Lucene search
+L
FireeyeRecent

545 matches found

FireEye
FireEye
added 2016/12/15 8:0 a.m.46 views

Do You See What I CCM?

SCCM Software Metering Reviewing forensic keyword searches can be confusing because it is often difficult for an analyst to determine the source of the various structures that contain string matches. One such structure belongs to Microsoft's System Center Configuration Manager's SCCM software...

7.1AI score
Exploits0
FireEye
FireEye
added 2016/11/30 11:13 p.m.16 views

FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region

In 2012, a suspected Iranian hacker group called the “Cutting Sword of Justice” used malware known as Shamoon – or Disttrack. In mid-November, Mandiant, a FireEye company, responded to the first Shamoon 2.0 incident against an organization located in the Gulf states. Since then, Mandiant has...

0.1AI score
Exploits0
FireEye
FireEye
added 2016/11/30 11:13 p.m.11 views

FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region

In 2012, a suspected Iranian hacker group called the “Cutting Sword of Justice” used malware known as Shamoon – or Disttrack. In mid-November, Mandiant, a FireEye company, responded to the first Shamoon 2.0 incident against an organization located in the Gulf states. Since then, Mandiant has...

7.4AI score
Exploits0
FireEye
FireEye
added 2016/11/30 5:13 p.m.16 views

‘One-Stop Shop’ – Phishing Domain Targets Information from Customers of Several Indian Banks

FireEye Labs recently discovered a malicious phishing domain designed to steal a variety of information – including credentials and mobile numbers – from customers of several banks in India. Currently, we have not observed this domain being used in any campaigns. The phishing websites appear to b...

6.9AI score
Exploits0References1
FireEye
FireEye
added 2016/11/30 12:13 p.m.18 views

‘One-Stop Shop’ – Phishing Domain Targets Information from Customers of Several Indian Banks

FireEye Labs recently discovered a malicious phishing domain designed to steal a variety of information – including credentials and mobile numbers – from customers of several banks in India. Currently, we have not observed this domain being used in any campaigns. The phishing websites appear to b...

6.9AI score
Exploits0
FireEye
FireEye
added 2016/11/30 12:13 p.m.15 views

‘One-Stop Shop’ – Phishing Domain Targets Information from Customers of Several Indian Banks

FireEye Labs recently discovered a malicious phishing domain designed to steal a variety of information – including credentials and mobile numbers – from customers of several banks in India. Currently, we have not observed this domain being used in any campaigns. The phishing websites appear to b...

0.4AI score
Exploits0
FireEye
FireEye
added 2016/11/16 1:16 p.m.21 views

FireEye Cyber Defense Summit 2016: The Incident Response Track – Technical Details and Solutions that Work

2016 has been a year of significant change to the cyber security landscape. The rapid proliferation of ransomware and the emergence of Internet of Things mass compromise has changed the landscape for responders. Similarly, existing threats have become more brazen, with nation-state actors...

6.6AI score
Exploits0
FireEye
FireEye
added 2016/11/16 1:16 p.m.14 views

FireEye Cyber Defense Summit 2016: The Incident Response Track – Technical Details and Solutions that Work

2016 has been a year of significant change to the cyber security landscape. The rapid proliferation of ransomware and the emergence of Internet of Things mass compromise has changed the landscape for responders. Similarly, existing threats have become more brazen, with nation-state actors...

Exploits0
FireEye
FireEye
added 2016/11/09 1:0 p.m.16 views

Extending Linux Executable Logging With The Integrity Measurement Architecture

Gaining insight into the files being executed on your system is a great first step towards improved visibility on your endpoints. Taking this a step further, centrally storing logs of file execution data so they can be used for detection and hunting provides an excellent opportunity to find evil ...

7AI score
Exploits0References6
FireEye
FireEye
added 2016/11/09 8:0 a.m.53 views

Extending Linux Executable Logging With The Integrity Measurement Architecture

Gaining insight into the files being executed on your system is a great first step towards improved visibility on your endpoints. Taking this a step further, centrally storing logs of file execution data so they can be used for detection and hunting provides an excellent opportunity to find evil ...

7.4AI score
Exploits0
FireEye
FireEye
added 2016/11/09 8:0 a.m.17 views

Extending Linux Executable Logging With The Integrity Measurement Architecture

Gaining insight into the files being executed on your system is a great first step towards improved visibility on your endpoints. Taking this a step further, centrally storing logs of file execution data so they can be used for detection and hunting provides an excellent opportunity to find evil ...

