script series. Here, we introduce idawasm, an IDA Pro plugin that provides a loader and processor modules for WebAssembly modules. idawasm works on all operating systems supported by IDA Pro, and can be obtained...

0.3AI score
Exploits0
FireEye
FireEye
added 2016/05/13 8:0 p.m.241 views

CVE-2016-4117: Flash Zero-Day Exploited in the Wild

On May 8, 2016, FireEye detected an attack exploiting a previously unknown vulnerability in Adobe Flash Player CVE-2016-4117 and reported the issue to the Adobe Product Security Incident Response Team PSIRT. Adobe released a patch for the vulnerability in APSB16-15 just four days later. Attackers...

10CVSS0.5AI score0.94354EPSS
Exploits6
FireEye
FireEye
added 2017/06/06 6:30 p.m.237 views

Privileges and Credentials: Phished at the Request of Counsel

Summary In May and June 2017, FireEye observed a phishing campaign targeting at least seven global law and investment firms. We have associated this campaign with APT19, a group that we assess is composed of freelancers, with some degree of sponsorship by the Chinese government. APT19 used three...

9.3CVSS6.8AI score0.99933EPSS
Exploits29
FireEye
FireEye
added 2017/08/22 10:0 a.m.234 views

Hiking Club Malvertisements Drop Monero Miners Via Neptune Exploit Kit

Exploit kit EK activity has been on the decline ever since Angler Exploit Kit was shut down in 2016. Fewer people using Internet Explorer and a drop in browser support for Adobe Flash – two primary targets of many exploit kits – have also contributed to this decline. Additionally, some popular...

9.3CVSS9AI score0.94996EPSS
Exploits50
FireEye
FireEye
added 2016/08/03 4:30 a.m.234 views

FakeNet-NG: Next Generation Dynamic Network Analysis Tool

As a reverse engineer on the FLARE FireEye Labs Advanced Reverse Engineering team, I regularly perform basic dynamic analysis of malware samples. The goal is to quickly observe runtime characteristics by running binaries in a safe environment. One important task during dynamic analysis is to...

6.9AI score
Exploits0
FireEye
FireEye
added 2021/02/25 12:0 a.m.231 views

So Unchill: Melting UNC2198 ICEDID to Ransomware Operations

Mandiant Advanced Practices AP closely tracks the shifting tactics, techniques, and procedures TTPs of financially motivated groups who severely disrupt organizations with ransomware. In May 2020, FireEye released a blog post detailing intrusion tradecraft associated with the deployment of MAZE. ...

7.2CVSS9.1AI score0.42524EPSS
Exploits7References12
FireEye
FireEye
added 2016/01/07 8:56 p.m.231 views

Sandworm Team and the Ukrainian Power Authority Attacks

Update 1.11.16 - SANS ICS Team Connects Dots Updating the blog entry to bring attention to the recent analysis published by Mike Assante from the SANS ICS team. "After analyzing the information that has been made available by affected power companies, researchers, and the media it is clear that...

9.3CVSS7.9AI score0.81628EPSS
Exploits22
FireEye
FireEye
added 2021/02/17 12:0 a.m.228 views

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)

In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user. Specifically, Mandiant’s research focused on SolarCity’s now owned by Tesla rebranded ConnectPort X2e device...

7.2CVSS8.6AI score0.01165EPSS
Exploits2References21
FireEye
FireEye
added 2021/05/25 12:0 a.m.215 views

Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises

Attacks on control processes supported by operational technology OT are often perceived as necessarily complex. This is because disrupting or modifying a control process to cause a predictable effect is often quite difficult and can require a lot of time and resources. However, Mandiant Threat...

1.9AI score
Exploits0References6
FireEye
FireEye
added 2021/04/20 12:0 a.m.215 views

Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise

In March 2021, Mandiant Managed Defense identified three zero-day vulnerabilities in SonicWall’s Email Security ES product that were being exploited in the wild. These vulnerabilities were executed in conjunction to obtain administrative access and code execution on a SonicWall ES device. The...

