Lucene search
+L
FireeyeMost viewed

545 matches found

FireEye
FireEye
added 2014/10/08 1:56 a.m.24 views

MIRcon 2014 – Day 1 Highlights

The first day of MIRcon 2014 is officially done and was packed with thought-provoking keynotes, presentations and a one-of-a-kind reception. While there's too much to fit into this blog post, I wanted to provide you with some of the highlights: FireEye's COO, Kevin Mandia kicked-off MIRcon and wa...

1.5AI score
Exploits0
FireEye
FireEye
added 2014/08/20 2:56 p.m.24 views

Looking Ahead to MIRcon 2014

As targeted cyber attacks become increasingly prevalent, today's cybersecurity professionals are being tested like never before. The upcoming Mandiant Incident Response Conference MIRcon® - October 7 & 8, 2014 - offers attendees the chance to hear insights from some of the most respected and...

0.5AI score
Exploits0
FireEye
FireEye
added 2012/11/08 9:5 p.m.24 views

Memoryze for the Mac: Support Added for OS X Mountain Lion (10.8)

Earlier this year, Mandiant launched a new freeware tool: Memoryze for the Mac™. The tool brings many of the features of Memoryze™ to the Apple® Macintosh platform, enabling acquisition of memory images via the command-line or a simple GUI. We are excited to announce it now fully supports OS X...

0.1AI score
Exploits0
FireEye
FireEye
added 2012/11/07 4:51 p.m.24 views

An In-Depth Look Into Data Stacking

Mandiant's Nick Bennett and Jake Valletta discussed data stacking at MIRcon™ last month. If you were unable to attend the talk, we will discuss this data analysis technique here on the M-Unition blog. What is Data Stacking? Data stacking is the application of frequency analysis to large volumes o...

0.4AI score
Exploits0
FireEye
FireEye
added 2019/10/15 2:15 p.m.23 views

LOWKEY: Hunting for the Missing Volume Serial ID

In August 2019, FireEye released the “Double Dragon” report on our newest graduated threat group: APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services. This blog...

7.4AI score
Exploits0References6
FireEye
FireEye
added 2019/08/13 4:45 p.m.23 views

Showing Vulnerability to a Machine: Automated Prioritization of Software Vulnerabilities

Introduction If a software vulnerability can be detected and remedied, then a potential intrusion is prevented. While not all software vulnerabilities are known, 86 percent of vulnerabilities leading to a data breach were patchable, though there is some risk of inadvertent damage when applying...

7AI score
Exploits0References21
FireEye
FireEye
added 2019/07/18 12:0 a.m.23 views

Hard Pass: Declining APT34’s Invite to Join Their Professional Network

Background With increasing geopolitical tensions in the Middle East, we expect Iran to significantly increase the volume and scope of its cyber espionage campaigns. Iran has a critical need for strategic intelligence and is likely to fill this gap by conducting espionage against decision makers a...

0.6AI score
Exploits0References6
FireEye
FireEye
added 2019/04/10 4:0 a.m.23 views

TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping

Overview FireEye can now confirm that we have uncovered and are responding to an additional intrusion by the attacker behind TRITON at a different critical infrastructure facility. In December 2017, FireEye publicly released our first analysis on the TRITON attack where malicious actors used the...

7.8AI score
Exploits0References22
FireEye
FireEye
added 2018/01/11 4:45 p.m.23 views

FLARE IDA Pro Script Series: Simplifying Graphs in IDA

Introduction We’re proud to release a new plug-in for IDA Pro users – SimplifyGraph – to help automate creation of groups of nodes in the IDA’s disassembly graph view. Code and binaries are available from the FireEye GitHub repo. Prior to this release we submitted it in the 2017 Hex-Rays plugin...

6.7AI score
Exploits0References4
FireEye
FireEye
added 2017/09/20 10:0 a.m.23 views

Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware

When discussing suspected Middle Eastern hacker groups with destructive capabilities, many automatically think of the suspected Iranian group that previously used SHAMOON – aka Disttrack – to target organizations in the Persian Gulf. However, over the past few years, we have been tracking a...

