So Unchill: Melting UNC2198 ICEDID to Ransomware Operations
Mandiant Advanced Practices (AP) closely tracks the shifting tactics, techniques, and procedures (TTPs) of financially motivated groups who severely disrupt organizations with ransomware. In May 2020, FireEye released a...
Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion
Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered web shell...
Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part Two)
In this post, we continue our analysis of the SolarCity ConnectPort X2e Zigbee device (referred to throughout as X2e device). In Part One, we discussed the X2e at a...
Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)
In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user. Specifically, Mandiant’s...
Cleaning up after Emotet: the law enforcement file
Following global law enforcement action to take over the Emotet botnet, a special update is being sent to clean up infected machines.
This blog post was authored by Hasherezade...
Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication
FireEye Email Security recently encountered various phishing campaigns, mostly in the Americas and Europe, using source code obfuscation with compromised or bad domains. These domains were masquerading as authentic...
Training Transformers for Cyber Security Tasks: A Case Study on Malicious URL Prediction
Highlights
Perform a case study on using Transformer models to solve cyber security problems
Train a Transformer model to detect malicious URLs under multiple training regimes
Compare our model...
Emulation of Kernel Mode Rootkits With Speakeasy
In August 2020, we released a blog post about how the Speakeasy emulation framework can be used to emulate user mode malware such as shellcode. If you haven’t had...
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
In December 2020, FireEye uncovered and publicly disclosed a widespread attacker campaign that is being tracked as UNC2452. In some, but not all, of the intrusions associated with this...
Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat
A North Korean threat group has swapped the usual Hangul Office lures for a cleverly packed Office macro.
This post was authored by Hossein Jazi
On December 7 2020 we...
