Category: FireEye
Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945
Through Mandiant investigation of intrusions, the FLARE Advanced Practices team observed a group we track as UNC1945 compromise managed service providers and operate against a tailored set of targets within […]Ransomware Protection and Containment Strategies: Practical Guidance for Endpoint Protection, Hardening, and Containment
UPDATE (Oct. 30, 2020): We have updated the report to include additional protection and containment strategies based on front-line visibility and response efforts in combating ransomware. While the full scope of […]Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser
Throughout 2020, ransomware activity has become increasingly prolific, relying on an ecosystem of distinct but co-enabling operations to gain access to targets of interest before conducting extortion. Mandiant Threat Intelligence […]Endpoint Security on the Developer Hub
Great news: FireEye Endpoint Security is now available on the Developer Hub! Head over to the Developer Hub page now to explore the Endpoint Security APIs and developer documentation today! […]Flare-On 7 Challenge Solutions
We are thrilled to announce the conclusion of the seventh annual Flare-On challenge. This year proved to be the most difficult challenge we’ve produced, with the lowest rate of finishers. […]Threats Targeting VoIP Networks as Usage Surges During Pandemic
Internet service providers are seeing a spike in Voice over Internet Protocol (VoIP) usage driven by the increased adoption of working from home during the COVID-19 pandemic. This has been […]The Inception of Mandiant Advantage
Our customers expressed a desire for faster access to our intelligence to focus on threat activity that matters to them, so we launched Mandiant Advantage. Mandiant Advantage is a new SaaS […]Windows Event Streaming Using FireEye Endpoint and Helix
Gathering Microsoft Windows event logs is a critical function of most SOCs. The wealth of information available on endpoints makes ingesting logs into a SIEM a top priority. The legacy […]FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft
Mandiant Threat Intelligence recently promoted a threat cluster to a named FIN (or financially motivated) threat group for the first time since 2017. We have detailed FIN11’s various tactics, techniques and […]Threat Found: Integrating With FireEye Detection On Demand
Threats can and do come from everywhere, and every organization approaches security differently based on their needs, industry and environment. But the one thing organizations all have in common is […]Load More