7AI score
Exploits0
FireEye
FireEye
added 2016/11/04 4:53 p.m.42 views

2016 Flare-On Challenge Solutions

I would like to thank the challenge authors this year: 1. Alexander Rich 2. Matt Williams @0xmwilliams 3. Dominik Weber 4. James T. Bennett @jtbennettjr 5. Tyler Dean 6. Josh Homan 7. Alex Berry 8. Nick Harbour @nickharbour 9. Jon Erickson @2130706433 10. FireEye Labs Advanced Vulnerability...

0.7AI score
Exploits0
FireEye
FireEye
added 2016/11/04 4:53 p.m.28 views

2016 Flare-On Challenge Solutions

I would like to thank the challenge authors this year: 1. Alexander Rich 2. Matt Williams @0xmwilliams 3. Dominik Weber 4. James T. Bennett @jtbennettjr 5. Tyler Dean 6. Josh Homan 7. Alex Berry 8. Nick Harbour @nickharbour 9. Jon Erickson @2130706433 10. FireEye Labs Advanced Vulnerability...

6.7AI score
Exploits0
FireEye
FireEye
added 2016/10/20 12:0 p.m.18 views

Rotten Apples: Resurgence

In June 2016, we published a blog about a phishing campaign targeting the Apple IDs and passwords of Chinese Apple users that emerged in the first quarter of 2016 referred to as the “Zycode” phishing campaign. At FireEye Labs we have an automated system designed to proactively detect newly...

6.7AI score
Exploits0References6
FireEye
FireEye
added 2016/10/20 8:0 a.m.24 views

Rotten Apples: Resurgence

In June 2016, we published a blog about a phishing campaign targeting the Apple IDs and passwords of Chinese Apple users that emerged in the first quarter of 2016 referred to as the “Zycode” phishing campaign. At FireEye Labs we have an automated system designed to proactively detect newly...

6.9AI score
Exploits0
FireEye
FireEye
added 2016/10/20 8:0 a.m.23 views

Rotten Apples: Resurgence

In June 2016, we published a blog about a phishing campaign targeting the Apple IDs and passwords of Chinese Apple users that emerged in the first quarter of 2016 referred to as the “Zycode” phishing campaign. At FireEye Labs we have an automated system designed to proactively detect newly...

6.7AI score
Exploits0
FireEye
FireEye
added 2016/10/13 12:0 p.m.18 views

Operations of a Brazilian Payment Card Fraud Group

Introduction Brazil has been designated a major hub for financially motivated eCrime threat activity. Brazilian threat actors are targeting domestic and foreign entities and individuals, with frequent targeting of U.S. assets. The country routinely places in "Top Five" lists of various global cyb...

8.5AI score
Exploits0References1
FireEye
FireEye
added 2016/10/13 8:0 a.m.95 views

Operations of a Brazilian Payment Card Fraud Group

Introduction Brazil has been designated a major hub for financially motivated eCrime threat activity. Brazilian threat actors are targeting domestic and foreign entities and individuals, with frequent targeting of U.S. assets. The country routinely places in "Top Five" lists of various global cyb...

8.6AI score
Exploits0
FireEye
FireEye
added 2016/10/13 8:0 a.m.15 views

Operations of a Brazilian Payment Card Fraud Group

Introduction Brazil has been designated a major hub for financially motivated eCrime threat activity. Brazilian threat actors are targeting domestic and foreign entities and individuals, with frequent targeting of U.S. assets. The country routinely places in "Top Five" lists of various global cyb...

8.5AI score
Exploits0
FireEye
FireEye
added 2016/10/07 12:0 p.m.22 views

Increased Use of WMI for Environment Detection and Evasion

Introduction Throughout the past few months, FireEye Labs has observed an increased use of Windows Management Instrumentation WMI queries for environment detection and evasion of dynamic analysis and virtualization engines. WMI provides high-level interaction with Windows objects using C/C++,...

7.4AI score
Exploits0References2
FireEye
FireEye
added 2016/10/07 8:0 a.m.41 views

Increased Use of WMI for Environment Detection and Evasion

Introduction Throughout the past few months, FireEye Labs has observed an increased use of Windows Management Instrumentation WMI queries for environment detection and evasion of dynamic analysis and virtualization engines. WMI provides high-level interaction with Windows objects using C/C++,...

