The “EternalBlue” exploit (MS017-010) was initially used by WannaCry ransomware and Adylkuzz cryptocurrency miner. Now more threat actors are leveraging the vulnerability in Microsoft Server Message Block (SMB) protocol – this time to distribute Backdoor.Nitol and Trojan Gh0st RAT. FireEye Dynamic Threat Intelligence (DTI) has historically observed similar payloads delivered via exploitation of CVE-2014-6332 vulnerability as well as in some email spam campaigns using powershell commands. Specifically, Backdoor.Nitol has also been linked Read more...
Entries filed under 'Advanced Malware'
Threat Research Blog
The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.
Threat actors leverage EternalBlue exploit to deliver non-WannaCry payloads
June 2, 2017 9:00 AM By Ali Islam, Barry Vengerik, Christopher Glyer, Haroon W Malik, Zain Gardezi | Advanced Malware, Threat ResearchDridex and Locky Return Via PDF Attachments in Latest Campaigns
May 4, 2017 12:30 PM By Swapnil Patil, Robert Venal, Sudeep Singh, Yin Hong Chang | Advanced Malware, Threat Research
Dridex and Locky, two prolific malware families that made waves in 2016 after being distributed in several high-volume spam campaigns, have returned after a brief hiatus. FireEye observed a decline in the volume of Dridex and Locky in the latter half of 2016, but we recently observed two new large campaigns. While the PDF downloader described in this post is responsible for spreading both Dridex and Locky, for the purposes of this Read more...
APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat
April 6, 2017 3:00 PM By FireEye iSIGHT Intelligence | Advanced Malware, Targeted Attack, Threat Intelligence, Threat ResearchAPT10 (MenuPass Group), a Chinese cyber espionage group that FireEye has tracked since 2009, has been using new tools in its most recent activity.
Read more...Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY)
April 3, 2017 8:00 AM By Matthew Dunwoody | Advanced Malware, Threat ResearchMandiant has observed APT29 using a stealthy backdoor that we call POSHSPY, which leverages two of the tools the group frequently uses: PowerShell and Windows Management Instrumentation.
Read more...Still Getting Served: A Look at Recent Malvertising Campaigns Involving Exploit Kits
March 15, 2017 8:48 AM By Zain Gardezi | Advanced Malware, Threat ResearchFireEye researchers showcase some of the prominent malvertising campaigns active over the last four months, as well as the cushion servers related to different exploit kits.
Read more...Video
See How to Stop the WannaCry Ransomware
Sign up for email updates
Get information and insight on today's advanced threats from the leader in advanced threat prevention.
