Lucene search
+L
FireeyeMost viewed

545 matches found

FireEye
FireEye
added 2017/01/09 4:0 p.m.19 views

Credit Card Data and Other Information Targeted in Netflix Phishing Campaign

Introduction Through FireEye’s Email Threat Prevention ETP solution, FireEye Labs discovered a phishing campaign in the wild targeting the credit card data and other personal information of Netflix users primarily based in the United States. This campaign is interesting because of the evasion...

6.6AI score
Exploits0References3
FireEye
FireEye
added 2016/08/26 11:45 p.m.19 views

RIPPER ATM Malware and the 12 Million Baht Jackpot

On Aug. 23, 2016, FireEye detected a potentially new ATM malware sample that used some interesting techniques not seen before. To add more fuel to an existing fire, the sample was uploaded to VirusTotal from an IP address in Thailand a couple of minutes before the Bangkok Post newspaper reported...

0.7AI score
Exploits0
FireEye
FireEye
added 2016/06/14 12:0 p.m.19 views

Pwned by Vpon

Vpon is one of many mobile ad SDKs marketed towards mainland Chinese and Taiwanese developers and app users. Recently, FireEye mobile security researchers identified a branch of Vpon ad SDK on iOS containing code that allows a malicious actor be it the app developer or the SDK creator to remotely...

7AI score
Exploits0References15
FireEye
FireEye
added 2016/06/06 8:0 a.m.19 views

Angler Exploit Kit Evading EMET

We recently encountered some exploits from Angler Exploit Kit EK that are completely evading Microsoft’s Enhanced Mitigation Experience Toolkit EMET. This is something we are seeing for the first time in the wild, and we only observed it affecting systems running Windows 7. Angler EK uses complex...

7.8AI score
Exploits0
FireEye
FireEye
added 2016/05/12 1:30 p.m.19 views

Cerber Ransomware Partners with the Dridex Spam Distributor

Cerber ransomware incorporates the unusual feature of “speaking” its ransom message after successfully infecting a user machine and encrypting files. Cerber was first seen in the wild at the end of February 2016 and was observed being delivered mostly via exploit kits EK, notably using Magnitude...

6.9AI score
Exploits0
FireEye
FireEye
added 2016/01/13 7:57 a.m.19 views

The Dangers of Downloads: Securing Mobile Devices in 2016

In 2015, mobile malware attacks were on the rise; from 2014 to 2015 we saw an increase of 61% in the number of these attacks. Malware has a clear progression path; it starts out targeting unsuspecting users who are likely to open unknown attachments or install unknown applications. The primary...

1.5AI score
Exploits0
FireEye
FireEye
added 2020/09/14 12:0 a.m.18 views

A "DFUR-ent" Perspective on Threat Modeling and Application Log Forensic Analysis

Many organizations operating in e-commerce, hospitality, healthcare, managed services, and other service industries rely on web applications. And buried within the application logs may be the potential discovery of fraudulent use and/or compromise! But, let's face it, finding evil in application...

7.2AI score
Exploits0References2
FireEye
FireEye
added 2020/04/28 12:0 a.m.18 views

Excelerating Analysis, Part 2 — X[LOOKUP] Gon’ Pivot To Ya

In December 2019, we published a blog post on augmenting analysis using Microsoft Excel for various data sets for incident response investigations. As we described, investigations often include custom or proprietary log formats and miscellaneous, non-traditional forensic artifacts. There are, of...

6.5AI score
Exploits0References8
FireEye
FireEye
added 2020/04/02 12:0 a.m.18 views

FakeNet Genie: Improving Dynamic Malware Analysis with Cheat Codes for FakeNet-NG

As developers of the network simulation tool FakeNet-NG, reverse engineers on the FireEye FLARE team, and malware analysis instructors, we get to see how different analysts use FakeNet-NG and the challenges they face. We have learned that FakeNet-NG provides many useful features and solutions of...

Exploits0References8
FireEye
FireEye
added 2020/02/05 12:0 a.m.18 views

STOMP 2 DIS: Brilliance in the (Visual) Basics

Throughout January 2020, FireEye has continued to observe multiple targeted phishing campaigns designed to download and deploy a backdoor we track as MINEBRIDGE. The campaigns primarily targeted financial services organizations in the United States, though targeting is likely more widespread than...