7.4AI score
Exploits0
FireEye
FireEye
added 2016/10/07 8:0 a.m.29 views

Increased Use of WMI for Environment Detection and Evasion

Introduction Throughout the past few months, FireEye Labs has observed an increased use of Windows Management Instrumentation WMI queries for environment detection and evasion of dynamic analysis and virtualization engines. WMI provides high-level interaction with Windows objects using C/C++,...

0.2AI score
Exploits0
FireEye
FireEye
added 2016/09/29 12:0 p.m.11 views

Vendetta Brothers, Inc. – A Window Into the Business of the Cybercriminal Underground

FireEye iSIGHT Intelligence has been tracking a pair of cybercriminals that we refer to as the “Vendetta Brothers.” This enterprising duo uses various strategies to compromise point-of-sale systems, steal payment card information and sell it on their underground marketplace “Vendetta World.” The...

6.6AI score
Exploits0References1
FireEye
FireEye
added 2016/09/29 8:0 a.m.12 views

Vendetta Brothers, Inc. – A Window Into the Business of the Cybercriminal Underground

FireEye iSIGHT Intelligence has been tracking a pair of cybercriminals that we refer to as the “Vendetta Brothers.” This enterprising duo uses various strategies to compromise point-of-sale systems, steal payment card information and sell it on their underground marketplace “Vendetta World.” The...

1.2AI score
Exploits0
FireEye
FireEye
added 2016/09/29 8:0 a.m.14 views

Vendetta Brothers, Inc. – A Window Into the Business of the Cybercriminal Underground

FireEye iSIGHT Intelligence has been tracking a pair of cybercriminals that we refer to as the “Vendetta Brothers.” This enterprising duo uses various strategies to compromise point-of-sale systems, steal payment card information and sell it on their underground marketplace “Vendetta World.” The...

6.6AI score
Exploits0
FireEye
FireEye
added 2016/09/23 10:30 a.m.30 views

Hancitor (AKA Chanitor) observed using multiple attack approaches

Many threat actors use multiple attack vectors to ensure success. The individuals using Hancitor malware also known by the name Chanitor are no exception and have taken three approaches to deliver the malware in order to ultimately steal data from their victims. These techniques include uncommon...

7.1AI score
Exploits0
FireEye
FireEye
added 2016/09/23 10:30 a.m.35 views

Hancitor (AKA Chanitor) observed using multiple attack approaches

Many threat actors use multiple attack vectors to ensure success. The individuals using Hancitor malware also known by the name Chanitor are no exception and have taken three approaches to deliver the malware in order to ultimately steal data from their victims. These techniques include uncommon...

0.5AI score
Exploits0
FireEye
FireEye
added 2016/09/13 10:20 a.m.22 views

Announcing the Third Annual Flare-On Challenge

Let fall be the season for reverse engineering! On Sept. 23, 2016, the FireEye Labs Advanced Reverse Engineering FLARE team will be hosting its third annual Flare-On reverse engineering contest with a designated start time of 8pm ET. This is a CTF-style challenge for all active and aspiring rever...

6.7AI score
Exploits0
FireEye
FireEye
added 2016/09/13 10:20 a.m.17 views

Announcing the Third Annual Flare-On Challenge

Let fall be the season for reverse engineering! On Sept. 23, 2016, the FireEye Labs Advanced Reverse Engineering FLARE team will be hosting its third annual Flare-On reverse engineering contest with a designated start time of 8pm ET. This is a CTF-style challenge for all active and aspiring rever...

0.9AI score
Exploits0
FireEye
FireEye
added 2016/08/27 3:45 a.m.10 views

RIPPER ATM Malware and the 12 Million Baht Jackpot

On Aug. 23, 2016, FireEye detected a potentially new ATM malware sample that used some interesting techniques not seen before. To add more fuel to an existing fire, the sample was uploaded to VirusTotal from an IP address in Thailand a couple of minutes before the Bangkok Post newspaper reported...

6.7AI score
Exploits0References3
FireEye
FireEye
added 2016/08/26 11:45 p.m.33 views

RIPPER ATM Malware and the 12 Million Baht Jackpot

On Aug. 23, 2016, FireEye detected a potentially new ATM malware sample that used some interesting techniques not seen before. To add more fuel to an existing fire, the sample was uploaded to VirusTotal from an IP address in Thailand a couple of minutes before the Bangkok Post newspaper reported...

