Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2020-12-10PICUS SecuritySüleyman Özarslan
@online{zarslan:20201210:tactics:0cd686a, author = {Süleyman Özarslan}, title = {{Tactics, Techniques and Procedures (TTPs) Utilized by FireEye’s Red Team Tools}}, date = {2020-12-10}, organization = {PICUS Security}, url = {https://www.picussecurity.com/resource/blog/techniques-tactics-procedures-utilized-by-fireeye-red-team-tools}, language = {English}, urldate = {2020-12-11} } Tactics, Techniques and Procedures (TTPs) Utilized by FireEye’s Red Team Tools
2020-12-10Palo Alto Networks Unit 42Unit42
@online{unit42:20201210:threat:6ac31af, author = {Unit42}, title = {{Threat Brief: FireEye Red Team Tool Breach}}, date = {2020-12-10}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/fireeye-red-team-tool-breach/}, language = {English}, urldate = {2020-12-15} } Threat Brief: FireEye Red Team Tool Breach
Cobalt Strike
2020-12-09Github (fireeye)FireEye
@online{fireeye:20201209:fireeye:36cafd8, author = {FireEye}, title = {{Fireeye RED TEAM tool countermeasures}}, date = {2020-12-09}, organization = {Github (fireeye)}, url = {https://github.com/fireeye/red_team_tool_countermeasures}, language = {English}, urldate = {2020-12-14} } Fireeye RED TEAM tool countermeasures
2020-12-09FireEyeMitchell Clarke, Tom Hall
@techreport{clarke:20201209:its:c312acc, author = {Mitchell Clarke and Tom Hall}, title = {{It's not FINished The Evolving Maturity in Ransomware Operations (SLIDES)}}, date = {2020-12-09}, institution = {FireEye}, url = {https://i.blackhat.com/eu-20/Wednesday/eu-20-Clarke-Its-Not-FINished-The-Evolving-Maturity-In-Ransomware-Operations-wp.pdf}, language = {English}, urldate = {2020-12-15} } It's not FINished The Evolving Maturity in Ransomware Operations (SLIDES)
Cobalt Strike DoppelPaymer QakBot REvil
2020-12-08FireEyeKevin Mandia
@online{mandia:20201208:fireeye:6def127, author = {Kevin Mandia}, title = {{FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community}}, date = {2020-12-08}, organization = {FireEye}, url = {https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html}, language = {English}, urldate = {2020-12-09} } FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community
2020-12-08FireEyeFireEye
@online{fireeye:20201208:unauthorized:c480412, author = {FireEye}, title = {{Unauthorized Access of FireEye Red Team Tools}}, date = {2020-12-08}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html}, language = {English}, urldate = {2020-12-15} } Unauthorized Access of FireEye Red Team Tools
2020-12-01FireEyeJames T. Bennett
@online{bennett:20201201:using:d19f4ce, author = {James T. Bennett}, title = {{Using Speakeasy Emulation Framework Programmatically to Unpack Malware}}, date = {2020-12-01}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/12/using-speakeasy-emulation-framework-programmatically-to-unpack-malware.html}, language = {English}, urldate = {2020-12-15} } Using Speakeasy Emulation Framework Programmatically to Unpack Malware
2020-12FireEyeFireEye
@online{fireeye:202012:solarwinds:4ce144e, author = {FireEye}, title = {{Solarwinds Breach Resource Center}}, date = {2020-12}, organization = {FireEye}, url = {https://www.fireeye.com/current-threats/sunburst-malware.html}, language = {English}, urldate = {2021-03-02} } Solarwinds Breach Resource Center
SUNBURST
2020-11-30FireEyeMitchell Clarke, Tom Hall
@techreport{clarke:20201130:its:1b6b681, author = {Mitchell Clarke and Tom Hall}, title = {{It's not FINished The Evolving Maturity in Ransomware Operations}}, date = {2020-11-30}, institution = {FireEye}, url = {https://i.blackhat.com/eu-20/Wednesday/eu-20-Clarke-Its-Not-FINished-The-Evolving-Maturity-In-Ransomware-Operations.pdf}, language = {English}, urldate = {2020-12-14} } It's not FINished The Evolving Maturity in Ransomware Operations
Cobalt Strike DoppelPaymer MimiKatz QakBot REvil
2020-11-22FireEyeYihao Lim
@online{lim:20201122:election:c851b74, author = {Yihao Lim}, title = {{Election Cyber Threats in the Asia-Pacific Region}}, date = {2020-11-22}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/11/election-cyber-threats-in-the-asia-pacific-region.html}, language = {English}, urldate = {2020-11-23} } Election Cyber Threats in the Asia-Pacific Region
2020-11-19FireEyeAndrew Oliveau, Alyssa Rahman, Brett Hawkins
@online{oliveau:20201119:purgalicious:08e1df3, author = {Andrew Oliveau and Alyssa Rahman and Brett Hawkins}, title = {{Purgalicious VBA: Macro Obfuscation With VBA Purging}}, date = {2020-11-19}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/11/purgalicious-vba-macro-obfuscation-with-vba-purging.html}, language = {English}, urldate = {2020-11-23} } Purgalicious VBA: Macro Obfuscation With VBA Purging