8AI score
Exploits0References15
FireEye
FireEye
added 2020/01/09 12:0 a.m.18 views

SAIGON, the Mysterious Ursnif Fork

Ursnif aka Gozi/Gozi-ISFB is one of the oldest banking malware families still in active distribution. While the first major version of Ursnif was identified in 2006, several subsequent versions have been released in large part due source code leaks. FireEye reported on a previously unidentified...

0.3AI score
Exploits0References4
FireEye
FireEye
added 2019/10/03 5:0 p.m.18 views

IDA, I Think It’s Time You And I Had a Talk: Controlling IDA Pro With Voice Control Software

Introduction This blog post is the next episode in the FireEye Labs Advanced Reverse Engineering FLARE team Script Series. Today, we are sharing something quite unusual. It is not a tool or a virtual machine distribution, nor is it a plugin or script for a popular reverse engineering tool or...

0.2AI score
Exploits0References7
FireEye
FireEye
added 2019/10/01 12:0 a.m.18 views

Head Fake: Tackling Disruptive Ransomware Attacks

Within the past several months, FireEye has observed financially-motivated threat actors employ tactics that focus on disrupting business processes by deploying ransomware in mass throughout a victim’s environment. Understanding that normal business processes are critical to organizational succes...

7.6AI score
Exploits0References7
FireEye
FireEye
added 2019/07/25 12:0 a.m.18 views

Finding Evil in Windows 10 Compressed Memory, Part One: Volatility and Rekall Tools

Paging all digital forensicators, incident responders, and memory manager enthusiasts! Have you ever found yourself at a client site working around the clock to extract evil from a Windows 10 image? Have you hit the wall at step zero, running into difficulties viewing a process tree, or enumerati...

6.4AI score
Exploits0References10
FireEye
FireEye
added 2018/12/12 5:30 p.m.18 views

FLARE Script Series: Automating Objective-C Code Analysis with Emulation

This blog post is the next episode in the FireEye Labs Advanced Reverse Engineering FLARE team Script Series. Today, we are sharing a new IDAPython library – flare-emu – powered by IDA Pro and the Unicorn emulation framework that provides scriptable emulation features for the x86, x8664, ARM, and...

6.5AI score
Exploits0References10
FireEye
FireEye
added 2017/04/26 8:0 a.m.18 views

Evolving Analytics for Execution Trace Data

Five years ago, Mandiant released a proof of concept tool named ShimCacheParser, along with a blog post titled “Leveraging the Application Compatibility Cache in Forensic Investigations”. Since then, ShimCache metadata has become increasingly popular as a source of forensic evidence, both for...

0.6AI score
Exploits0
FireEye
FireEye
added 2017/03/15 8:48 a.m.18 views

Still Getting Served: A Look at Recent Malvertising Campaigns Involving Exploit Kits

Malvertising occurs when an online advertising network knowingly or unknowingly serves up malicious advertisements on a website. Malvertisements are a type of “drive-by” threat that tend to result in users being infected with malware for simply visiting a website. The victims of this threat are...

6.6AI score
Exploits0
FireEye
FireEye
added 2017/02/22 9:45 a.m.18 views

Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government

Introduction FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy, a popular remote access tool RAT that has been used for...

8.1AI score
Exploits0
FireEye
FireEye
added 2016/11/30 12:13 p.m.18 views

‘One-Stop Shop’ – Phishing Domain Targets Information from Customers of Several Indian Banks

FireEye Labs recently discovered a malicious phishing domain designed to steal a variety of information – including credentials and mobile numbers – from customers of several banks in India. Currently, we have not observed this domain being used in any campaigns. The phishing websites appear to b...

6.9AI score
Exploits0
FireEye
FireEye
added 2016/10/20 12:0 p.m.18 views

Rotten Apples: Resurgence

In June 2016, we published a blog about a phishing campaign targeting the Apple IDs and passwords of Chinese Apple users that emerged in the first quarter of 2016 referred to as the “Zycode” phishing campaign. At FireEye Labs we have an automated system designed to proactively detect newly...

