Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-11-09FireEyeStephen Eckels
@online{eckels:20201109:wow64hooks:a0c0b3e, author = {Stephen Eckels}, title = {{WOW64!Hooks: WOW64 Subsystem Internals and Hooking Techniques}}, date = {2020-11-09}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/11/wow64-subsystem-internals-and-hooking-techniques.html}, language = {English}, urldate = {2020-11-11} } WOW64!Hooks: WOW64 Subsystem Internals and Hooking Techniques
2020-11-04FireEyeJacob Thompson, Jeffrey Martin, Rapid7
@online{thompson:20201104:in:0931c66, author = {Jacob Thompson and Jeffrey Martin and Rapid7}, title = {{In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover — CVE-2020-14871}}, date = {2020-11-04}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/11/critical-buffer-overflow-vulnerability-in-solaris-can-allow-remote-takeover.html}, language = {English}, urldate = {2020-11-09} } In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover — CVE-2020-14871
2020-11-02FireEyeJustin Moore, Wojciech Ledzion, Luis Rocha, Adrian Pisarczyk, Daniel Caban, Sara Rincon, Daniel Susin, Antonio Monaca
@online{moore:20201102:live:1632e2d, author = {Justin Moore and Wojciech Ledzion and Luis Rocha and Adrian Pisarczyk and Daniel Caban and Sara Rincon and Daniel Susin and Antonio Monaca}, title = {{Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945}}, date = {2020-11-02}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/11/live-off-the-land-an-overview-of-unc1945.html}, language = {English}, urldate = {2020-11-06} } Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945
SLAPSTICK STEELCORGI
2020-10-28FireEyeKimberly Goody, Jeremy Kennelly, Joshua Shilko, Steve Elovitz, Douglas Bienstock
@online{goody:20201028:unhappy:c0d2e4b, author = {Kimberly Goody and Jeremy Kennelly and Joshua Shilko and Steve Elovitz and Douglas Bienstock}, title = {{Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser}}, date = {2020-10-28}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html}, language = {English}, urldate = {2020-11-02} } Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser
BazarBackdoor Cobalt Strike Ryuk UNC1878
2020-10-14FireEyeGenevieve Stark, Andrew Moore, Vincent Cannon, Jacqueline O’Leary, Nalani Fraser, Kimberly Goody
@online{stark:20201014:fin11:0473613, author = {Genevieve Stark and Andrew Moore and Vincent Cannon and Jacqueline O’Leary and Nalani Fraser and Kimberly Goody}, title = {{FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft}}, date = {2020-10-14}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/10/fin11-email-campaigns-precursor-for-ransomware-data-theft.html}, language = {English}, urldate = {2020-11-04} } FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft
FIN11
2020-08-11FireEyeNick Schroeder, Harris Ansari, Brendan McKeague, Tim Martin, Alex Pennino
@online{schroeder:20200811:cookiejar:8fd0fd9, author = {Nick Schroeder and Harris Ansari and Brendan McKeague and Tim Martin and Alex Pennino}, title = {{COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon Tracker Module}}, date = {2020-08-11}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/08/cookiejar-tracking-adversaries-with-fireeye-endpoint-security-module.html}, language = {English}, urldate = {2020-08-14} } COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon Tracker Module
2020-08-06FireEyeNhan Huynh
@online{huynh:20200806:bypassing:83c2a87, author = {Nhan Huynh}, title = {{Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach}}, date = {2020-08-06}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/08/bypassing-masslogger-anti-analysis-man-in-the-middle-approach.html}, language = {English}, urldate = {2020-08-12} } Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach
MASS Logger
2020-07-30FireEyeJoseph Hladik, Josh Fleischer
@online{hladik:20200730:obscured:41a50f3, author = {Joseph Hladik and Josh Fleischer}, title = {{Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates}}, date = {2020-07-30}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/07/insights-into-office-365-attacks-and-how-managed-defense-investigates.html}, language = {English}, urldate = {2020-08-05} } Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates
2020-07-15FireEyeNathan Brubaker, Daniel Kapellmann Zafra, Keith Lunden, Ken Proska, Corey Hildebrandt
@online{brubaker:20200715:financially:f217555, author = {Nathan Brubaker and Daniel Kapellmann Zafra and Keith Lunden and Ken Proska and Corey Hildebrandt}, title = {{Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families}}, date = {2020-07-15}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html}, language = {English}, urldate = {2020-07-16} } Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families
DoppelPaymer LockerGoga Maze MegaCortex Nefilim Ransomware Snake Ransomware
2020-07-13FireEyeAndrew Thompson, Aaron Stephens
