Anomali Blog

Cyber Threat Intelligence Threat Intelligence Platform

5 Reasons Why Threat Intelligence Matters to Your Company

No matter the size, industry, or location, every business will share certain core objectives. These include growing revenue, reducing risk, lowering expenses, increasing customer and employee satisfaction, adhering to compliance regulations, and so on. Often it seems that focusing on information security will negatively impact many of these objectives. After...
Read More


Weekly Threat Briefing

WTB: CSE Malware ZLab – Operation Roman Holiday – Hunting the Russian APT28

The intelligence in this week’s iteration discuss the following threats: APT28, AZORult, BlackTeck, Golden Cup, Leviathan APT, Magecart and Upatre. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending...
Read More


Cyber Threat Intelligence ThreatStream

The Gamer Theory of Threat Hunting

Teamwork. Determination. Satisfaction. Video gaming missions provide us with an escape from reality that is often viewed as simple and relaxing. However, the dedication required to conquer these complex missions goes largely unnoticed. The copious, and often draining, amounts of effort and cooperation applied to these missions is rewarded by...
Read More


Weekly Threat Briefing

WTB: APT Attack In the Middle East: The Big Bang

The intelligence in this week’s iteration discuss the following threats: Big Bang, Cryptojacking, Hide and Seek Botnet, Hussarini, and Smoke Loader. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsHussarini ...
Read More


Cyber Threat Intelligence SIEM Threat Intelligence Platform

Building a Threat Intelligence Environment

On June 27, I had the pleasure of participating in an SC Media webcast on building a threat intelligence environment. The host, Stephen Lawton, posed some good questions about challenges and misconceptions around building a threat intelligence program inside an organization.Since threat intelligence first became a new buzzword in...
Read More


Weekly Threat Briefing

WTB: MacOS Malware Targets Crypto Community On Slack, Discord

The intelligence in this week’s iteration discuss the following threats: Breaches, Kardon Loader, OSX.Dummy, PBot Phishing, PROPagate, RANCOR, RAMpage and Spamdexing. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsMacOS...
Read More


Cyber Threat Intelligence Research

Cyber Threats Lurk at Large Events: Prepare for the 2018 FIFA World Cup

From Maradona’s “Hand of God,” to USA’s “Dos a Cero” defeat over Mexico, to Zidane’s infamous head-butt, the World Cup never ceases to amaze. With many of the world’s top players looking to take the field and make...
Read More


Weekly Threat Briefing

WTB: Malware Analysis Report: A New Variant of Ursnif Banking Trojan Served by the Necurs Botnet Hits Italy

The intelligence in this week’s iteration discuss the following threats: Botnet, Banking trojan, Credential theft, Cyberespionage, Data leak, Malicious applications, Phishing, Ransomware, RAT, Spear phishing, Targeted attacks, Threat group, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check...
Read More


Cyber Threat Intelligence

Threat Intelligence: Providing Air Cover for Active Cyber Defense

Active Cyber Defense is a relatively new concept but comes from an older military strategy. What is Active Cyber Defense? The definition I like to refer to is direct defensive action taken to destroy, nullify, or reduce the effectiveness of cyber threats against friendly forces and assets (Denning & Strawser, 2017). ...
Read More


Weekly Threat Briefing

WTB: China-linked APT15 Develops New “MirageFox” Malware

The intelligence in this week’s iteration discuss the following threats: APT, Banking trojan, Backdoor, Botnet, Cryptocurrency-miner, Data breach, Data theft, Misconfigured account, Spear phishing, Ransomware, RAT, Targeted attack and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your...
Read More


Cyber Threat Intelligence SIEM

SIEM and Threat Intelligence, a Match made in Heaven?

SIEM solutions have been positioned to provide visibility across multiple applications, systems, and networks. Piecing together log data from multiple sources means that you potentially identify attacks as they occur. But these solutions also come with complexity and limitations; sizing, performance, scalability, and keeping on top of a constantly changing...
Read More


Weekly Threat Briefing

WTB: Hackers Target Payment Transfer System at Chile’s Biggest Bank

The intelligence in this week’s iteration discuss the following threats: Adobe Flash Vulnerabilities, InvisiMole, Operation Prowli, PatchWork APT, Ransomware, Sofacy and Zip Slip Vulnerability. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending...
Read More


Threat Intelligence Platform

Verizon Launches Threat Intelligence Platform Service in Partnership with Anomali

Today is another exciting day at Anomali - we have announced a major partnership with Verizon for their new Threat Intelligence Platform Service. Verizon is in a unique position to enter the threat intelligence space given their cyber-situational awareness across their own massive IP backbone. Combining Verizon awareness with the...
Read More


Weekly Threat Briefing

WTB: Sigrun Ransomware Author Decrypting Russian Victims for Free

This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: APT, Banking trojan, Backdoor trojan, Data leak, Malspam, Misconfigured databases, Ransomware, SMB worm, Spear phishing, Threat group, Vulnerabilities, and Zero-day. The...
Read More


Anomali Enterprise Cyber Threat Intelligence Research

DreamBot Campaign Dreams Big

SummaryBeginning late April, Anomali Labs observed a phishing campaign distributing malicious documents containing macros to download DreamBot, a variant of Ursnif. The downloaded DreamBot payload turned out to be a stealthy keylogger, contrary to previously observed behavior from this malware family. The campaign, which lasted several weeks, continually rotated...
Read More


Weekly Threat Briefing

WTB: FBI Asks Users to Reboot Their Routers Due to Russian Malware

The intelligence in this week’s iteration discuss the following threats: APT, Banking trojan, Botnet, Data leak, Phishing, Ransomware, Scams, Vehicles, Vulnerabilities, and Zero-day. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending Threats ...
Read More


Cyber Threat Intelligence Threat Intelligence Platform ThreatStream

Making a Case for Internal Threat Intelligence

Very often when I demonstrate our Threat Intelligence Platform (TIP), ThreatStream and show the breadth of open source threat intelligence we collect and curate, organizations struggle to understand that:a. We do not have a record of every indicator that’s bad or malicious b. The definition...
Read More


Weekly Threat Briefing

WTB: GPON Exploit in the Wild (III) - Mettle, Hajime, Mirai, Omni, Imgay

The intelligence in this week’s iteration discuss the following threats: Adobe Vulnerabilities, Cisco Digital Network Architecture Vulnerabilities, DDoS Amplification, GPON Router Exploits, Grobios Trojan, UPnP Router Vulnerabilities and WinstarNssmMiner. The IOCs related to these stories are attached to the WTB and can be used to check your logs...
Read More


Cyber Threat Intelligence Malware Research

APT 29 - Put up your Dukes

Have you ever heard the phrase “put up your dukes” and wondered how on Earth that could equate to putting up your fists for a fight? You wouldn’t be alone in wondering. Etymologists studying this phrase have concluded that this expression, like many others that are...
Read More


Weekly Threat Briefing

WTB: Mexican Banks Hacked – Leading To Large Cash Withdrawals

The intelligence in this week’s iteration discuss the following threats: baseStriker, Chili's Breach, Gandcrab Ransomware, Hide and Seek Botnet, New Vegas Stealer, SSH Decorator Credential Stealer and TreasureHunter malware. The IOCs related to these stories are attached to the WTB and can be used to check your...
Read More


Get the latest threat intelligence news in your email.