Archive for 'September 2013'

    Operation DeputyDog Part 2: Zero-Day Exploit Analysis (CVE-2013-3893)

    By Dan Caselden, Xiaobo Chen

    In our previous blog post my colleagues Ned and Nart provided a detailed analysis on the Advanced Persistent Threat (APT) Campaign Operation DeputyDog. The campaign leveraged a zero-day vulnerability of Microsoft Internet Explorer (CVE-2013-3893). Microsoft provided an advisory and ‘Fix it’ blog post.


    Now You See Me - H-worm by Houdini

    By Thoufique Haq, Ned Moran
    H-worm is a VBS (Visual Basic Script) based RAT written by an individual going by the name Houdini. We believe the author is based in Algeria and has connections to njq8, the author of njw0rm [1] and njRAT/LV [2] through means of a shared or common code base. We have seen the H-worm RAT being employed in targeted attacks against the international energy industry; however, we also see it being employed in Read more...

    M-Unition Takes a Look at The Financial Industry This Month

    By Helena Brito

    Happy fall, everyone! I hope you're enjoying all the best that autumn offers - beautiful days, cooler nights, seasonal beverages and the promise of sweater weather . . .


    The History of OpenIOC

    By Doug Wilson

    With the buzz in the security industry this year about sharing threat intelligence, it's easy to get caught up in the hype, and believe that proper, effective sharing of Indicators or Intelligence is something that can just be purchased along with goods or services from any security vendor.


    How Will I Fill This Web Historian-Shaped Hole in My Heart?

    By Ted Wilson

    With the recent integration of Mandiant Web Historian™ into Mandiant Redline™, you may be asking "How do I review my Web History using Redline?" If so, then follow along as I explain how to collect and review web history data in Redline - with a focus on areas where the workflow and features differ from that of Web Historian.


    Fill in the Blank Series: Financial Services Industry

    By Helena Brito

    The information and views set out in these responses are those of the respondents and do not necessarily reflect the official opinion of Mandiant Corporation.


    M-Unition Podcast Series: Chinese Civil War, Contemporary China and InfoSec

    By Helena Brito

    In this latest podcast, Richard Bejtlich sat down with Dr. Christopher Lew, author of the book "Historical Dictionary of the Chinese Civil War" to look at lessons learned during this course of time.


    Back to Basics Series: OpenIOC

    By Will Gibb

    Over the next few months, a few of my colleagues and I will be touching on various topics related to Mandiant and computer security. As part of this series, we are going to be talking about OpenIOC - how we got where we are today, how to make and use IOCs, and the future of OpenIOC. This topic can't be rolled into a single blog post, so we have developed a brief syllabus to outline the topics that we will be covering in the near future.


    An error has occurred


    Well that wasn’t supposed to happen. Something went wrong when trying to access this page. Please try again in a few minutes while we’re working on it.

    To send feedback about this error, click here.