Collaborate Disseminate
Introduction
This post continues the FireEye Labs Advanced Reverse Engineering
(FLARE) script series. Here, we introduce idawasm, an IDA Pro plugin
that provides a loader and processor modules for WebAssembly modules.
idawasm works on all operati… Continue reading FLARE Script Series: Reverse Engineering WebAssembly Modules Using the
idawasm IDA Pro Plugin
Today, we are releasing details on the threat group that we believe
is responsible for conducting financial crime on behalf of the North
Korean regime, stealing millions of dollars from banks worldwide. The
group is particularly aggressive; they … Continue reading APT38: Details on New North Korean Regime-Backed Threat Group
Introduction
The concept of “packing” or “crypting” a
malicious program is widely popular among threat actors looking to
bypass or defeat analysis by static and dynamic analysis tools.
Evasion of classification and detection is an arms race in wh… Continue reading Increased Use of a Delphi Packer to Evade Malware Classification
FireEye has been tracking a campaign this year targeting web payment
portals that involves on-premise installations of Click2Gov. Click2Gov
is a web-based, interactive self-service bill-pay software solution
developed by Superion. It includes var… Continue reading Click It Up: Targeting Local Government Payment Portals
Introduction
In July 2018, FireEye devices detected and blocked what appears to
be APT10 (Menupass) activity targeting the Japanese media sector.
APT10 is a Chinese cyber espionage group that FireEye has tracked
since 2009, and they have a histor… Continue reading APT10 Targeting Japanese Corporations Using Updated TTPs
Towards the end of August 2018, FireEye identified a new exploit kit
(EK) that was being served up as part of a malvertising campaign
affecting users in Japan, Korea, the Middle East, Southern Europe, and
other countries in the Asia Pacific regio… Continue reading Fallout Exploit Kit Used in Malvertising Campaign to Deliver GandCrab Ransomware
Towards the end of August 2018, FireEye identified a new exploit kit
(EK) that was being served up as part of a malvertising campaign
affecting users in Japan, Korea, the Middle East, Southern Europe, and
other countries in the Asia Pacific regio… Continue reading Fallout Exploit Kit Used in Malvertising Campaign to Deliver GandCrab Ransomware
FireEye has identified a suspected influence operation that appears
to originate from Iran aimed at audiences in the U.S., U.K., Latin
America, and the Middle East. This operation is leveraging a network
of inauthentic news sites and clusters of … Continue reading Suspected Iranian Influence Operation Leverages Network of Inauthentic
News Sites & Social Media Targeting Audiences in U.S., UK, Latin
America, Middle East
The FireEye Labs Advanced Reverse Engineering (FLARE) team’s annual
reverse engineering challenge will start at 8:00 p.m. ET on Aug. 24,
2018. This is a CTF-style challenge for all active and aspiring
reverse engineers, malware analysts, an… Continue reading Announcing the Fifth Annual Flare-On Challenge
The second issue is that reverse engineering all boot records is
impractical. Given the job of determining if a single system is
infected with a bootkit, a malware analyst could acquire a disk image
and then reverse engineer the boot bytes to det… Continue reading BIOS Boots What? Finding Evil in Boot Code at Scale!