6.7AI score
Exploits0
FireEye
FireEye
added 2016/08/26 11:45 p.m.19 views

RIPPER ATM Malware and the 12 Million Baht Jackpot

On Aug. 23, 2016, FireEye detected a potentially new ATM malware sample that used some interesting techniques not seen before. To add more fuel to an existing fire, the sample was uploaded to VirusTotal from an IP address in Thailand a couple of minutes before the Bangkok Post newspaper reported...

0.7AI score
Exploits0
FireEye
FireEye
added 2016/08/24 7:0 p.m.10 views

M-Trends Asia Pacific: Organizations Must Improve at Detecting and Responding to Breaches

Since 2010, Mandiant, a FireEye company, has presented trends, statistics and case studies of some of the largest and most sophisticated cyber attacks. In February 2016, we released our annual global M-Trends® report based on data from the breaches we responded to in 2015. Now, we are releasing...

6.6AI score
Exploits0
FireEye
FireEye
added 2016/08/24 7:0 p.m.30 views

M-Trends Asia Pacific: Organizations Must Improve at Detecting and Responding to Breaches

Since 2010, Mandiant, a FireEye company, has presented trends, statistics and case studies of some of the largest and most sophisticated cyber attacks. In February 2016, we released our annual global M-Trends® report based on data from the breaches we responded to in 2015. Now, we are releasing...

1.9AI score
Exploits0
FireEye
FireEye
added 2016/08/23 8:0 a.m.35 views

Unsealing the Deal: Cyber Threats to Mergers and Acquisitions Persist in a Hot Market

Risks Posed by Sensitive Corporate Communications, Broadened Attack Surface In 2015, a record $5 trillion dollars was tied up in mergers and acquisitions M&A deals, according to JP Morgan. So far, mega deals in 2016 include Microsoft’s purchase of LinkedIn, Shire’s acquisition of Baxalta, and...

0.8AI score
Exploits0
FireEye
FireEye
added 2016/08/23 8:0 a.m.16 views

Unsealing the Deal: Cyber Threats to Mergers and Acquisitions Persist in a Hot Market

Risks Posed by Sensitive Corporate Communications, Broadened Attack Surface In 2015, a record $5 trillion dollars was tied up in mergers and acquisitions M&A deals, according to JP Morgan. So far, mega deals in 2016 include Microsoft’s purchase of LinkedIn, Shire’s acquisition of Baxalta, and...

6.8AI score
Exploits0
FireEye
FireEye
added 2016/08/22 8:0 a.m.94 views

Embedded Hardware Hacking 101 – The Belkin WeMo Link

Why Embedded Hacking? Devices that are connected to the Internet or run a full operating system are becoming more and more prevalent in today’s society. From devices for locomotives to wireless light switches, the Internet of Things IoT trend is on the rise and here to stay. This has the potentia...

Exploits0
FireEye
FireEye
added 2016/08/22 8:0 a.m.104 views

Embedded Hardware Hacking 101 – The Belkin WeMo Link

Why Embedded Hacking? Devices that are connected to the Internet or run a full operating system are becoming more and more prevalent in today’s society. From devices for locomotives to wireless light switches, the Internet of Things IoT trend is on the rise and here to stay. This has the potentia...

7.4AI score
Exploits0
FireEye
FireEye
added 2016/08/18 8:0 a.m.201 views

WMI vs. WMI: Monitoring for Malicious Activity

Hello my name is: WMI WMI has been a core component of Windows since Windows 98, but it is not exactly old wine in a new bottle. WMI more closely resembles that bottle of ‘61 Bordeaux wine that continues to impress us as it ages and matures. WMI was developed as Microsoft’s interpretation of...

7.2AI score
Exploits0
FireEye
FireEye
added 2016/08/18 8:0 a.m.45 views

WMI vs. WMI: Monitoring for Malicious Activity

Hello my name is: WMI WMI has been a core component of Windows since Windows 98, but it is not exactly old wine in a new bottle. WMI more closely resembles that bottle of ‘61 Bordeaux wine that continues to impress us as it ages and matures. WMI was developed as Microsoft’s interpretation of...

