UNC2596 has been observed exploiting vulnerabilities to deliver COLDDRAW, a threat known publicly as Cuba Ransomware.

In December 2017, FireEye's Mandiant discussed an incident response involving the TRITON framework, and now FireEye’s Advanced Practices Team takes a deeper look at TRITON’s Python scripts.

We observed a widespread, global phishing campaign from UNC2529 targeting numerous organizations across an array of industries.

The FLARE team introduces two small tools to aid in reverse engineering Cocoa applications for macOS, explaining how the Objective-C runtime complicates code analysis in tools such as IDA Pro, and how to find useful entry points into a Cocoa application’s code to begin analysis.

For a taste of what we expect to see in 2022, we turned to Charles Carmakal, Mandiant's SVP and CTO

Each of our 2023 GSoC contributors’ projects added new features to FLARE’s open source malware analysis tooling.

APT29 successfully phished a European diplomatic entity and abused the Windows Credential Roaming feature.

In July, the FireEye Labs Advanced Reverse Engineering (FLARE) team created and released the first FLARE On Challenge to the community. A total of 7,140 people participated and showed off their skills, and 226 people completed the challenge. Everyone who finished the challenge received a challenge coin to commemorate their success.

IDA Pro comes with an incredibly useful array of type information gathered from various compilers.

In 2017, Mandiant responded to multiple incidents we attribute to FIN7, and a unique aspect of the incidents was how the group leveraged an application shim database to achieve persistence on systems in multiple environments.