Trellix coverage for stolen FireEye Red Team tools
Last Modified: 2023-01-31 21:54:24 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Trellix coverage for stolen FireEye Red Team tools
Technical Articles ID:
KB93830
Last Modified: 2023-01-31 21:54:24 Etc/GMT Environment
Trellix Endpoint Security (ENS) Threat Prevention 10.x Trellix Intrusion Prevention System 10.x, 9.x Network Security Platform (NSP) has been rebranded as Trellix Intrusion Prevention System (TIPS). For more information about the changes made to the product see the related articles below: Summary
We are aware of a FireEye white paper that describes stolen Red Team tools from FireEye and the notice to the public of those tools being potentially used maliciously.
Solution 1Trellix Intrusion Prevention System (formerly NSP) coverage is confirmed for all 16 CVEs.
The December 15, 2020, NSP Signature Set contains the Solution 2
DAT / Antivirus Scanner Content Coverage for known binaries in this threat campaign is included in production DATs. More generic coverage that was formerly provided by Global Threat Intelligence (GTI) Cloud also provides detection capability. Detection names are subject to change. But at the time of publication, they include the following:
Solution 3
Exploit Prevention The following CVEs have been confirmed for ENS Threat Prevention Exploit Prevention.
Expert Rule for CVE-2020-10189 - RCE for
Expert Rule for CVE-2019-8394 - Zoho ManageEngine ServiceDesk Plus (SDP) Arbitrary File Upload:
Expert Rule for CVE-2020-0688 and CVE-2019-060. This rule is an enveloping signature that prevents attacks on the IIS process using deserialization type vulnerabilities:
Related Information
Trellix Insights Customers using Trellix Insights can track this campaign by searching for "FireEye Red Team Tools Stolen in Cyber Attack" in the Campaign field. Trellix Stories https://www.trellix.com/en-us/about/newsroom/stories.html Affected ProductsLanguages:This article is available in the following languages: |
|