6.7AI score
Exploits0References6
FireEye
FireEye
added 2016/10/13 12:0 p.m.18 views

Operations of a Brazilian Payment Card Fraud Group

Introduction Brazil has been designated a major hub for financially motivated eCrime threat activity. Brazilian threat actors are targeting domestic and foreign entities and individuals, with frequent targeting of U.S. assets. The country routinely places in "Top Five" lists of various global cyb...

8.5AI score
Exploits0References1
FireEye
FireEye
added 2016/08/12 10:0 a.m.18 views

Analyzing the Malware Analysts – Inside FireEye’s FLARE Team

At the Black Hat USA 2016 conference in Las Vegas last week, I was fortunate to sit down with Michael Sikorski, Director, FireEye Labs Advanced Reverse Engineering FLARE Team. During our conversation we discussed the origin of the FLARE team, what it takes to analyze malware, Michael’s book...

6.9AI score
Exploits0
FireEye
FireEye
added 2016/06/20 8:0 p.m.18 views

Red Line Drawn: China Recalculates Its Use of Cyber Espionage

On Sept. 25, 2015, President Barack Obama and Chinese President Xi Jinping agreed that neither government would “conduct or knowingly support cyber-enabled theft of intellectual property” for an economic advantage. Some observers hailed the agreement as a game changer for U.S. and Chinese...

7.3AI score
Exploits0
FireEye
FireEye
added 2016/06/06 8:0 a.m.18 views

Angler Exploit Kit Evading EMET

We recently encountered some exploits from Angler Exploit Kit EK that are completely evading Microsoft’s Enhanced Mitigation Experience Toolkit EMET. This is something we are seeing for the first time in the wild, and we only observed it affecting systems running Windows 7. Angler EK uses complex...

7.6AI score
Exploits0
FireEye
FireEye
added 2016/05/22 3:0 a.m.18 views

Targeted Attacks against Banks in the Middle East

UPDATE Dec. 8, 2017: We now attribute this campaign to APT34, a suspected Iranian cyber espionage threat group that we believe has been active since at least 2014. Learn more about APT34 and their late 2017 targeting of a government organization in the Middle East. Introduction In the first week ...

7AI score
Exploits0
FireEye
FireEye
added 2016/05/04 4:0 a.m.18 views

A Cyber Revolution: Advanced Attacks Increasing in EMEA Reflect Political Tension

Financial, geopolitical and economical changes made 2015 a very busy year for the Europe, Middle East and Africa EMEA region, particularly in the cyber realm. FireEye has been monitoring these shifting cyber trends and has identified considerable evolutions to the EMEA threat landscape when...

0.2AI score
Exploits0
FireEye
FireEye
added 2016/01/13 12:30 p.m.18 views

SlemBunk Part II: Prolonged Attack Chain and Better-Organized Campaign

Introduction Our follow-up investigation of a nasty Android banking malware we identified at the tail end of last year has not only revealed that the trojan is more persistent than we initially realized – thus making for a much more dangerous threat – but that it is also being used as part of an...

0.2AI score
Exploits0
FireEye
FireEye
added 2015/11/16 8:0 a.m.18 views

FLARE IDA Pro Script Series: Automating Function Argument Extraction

...

3.2AI score
Exploits0
FireEye
FireEye
added 2020/08/11 5:0 p.m.17 views

COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon Tracker Module

During a recent investigation at a telecommunications company led by Mandiant Managed Defense, our team was tasked with rapidly identifying systems that had been accessed by a threat actor using legitimate, but compromised domain credentials. This sometimes-challenging task was made simple becaus...

0.1AI score
Exploits0References4
FireEye
FireEye
added 2019/11/25 8:0 p.m.17 views

FIDL: FLARE’s IDA Decompiler Library

IDA Pro and the Hex Rays decompiler are a core part of any toolkit for reverse engineering and vulnerability research. In a previous blog post we discussed how the Hex-Rays API can be used to solve small, well-defined problems commonly seen as part of malware analysis. Having access to a...

