Re: [PLUG] FireEye

Also of note is that fireeye released countermeasures the same day found here:

https://github.com/fireeye/red_team_tool_countermeasures

This includes raw hashes in the form of clamav patterns. The source code was not leaked so it is unlikely that they would recompile to change the hash, the best they could do is reverse engineering and that is unlikely.

Cheers,

Michael Lazin

On Thu, Dec 10, 2020, 10:34 AM Keith C. Perry via plug <plug@lists.phillylinux.org> wrote:

For those who might be more interested in more details of this...

https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/theft-fireeye-red-team-tools

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Keith C. Perry, MS E.E.
Managing Member, DAO Technologies LLC
(O) +1.215.525.4165 x2033
(M) +1.215.432.5167
www.daotechnologies.com

----- Original Message -----
From: "jeffv via plug" <plug@lists.phillylinux.org>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Wednesday, December 9, 2020 5:27:22 PM
Subject: [PLUG] FireEye

In case you're just waking up, FireEye's red team tools were accessed by
a 'nation state'.

Now would be a good time to check your boxes and your logs.

___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug