Our Mandiant Partnerships and Technology Alliance teams build relationships with industry-leading security controls providers to deliver advanced protection for our customers through our technology ecosystem. We are always looking for the right partners to build custom solutions that make us better together.

This post continues the FireEye Labs Advanced Reverse Engineering (FLARE) script series. In this post, we continue to discuss the flare-dbg project. If you haven’t read my  first post on using flare-dbg to automate string decoding,  be sure to check it out!

In July, the FireEye Labs Advanced Reverse Engineering (FLARE) team created and released the first FLARE On Challenge to the community. A total of 7,140 people participated and showed off their skills, and 226 people completed the challenge. Everyone who finished the challenge received a challenge coin to commemorate their success.

This post continues the FireEye Labs Advanced Reverse Engineering (FLARE) script series. Here, we introduce flare-qdb, a command-line utility and Python module based on vivisect for querying and altering dynamic binary state conveniently, iteratively, and at scale. flare-qdb works on Windows and Linux, and can be obtained from the  flare-qdb github project .

The Mandiant Advanced Practices team recently discovered a new malware family we have named PRIVATELOG and its installer, STASHLOG. In this post, we will share a novel and especially interesting technique the samples use to hide data, along with detailed analysis of both files that was performed with the support of FLARE analysts. We will also share sample detection rules, and hunting recommendations to find similar activity in your environment.

On Advanced Practices, we are always looking for new ways to find malicious activity and track adversaries over time. Today we’re sharing a technique we use to detect and cluster Microsoft Office documents—specifically those in the  Office Open XML (OOXML)  file format. Additionally, we’re releasing a tool so analysts and defenders can automatically generate YARA rules using this technique.

Intel (API v4), Collects Threat Indicators, Malware Families, Vulnerabilities, and Threat Actor intelligence and creates MISP Events

Cyber threat intelligence (CTI) is a powerful weapon for organizations to identify and better understand relevant threats and how to defend against them.

Mandiant Threat Intelligence exposes how,  , threat actors have used e vacuation and humanitarian documents as spear phishing lures against Ukrainians

We introduce FIN11, a highly active group that Mandiant Threat Intelligence recently promoted to a FIN (or financially motivated) threat actor.