6.7AI score
Exploits0References2
FireEye
FireEye
added 2019/10/17 3:30 p.m.17 views

Definitive Dossier of Devilish Debug Details – Part Deux: A Didactic Deep Dive into Data Driven Deductions

In Part One of this blog series, Steve Miller outlined what PDB paths are, how they appear in malware, how we use them to detect malicious files, and how we sometimes use them to make associations about groups and actors. As Steve continued his research into PDB paths, we became interested in...

6.4AI score
Exploits0References11
FireEye
FireEye
added 2019/04/25 9:0 a.m.17 views

CARBANAK Week Part Four: The CARBANAK Desktop Video Player

Part One, Part Two and Part Three of CARBANAK Week are behind us. In this final blog post, we dive into one of the more interesting tools that is part of the CARBANAK toolset. The CARBANAK authors wrote their own video player and we happened to come across an interesting video capture from CARBAN...

Exploits0References9
FireEye
FireEye
added 2019/04/09 5:0 p.m.17 views

Churning Out Machine Learning Models: Handling Changes in Model Predictions

Introduction Machine learning ML is playing an increasingly important role in cyber security. Here at FireEye, we employ ML for a variety of tasks such as: antivirus, malicious PowerShell detection, and correlating threat actor behavior. While many people think that a data scientist’s job is...

7.1AI score
Exploits0References8
FireEye
FireEye
added 2017/08/24 12:30 p.m.17 views

Announcing the Fourth Annual Flare-On Challenge

The fourth annual Flare-On Challenge – the FireEye Labs Advanced Reverse Engineering FLARE team’s yearly reverse engineering contest – is scheduled to kick off on Sept. 1, 2017, at 8pm ET. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security...

6.7AI score
Exploits0
FireEye
FireEye
added 2017/07/25 1:0 p.m.17 views

HawkEye Credential Theft Malware Distributed in Recent Phishing Campaign

A wide variety of threat actors began distributing HawkEye malware through high-volume email campaigns after it became available for purchase via a public-facing website. The actors behind the phishing campaigns typically used email themes based on current events and media reports that would piqu...

7.3AI score
Exploits0
FireEye
FireEye
added 2016/11/09 8:0 a.m.17 views

Extending Linux Executable Logging With The Integrity Measurement Architecture

Gaining insight into the files being executed on your system is a great first step towards improved visibility on your endpoints. Taking this a step further, centrally storing logs of file execution data so they can be used for detection and hunting provides an excellent opportunity to find evil ...

7AI score
Exploits0
FireEye
FireEye
added 2016/09/13 10:20 a.m.17 views

Announcing the Third Annual Flare-On Challenge

Let fall be the season for reverse engineering! On Sept. 23, 2016, the FireEye Labs Advanced Reverse Engineering FLARE team will be hosting its third annual Flare-On reverse engineering contest with a designated start time of 8pm ET. This is a CTF-style challenge for all active and aspiring rever...

0.9AI score
Exploits0
FireEye
FireEye
added 2016/07/27 10:0 a.m.17 views

Red Team Tool Roundup

In many cases Red Team tools are not written because someone feels like writing a tool, or wakes up one morning thinking, “I want to write a tool today”. Red Teamers generally identify tedious tasks in their methodology and then create tools that automate these tasks for current and future...

0.8AI score
Exploits0
FireEye
FireEye
added 2016/06/23 9:0 a.m.17 views

Automatically Extracting Obfuscated Strings from Malware using the FireEye Labs Obfuscated String Solver (FLOSS)

Introduction and Motivation Have you ever run strings.exe on a malware executable and its output provided you with IP addresses, file names, registry keys, and other indicators of compromise IOCs? Great! No need to run further analysis or hire expensive experts to determine if a file is malicious...

Exploits0
FireEye
FireEye
added 2016/06/02 8:0 a.m.17 views

IRONGATE ICS Malware: Nothing to See Here...Masking Malicious Activity on SCADA Systems

In the latter half of 2015, the FireEye Labs Advanced Reverse Engineering FLARE team identified several versions of an ICS-focused malware crafted to manipulate a specific industrial process running within a simulated Siemens control system environment. We named this family of malware IRONGATE...

