What the fxsst?
Written by Nick Harbour
If you deal with the same threats that Mandiant does, you may have noticed a lot of malware lately named “fxsst.dll”. If you’re wondering why this is happening, this article is for you.
When I spend time working solely on reverse engineering malware, I don’t often get the whole story with a malware sample. Read the rest
Tags: fxsst.dll, malware, malware analysis, ntshrui.dll
Jamie Butler named to the Black Hat Review Board
Written by Travis Reese
MANDIANT would like to congratulate Jamie Butler on his appointment to the Black Hat Review Board. Black Hat is one of the premier technical security conferences, and Jamie’s appointment to its board is a testament to his contributions in advancing the field of computer security. Read the rest
Tags: Black Hat, incident response, malware analysis, Memory analysis, speaking, The Suite Spot, Training
Stuxnet Memory Analysis and IOC creation
Written by Peter Silberman
The stuxnet malware has been making the press recently for two reasons. First it contains two drivers signed with a legitimate (at the time) cert. Second is it’s targeting SCADA systems. The malware is cool for a host of other geeky reasons. Read the rest
Tags: IOC, IOCe, malware analysis, Memory analysis, Stuxnet
Fresh Prints of Mal-Ware: Choose Your Own Adventure!
Written by Christopher Glyer
Kyle Dempsey and I have been busy putting together content for the upcoming Fresh Prints webinar, “Choose Your Own Adventure,” being held this Thursday, April 15th at 2PM EDT. If you thought of the Choose Your Own Adventure® book series when you saw the title, you understand where we’re going with this. Read the rest
Tags: Advanced Persistent Threat, Fresh Prints of Mal-Ware, malware analysis, webinar
M-Trends: Advanced Persistent Threat Malware
Written by Wendi Rafferty
There are a lot of reports in the news about the types of malware being utilized by the Advanced Persistent Threat (APT) attackers. Our upcoming release of M-Trends will go into great detail about the types of malware, its capabilities, and how the attackers leverage a variety of malware throughout a breadth of victim organizations to accomplish very specific goals. Over the next week, the MANDIANT blog will feature excerpts from our upcoming M-Trends report that illustrate just how difficult it is to identify APT techniques. Read the rest
Tags: Advanced Persistent Threat, APT, M-Trends, malware analysis
Flex your Memory Forensic skills at CEIC!!!
Written by Peter Silberman
MANDIANT will be at this year’s Computer Enterprise Investigation Conference (CEIC). I will be there as well running a contest for incident responders. The contest is designed to test your ability to identify malware in memory. We have all heard of the Advanced Persistent Threat, we know the acronym APT. If you’re not familiar with APT or want to become more familiar check out https://cc.readytalk.com/cc/schedule/display.do?udc=1s8rbdxuuzuf7. Read the rest
Tags: APT, Audit Viewer, Encase, malware analysis

