We are very excited to add a new machine learning (ML) layer to this defense-in-depth endpoint strategy: MalwareGuard.

Many attackers continue to leverage PowerShell as a part of their malware ecosystem, mostly delivered and executed by malicious binaries and documents. Of malware that uses PowerShell, the most prevalent use is the garden-variety stager: an executable or document macro that launches PowerShell to download another executable and run it.

Mandiant Saves Multi-Brand Restaurant Company Millions of Dollars by Avoiding Ransomware

In late 2014, FireEye Threat Intelligence and the Microsoft Threat Intelligence Center discovered a Command-and-Control (CnC) obfuscation tactic on Microsoft’s TechNet web portal—a valuable web resource for IT professionals.

This post continues the FireEye Labs Advanced Reverse Engineering (FLARE) script series. In this post, we continue to discuss the flare-dbg project. If you haven’t read my  first post on using flare-dbg to automate string decoding,  be sure to check it out!

In 2012, a suspected Iranian hacker group called the “Cutting Sword of Justice” used malware known as Shamoon – or Disttrack. In mid-November, Mandiant, a FireEye company, responded to the first Shamoon 2.0 incident against an organization located in the Gulf states. Since then, Mandiant has responded to multiple incidents at other organizations in the region.

Many people are hearing the term UNC for the first time after we published details of a threat group we refer to as  UNC2452 . “UNC” groups—or “uncategorized” groups—are raw attribution analysis that we previously kept primarily in house. We recently began rolling out UNC information to  Mandiant Advantage  customers because we want to give users direct access to source materials and raw analysis that Mandiant experts use to write intelligence, respond to breaches, and defend our clients. In light of recent events, we want to provide some more details to the greater public on the UNC designation.

A Managed Defense investigation was made a whole lot easier because the customer had enabled the Logon Tracker module within their FireEye Endpoint Security product.

COVID-19 has had enormous effects on our society and economy, but its effects on the cyber threat landscape remain limited.

FireEye continues to observe actors taking advantage of CVE-2019-19781, this time with the likely intent of distributing ransomware.