7.5CVSS0.4AI score0.83425EPSS
Exploits0References8
FireEye
FireEye
added 2020/10/24 12:0 a.m.214 views

Flare-On 7 Challenge Solutions

We are thrilled to announce the conclusion of the seventh annual Flare-On challenge. This year proved to be the most difficult challenge we’ve produced, with the lowest rate of finishers. This year’s winners are truly the elite of the elite! Lucky for them, all 260 winners will receive this...

7AI score
Exploits0References18
FireEye
FireEye
added 2013/03/20 5:26 p.m.211 views

Internet Explorer 8 Exploit Found in Watering Hole Campaign Targeting Chinese Dissidents

On March 16th, we discovered a premeditated waterhole campaign that hosts exploits and malware on websites frequented by a specific target group. In this case the target includes Chinese dissidents. For the attacker, this approach is highly attractive since it is very difficult to discover the...

10CVSS9.6AI score0.97612EPSS
Exploits51
FireEye
FireEye
added 2019/12/04 12:0 a.m.209 views

Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774)

Attackers have a dirty little secret that is being used to conduct big intrusions. We’ll explain how they're "unpatching" an exploit and then provide new Outlook hardening guidance that is not available elsewhere. Specifically, this blog post covers field-tested automated registry processing for...

6.8CVSS7.9AI score0.59893EPSS
Exploits2References39
FireEye
FireEye
added 2021/06/16 12:0 a.m.204 views

Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise

Mandiant observed DARKSIDE affiliate UNC2465 accessing at least one victim through a Trojanized software installer downloaded from a legitimate website. While this victim organization detected the intrusion, engaged Mandiant for incident response, and avoided ransomware, others may be at risk. As...

0.6AI score
Exploits0References5
FireEye
FireEye
added 2019/04/23 5:45 p.m.204 views

CARBANAK Week Part Two: Continuing the CARBANAK Source Code Analysis

Update April 30: Following the release of our four-part CARBANAK Week blog series, many readers have found places to make the data shared in these posts actionable. We have updated this post to include some of this information. In the previous installment, we wrote about how string hashing was us...

7.2CVSS8.5AI score0.87042EPSS
Exploits40References22
FireEye
FireEye
added 2016/08/18 8:0 a.m.201 views

WMI vs. WMI: Monitoring for Malicious Activity

Hello my name is: WMI WMI has been a core component of Windows since Windows 98, but it is not exactly old wine in a new bottle. WMI more closely resembles that bottle of ‘61 Bordeaux wine that continues to impress us as it ages and matures. WMI was developed as Microsoft’s interpretation of...

7.2AI score
Exploits0
FireEye
FireEye
added 2016/05/11 3:0 p.m.201 views

Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks

In March 2016, a financially motivated threat actor launched several tailored spear phishing campaigns primarily targeting the retail, restaurant, and hospitality industries. The emails contained variations of Microsoft Word documents with embedded macros that, when enabled, downloaded and execut...

7.2CVSS8.2AI score0.05729EPSS
Exploits0
FireEye
FireEye
added 2016/01/07 8:56 p.m.194 views

Sandworm Team and the Ukrainian Power Authority Attacks

Update 1.11.16 - SANS ICS Team Connects Dots Updating the blog entry to bring attention to the recent analysis published by Mike Assante from the SANS ICS team. "After analyzing the information that has been made available by affected power companies, researchers, and the media it is clear that...

9.3CVSS7.9AI score0.81628EPSS
Exploits22
FireEye
FireEye
added 2020/10/28 3:30 p.m.192 views

Welcome to ThreatPursuit VM: A Threat Intelligence and Hunting Virtual Machine

Skilled adversaries can deceive detection and often employ new measures in their tradecraft. Keeping a stringent focus on the lifecycle and evolution of adversaries allows analysts to devise new detection mechanisms and response processes. Access to the appropriate tooling and resources is critic...

0.3AI score
Exploits0References45
FireEye
FireEye
added 2020/04/06 12:0 a.m.183 views

Zero-Day Exploitation Increasingly Demonstrates Access to Money, Rather than Skill — Intelligence for Vulnerability Management, Part One

One of the critical strategic and tactical roles that cyber threat intelligence CTI plays is in the tracking, analysis, and prioritization of software vulnerabilities that could potentially put an organization’s data, employees and customers at risk. In this four-part blog series, FireEye Mandian...

