Mandiant Threat Intelligence uncovered a large number of legitimate portable executable (PE) binaries affected by various types of PE infecting malware.

Recent malware campaigns in Europe  are using similar overlay techniques to trick unsuspecting users into providing their banking credentials.

FireEye Labs recently identified a previously unobserved version of Ploutus, dubbed Ploutus-D, that interacts with KAL’s Kalignite multivendor ATM platform. The samples we identified target the ATM vendor Diebold.

Each of our 2023 GSoC contributors’ projects added new features to FLARE’s open source malware analysis tooling.

Mandiant detected and responded to an UNC3313 intrusion at a Middle East government customer, and identified new targeted malware.

On June 27, 2017, multiple organizations – many in Europe – reported  significant disruptions  they are attributing to a variant of the Petya ransomware, which we are calling “EternalPetya”. The malware was initially distributed through a compromised software update system and then self-propagated through stolen credentials and SMB exploits, including the  EternalBlue exploit  used in the  WannaCry  attack from May 2017.

IDA Pro is popular, so we focus on releasing scripts and plug-ins to help make it more effective at fighting evil.

Mandiant discovered a malicious driver used to terminate select processes on Windows systems.

COSMICENERGY is the latest example of specialized OT malware capable of causing cyber physical impacts.

We share a script that integrates MSDN information into IDA Pro automatically, and we show you how to use it.