FLARE Script Series: Reverse Engineering WebAssembly Modules Using the idawasm IDA Pro Plugin

Introduction
This post continues the FireEye Labs Advanced Reverse Engineering
(FLARE) script series. Here, we introduce idawasm, an IDA Pro plugin
that provides a loader and processor modules for WebAssembly modules.
idawasm works on all operati… Continue reading FLARE Script Series: Reverse Engineering WebAssembly Modules Using the
idawasm IDA Pro Plugin

APT38: Details on New North Korean Regime-Backed Threat Group

Today, we are releasing details on the threat group that we believe
is responsible for conducting financial crime on behalf of the North
Korean regime, stealing millions of dollars from banks worldwide. The
group is particularly aggressive; they … Continue reading APT38: Details on New North Korean Regime-Backed Threat Group

Increased Use of a Delphi Packer to Evade Malware Classification

Introduction
The concept of “packing” or “crypting” a
malicious program is widely popular among threat actors looking to
bypass or defeat analysis by static and dynamic analysis tools.
Evasion of classification and detection is an arms race in wh… Continue reading Increased Use of a Delphi Packer to Evade Malware Classification

Click It Up: Targeting Local Government Payment Portals

FireEye has been tracking a campaign this year targeting web payment
portals that involves on-premise installations of Click2Gov. Click2Gov
is a web-based, interactive self-service bill-pay software solution
developed by Superion. It includes var… Continue reading Click It Up: Targeting Local Government Payment Portals

APT10 Targeting Japanese Corporations Using Updated TTPs

Introduction
In July 2018, FireEye devices detected and blocked what appears to
be APT10 (Menupass) activity targeting the Japanese media sector.
APT10 is a Chinese cyber espionage group that FireEye has tracked
since 2009, and they have a histor… Continue reading APT10 Targeting Japanese Corporations Using Updated TTPs

Fallout Exploit Kit Used in Malvertising Campaign to Deliver GandCrab Ransomware

Towards the end of August 2018, FireEye identified a new exploit kit
(EK) that was being served up as part of a malvertising campaign
affecting users in Japan, Korea, the Middle East, Southern Europe, and
other countries in the Asia Pacific regio… Continue reading Fallout Exploit Kit Used in Malvertising Campaign to Deliver GandCrab Ransomware

Fallout Exploit Kit Used in Malvertising Campaign to Deliver GandCrab Ransomware

Towards the end of August 2018, FireEye identified a new exploit kit
(EK) that was being served up as part of a malvertising campaign
affecting users in Japan, Korea, the Middle East, Southern Europe, and
other countries in the Asia Pacific regio… Continue reading Fallout Exploit Kit Used in Malvertising Campaign to Deliver GandCrab Ransomware

Suspected Iranian Influence Operation Leverages Network of Inauthentic News Sites & Social Media Targeting Audiences in U.S., UK, Latin America, Middle East

FireEye has identified a suspected influence operation that appears
to originate from Iran aimed at audiences in the U.S., U.K., Latin
America, and the Middle East. This operation is leveraging a network
of inauthentic news sites and clusters of … Continue reading Suspected Iranian Influence Operation Leverages Network of Inauthentic
News Sites & Social Media Targeting Audiences in U.S., UK, Latin
America, Middle East

Announcing the Fifth Annual Flare-On Challenge

The FireEye Labs Advanced Reverse Engineering (FLARE) team’s annual
reverse engineering challenge will start at 8:00 p.m. ET on Aug. 24,
2018. This is a CTF-style challenge for all active and aspiring
reverse engineers, malware analysts, an… Continue reading Announcing the Fifth Annual Flare-On Challenge

BIOS Boots What? Finding Evil in Boot Code at Scale!

The second issue is that reverse engineering all boot records is
impractical. Given the job of determining if a single system is
infected with a bootkit, a malware analyst could acquire a disk image
and then reverse engineer the boot bytes to det… Continue reading BIOS Boots What? Finding Evil in Boot Code at Scale!