10CVSS8.9AI score0.93289EPSS
Exploits69References15
FireEye
FireEye
added 2020/12/08 12:0 a.m.181 views

Unauthorized Access of FireEye Red Team Tools

Overview A highly sophisticated state-sponsored adversary stole FireEye Red Team tools. Because we believe that an adversary possesses these tools, and we do not know whether the attacker intends to use the stolen tools themselves or publicly disclose them, FireEye is releasing hundreds of...

Exploits0References2
FireEye
FireEye
added 2017/04/12 3:0 p.m.181 views

CVE-2017-0199 Used as Zero Day to Distribute FINSPY Espionage Malware and LATENTBOT Cyber Crime Malware

FireEye recently identified a vulnerability – CVE-2017-0199 – that allows a malicious actor to download and execute a Visual Basic script containing PowerShell commands when a user opens a Microsoft Office RTF document containing an embedded exploit. We worked with Microsoft and published the...

9.3CVSS8.2AI score0.99933EPSS
Exploits29References3
FireEye
FireEye
added 2016/01/12 2:49 p.m.181 views

End of Life for Internet Explorer 8, 9 and 10

Microsoft has started the year with an announcement that, effective Jan. 12, 2016, support for all older versions of Internet Explorer IE will come to an end known as an EoL, or End of Life. The affected versions are Internet Explorer 7, 8, 9, and 10. What this means for users is that Microsoft...

10CVSS8.6AI score0.88013EPSS
Exploits27
FireEye
FireEye
added 2016/05/13 8:0 p.m.180 views

CVE-2016-4117: Flash Zero-Day Exploited in the Wild

On May 8, 2016, FireEye detected an attack exploiting a previously unknown vulnerability in Adobe Flash Player CVE-2016-4117 and reported the issue to the Adobe Product Security Incident Response Team PSIRT. Adobe released a patch for the vulnerability in APSB16-15 just four days later. Attackers...

10CVSS8.9AI score0.94354EPSS
Exploits6
FireEye
FireEye
added 2021/04/27 12:0 a.m.179 views

Abusing Replication: Stealing AD FS Secrets Over the Network

Organizations are increasingly adopting cloud-based services such as Microsoft 365 to host applications and data. Sophisticated threat actors are catching on and Mandiant has observed an increased focus on long-term persistent access to Microsoft 365 as one of their primary objectives. The focus ...

8.1AI score
Exploits0References8
FireEye
FireEye
added 2018/07/18 2:0 p.m.176 views

How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of Miners

Introduction Cyber criminals tend to favor cryptocurrencies because they provide a certain level of anonymity and can be easily monetized. This interest has increased in recent years, stemming far beyond the desire to simply use cryptocurrencies as a method of payment for illicit tools and...

7.2CVSS8.3AI score0.99993EPSS
Exploits59References32
FireEye
FireEye
added 2018/02/15 4:30 p.m.170 views

CVE-2017-10271 Used to Deliver CryptoMiners: An Overview of Techniques Used Post-Exploitation and Pre-Mining

Introduction FireEye researchers recently observed threat actors abusing CVE-2017-10271 to deliver various cryptocurrency miners. CVE-2017-10271 is a known input validation vulnerability that exists in the WebLogic Server Security Service WLS Security in Oracle WebLogic Server versions 12.2.1.2.0...

9.3CVSS8.6AI score0.99993EPSS
Exploits100References4
FireEye
FireEye
added 2016/03/23 8:0 a.m.167 views

99 Problems but Two-Factor Ain’t One

Two-factor authentication is a best practice for securing remote access, but it is also a Holy Grail for a motivated red team. Hiding under the guise of a legitimate user authenticated through multiple credentials is one of the best ways to remain undetected in an environment. Many companies rega...

4.3CVSS0.1AI score0.01995EPSS
Exploits0
FireEye
FireEye
added 2017/10/05 10:30 a.m.165 views

Significant FormBook Distribution Campaigns Impacting the U.S. and South Korea

We observed several high-volume FormBook malware distribution campaigns primarily taking aim at Aerospace, Defense Contractor, and Manufacturing sectors within the U.S. and South Korea during the past few months. The attackers involved in these email campaigns leveraged a variety of distribution...

