Anomali Blog

Anomali Blog

Cyber Threat Intelligence Malware Research

New Shamoon V3 Malware Targets Oil and Gas Sector in the Middle East and Europe

A new version of destructive wiper malware Shamoon was first identified by security researchers on December 5, 2018. This malware dubbed Shamoon V3, appears to be a new version of the destructive malware, which has historically been associated with advanced persistent threat actors aligned with the interests of the Iranian state. It...
Read More


Cyber Threat Intelligence

The Power of Active Collaboration in ISACs, ISAOs and Security Interest Groups

During DefCon 26 held in August 2018, on the subject of “Securing our Nation's Election Infrastructure”, Jeanette Manfra, Assistant Secretary, Office of Cybersecurity and Communications from the Department of Homeland Security (DHS) emphasized the need for public and private sector collaboration and the importance of sharing information.  Ms....
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Massive Botnet Chews Through 20,000 WordPress Sites

The intelligence in this week’s iteration discuss the following threats: APT, Banking trojan, Botnet, BEC, Data theft, Malspam, Phishing, Targeted attacks, Threat group, Vulnerabilities and Website compromise. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to...
Read More


Cyber Threat Intelligence Malware

Pulling Linux Rabbit/Rabbot Malware Out of a Hat

OverviewCyber threat researchers from Anomali Labs have discovered a new malware, called “Linux Rabbit,” that targeted Linux servers and Internet-of-Things (IoT) devices in a campaign that began in August 2018 and continued until October 2018. The campaign targeted devices in Russia, South Korea, the UK, and the US. The...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Hackers Could Exploit a Zoom App Vulnerability to Disrupt Conferences

The intelligence in this week’s iteration discuss the following threats: BEC, Data breach, Data theft, Exposed PII, Malicious applications, Phishing, Spear phishing, RAT, Targeted attacks, Unauthorized access, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be...
Read More


Cyber Threat Intelligence

What is MITRE ATT&CK™?

MITRE introduced ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) in 2013 as a way to describe and categorize adversarial behaviors based on real-world observations. ATT&CK is a structured list of known attacker behaviors that have been compiled into tactics and techniques and expressed in a handful of...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: US Postal Service Left 60 Million Users Data Exposed For Over a Year

The intelligence in this week’s iteration discuss the following threats: Cannon Trojan, Keyloggers, Lazarus Group, L0rdix, Mirai, OceanLotus, Sofacy and Zebrocy. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential...
Read More


Cyber Threat Intelligence Research

Is Magecart Checking Out Your Secure Online Transactions?

With Online Holiday Sales Projected at $123B: How Secure are Your Transactions? There is a projected $123B in online purchases this holiday season, according to commerce site shopify.com. Millions of online transactions will occur between now and December 25th. How secure do you feel entering your credit or...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Russian APT Comes Back to Life with New US Spear-phishing Campaign

The intelligence in this weekís iteration discuss the following threats: APT29, Cryptominers, Data breaches, MageCart, Malware, Misconfigured Docker, Phishing, Remote access trojans, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check...
Read More


Cyber Threat Intelligence Research

Staying Safe Online During Black Friday and Cyber Monday

IntroductionThe countdown to Black Friday and Cyber Monday 2018 is well underway as consumers prepare for the sales frenzy that will kick off on Friday, November 23rd and Monday, November 26th.  Black Friday and Cyber Monday have arguably become two of the most important and notable days in the...
Read More


Threat Intelligence Platform

The Importance of Managing Threat Intelligence

Data. Data. Data. Threat data can feel like a constant rushing waterfall that can overwhelm an analyst. After all, what good is one more set of data if there’s not an applicable and manageable use case for it. Some people look at threat intelligence (note not threat data)...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Adobe ColdFusion Servers Under Attack from APT Group

The intelligence in this weekís iteration discuss the following threats: APT, Data breaches, DDoS, Lazarus group, Malicious mobile applications, Malicious documents, PortSmash, SMiShing, Spear phishing, Trickbot, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used...
Read More


Cyber Threat Intelligence

The Cybersecurity Tech Accord endorses the Paris Call

Strengthening our commitment to ensuring trust and stability in cyberspaceThe Cybersecurity Tech Accord is pleased to endorse the Paris Call for Trust and Security in Cyberspace as an early supporter. The Paris Call was announced today by French President Emmanuel Macron at the opening of the 13th...
Read More


Cyber Threat Intelligence Threat Intelligence Platform

Intelligent Security Automation

Threat feeds and the data they provide continue to grow at a rapid pace. As this amount of data increases, the ability to make efficient use of it moves beyond human capability and must shift towards automation. There are three critical sections of the threat intelligence process that will greatly...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: Scammers Ride on Popular Vote411 Voter Info Site to Push Scareware Alerts

The intelligence in this week's iteration discuss the following threats: Backdoors, CommonRansomware, Data breaches, Magecart, Malware, Phishing, Ransomware, Stuxnet, Trickbot, Typosquatting, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential...
Read More


Cyber Threat Intelligence Research

Threatscape of the US Election

Cyber attacks and political elections within the US are frequently heard together in the same sentence following the 2016 presidential election. Media outlets are ramping up their efforts to cover the 2018 midterm elections for the 115th Congress, often including online mediums such as social media. This can create an information overload...
Read More


Cyber Threat Intelligence Research

Cyber Countdown to November 6…

Securing US State and Territory Voter Registration and Information WebsitesExecutive SummaryLess than a week away from November 6, 2018, US midterm elections is arguably one of the most important election cycles in history where political parties battle for control of the two chambers of Congress. Additionally, thirty-six state governors,...
Read More


Cyber Threat Intelligence Research

New .republican and .democrat Domains Offer New Ways to Fake Out Voters

IntroductionElection cycles in the US are widely publicized on various forms of media sources but this publicity brings with it inherent risk. A campaign’s online presence is critical as more voters turn to the Internet to learn about candidates, compare positions, and prepare to vote. However, this...
Read More


Weekly Threat Briefing

Weekly Threat Briefing: New Security Flaw Impacts Most Linux And BSD Distros

The intelligence in this weekís iteration discuss the following threats: APT, Data breach, DDoS, NARWHAL SPIDER, Phishing, Ransomware, TA554, Targeted attacks, TRITON, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs...
Read More


Cyber Threat Intelligence Threat Intelligence Platform ThreatStream

Importing Intelligence Data Directly From iOS 12

One situation I’ll often find myself in is reading a mail, blog post, or bulletin on my phone, such as this detailed analysis blog post here containing some APT file hashes, and I'll want to send it in to ThreatStream for import and pre-processing.Now - for...
Read More


Get the latest threat intelligence news in your email.