7.4AI score
Exploits0
FireEye
FireEye
added 2017/08/11 9:0 a.m.23 views

APT28 Targets Hospitality Sector, Presents Threat to Travelers

FireEye has moderate confidence that a campaign targeting the hospitality sector is attributed to Russian actor APT28. We believe this activity, which dates back to at least July 2017, was intended to target travelers to hotels throughout Europe and the Middle East. The actor has used several...

7.5AI score
Exploits0
FireEye
FireEye
added 2016/10/20 8:0 a.m.23 views

Rotten Apples: Resurgence

In June 2016, we published a blog about a phishing campaign targeting the Apple IDs and passwords of Chinese Apple users that emerged in the first quarter of 2016 referred to as the “Zycode” phishing campaign. At FireEye Labs we have an automated system designed to proactively detect newly...

6.7AI score
Exploits0
FireEye
FireEye
added 2016/05/18 8:0 a.m.23 views

Ransomware Activity Spikes in March, Steadily increasing throughout 2016

UPDATE June 15, 2016: This post has been updated to include new data on ransomware activity, which is also now broken down by region. Cyber extortion for financial gain is typically carried out in one of two ways. The first method is a business disruption attack – a category we discussed at lengt...

0.8AI score
Exploits0
FireEye
FireEye
added 2021/04/13 12:0 a.m.22 views

Hacking Operational Technology for Defense: Lessons Learned From OT Red Teaming Smart Meter Control Infrastructure

High-profile security incidents in the past decade have brought increased scrutiny to cyber security for operational technology OT. However, there is a continued perception across critical infrastructure organizations that OT networks are isolated from public networks—such as the Internet. In...

8.1AI score
Exploits0References12
FireEye
FireEye
added 2020/07/07 6:0 p.m.22 views

Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool

We recently encountered a large obfuscated malware sample that offered several interesting analysis challenges. It used virtualization that prevented us from producing a fully-deobfuscated memory dump for static analysis. Statically analyzing a large virtualized sample can take anywhere from...

Exploits0References4
FireEye
FireEye
added 2017/08/24 12:30 p.m.22 views

Announcing the Fourth Annual Flare-On Challenge

The fourth annual Flare-On Challenge – the FireEye Labs Advanced Reverse Engineering FLARE team’s yearly reverse engineering contest – is scheduled to kick off on Sept. 1, 2017, at 8pm ET. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security...

7.2AI score
Exploits0
FireEye
FireEye
added 2017/08/11 9:0 a.m.22 views

APT28 Targets Hospitality Sector, Presents Threat to Travelers

FireEye has moderate confidence that a campaign targeting the hospitality sector is attributed to Russian actor APT28. We believe this activity, which dates back to at least July 2017, was intended to target travelers to hotels throughout Europe and the Middle East. The actor has used several...

0.3AI score
Exploits0
FireEye
FireEye
added 2016/10/07 12:0 p.m.22 views

Increased Use of WMI for Environment Detection and Evasion

Introduction Throughout the past few months, FireEye Labs has observed an increased use of Windows Management Instrumentation WMI queries for environment detection and evasion of dynamic analysis and virtualization engines. WMI provides high-level interaction with Windows objects using C/C++,...

7.4AI score
Exploits0References2
FireEye
FireEye
added 2016/09/13 10:20 a.m.22 views

Announcing the Third Annual Flare-On Challenge

Let fall be the season for reverse engineering! On Sept. 23, 2016, the FireEye Labs Advanced Reverse Engineering FLARE team will be hosting its third annual Flare-On reverse engineering contest with a designated start time of 8pm ET. This is a CTF-style challenge for all active and aspiring rever...

6.7AI score
Exploits0
FireEye
FireEye
added 2016/07/18 12:0 p.m.22 views

Cerber: Analyzing a Ransomware Attack Methodology To Enable Protection

Ransomware is a common method of cyber extortion for financial gain that typically involves users being unable to interact with their files, applications or systems until a ransom is paid. Accessibility of cryptocurrency such as Bitcoin has directly contributed to this ransomware model. Based on...

