Threat Research Blog

?

Channel Reputation Rank

#27
?

Activity Status

Stale

last updated

According to the data and stats that were collected, 'Threat Research Blog' channel has an outstanding rank. Despite such a rank, the feed was last updated more than a year ago. In addition 'Threat Research Blog' includes a significant share of images in comparison to the text content. The channel mostly uses long articles along with sentence constructions of the intermediate readability level, which is a result that may indicate difficult texts on the channel, probably due to a big amount of industrial or scientific terms.

About 'Threat Research Blog' Channel

Technical review and analysis of malware and TTPs from FireEye engagements.

? Updates History Monthly Yearly
? Content Ratio
? Average Article Length

Long articles are widely used on 'Threat Research Blog' as elaborated and interesting content can help the channel to reach a high number of subscribers. In addition there are a few medium length articles.

short

long

? Readability Level

Advanced readability level of 'Threat Research Blog' content is probably targeted at well-educated subscribers as not all readers might clearly understand their texts. There are also articles with medium readability level, which make more than one third of the channel’s content.

advanced

basic

? Sentiment Analysis

Positive emotional expressions prevail throughout the texts: they may include favorable reviews, appreciation or praise in regard to the subjects addressed on the channel. However, the channel also contains some rather negative or critical records that make up more than a quarter of all its content.

positive

negative

Recent News

Unfortunately Threat Research Blog has no news yet.

But you may check out related channels listed below.

Searching for the Cure: Targeted Threat Actors Pursuing the Pharmaceutical Indus...

[...] systems and stealing vital information – and perhaps putting lives at risk. Recent reports of threat actors swiping personal data of healthcare providers’ patients reinforces what FireEye Labs [...]

Aided Frame, Aided Direction (Because it’s a redirect)

[...] of China-based APT groups. Conclusion This activity represents a new SWC campaign. We suspect threat actors are leveraging their access to compromised websites belonging to NGOs and non-profits to [...]

NGOs: Fighting Human Rights Violations and, Now, Cyber Threat Groups

[...] on grants, legal proceedings, research programs, and even employee communications. The threat actors and recipients of the stolen data were likely able to gain significant insights into the NGOs& [...]

Mergers and Acquisitions: When Two Companies and APT Groups Come Together

[...] property theft. From our experience responding to these breaches, we’ve seen targeted threat actors actively pursuing companies involved in mergers and acquisitions in two ways: Breaching one of [...]

Two Limited, Targeted Attacks; Two New Zero-Days

[...] The FireEye Labs team has identified two new zero-day vulnerabilities as part of limited, targeted attacks [...]

Dissecting Advanced Attacks: FireEye Labs and the 2014 DBIR

[...] ://www.verizonenterprise.com/DBIR/ You can stay up to date with the latest threat research from FireEye Labs at www.FireEye.com/blog [...]

Molerats, Here for Spring!

[...] Between 29 April and 27 May, FireEye Labs identified several new Molerats attacks targeting at least one major U.S. financial [...]

Pacific Ring of Fire: PlugX / Kaba

[...] in APT campaigns alongside two other infamous RATs – PoisonIvy and Taidoor. For this blog, FireEye Labs has investigated PlugX samples discovered throughout 2013 as well as recent variants detected [...]

The Road to Resilience: How Cybersecurity is Moving from the Back Office to the ...

[...] not yet looking at breaches from the perspective of risk or impact. Priorities misaligned in incident response We see the same lack of business alignment in organizations’ responses to breaches. [...]

Key Themes From the 2014 Gartner Security Summit

[...] critical.  In one session, analyst Anton Chuvakin laid out a step-by-step approach for incident response.  In addition, other sessions frequently alluded to the growing importance of IR. Theme #4:  [...]

Announcing the FLARE Team and The FLARE On Challenge

[...] FireEye groups have reversing engineering needs: Global Services discovers malware during incident response, Managed Defense constantly discovers threats on monitored client networks, and Products [...]

Flying Blind

[...] are squared away, we may still encounter frustrations and limitations when performing incident response.  Although we may have the data we need over the time period we need it for, we still need [...]

Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kong’s ...

[...] in that they drop three files: The KernelBot implants receive targeting instructions from C2 servers hard-coded directly into the sample. For example, c3d6450075d618b1edba17ee723eb3ca drops a [...]

Operation Tovar: The Latest Attempt to Eliminate Key Botnets

[...] receive stolen information. This minimizes the number of systems that actually communicate with C2 servers. C2 commands are signed using RSA-2048 and encrypted with RC4 making it very difficult to [...]

BrutPOS: RDP Bruteforcing Botnet Targeting POS Systems

[...] brute force an RDP server, it reports back with credentials. In total we found five C2 servers used by the BrutPOS botnet. Three of these servers are located on the same network in Russia; [...]

The Path to Mass-Producing Cyber Attacks

[...] Province. Like the Moafee group, we observed DragonOK running HTRAN to proxy their C2 servers, which are also operated on CHINANET but are hosted in the Jiangsu Province. Summary [...]

A 360° View of Cybersecurity – FireEye Incident Detection & Response Virtual...

[...] , DC on October 7-8 for MIRcon 2014. MIRcon features authorities on incident response, malware analysis, reverse engineering and computer forensics sharing experiences and approaches to benefit [...]

FLARE IDA Pro Script Series: Automatic Recovery of Constructed Strings in Malwar...

[...] technique. Figure 5: Challenge source code Automating the recovery of these strings during malware analysis is simple if the compiler follows a basic pattern. A quick examination of the disassembly in [...]

