IMCAFS

 Home

fireeye: green wonk action for economic and foreign policy website

Posted by lipsius at 2020-04-09
all

Obviously, in terms of identifying apt and making public analysis, fireeye has come to the front. Compared with kapersky, trendmicro, McAfee and Symantec, they seem to be in the most shining spotlight. Maybe after their sandbox technology is deployed on a large scale, 0day * * recognition will continue.

On February 20, 2014, they announced a green wonk action, which used a 0-day vulnerability cve-2014-0502 of flash to dig holes for some websites of us based economic and foreign policy think tanks to lure visitors. If visitors use XP, win7 + java 1.6, the outdated office version of win7 + will win.

What's more, have you found that fireeye's Sandbox technology can identify more water holes, while traditional directional fishing has not increased. Several possibilities: more water holes, more sandboxes on more websites (or more Internet deployment sites on fireeye), and more covert directional fishing (such as using encryption and blacklist Technology). I feel that in the future, apt recognition still needs to go to the last meter - terminal.

[References]

New threat analysis and prevention research

Fireeye: Snowman action for veterans of the U.S. overseas war

Crowdstrike: global threat report 2013

Fireeye: action k3chang * * * European Foreign Office

Fireeye: Digital breadcrumbs: 7 clues to identify the source of apt * * *

Four Legends: China Internet Organization

Symantec: uncover the apt action of hidden Lynx

Trendmicro: new apt * * for Asian and European government organizations, including Chinese media organizations

Kapersky:NetTraveler APT***

TrendMicro:Safe APT***

Mandiant: intelligence analysis report on the operation of the Communist Party of China organized by APT1

RSA: precision fishing, only those on the list will be***

Trendmicro: Xtreme rat based apt for Israel, the United States and other countries***

McAfee: high roller financial fraud uses innovative technology

Trendmicro: apt * * ixeshe for East Asian government and Taiwan electronic enterprises

Flame interpretation

Anonymous captured more than 500 Chinese websites in a few days

Trendmicro: Lucky cat for India and Japan***

Symantec: nitro * * * for chemical manufacturers

Apt * * cases for the former CIS countries, India and China

Japan or has it suffered from apt?

Stuxnet2.0 in Europe

Apt * * case study and analysis of the defects of the existing defense system of enterprises

The Pentagon said 24000 sensitive documents were leaked through the Internet

Wired magazine: Stuxnet, the most powerful malware in history

© 2023