Clik here to view.
Hiking Club Malvertisements Drop Monero Miners Via Neptune Exploit Kit
Exploit kit (EK) activity has been on the decline ever since Angler Exploit Kit was shut down in 2016. Fewer people using Internet Explorer and a drop in browser support for Adobe Flash – two primary...
View ArticleClik here to view.
Announcing the Fourth Annual Flare-On Challenge
The fourth annual Flare-On Challenge – the FireEye Labs Advanced Reverse Engineering (FLARE) team’s yearly reverse engineering contest – is scheduled to kick off on Sept. 1, 2017, at 8pm ET. This is a...
View ArticleClik here to view.
Monitoring Windows Console Activity (Part 1)
Introduction While performing incident response, Mandiant encounters attackers actively using systems on a compromised network. This activity often includes using interactive console programs via RDP...
View ArticleClik here to view.
Monitoring Windows Console Activity (Part 2)
This is the second of two blogs that discuss the implementation of the Windows console architecture from years past, with a primary focus on the current implementation present on modern versions of...
View ArticleWhy Is North Korea So Interested in Bitcoin?
In 2016 we began observing actors we believe to be North Korean utilizing their intrusion capabilities to conduct cyber crime, targeting banks and the global financial system. This marked a departure...
View ArticleClik here to view.
FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY
FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. This vulnerability allows a malicious actor to inject...
View ArticlerVMI: Perform Full System Analysis with Ease
Manual dynamic analysis is an important concept. It enables us to observe the behavior of a sophisticated malware sample or exploit by executing it in a controlled environment. The information gathered...
View ArticleClik here to view.
Introducing pywintrace: A Python Wrapper for ETW
Introduction Event tracing for Windows (ETW) is a lightweight logging facility first introduced with Windows 2000. Originally intended as a software diagnostic, troubleshooting and performance...
View ArticleClik here to view.
Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy...
When discussing suspected Middle Eastern hacker groups with destructive capabilities, many automatically think of the suspected Iranian group that previously used SHAMOON – aka Disttrack – to target...
View ArticleNorth Korean Actors Spear Phish U.S. Electric Companies
We can confirm that FireEye devices detected and stopped spear phishing emails sent on Sept. 22, 2017, to U.S. electric companies by known cyber threat actors likely affiliated with the North Korean...
View Article