Anomali Blog
Cyber Threat Intelligence SIEM
SIEM and Threat Intelligence, a Match made in Heaven?
SIEM solutions have been positioned to provide visibility across multiple applications, systems, and networks. Piecing together log data from multiple sources means that you potentially identify attacks as they occur. But these solutions also come with complexity and limitations; sizing, performance, scalability, and keeping on top of a constantly changing...
Read More
WTB: Hackers Target Payment Transfer System at Chile’s Biggest Bank
The intelligence in this week’s iteration discuss the following threats: Adobe Flash Vulnerabilities, InvisiMole, Operation Prowli, PatchWork APT, Ransomware, Sofacy and Zip Slip Vulnerability. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending...
Read More
Verizon Launches Threat Intelligence Platform Service in Partnership with Anomali
Today is another exciting day at Anomali - we have announced a major partnership with Verizon for their new Threat Intelligence Platform Service. Verizon is in a unique position to enter the threat intelligence space given their cyber-situational awareness across their own massive IP backbone. Combining Verizon awareness with the...
Read More
WTB: Sigrun Ransomware Author Decrypting Russian Victims for Free
This section listed below contains summaries on various threat intelligence stories that occurred during the past week. The intelligence in this week’s iteration discuss the following threats: APT, Banking trojan, Backdoor trojan, Data leak, Malspam, Misconfigured databases, Ransomware, SMB worm, Spear phishing, Threat group, Vulnerabilities, and Zero-day. The...
Read More
Anomali Enterprise Cyber Threat Intelligence Research
DreamBot Campaign Dreams Big
SummaryBeginning late April, Anomali Labs observed a phishing campaign distributing malicious documents containing macros to download DreamBot, a variant of Ursnif. The downloaded DreamBot payload turned out to be a stealthy keylogger, contrary to previously observed behavior from this malware family. The campaign, which lasted several weeks, continually rotated...
Read More
WTB: FBI Asks Users to Reboot Their Routers Due to Russian Malware
The intelligence in this week’s iteration discuss the following threats: APT, Banking trojan, Botnet, Data leak, Phishing, Ransomware, Scams, Vehicles, Vulnerabilities, and Zero-day. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending Threats
...
Read More
Cyber Threat Intelligence Threat Intelligence Platform ThreatStream
Making a Case for Internal Threat Intelligence
Very often when I demonstrate our Threat Intelligence Platform (TIP), ThreatStream and show the breadth of open source threat intelligence we collect and curate, organizations struggle to understand that:a. We do not have a record of every indicator that’s bad or malicious
b. The definition...
Read More
WTB: GPON Exploit in the Wild (III) - Mettle, Hajime, Mirai, Omni, Imgay
The intelligence in this week’s iteration discuss the following threats: Adobe Vulnerabilities, Cisco Digital Network Architecture Vulnerabilities, DDoS Amplification, GPON Router Exploits, Grobios Trojan, UPnP Router Vulnerabilities and WinstarNssmMiner. The IOCs related to these stories are attached to the WTB and can be used to check your logs...
Read More
Cyber Threat Intelligence Malware Research
APT 29 - Put up your Dukes
Have you ever heard the phrase “put up your dukes” and wondered how on Earth that could equate to putting up your fists for a fight? You wouldn’t be alone in wondering. Etymologists studying this phrase have concluded that this expression, like many others that are...
Read More
WTB: Mexican Banks Hacked – Leading To Large Cash Withdrawals
The intelligence in this week’s iteration discuss the following threats: baseStriker, Chili's Breach, Gandcrab Ransomware, Hide and Seek Botnet, New Vegas Stealer, SSH Decorator Credential Stealer and TreasureHunter malware. The IOCs related to these stories are attached to the WTB and can be used to check your...
Read More
Cyber Threat Intelligence Threat Intelligence Platform ThreatStream
Seven Characteristics of a Successful Threat Intelligence Program
For every enterprise Threat Intelligence Program, there is a fine line between success, neglect, and failure. But what defines the success of a Threat Intelligence Program? The definitions of that success can vary greatly depending on the nature of the organization. Given the varying sizes, technologies, and skill levels of...
Read More
WTB: Lenovo Patches Arbitrary Code Execution Flaw
The intelligence in this week’s iteration discuss the following threats: APT, APT28, Cryptocurrency miner, Malspam, Malicious applications, Phishing, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending Threats
...
Read More
Thoughts on an ‘Intelligence-Led’ Approach to Security
The consumption, production and usage of cyber threat information and intelligence (CTI) often varies from organisation to organisation. This can derive from a variety of factors, such as: risk appetite, maturity of capability, and resources available. In this blog post I will share some thoughts and considerations from my...
Read More
WTB: Faulty Patch for Oracle WebLogic Flaw Opens Updated Servers to Hackers Again
The intelligence in this week’s iteration discuss the following threats: APT, Banking trojan, Data leak, Malspam, Phishing, Ransomware, Targeted attacks, Threat group, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending...
Read More
Cyber Threat Intelligence STAXX Threat Intelligence Platform ThreatStream
Making Sense of a “Threat Intelligence Platform”
Recently while minding my business at a trade show, a passerby turned his head towards my booth, scanned the Anomali banner behind me proclaiming our status as a Threat Intelligence Platform, and blurted out “You’ve got too many buzzwords!”. As my self-righteous accoster scurried along...
Read More
WTB: Energetic Bear/Crouching Yeti: attacks on servers
The intelligence in this week's iteration discuss the following threats: Adblocker Malware, APT28, ARS VBS Loader, Desert Scorpion, DNS Hijacking, Mukstik, PBot, Roaming Mantis, SquirtDanger, Stresspaint, and XiaoBa. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential...
Read More
Cyber Threat Intelligence Threat Intelligence Platform ThreatStream
Anomali at RSA Conference 2018
It’s the last day of RSA Conference 2018, and what a week it’s been!We made a few announcements....We’re collaborating with Microsoft Intelligent Security Graph (ISG) to bring new security insights into threat data for joint customers. The integration pairs threat intelligence from Anomali...
Read More
WTB: Windows Servers Targeted for Cryptocurrency Mining via IIS Flaw
The intelligence in this week’s iteration discuss the following threats: Account Breaches, Cisco Smart Install, IcedID Banking Trojan, IIS Cryptojacking, Operation Parlament, Spear Phishing and WebMonitor RAT. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential...
Read More
The Intersection of Threat Intelligence and Business Objectives
Intelligence exists as a supporting function. It always has a purpose – to inform decision making and drive action. In the government this is inherently understood and the value of intelligence is easy to derive. However, businesses often struggle to determine the value of their threat intelligence team/organization/processes...
Read More
WTB: Cisco Protocol Abused by Nation State Hackers
The intelligence in this week’s iteration discuss the following threats: APT, Botnet, Breach, Credit card theft, Cryptocurrency-miner, Data leak, Data theft, DDoS, Fake updates, Malicious extensions, Phishing, Spear phishing, Ransomware, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be...
Read More
