Anomali Blog

Cyber Threat Intelligence Malware Research

APT 29 - Put up your Dukes

Have you ever heard the phrase “put up your dukes” and wondered how on Earth that could equate to putting up your fists for a fight? You wouldn’t be alone in wondering. Etymologists studying this phrase have concluded that this expression, like many others that are...
Read More


Weekly Threat Briefing

WTB: Mexican Banks Hacked – Leading To Large Cash Withdrawals

The intelligence in this week’s iteration discuss the following threats: baseStriker, Chili's Breach, Gandcrab Ransomware, Hide and Seek Botnet, New Vegas Stealer, SSH Decorator Credential Stealer and TreasureHunter malware. The IOCs related to these stories are attached to the WTB and can be used to check your...
Read More


Cyber Threat Intelligence Threat Intelligence Platform ThreatStream

Seven Characteristics of a Successful Threat Intelligence Program

For every enterprise Threat Intelligence Program, there is a fine line between success, neglect, and failure. But what defines the success of a Threat Intelligence Program? The definitions of that success can vary greatly depending on the nature of the organization. Given the varying sizes, technologies, and skill levels of...
Read More


Weekly Threat Briefing

WTB: Lenovo Patches Arbitrary Code Execution Flaw

The intelligence in this week’s iteration discuss the following threats: APT, APT28, Cryptocurrency miner, Malspam, Malicious applications, Phishing, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending Threats ...
Read More


Cyber Threat Intelligence

Thoughts on an ‘Intelligence-Led’ Approach to Security

The consumption, production and usage of cyber threat information and intelligence (CTI) often varies from organisation to organisation. This can derive from a variety of factors, such as: risk appetite, maturity of capability, and resources available. In this blog post I will share some thoughts and considerations from my...
Read More


Weekly Threat Briefing

WTB: Faulty Patch for Oracle WebLogic Flaw Opens Updated Servers to Hackers Again

The intelligence in this week’s iteration discuss the following threats: APT, Banking trojan, Data leak, Malspam, Phishing, Ransomware, Targeted attacks, Threat group, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending...
Read More


Cyber Threat Intelligence STAXX Threat Intelligence Platform ThreatStream

Making Sense of a “Threat Intelligence Platform”

Recently while minding my business at a trade show, a passerby turned his head towards my booth, scanned the Anomali banner behind me proclaiming our status as a Threat Intelligence Platform, and blurted out “You’ve got too many buzzwords!”.  As my self-righteous accoster scurried along...
Read More


Weekly Threat Briefing

WTB: Energetic Bear/Crouching Yeti: attacks on servers

The intelligence in this week's iteration discuss the following threats: Adblocker Malware, APT28, ARS VBS Loader, Desert Scorpion, DNS Hijacking, Mukstik, PBot, Roaming Mantis, SquirtDanger, Stresspaint, and XiaoBa. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential...
Read More


Cyber Threat Intelligence Threat Intelligence Platform ThreatStream

Anomali at RSA Conference 2018

It’s the last day of RSA Conference 2018, and what a week it’s been!We made a few announcements....We’re collaborating with Microsoft Intelligent Security Graph (ISG) to bring new security insights into threat data for joint customers. The integration pairs threat intelligence from Anomali...
Read More


Weekly Threat Briefing

WTB: Windows Servers Targeted for Cryptocurrency Mining via IIS Flaw

The intelligence in this week’s iteration discuss the following threats: Account Breaches, Cisco Smart Install, IcedID Banking Trojan, IIS Cryptojacking, Operation Parlament, Spear Phishing and WebMonitor RAT. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential...
Read More


Cyber Threat Intelligence

The Intersection of Threat Intelligence and Business Objectives

Intelligence exists as a supporting function. It always has a purpose – to inform decision making and drive action. In the government this is inherently understood and the value of intelligence is easy to derive. However, businesses often struggle to determine the value of their threat intelligence team/organization/processes...
Read More


Weekly Threat Briefing

WTB: Cisco Protocol Abused by Nation State Hackers

The intelligence in this week’s iteration discuss the following threats: APT, Botnet, Breach, Credit card theft, Cryptocurrency-miner, Data leak, Data theft, DDoS, Fake updates, Malicious extensions, Phishing, Spear phishing, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be...
Read More


ThreatStream

Introducing the Newly Certified ThreatStream QRadar App

Here at Anomali we have over 30 out-of-the box integrations, from SIEMs to endpoints and everything in between. Our QRadar integration is one of our most popular.The QRadar app and Content Pack available to ThreatStream customers provide security analysts visibility into threats within their network by matching and enriching...
Read More


Weekly Threat Briefing

WTB: Panera Bread Leaks Millions of Customer Records

This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: APT, Data breach, Credit card theft, Data leak, Malspam, Mobile malware, RAT, Targeted attacks, Threat group, Underground markets, and Vulnerabilities. The...
Read More


Cyber Threat Intelligence

Secretary Ray Mabus Joins Anomali Advisory Board

We’re thrilled to announce that former Secretary of the U.S. Navy, Ray Mabus, will be the newest advisory board member at Anomali. Secretary Mabus has had a remarkable career, serving as the 60th Governor of Mississippi from 1988 to 1992 and the United States Ambassador to Saudi Arabia from 1994...
Read More


Weekly Threat Briefing

WTB: Mastermind Behind EUR 1 Billion Cyber Bank Robbery Arrested In Spain

The intelligence in this week’s iteration discuss the following threats: 419 Scams, Cobalt Gang, GhostMiner, Guccifer 2.0, Orbitz Breach and TeleRat. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsMastermind Behind EUR 1 Billion...
Read More


Cyber Threat Intelligence

What is Operational Threat Intelligence?

This is the third blog in a series called, “What is Threat Intelligence?”.  The first blog in the series can be found here and the second on strategic intelligence can be found here.  Stay tuned for future installments in this series.In our previous blog we...
Read More


Weekly Threat Briefing

WTB: Zenis Ransomware Encrypts Your Data & Deletes Your Backups

The intelligence in this week’s iteration discuss the following threats: APT28, Bitcoin Theft, Hancitor, Hanwha Camera Vulnerabilities, MuddyWater, OceanLotus, Samba Vulnerability and Sigma Ransomware. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending...
Read More


Cybersecurity’s Juggling Act

Organizations are challenged with juggling what seems to be a three-ring circus of issues related to either implementing or managing an existing cyber threat intelligence program.  I say three ring circus because, by definition, a three-ring circus has three separate areas where performances occur at the same time. I...
Read More


Weekly Threat Briefing

WTB: APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS

The intelligence in this week’s iteration discuss the following threats: APT, Backdoor, Banking trojan, Cryptocurrency malware, Malspam, Mobile malware Phishing, Spear phishing, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious...
Read More


Get the latest threat intelligence news in your email.