Exploits0
FireEye
FireEye
added 2016/05/18 8:0 a.m.17 views

Ransomware Activity Spikes in March, Steadily increasing throughout 2016

UPDATE June 15, 2016: This post has been updated to include new data on ransomware activity, which is also now broken down by region. Cyber extortion for financial gain is typically carried out in one of two ways. The first method is a business disruption attack – a category we discussed at lengt...

7.1AI score
Exploits0
FireEye
FireEye
added 2016/05/04 8:0 a.m.17 views

A Cyber Revolution: Advanced Attacks Increasing in EMEA Reflect Political Tension

Financial, geopolitical and economical changes made 2015 a very busy year for the Europe, Middle East and Africa EMEA region, particularly in the cyber realm. FireEye has been monitoring these shifting cyber trends and has identified considerable evolutions to the EMEA threat landscape when...

6.7AI score
Exploits0References3
FireEye
FireEye
added 2016/04/04 12:30 p.m.17 views

Rollout or Not: the Benefits and Risks of iOS Remote Hot Patching

Previously On iOS Remote Hot Patching Apple’s detailed app review process has resulted in greater security for iOS apps made available through the App Store. However, this review process can be lengthy, which negatively impacts developers who need to quickly patch a buggy or insecure app. As a...

6.7AI score
Exploits0References17
FireEye
FireEye
added 2015/12/17 5:53 p.m.17 views

SlemBunk: An Evolving Android Trojan Family Targeting Users of Worldwide Banking Apps

FireEye mobile researchers recently identified a series of Android trojan apps that are designed to imitate the legitimate apps of 33 financial management institutions and service providers across the globe. We dub the family “SlemBunk,” and have seen it covering three major continents: North...

0.7AI score
Exploits0
FireEye
FireEye
added 2015/11/24 12:1 a.m.17 views

ModPOS: Highly-Sophisticated, Stealthy Malware Targeting US POS Systems with High Likelihood of Broader Campaigns

Today, iSIGHT Partners is sharing details about a highly sophisticated criminal malware framework that has been used to target point-of-sale POS systems at US-based retailers. We believe this very hard to detect malware is likely being used in broader campaigns and are disclosing details to help...

Exploits0
FireEye
FireEye
added 2015/11/03 7:27 a.m.17 views

XcodeGhost S: A New Breed Hits the US

Just over a month ago, iOS users were warned of the threat to their devices by the XcodeGhost malware. Apple quickly reacted, taking down infected apps from the App Store and releasing new security features to stop malicious activities. Through continuous monitoring of our customers’ networks,...

1.2AI score
Exploits0
FireEye
FireEye
added 2013/11/13 6:15 p.m.17 views

General Michael Hayden Talks about the Future of Cybersecurity at MIRcon 2013

When you've got some of the cybersecurity industry's best and brightest practitioners in one room, just how do you top the conversations they're having across the breakfast table? By getting one of the foremost experts on cybersecurity to deliver a top notch speech on the future of the industry,...

0.1AI score
Exploits0
FireEye
FireEye
added 2020/08/25 12:0 a.m.16 views

A Hands-On Introduction to Mandiant's Approach to OT Red Teaming

Operational technology OT asset owners have historically considered red teaming of OT and industrial control system ICS networks to be too risky due to the potential for disruptions or adverse impact to production systems. While this mindset has remained largely unchanged for years, Mandiant's...

0.2AI score
Exploits0References4
FireEye
FireEye
added 2020/08/04 12:0 a.m.16 views

Announcing the Seventh Annual Flare-On Challenge

The Front Line Applied Research & Expertise FLARE team is honored to announce that the popular Flare-On challenge will return for a triumphant seventh year. Ongoing global events proved no match against our passion for creating challenging and fun puzzles to test and hone the skills of aspiring a...

7.2AI score
Exploits0References1
FireEye
FireEye
added 2020/03/31 12:0 a.m.16 views

It’s Your Money and They Want It Now — The Cycle of Adversary Pursuit

When we discover new intrusions, we ask ourselves questions that will help us understand the totality of the activity set. How common is this activity? Is there anything unique or special about this malware or campaign? What is new and what is old in terms of TTPs or infrastructure? Is this being...

7.1AI score
Exploits0References5
Total number of security vulnerabilities545