Anomali Blog

Anomali Blog

Weekly Threat Briefing

Weekly Threat Briefing: Ransomware Attacks In Spain Leave Radio Station In “Hysteria”

The intelligence in this week’s iteration discuss the following threats: Calypso, China, DarkUniverse, Emotet, EternalBlue, Megacortex, Monero, Nanocore, Platinum, Ransomware, and Titanium. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending...
Read More


Research

Leashing Cerberus

OverviewCerberus is an Android banking trojan first reported on by ThreatFabric in June 2019 that may have been active since at least 2017. The malware is for sale on a Russian hacking forum called xss[.]is where the actors behind its development are selling licenses for the service from $4000 - $12000. This...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: New Credential Phish Targets Employees with Salary Increase Scam

The intelligence in this week’s iteration discuss the following threats: APT, Data leak, Phishing, PII, Targeted attacks, Vulnerabilities, and Zero day. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: AWS Left Reeling After Eight-Hour DDoS

The intelligence in this week’s iteration discuss the following threats: China, Iran, Magecart, Nautilus, Neuron, NordVPN, Spidey Bot, Turla, Waterbug, and Winnti Group. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious...
Read More


Cyber Threat Intelligence

Anomali: History in the Making

Let me kick off this post by extending a big “thank you” to everyone who participated in Detect ‘19, our fourth annual threat intelligence industry conference. Hundreds of attendees spanning customers, partners, employees, and special guests joined us in National Harbor, Maryland to participate in this history-making cybersecurity...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Tor Weaponized to Steal Bitcoin

The intelligence in this week’s iteration discuss the following threats: APT29, Bitcoin theft, Blackremote, FTCode ransomware, Operation Ghost, and SDBot. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending Threats ...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: 70% of Presidential Campaigns Fail to Provide Adequate Online Privacy and Security Protections

The intelligence in this week’s iteration discuss the following threats: BEC, Botnet, Data breach, Data leak, FIN7, Phishing, Ransomware, Vulnerability, and Zero-day. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential...
Read More


Research

Illicit Cryptomining Threat Actor Rocke Changes Tactics, Now More Difficult to Detect

SummaryRocke, a China-based cryptomining threat actor, has changed its Command and Control (C2) infrastructure away from Pastebin to a self-hosted solution during the summer of 2019. The setup scripts were hosted on the domains “lsd.systemten[.]org” and “update.systemten[.]org” as pastes. In September 2019, the...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Iran Caught Targeting US Presidential Campaign Accounts

This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: Adwind, Casbanerio, Data Breach, Iran, PII, Phosphorus, Ransomware, Remote Access Trojan, RevengeRat. The IOCs related to these stories are attached to...
Read More


Research

China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations

OverviewThe Anomali Threat Research Team has identified an ongoing campaign which it believes is being conducted by the China-based threat group, Mustang Panda. The team first revealed these findings on Wednesday, October 2, during Anomali Detect 19, the company’s annual user conference, in a session titled: “Mustang Panda...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: US Military Veterans Targeted By Iranian State Hackers

The intelligence in this Weekly Threat Briefing discusses the following threats: APT10, China, DoorDash, Emotet, Fancy Bear, Gandcrab, Malvertising, Nodersok, PcShare, REvil, Ryuk Ransomware, Sednit, Sofacy, Spamouflage Dragon, STRONIUM, Trickbot, Tropic Thunder. The IOCs related to these stories are attached to the Community Threat Briefing and can be...
Read More


Cyber Threat Intelligence

Using Social Media (SOCMINT) in Threat Hunting

(Concepts and workflows developed by Chris Collins, Scott Poley, and Thomas Gorman)Social Media is such a prominent activity in our online lives.  It allows its users to communicate and share information. It can also be abused for fraud, cybercrime, and the distribution of misinformation.That being said, I...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Eight US Cities See Payment Data Card Stolen

The intelligence in this week’s iteration discuss the following threats: Emotet, Gootkit, Magecart, Payment card theft, Roomleader, and Tortoiseshell. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending ThreatsForcepoint...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Hackers Steal $4.2m From State Troopers’ Pension Fund

The intelligence in this week’s iteration discuss the following threats: LokiBot, Magecart, Nemty, NetWire, Purple Fox, Ryuk Ransomware, and WiryJMPer. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending Threats ...
Read More


10 Things To Do at Detect ‘19⁠ - The Threat Intelligence Event of the Year

Detect ‘19: September 29 - October 02, 2019 Gaylord National Resort & Convention Center National Harbor, MarylandDetect ‘19 is fast approaching, and we can’t wait to see everyone in National Harbor! Detect is the single largest conference dedicated to threat intelligence, and brings together the best and brightest minds in...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: A Huge Database of Facebook Users’ Phone Numbers Found Online

The intelligence in this week’s iteration discuss the following threats: APT, malspam, phishing, Targeted attacks, underground markets, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.Trending...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Google Researchers Discover Malicious Websites Hacking iPhones for Years

The intelligence in this week’s iteration discuss the following threats: CamScanner, Data Breaches, FIN6, iPhone Hacking, Quasar RAT, Retadup Botnet, REvil Ransomware, TA505, and TrickBot. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for...
Read More


Cyber Threat Intelligence

Threat Hunting: Eight Tactics to a Better Cybersecurity Strategy

One of the bigger headaches I think we can all agree on in the Cyber Security business is the overuse of buzzwords, and the overlapping mutations of what they mean, depending on who’s saying them. Threat Hunting has certainly become one of those phrases. So what is threat...
Read More


Everything You Need to Know to Become a Guardian of the Cyberverse!

Join Us at Detect ‘19 the Threat Intelligence Event of the YearDetect '19 is the single largest conference dedicated to threat intelligence. We will be bringing together enterprise organizations and government agencies under one roof to learn about and discuss threat intelligence best practices and the ever-changing landscape of...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: IRS Alerts Taxpayers to New Email Scam

The intelligence in this week’s iteration discuss the following threats: Adware, Data theft, Impersonation Phishing, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity....
Read More


Get the latest threat intelligence news in your email.