7AI score
Exploits0References5
FireEye
FireEye
added 2016/07/18 8:0 a.m.22 views

Cerber: Analyzing a Ransomware Attack Methodology To Enable Protection

Ransomware is a common method of cyber extortion for financial gain that typically involves users being unable to interact with their files, applications or systems until a ransom is paid. Accessibility of cryptocurrency such as Bitcoin has directly contributed to this ransomware model. Based on...

7AI score
Exploits0
FireEye
FireEye
added 2016/04/22 11:0 a.m.22 views

New Downloader for Locky

Through DTI Intelligence analysis, We have been observing Locky malware rise to fame recently. Locky is ransomware that is aggressively distributed via downloaders attached in spam emails, and it may have surpassed the Dridex banking trojan in popularity. In previous campaigns, the ransomware was...

8AI score
Exploits0
FireEye
FireEye
added 2019/05/29 2:30 p.m.21 views

Learning to Rank Strings Output for Speedier Malware Analysis

Reverse engineers, forensic investigators, and incident responders have an arsenal of tools at their disposal to dissect malicious software binaries. When performing malware analysis, they successively apply these tools in order to gradually gather clues about a binary’s function, design detectio...

7.2AI score
Exploits0References9
FireEye
FireEye
added 2018/11/20 5:30 p.m.21 views

Cmd and Conquer: De-DOSfuscation with flare-qdb

When Daniel Bohannon released his excellent DOSfuscation paper, I was fascinated to see how tricks I used as a systems engineer could help attackers evade detection. I didn’t have much to contribute to this conversation until I had to analyze a hideously obfuscated batch file as part of my job on...

7.1AI score
Exploits0References10
FireEye
FireEye
added 2017/04/24 10:30 a.m.21 views

FIN7 Evolution and the Phishing LNK

FIN7 is a financially-motivated threat group that has been associated with malicious operations dating back to late 2015. FIN7 is referred to by many vendors as “Carbanak Group”, although we do not equate all usage of the CARBANAK backdoor with FIN7. FireEye recently observed a FIN7 spear phishin...

6.9AI score
Exploits0
FireEye
FireEye
added 2016/12/15 1:0 p.m.21 views

Do You See What I CCM?

SCCM Software Metering Reviewing forensic keyword searches can be confusing because it is often difficult for an analyst to determine the source of the various structures that contain string matches. One such structure belongs to Microsoft's System Center Configuration Manager's SCCM software...

7.1AI score
Exploits0References4
FireEye
FireEye
added 2016/11/16 1:16 p.m.21 views

FireEye Cyber Defense Summit 2016: The Incident Response Track – Technical Details and Solutions that Work

2016 has been a year of significant change to the cyber security landscape. The rapid proliferation of ransomware and the emergence of Internet of Things mass compromise has changed the landscape for responders. Similarly, existing threats have become more brazen, with nation-state actors...

6.6AI score
Exploits0
FireEye
FireEye
added 2016/08/17 12:15 p.m.21 views

Locky Ransomware Distributed Via DOCM Attachments in Latest Email Campaigns

Throughout August, FireEye Labs has observed a few massive email campaigns distributing Locky ransomware. The campaigns have affected various industries, with the healthcare industry being hit the hardest based on our telemetry, as seen in Figure 1. Figure 1. Top 10 affected industries Numerous...

6.9AI score
Exploits0
FireEye
FireEye
added 2016/08/03 8:0 a.m.21 views

Overload: Critical Lessons from 15 Years of ICS Vulnerabilities

In the past several years, a flood of vulnerabilities has hit industrial control systems ICS – the technological backbone of electric grids, water supplies, and production lines. These vulnerabilities affect the reliable operation of sensors, programmable controllers, software and networking...

0.8AI score
Exploits0
FireEye
FireEye
added 2016/01/25 8:0 a.m.21 views

Holiday Season 2015 Email Campaign

The holiday season is a time when many people go on vacation or at least get much-needed downtime from work, but that is not always the case with attackers. To better understand the threats we face during “the most wonderful time of the year,” FireEye Labs has been collecting data on the most...

6.8AI score
Exploits0
FireEye
FireEye
added 2020/08/05 12:0 a.m.20 views

Repurposing Neural Networks to Generate Synthetic Media for Information Operations

FireEye’s Data Science and Information Operations Analysis teams released this blog post to coincide with our Black Hat USA 2020 Briefing, which details how open source, pre-trained neural networks can be leveraged to generate synthetic media for malicious purposes. To summarize our presentation,...

0.6AI score
Exploits0References21
FireEye
FireEye
added 2020/05/14 12:0 a.m.20 views

Using Real-Time Events in Investigations

To understand what a threat actor did on a Windows system, analysts often turn to the tried and true sources of historical endpoint artifacts such as the Master File Table MFT, registry hives, and Application Compatibility Cache AppCompat. However, these evidence sources were not designed with...

7.1AI score
Exploits0References12
FireEye
FireEye
added 2020/03/09 12:0 a.m.20 views

Crescendo: Real Time Event Viewer for macOS

Prior to 2017, researchers couldn’t easily monitor actions performed by a process on macOS and had to resort to coding scripts that produced low level system call data. FireEye released Monitor.app in 2017 that enabled collection of information on macOS at a higher level; at a simplified data set...

6.6AI score
Exploits0References11
FireEye
FireEye
added 2019/10/29 6:0 p.m.20 views

CertUtil Qualms: They Came to Drop FOMBs

This blog post covers an interesting intrusion attempt that Mandiant Managed Defense thwarted involving the rapid weaponization of a recently disclosed vulnerability combined with the creative use of WMI compiled “.bmf” files and CertUtil for obfuscated execution. This intrusion attempt highlight...

Exploits0References13
FireEye
FireEye
added 2019/03/13 4:0 p.m.20 views

Breaking the Bank: Weakness in Financial AI Applications

Currently, threat actors possess limited access to the technology required to conduct disruptive operations against financial artificial intelligence AI systems and the risk of this targeting type remains low. However, there is a high risk of threat actors leveraging AI as part of disinformation...

0.4AI score
Exploits0References38
FireEye
FireEye
added 2017/09/20 10:0 a.m.20 views

Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware

When discussing suspected Middle Eastern hacker groups with destructive capabilities, many automatically think of the suspected Iranian group that previously used SHAMOON – aka Disttrack – to target organizations in the Persian Gulf. However, over the past few years, we have been tracking a...

7.4AI score
Exploits0
FireEye
FireEye
added 2017/09/01 11:0 a.m.20 views

Monitoring Windows Console Activity (Part 1)

Introduction While performing incident response, Mandiant encounters attackers actively using systems on a compromised network. This activity often includes using interactive console programs via RDP such as the command prompt, PowerShell, and sometimes custom command and control C2 console tools...

0.9AI score
Exploits0
FireEye
FireEye
added 2017/06/30 7:0 p.m.20 views

Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques

Throughout 2017 we have observed a marked increase in the use of command line evasion and obfuscation by a range of targeted attackers. Cyber espionage groups and financial threat actors continue to adopt the latest cutting-edge application whitelisting bypass techniques and introduce innovative...

0.7AI score
Exploits0
FireEye
FireEye
added 2017/06/16 8:0 a.m.20 views

FIN10: Anatomy of a Cyber Extortion Operation

FireEye has identified a set of financially motivated intrusion operations being carried out by a threat actor we have dubbed FIN10. FIN10 is known for compromising networks, stealing sensitive data, and directly engaging victim executives and board members in an attempt to extort them into payin...

6.9AI score
Exploits0
FireEye
FireEye
added 2017/05/03 4:30 p.m.20 views

To SDB, Or Not To SDB: FIN7 Leveraging Shim Databases for Persistence

In 2017, Mandiant responded to multiple incidents we attribute to FIN7, a financially motivated threat group associated with malicious operations dating back to 2015. Throughout the various environments, FIN7 leveraged the CARBANAK backdoor, which this group has used in previous operations. A...

