This article has been indexed from Threat Research Blog Since our initial public release of capa, incident responders and reverse engineers have used the tool to automatically identify capabilities in Windows executables. With our newest code and ruleset updates, capa v3…
Tag: Threat Research Blog
Pro-PRC Influence Campaign Expands to Dozens of Social Media Platforms, Websites, and Forums in at Least Seven Languages, Attempted to Physically Mobilize Protesters in the U.S.
This article has been indexed from Threat Research Blog In June 2019, Mandiant Threat Intelligence first reported to customers a pro-People’s Republic of China (PRC) network of hundreds of inauthentic accounts on Twitter, Facebook, and YouTube, that was at that…
PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers
This article has been indexed from Threat Research Blog In August 2021, Mandiant Managed Defense identified and responded to the exploitation of a chain of vulnerabilities known as ProxyShell. The ProxyShell vulnerabilities consist of three CVEs (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) affecting…
PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers
This article has been indexed from Threat Research Blog In August 2021, Mandiant Managed Defense identified and responded to the exploitation of a chain of vulnerabilities known as ProxyShell. The ProxyShell vulnerabilities consist of three CVEs (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) affecting…
Too Log; Didn’t Read — Unknown Actor Using CLFS Log Files for Stealth
This article has been indexed from Threat Research Blog The Mandiant Advanced Practices team recently discovered a new malware family we have named PRIVATELOG and its installer, STASHLOG. In this post, we will share a novel and especially interesting technique…
Detecting Embedded Content in OOXML Documents
This article has been indexed from Threat Research Blog On Advanced Practices, we are always looking for new ways to find malicious activity and track adversaries over time. Today we’re sharing a technique we use to detect and cluster Microsoft…
Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices
This article has been indexed from Threat Research Blog Today, Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency (“CISA”) that affects millions of IoT devices that use the ThroughTek “Kalay” network. This vulnerability,…
UNC215: Spotlight on a Chinese Espionage Campaign in Israel
This article has been indexed from Threat Research Blog This blog post details the post-compromise tradecraft and operational tactics, techniques, and procedures (TTPs) of a Chinese espionage group we track as UNC215. While UNC215’s targets are located throughout the Middle…
UNC215: Spotlight on a Chinese Espionage Campaign in Israel
This article has been indexed from Threat Research Blog This blog post details the post-compromise tradecraft and operational tactics, techniques, and procedures (TTPs) of a Chinese espionage group we track as UNC215. While UNC215’s targets are located throughout the Middle…
capa 2.0: Better, Faster, Stronger
This article has been indexed from Threat Research Blog We are excited to announce version 2.0 of our open-source tool called capa. capa automatically identifies capabilities in programs using an extensible rule set. The tool supports both malware triage and…
capa 2.0: Better, Faster, Stronger
This article has been indexed from Threat Research Blog We are excited to announce version 2.0 of our open-source tool called capa. capa automatically identifies capabilities in programs using an extensible rule set. The tool supports both malware triage and…
Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices
This article has been indexed from Threat Research Blog On April 20, 2021, Mandiant published detailed results of our investigations into compromised Pulse Secure devices by suspected Chinese espionage operators. This blog post is intended to provide an update on…