FLARE IDA Pro Script Series: MSDN Annotations IDA Pro for Malware Analysis

The FireEye Labs Advanced Reverse Engineering (FLARE) Team continues to share knowledge and tools with the community. We started this blog series with [...]

Announcing the FLARE Team and The FLARE On Challenge

[...] from in-depth reversing to help improve detection capabilities. We primarily focus on malware analysis, but we also perform red-teaming of software and organizations, and we develop tools to [...]

Ghost-Hunting With Anti-Virus

[...] anti-virus dead” in the Wall Street Journal. At FireEye, we look at hundreds of malware samples daily, and, in a recent talk at RSA Conference, Zheng Bu, vice president of research at [...]

A Not-So Civic Duty: Asprox Botnet Campaign Spreads Court Dates and Malware

[...] to provide a full picture of the campaign (blue), while only a fraction of the emailed malware samples could be detected by various Anti-Virus vendors (yellow). Figure 7 FireEye Detection vs. [...]

Operation Poisoned Hurricane

[...] As we continued to see this odd traffic throughout the summer we began a search for malware samples responsible for this behavior. Via this research, we found a malware sample that we [...]

Connecting the Dots: Syrian Malware Team Uses BlackWorm for Attacks

[...] presents a prime example of the process of attribution. We connected a builder with malware samples and the actors/developers behind these attacks. This type of attribution is key to [...]

Spy of the Tiger

[...] with the Backdoor.APT.Pgift malware. This builder is used to create and test files placed on the C2 server. The builder creates three files: 25dd831ae7d720998a3e3a8d205ab684  dr.asp [...]

Darwin’s Favorite APT Group

[...] via HTTP to a hard-coded command and control (C2) server. RIPTIDE’s first communication with its C2 server fetches an encryption key, and the RC4 encryption key is used to encrypt all further [...]

Forced to Adapt: XSLCmd Backdoor Now on OS X

[...] that begins the actual backdoor routine of waiting for and executing commands issued from the C2 server. After running itself with launchctl, the initial process forks and deletes the Mach-O from the [...]

Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kong’s ...

[...] Code project at code.google[.]com/p/udom/, where it decoded a command that configured its C2 server. The sample 0b54ae49fd5a841970b98a078968cb6b was signed with the QTI International [...]

We Steal SMS: An insight into Android.KorBanker Operations

[...] -based threats. Since such information can potentially be used to access corporate networks, mobile malware plays an important role in the newly evolving multi-vector threat landscape. By looking at [...]

What are you doing? – DSEncrypt Malware

[...] ? Recently, FireEye Labs mobile security researchers have discovered a new kind of mobile malware that encrypts an embedded Android application with an attachment in an asset folder – [...]

The History of XXShenqi and the Future of SMS Phishing

[...] cloud storage services. As few security mechanisms and detection capabilities exist for mobile malware, it’s easy to see why 20 million SMS were sent and 100,000 users were infected in only a few [...]

InfoSecurity Europe 2014: Cybersecurity for the Masses

[...] acquisition of Mandiant, as well as to discuss today’s changing threat landscape. The FireEye team will also release the latest findings from Mandiant’s annual M-Trends report and [...]

The FireEye Advanced Threat Report 2013: UK & Ireland Edition

[...] . To find out more about the report or how to address these rising issues, come visit the FireEye team at InfoSec UK at Stand J60. [...]

The FireEye Advanced Threat Report 2013: European Edition

[...] . To find out more about the report or how to address these rising issues, come visit the FireEye team at InfoSec UK at Stand J60. [...]

CRN’s “Women of the Channel” Highlights Growing Role in Cybersecurity

[...] recognized as one of this year’s “Power 100.”  She has made a significant impact on the FireEye team and has played a tremendous role in delivering cybersecurity solutions as well as [...]

Strategic Analysis: As Russia-Ukraine Conflict Continues, Malware Activity Rises

[...] such callbacks every year. Table 1, below, shows the top 20 countries to receive first-stage malware callbacks over the last 16 months, according to the latest FireEye data. Table 1 – Callback [...]

Black Hat USA Talks – Leviathan: Command And Control Communications On Planet Ea...

[...] . The primary data points used in this worldwide cyber survey are more than 30 million malware callbacks to over 200 countries and territories over an 18-month period, from January 2013 to June [...]

FireEye and OS X Support

[...] use of Apple computers has caught the attention of attackers, with FireEye Labs seeing malware callbacks from Macs increase 36 percent year-over-year between the first six months of 2013 and 2014. [...]

?Key Phrases
Searching for the Cure: Targeted Threat Actors Pursuing the Pharmaceutical Indus...

[...] systems and stealing vital information – and perhaps putting lives at risk. Recent reports of threat actors swiping personal data of healthcare providers’ patients reinforces what FireEye Labs [...]

Aided Frame, Aided Direction (Because it’s a redirect)

[...] of China-based APT groups. Conclusion This activity represents a new SWC campaign. We suspect threat actors are leveraging their access to compromised websites belonging to NGOs and non-profits to [...]

NGOs: Fighting Human Rights Violations and, Now, Cyber Threat Groups

[...] on grants, legal proceedings, research programs, and even employee communications. The threat actors and recipients of the stolen data were likely able to gain significant insights into the NGOs& [...]

Mergers and Acquisitions: When Two Companies and APT Groups Come Together

[...] property theft. From our experience responding to these breaches, we’ve seen targeted threat actors actively pursuing companies involved in mergers and acquisitions in two ways: Breaching one of [...]

Related channels