@online{thompson:20200713:scandalous:15d59a2, author = {Andrew Thompson and Aaron Stephens}, title = {{SCANdalous! (External Detection Using Network Scan Data and Automation)}}, date = {2020-07-13}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/07/scandalous-external-detection-using-network-scan-data-and-automation.html}, language = {English}, urldate = {2020-07-15} } SCANdalous! (External Detection Using Network Scan Data and Automation)
POWERTON QUADAGENT PoshC2
2020-07-07FireEyeMatthew Haigh, Trevor Haskell
@online{haigh:20200707:configuring:a0cb3d9, author = {Matthew Haigh and Trevor Haskell}, title = {{Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool}}, date = {2020-07-07}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/07/configuring-windows-domain-dynamically-analyze-obfuscated-lateral-movement-tool.html}, language = {English}, urldate = {2020-08-18} } Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool
2020-05-21BrightTALK (FireEye)Kimberly Goody, Jeremy Kennelly
@online{goody:20200521:navigating:a2eae5f, author = {Kimberly Goody and Jeremy Kennelly}, title = {{Navigating MAZE: Analysis of a Rising Ransomware Threat}}, date = {2020-05-21}, organization = {BrightTALK (FireEye)}, url = {https://www.brighttalk.com/webcast/7451/408167/navigating-maze-analysis-of-a-rising-ransomware-threat}, language = {English}, urldate = {2020-06-05} } Navigating MAZE: Analysis of a Rising Ransomware Threat
Maze
2020-05-12FireEyeJacob Thompson
@online{thompson:20200512:analyzing:2dceb57, author = {Jacob Thompson}, title = {{Analyzing Dark Crystal RAT, a C# backdoor}}, date = {2020-05-12}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/05/analyzing-dark-crystal-rat-backdoor.html}, language = {English}, urldate = {2020-05-18} } Analyzing Dark Crystal RAT, a C# backdoor
DCRat
2020-05-07FireEye IncKimberly Goody, Jeremy Kennelly, Joshua Shilko
@online{goody:20200507:navigating:7147cb7, author = {Kimberly Goody and Jeremy Kennelly and Joshua Shilko}, title = {{Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents}}, date = {2020-05-07}, organization = {FireEye Inc}, url = {https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html}, language = {English}, urldate = {2020-05-11} } Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents
Maze
2020-04-22FireEyeScott Henderson, Gabby Roncone, Sarah Jones, John Hultquist, Ben Read
@online{henderson:20200422:vietnamese:d9dc0db, author = {Scott Henderson and Gabby Roncone and Sarah Jones and John Hultquist and Ben Read}, title = {{Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage}}, date = {2020-04-22}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/04/apt32-targeting-chinese-government-in-covid-19-related-espionage.html}, language = {English}, urldate = {2020-04-26} } Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage
METALJACK
2020-04-07FireEyeMichael Bailey
@online{bailey:20200407:thinking:7ee19d0, author = {Michael Bailey}, title = {{Thinking Outside the Bochs: Code Grafting to Unpack Malware in Emulation}}, date = {2020-04-07}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/04/code-grafting-to-unpack-malware-in-emulation.html}, language = {English}, urldate = {2020-05-05} } Thinking Outside the Bochs: Code Grafting to Unpack Malware in Emulation
Elise
2020-03-31FireEyeVan Ta, Aaron Stephens
@online{ta:20200331:its:632dfca, author = {Van Ta and Aaron Stephens}, title = {{It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit}}, date = {2020-03-31}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/03/the-cycle-of-adversary-pursuit.html}, language = {English}, urldate = {2020-04-06} } It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit
Ryuk TrickBot UNC1878
2020-03-25FireEyeChristopher Glyer, Dan Perez, Sarah Jones, Steve Miller
@online{glyer:20200325:this:0bc322f, author = {Christopher Glyer and Dan Perez and Sarah Jones and Steve Miller}, title = {{This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits}}, date = {2020-03-25}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html}, language = {English}, urldate = {2020-04-14} } This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
Speculoos Cobalt Strike
2020-02-19FireEyeFireEye
@online{fireeye:20200219:mtrends:193613a, author = {FireEye}, title = {{M-Trends 2020}}, date = {2020-02-19}, organization = {FireEye}, url = {https://content.fireeye.com/m-trends/rpt-m-trends-2020}, language = {English}, urldate = {2020-02-20} } M-Trends 2020
Cobalt Strike Grateful POS LockerGoga QakBot TrickBot
2020-02-08FireEyeMichael Bailey
@online{bailey:20200208:reversing:b033cdc, author = {Michael Bailey}, title = {{Reversing the Gophe SPambot: Confronting COM Code and Surmounting STL Snags}}, date = {2020-02-08}, organization = {FireEye}, url = {https://github.com/strictlymike/presentations/tree/master/2020/2020.02.08_BSidesHuntsville}, language = {English}, urldate = {2020-10-05} } Reversing the Gophe SPambot: Confronting COM Code and Surmounting STL Snags
Gophe