7.6AI score
Exploits0
FireEye
FireEye
added 2021/07/19 12:0 a.m.162 views

capa 2.0: Better, Stronger, Faster

We are excited to announce version 2.0 of our open-source tool called capa. capa automatically identifies capabilities in programs using an extensible rule set. The tool supports both malware triage and deep dive reverse engineering. If you haven’t heard of capa before, or need a refresher, check...

6.7AI score
Exploits0References24
FireEye
FireEye
added 2015/06/23 12:21 p.m.160 views

Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign

Adobe has already released a patch for CVE-2015-3113 with an out-of-band security bulletin . FireEye recommends that Adobe Flash Player users update to the latest version as soon as possible. FireEye MVX detects this threat as a web infection, the IPS engine reports the attack as CVE-2015-3113, a...

10CVSS0.9994EPSS
Exploits4
FireEye
FireEye
added 2015/12/09 12:0 p.m.152 views

Cybercrime News Results In Cybercrime Blues

INTRODUCTION FireEye Labs recently spotted a 2011 article on cybercrime from the news site theguardian.com that redirects users to the Angler Exploit Kit. Successful exploitation by Angler resulted in a malware infection for readers of the article. A spokesperson for the guardian.com responded th...

10CVSS0.1AI score0.94996EPSS
Exploits45
FireEye
FireEye
added 2017/06/02 9:0 a.m.150 views

Threat actors leverage EternalBlue exploit to deliver non-WannaCry payloads

The “EternalBlue” exploit MS017-010 was initially used by WannaCry ransomware and Adylkuzz cryptocurrency miner. Now more threat actors are leveraging the vulnerability in Microsoft Server Message Block SMB protocol – this time to distribute Backdoor.Nitol and Trojan Gh0st RAT. FireEye Dynamic...

9.3CVSS1.3AI score0.94996EPSS
Exploits39
FireEye
FireEye
added 2020/04/20 12:0 p.m.146 views

Separating the Signal from the Noise: How Mandiant Intelligence Rates Vulnerabilities — Intelligence for Vulnerability Management, Part Three

One of the critical strategic and tactical roles that cyber threat intelligence CTI plays is in the tracking, analysis, and prioritization of software vulnerabilities that could potentially put an organization’s data, employees and customers at risk. In this four-part blog series, FireEye Mandian...

9CVSS0.9AI score0.99999EPSS
Exploits67References6
FireEye
FireEye
added 2020/12/24 12:0 a.m.141 views

SUNBURST Additional Technical Details

FireEye has discovered additional details about the SUNBURST backdoor since our initial publication on Dec. 13, 2020. Before diving into the technical depth of this malware, we recommend readers familiarize themselves with our blog post about the SolarWinds supply chain compromise, which revealed...

7AI score
Exploits0References7
FireEye
FireEye
added 2019/03/29 1:0 a.m.138 views

Commando VM: The First of Its Kind Windows Offensive Distribution

For penetration testers looking for a stable and supported Linux testing platform, the industry agrees that Kali is the go-to platform. However, if you’d prefer to use Windows as an operating system, you may have noticed that a worthy platform didn’t exist. As security researchers, every one of u...

10CVSS9.7AI score0.79842EPSS
Exploits13References22
FireEye
FireEye
added 2021/04/28 12:0 a.m.134 views

Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity

In July 2020, Mandiant Threat Intelligence released a public report detailing an ongoing influence campaign we named “Ghostwriter.” Ghostwriter is a cyber-enabled influence campaign which primarily targets audiences in Lithuania, Latvia and Poland and promotes narratives critical of the North...

0.1AI score
Exploits0References4
FireEye
FireEye
added 2019/03/26 3:30 p.m.134 views

WinRAR Zero-day Abused in Multiple Campaigns

WinRAR, an over 20-year-old file archival utility used by over 500 million users worldwide, recently acknowledged a long-standing vulnerability in its code-base. A recently published path traversal zero-day vulnerability, disclosed in CVE-2018-20250 by Check Point Research, enables attackers to...

6.8CVSS8.1AI score0.96274EPSS
Exploits13References6
Total number of security vulnerabilities545