7.2AI score
Exploits0
FireEye
FireEye
added 2017/03/14 8:0 a.m.20 views

M-Trends 2017: A View From the Front Lines

Every year Mandiant responds to a large number of cyber attacks, and 2016 was no exception. For our M-Trends 2017 report, we took a look at the incidents we investigated last year and provided a global and regional the Americas, APAC and EMEA analysis focused on attack trends, and defensive and...

6.8AI score
Exploits0
FireEye
FireEye
added 2016/06/10 10:0 a.m.20 views

Connected Cars: The Open Road for Hackers

As vehicles become both increasingly complex and better connected to the Internet, their newfound versatility may be manipulated for malicious purposes. Three of the most concerning potential threats looking ahead to the next few years are those posed by manipulating vehicle operation, ransomware...

7AI score
Exploits0
FireEye
FireEye
added 2015/11/04 1:0 p.m.20 views

iBackDoor: High-Risk Code Hits iOS Apps

Introduction FireEye mobile researchers recently discovered potentially “backdoored” versions of an ad library embedded in thousands of iOS apps originally published in the Apple App Store. The affected versions of this library embedded functionality in iOS apps that used the library to display...

0.8AI score
Exploits0
FireEye
FireEye
added 2020/03/23 12:0 a.m.19 views

Monitoring ICS Cyber Operation Tools and Software Exploit Modules To Anticipate Future Threats

There has only been a small number of broadly documented cyber attacks targeting operational technologies OT / industrial control systems ICS over the last decade. While fewer attacks is clearly a good thing, the lack of an adequate sample size to determine risk thresholds can make it difficult f...

0.1AI score
Exploits0References9
FireEye
FireEye
added 2019/10/31 12:0 a.m.19 views

MESSAGETAP: Who’s Reading Your Text Messages?

FireEye Mandiant recently discovered a new malware family used by APT41 a Chinese APT group that is designed to monitor and save SMS traffic from specific phone numbers, IMSI numbers and keywords for subsequent theft. Named MESSAGETAP, the tool was deployed by APT41 in a telecommunications networ...

6.7AI score
Exploits0References6
FireEye
FireEye
added 2019/07/30 4:15 p.m.19 views

Announcing the Sixth Annual Flare-On Challenge

The FireEye Labs Advanced Reverse Engineering FLARE team is thrilled to announce that the popular Flare-On reverse engineering challenge will return for the sixth straight year. The contest will begin at 8:00 p.m. ET on Aug. 16, 2019. This is a CTF-style challenge for all active and aspiring...

Exploits0References1
FireEye
FireEye
added 2019/04/22 5:0 p.m.19 views

CARBANAK Week Part One: A Rare Occurrence

It is very unusual for FLARE to analyze a prolifically-used, privately-developed backdoor only to later have the source code and operator tools fall into our laps. Yet this is the extraordinary circumstance that sets the stage for CARBANAK Week, a four-part blog series that commences with this...

0.5AI score
Exploits0References11
FireEye
FireEye
added 2018/11/29 12:0 p.m.19 views

Obfuscated Command Line Detection Using Machine Learning

This blog post presents a machine learning ML approach to solving an emerging security problem: detecting obfuscated Windows command line invocations on endpoints. We start out with an introduction to this relatively new threat capability, and then discuss how such problems have traditionally bee...

7.4AI score
Exploits0
FireEye
FireEye
added 2017/06/21 12:0 p.m.19 views

Remote Symbol Resolution

Introduction The following blog discusses a couple of common techniques that malware uses to obscure its access to the Windows API. In both forms examined, analysts must calculate the API start address and resolve the symbol from the runtime process in order to determine functionality. After...

7.2AI score
Exploits0References2
FireEye
FireEye
added 2017/03/03 8:0 a.m.19 views

AntiVirus Evasion Reconstructed – Veil 3.0

The Veil Framework is a collection of tools designed for use during offensive security testing. When the time calls for it, Mandiant’s Red Team will use the Veil-Framework to help achieve their objective. The most commonly used tool is Veil-Evasion, which can turn an arbitrary script or piece of...

7.3AI score
Exploits0
Total number of security vulnerabilities545