Tag: Threat Research Blog

This article has been indexed from Threat Research Blog Since our initial public release of capa, incident responders and reverse engineers have used the tool to automatically identify capabilities in Windows executables. With our newest code and ruleset updates, capa v3…

Read more →

This article has been indexed from Threat Research Blog In June 2019, Mandiant Threat Intelligence first reported to customers a pro-People’s Republic of China (PRC) network of hundreds of inauthentic accounts on Twitter, Facebook, and YouTube, that was at that…

Read more →

This article has been indexed from Threat Research Blog In August 2021, Mandiant Managed Defense identified and responded to the exploitation of a chain of vulnerabilities known as ProxyShell. The ProxyShell vulnerabilities consist of three CVEs (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) affecting…

Read more →

This article has been indexed from Threat Research Blog In August 2021, Mandiant Managed Defense identified and responded to the exploitation of a chain of vulnerabilities known as ProxyShell. The ProxyShell vulnerabilities consist of three CVEs (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) affecting…

Read more →

This article has been indexed from Threat Research Blog The Mandiant Advanced Practices team recently discovered a new malware family we have named PRIVATELOG and its installer, STASHLOG. In this post, we will share a novel and especially interesting technique…

Read more →

This article has been indexed from Threat Research Blog On Advanced Practices, we are always looking for new ways to find malicious activity and track adversaries over time. Today we’re sharing a technique we use to detect and cluster Microsoft…

Read more →

This article has been indexed from Threat Research Blog Today, Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency (“CISA”) that affects millions of IoT devices that use the ThroughTek “Kalay” network. This vulnerability,…

Read more →

This article has been indexed from Threat Research Blog This blog post details the post-compromise tradecraft and operational tactics, techniques, and procedures (TTPs) of a Chinese espionage group we track as UNC215. While UNC215’s targets are located throughout the Middle…

Read more →

This article has been indexed from Threat Research Blog This blog post details the post-compromise tradecraft and operational tactics, techniques, and procedures (TTPs) of a Chinese espionage group we track as UNC215. While UNC215’s targets are located throughout the Middle…

Read more →

This article has been indexed from Threat Research Blog We are excited to announce version 2.0 of our open-source tool called capa. capa automatically identifies capabilities in programs using an extensible rule set. The tool supports both malware triage and…

Read more →

This article has been indexed from Threat Research Blog We are excited to announce version 2.0 of our open-source tool called capa. capa automatically identifies capabilities in programs using an extensible rule set. The tool supports both malware triage and…

Read more →

This article has been indexed from Threat Research Blog On April 20, 2021, Mandiant published detailed results of our investigations into compromised Pulse Secure devices by suspected Chinese espionage operators. This blog post is intended to provide an update on…

Read more →