Anomali Blog
Cyber Threat Intelligence Malware Research Threat Intelligence Platform
Analyzing WannaCry a Year After the Ransomware Attack
The cyber-attack known as WannaCry first broke out in May of 2017 and was unprecedented in its scope and impact. It utilized a Microsoft Windows vulnerability that was leaked by a cyber threat group, the Shadow Brokers, and despite Microsoft releasing a patch for the vulnerability, many organizations failed to apply...
Read More
WTB: Vulnerabilities In mPOS Devices Could Lead To Fraud And Theft
The intelligence in this week’s iteration discuss the following threats: Backdoor, Banking trojan, Cryptominer, Data breach, Malvertising, Phishing, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity....
Read More
WTB: Computer Virus Cripples iPhone Chipmaker TSMC Plants
The intelligence in this week’s iteration discuss the following threats: Breach, Cryptojacking, GandCrab, malspam, phishing, Ransomware, targeted attacks and WannaCry. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsHave I...
Read More
Vegas Awaits: Seven Things to Do at Black Hat USA 2018
Black Hat is just around the corner, and, like many of us, you may not have planned out your trip yet. That’s okay! We’ve got your back with seven of our favorite activities you should try at Black Hat 2018:1) Neon MuseumWhether you...
Read More
WTB: US State Governments Receive Malware-Laden CDs From China Via Snail Mail
The intelligence in this week’s iteration discuss the following threats: APT34, Hide n Seek Botnet, LeafMiner, Macro Enabled Malspam, Phishing, and QUADAGENT. The IOCs related to these stories are attached to the WTB and can be used to check your logs for ...
Read More
What is Tactical Threat Intelligence?
This is the fourth blog in a series called, “What is Threat Intelligence?” The first blog in the series can be found here, the second on Strategic Intelligence can be found here, and the third on Operational Intelligence can be found here.Tactical IntelligenceTactical intelligence is...
Read More
WTB: Data Breach Exposes Trade Secrets of Carmakers GM, Ford, Tesla, Toyota
The intelligence in this week’s iteration discuss the following threats: APT, Data breach, Data leak, Malspam, Phishing, Ransomware, Spear phishing, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs...
Read More
Cyber Threat Intelligence Threat Intelligence Platform
5 Reasons Why Threat Intelligence Matters to Your Company
No matter the size, industry, or location, every business will share certain core objectives. These include growing revenue, reducing risk, lowering expenses, increasing customer and employee satisfaction, adhering to compliance regulations, and so on. Often it seems that focusing on information security will negatively impact many of these objectives. After...
Read More
WTB: CSE Malware ZLab – Operation Roman Holiday – Hunting the Russian APT28
The intelligence in this week’s iteration discuss the following threats: APT28, AZORult, BlackTeck, Golden Cup, Leviathan APT, Magecart and Upatre. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending...
Read More
Cyber Threat Intelligence ThreatStream
The Gamer Theory of Threat Hunting
Teamwork. Determination. Satisfaction. Video gaming missions provide us with an escape from reality that is often viewed as simple and relaxing. However, the dedication required to conquer these complex missions goes largely unnoticed. The copious, and often draining, amounts of effort and cooperation applied to these missions is rewarded by...
Read More
WTB: APT Attack In the Middle East: The Big Bang
The intelligence in this week’s iteration discuss the following threats: Big Bang, Cryptojacking, Hide and Seek Botnet, Hussarini, and Smoke Loader. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsHussarini ...
Read More
Cyber Threat Intelligence SIEM Threat Intelligence Platform
Building a Threat Intelligence Environment
On June 27, I had the pleasure of participating in an SC Media webcast on building a threat intelligence environment. The host, Stephen Lawton, posed some good questions about challenges and misconceptions around building a threat intelligence program inside an organization.Since threat intelligence first became a new buzzword in...
Read More
WTB: MacOS Malware Targets Crypto Community On Slack, Discord
The intelligence in this week’s iteration discuss the following threats: Breaches, Kardon Loader, OSX.Dummy, PBot Phishing, PROPagate, RANCOR, RAMpage and Spamdexing. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsMacOS...
Read More
Cyber Threat Intelligence Research
Cyber Threats Lurk at Large Events: Prepare for the 2018 FIFA World Cup
From Maradona’s “Hand of God,” to USA’s “Dos a Cero” defeat over Mexico, to Zidane’s infamous head-butt, the World Cup never ceases to amaze. With many of the world’s top players looking to take the field and make...
Read More
WTB: Malware Analysis Report: A New Variant of Ursnif Banking Trojan Served by the Necurs Botnet Hits Italy
The intelligence in this week’s iteration discuss the following threats: Botnet, Banking trojan, Credential theft, Cyberespionage, Data leak, Malicious applications, Phishing, Ransomware, RAT, Spear phishing, Targeted attacks, Threat group, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check...
Read More
Threat Intelligence: Providing Air Cover for Active Cyber Defense
Active Cyber Defense is a relatively new concept but comes from an older military strategy. What is Active Cyber Defense? The definition I like to refer to is direct defensive action taken to destroy, nullify, or reduce the effectiveness of cyber threats against friendly forces and assets (Denning & Strawser, 2017). ...
Read More
WTB: China-linked APT15 Develops New “MirageFox” Malware
The intelligence in this week’s iteration discuss the following threats: APT, Banking trojan, Backdoor, Botnet, Cryptocurrency-miner, Data breach, Data theft, Misconfigured account, Spear phishing, Ransomware, RAT, Targeted attack and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your...
Read More
Cyber Threat Intelligence SIEM
SIEM and Threat Intelligence, a Match made in Heaven?
SIEM solutions have been positioned to provide visibility across multiple applications, systems, and networks. Piecing together log data from multiple sources means that you potentially identify attacks as they occur. But these solutions also come with complexity and limitations; sizing, performance, scalability, and keeping on top of a constantly changing...
Read More
WTB: Hackers Target Payment Transfer System at Chile’s Biggest Bank
The intelligence in this week’s iteration discuss the following threats: Adobe Flash Vulnerabilities, InvisiMole, Operation Prowli, PatchWork APT, Ransomware, Sofacy and Zip Slip Vulnerability. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending...
Read More
Verizon Launches Threat Intelligence Platform Service in Partnership with Anomali
Today is another exciting day at Anomali - we have announced a major partnership with Verizon for their new Threat Intelligence Platform Service. Verizon is in a unique position to enter the threat intelligence space given their cyber-situational awareness across their own massive IP backbone. Combining Verizon awareness with the...
Read More