0.2AI score
Exploits0
FireEye
FireEye
added 2016/08/17 4:15 p.m.12 views

Locky Ransomware Distributed Via DOCM Attachments in Latest Email Campaigns

Throughout August, FireEye Labs has observed a few massive email campaigns distributing Locky ransomware. The campaigns have affected various industries, with the healthcare industry being hit the hardest based on our telemetry, as seen in Figure 1. Figure 1. Top 10 affected industries Numerous...

6.9AI score
Exploits0References1
FireEye
FireEye
added 2016/08/17 12:15 p.m.24 views

Locky Ransomware Distributed Via DOCM Attachments in Latest Email Campaigns

Throughout August, FireEye Labs has observed a few massive email campaigns distributing Locky ransomware. The campaigns have affected various industries, with the healthcare industry being hit the hardest based on our telemetry, as seen in Figure 1. Figure 1. Top 10 affected industries Numerous...

0.3AI score
Exploits0
FireEye
FireEye
added 2016/08/17 12:15 p.m.21 views

Locky Ransomware Distributed Via DOCM Attachments in Latest Email Campaigns

Throughout August, FireEye Labs has observed a few massive email campaigns distributing Locky ransomware. The campaigns have affected various industries, with the healthcare industry being hit the hardest based on our telemetry, as seen in Figure 1. Figure 1. Top 10 affected industries Numerous...

6.9AI score
Exploits0
FireEye
FireEye
added 2016/08/12 10:0 a.m.26 views

Analyzing the Malware Analysts – Inside FireEye’s FLARE Team

At the Black Hat USA 2016 conference in Las Vegas last week, I was fortunate to sit down with Michael Sikorski, Director, FireEye Labs Advanced Reverse Engineering FLARE Team. During our conversation we discussed the origin of the FLARE team, what it takes to analyze malware, Michael’s book...

1.1AI score
Exploits0
FireEye
FireEye
added 2016/08/12 10:0 a.m.18 views

Analyzing the Malware Analysts – Inside FireEye’s FLARE Team

At the Black Hat USA 2016 conference in Las Vegas last week, I was fortunate to sit down with Michael Sikorski, Director, FireEye Labs Advanced Reverse Engineering FLARE Team. During our conversation we discussed the origin of the FLARE team, what it takes to analyze malware, Michael’s book...

6.9AI score
Exploits0
FireEye
FireEye
added 2016/08/03 8:0 a.m.25 views

Overload: Critical Lessons from 15 Years of ICS Vulnerabilities

In the past several years, a flood of vulnerabilities has hit industrial control systems ICS – the technological backbone of electric grids, water supplies, and production lines. These vulnerabilities affect the reliable operation of sensors, programmable controllers, software and networking...

6.8AI score
Exploits0
FireEye
FireEye
added 2016/08/03 8:0 a.m.21 views

Overload: Critical Lessons from 15 Years of ICS Vulnerabilities

In the past several years, a flood of vulnerabilities has hit industrial control systems ICS – the technological backbone of electric grids, water supplies, and production lines. These vulnerabilities affect the reliable operation of sensors, programmable controllers, software and networking...

0.8AI score
Exploits0
FireEye
FireEye
added 2016/08/03 4:30 a.m.234 views

FakeNet-NG: Next Generation Dynamic Network Analysis Tool

As a reverse engineer on the FLARE FireEye Labs Advanced Reverse Engineering team, I regularly perform basic dynamic analysis of malware samples. The goal is to quickly observe runtime characteristics by running binaries in a safe environment. One important task during dynamic analysis is to...

6.9AI score
Exploits0
FireEye
FireEye
added 2016/08/03 4:30 a.m.54 views

FakeNet-NG: Next Generation Dynamic Network Analysis Tool

As a reverse engineer on the FLARE FireEye Labs Advanced Reverse Engineering team, I regularly perform basic dynamic analysis of malware samples. The goal is to quickly observe runtime characteristics by running binaries in a safe environment. One important task during dynamic analysis is to...

Exploits0
FireEye
FireEye
added 2016/07/27 10:0 a.m.17 views

Red Team Tool Roundup

In many cases Red Team tools are not written because someone feels like writing a tool, or wakes up one morning thinking, “I want to write a tool today”. Red Teamers generally identify tedious tasks in their methodology and then create tools that automate these tasks for current and future...

0.8AI score
Exploits0
Total number of security vulnerabilities545