2020-11-12BrightTALK (FireEye)Justin Moore, Jacob Thompson
@online{moore:20201112:living:a1593bb, author = {Justin Moore and Jacob Thompson}, title = {{Living Off The Land on a Private Island: An Overview of UNC1945}}, date = {2020-11-12}, organization = {BrightTALK (FireEye)}, url = {https://www.brighttalk.com/webcast/7451/451508}, language = {English}, urldate = {2020-12-15} } Living Off The Land on a Private Island: An Overview of UNC1945
2020-11-09FireEyeStephen Eckels
@online{eckels:20201109:wow64hooks:a0c0b3e, author = {Stephen Eckels}, title = {{WOW64!Hooks: WOW64 Subsystem Internals and Hooking Techniques}}, date = {2020-11-09}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/11/wow64-subsystem-internals-and-hooking-techniques.html}, language = {English}, urldate = {2020-11-11} } WOW64!Hooks: WOW64 Subsystem Internals and Hooking Techniques
2020-11-04FireEyeJacob Thompson, Jeffrey Martin, Rapid7
@online{thompson:20201104:in:0931c66, author = {Jacob Thompson and Jeffrey Martin and Rapid7}, title = {{In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover — CVE-2020-14871}}, date = {2020-11-04}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/11/critical-buffer-overflow-vulnerability-in-solaris-can-allow-remote-takeover.html}, language = {English}, urldate = {2020-11-09} } In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover — CVE-2020-14871
2020-11-02FireEyeJustin Moore, Wojciech Ledzion, Luis Rocha, Adrian Pisarczyk, Daniel Caban, Sara Rincon, Daniel Susin, Antonio Monaca
@online{moore:20201102:live:1632e2d, author = {Justin Moore and Wojciech Ledzion and Luis Rocha and Adrian Pisarczyk and Daniel Caban and Sara Rincon and Daniel Susin and Antonio Monaca}, title = {{Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945}}, date = {2020-11-02}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/11/live-off-the-land-an-overview-of-unc1945.html}, language = {English}, urldate = {2020-11-06} } Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945
SLAPSTICK STEELCORGI
2020-10-28FireEyeKimberly Goody, Jeremy Kennelly, Joshua Shilko, Steve Elovitz, Douglas Bienstock
@online{goody:20201028:unhappy:c0d2e4b, author = {Kimberly Goody and Jeremy Kennelly and Joshua Shilko and Steve Elovitz and Douglas Bienstock}, title = {{Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser}}, date = {2020-10-28}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html}, language = {English}, urldate = {2020-11-02} } Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser
BazarBackdoor Cobalt Strike Ryuk UNC1878
2020-10-14FireEyeGenevieve Stark, Andrew Moore, Vincent Cannon, Jacqueline O’Leary, Nalani Fraser, Kimberly Goody
@online{stark:20201014:fin11:0473613, author = {Genevieve Stark and Andrew Moore and Vincent Cannon and Jacqueline O’Leary and Nalani Fraser and Kimberly Goody}, title = {{FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft}}, date = {2020-10-14}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/10/fin11-email-campaigns-precursor-for-ransomware-data-theft.html}, language = {English}, urldate = {2020-11-04} } FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft
FIN11
2020-08-11FireEyeNick Schroeder, Harris Ansari, Brendan McKeague, Tim Martin, Alex Pennino
@online{schroeder:20200811:cookiejar:8fd0fd9, author = {Nick Schroeder and Harris Ansari and Brendan McKeague and Tim Martin and Alex Pennino}, title = {{COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon Tracker Module}}, date = {2020-08-11}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/08/cookiejar-tracking-adversaries-with-fireeye-endpoint-security-module.html}, language = {English}, urldate = {2020-08-14} } COOKIEJAR: Tracking Adversaries With FireEye Endpoint Security’s Logon Tracker Module
2020-08-06FireEyeNhan Huynh
@online{huynh:20200806:bypassing:83c2a87, author = {Nhan Huynh}, title = {{Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach}}, date = {2020-08-06}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/08/bypassing-masslogger-anti-analysis-man-in-the-middle-approach.html}, language = {English}, urldate = {2020-08-12} } Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach
MASS Logger
2020-07-30FireEyeJoseph Hladik, Josh Fleischer
@online{hladik:20200730:obscured:41a50f3, author = {Joseph Hladik and Josh Fleischer}, title = {{Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates}}, date = {2020-07-30}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/07/insights-into-office-365-attacks-and-how-managed-defense-investigates.html}, language = {English}, urldate = {2020-08-05} } Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates