Anomali Blog
Cyber Threat Intelligence Malware Research
New Shamoon V3 Malware Targets Oil and Gas Sector in the Middle East and Europe
A new version of destructive wiper malware Shamoon was first identified by security researchers on December 5, 2018. This malware dubbed Shamoon V3, appears to be a new version of the destructive malware, which has historically been associated with advanced persistent threat actors aligned with the interests of the Iranian state. It...
Read More
The Power of Active Collaboration in ISACs, ISAOs and Security Interest Groups
During DefCon 26 held in August 2018, on the subject of “Securing our Nation's Election Infrastructure”, Jeanette Manfra, Assistant Secretary, Office of Cybersecurity and Communications from the Department of Homeland Security (DHS) emphasized the need for public and private sector collaboration and the importance of sharing information. Ms....
Read More
Weekly Threat Briefing: Massive Botnet Chews Through 20,000 WordPress Sites
The intelligence in this week’s iteration discuss the following threats: APT, Banking trojan, Botnet, BEC, Data theft, Malspam, Phishing, Targeted attacks, Threat group, Vulnerabilities and Website compromise. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to...
Read More
Cyber Threat Intelligence Malware
Pulling Linux Rabbit/Rabbot Malware Out of a Hat
OverviewCyber threat researchers from Anomali Labs have discovered a new malware, called “Linux Rabbit,” that targeted Linux servers and Internet-of-Things (IoT) devices in a campaign that began in August 2018 and continued until October 2018. The campaign targeted devices in Russia, South Korea, the UK, and the US. The...
Read More
Weekly Threat Briefing: Hackers Could Exploit a Zoom App Vulnerability to Disrupt Conferences
The intelligence in this week’s iteration discuss the following threats: BEC, Data breach, Data theft, Exposed PII, Malicious applications, Phishing, Spear phishing, RAT, Targeted attacks, Unauthorized access, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be...
Read More
What is MITRE ATT&CK™?
MITRE introduced ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) in 2013 as a way to describe and categorize adversarial behaviors based on real-world observations. ATT&CK is a structured list of known attacker behaviors that have been compiled into tactics and techniques and expressed in a handful of...
Read More
Weekly Threat Briefing: US Postal Service Left 60 Million Users Data Exposed For Over a Year
The intelligence in this week’s iteration discuss the following threats: Cannon Trojan, Keyloggers, Lazarus Group, L0rdix, Mirai, OceanLotus, Sofacy and Zebrocy. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential...
Read More
Cyber Threat Intelligence Research
Is Magecart Checking Out Your Secure Online Transactions?
With Online Holiday Sales Projected at $123B: How Secure are Your Transactions? There is a projected $123B in online purchases this holiday season, according to commerce site shopify.com. Millions of online transactions will occur between now and December 25th. How secure do you feel entering your credit or...
Read More
Weekly Threat Briefing: Russian APT Comes Back to Life with New US Spear-phishing Campaign
The intelligence in this weekís iteration discuss the following threats: APT29, Cryptominers, Data breaches, MageCart, Malware, Misconfigured Docker, Phishing, Remote access trojans, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check...
Read More
Cyber Threat Intelligence Research
Staying Safe Online During Black Friday and Cyber Monday
IntroductionThe countdown to Black Friday and Cyber Monday 2018 is well underway as consumers prepare for the sales frenzy that will kick off on Friday, November 23rd and Monday, November 26th. Black Friday and Cyber Monday have arguably become two of the most important and notable days in the...
Read More
The Importance of Managing Threat Intelligence
Data. Data. Data. Threat data can feel like a constant rushing waterfall that can overwhelm an analyst. After all, what good is one more set of data if there’s not an applicable and manageable use case for it. Some people look at threat intelligence (note not threat data)...
Read More
Weekly Threat Briefing: Adobe ColdFusion Servers Under Attack from APT Group
The intelligence in this weekís iteration discuss the following threats: APT, Data breaches, DDoS, Lazarus group, Malicious mobile applications, Malicious documents, PortSmash, SMiShing, Spear phishing, Trickbot, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used...
Read More
The Cybersecurity Tech Accord endorses the Paris Call
Strengthening our commitment to ensuring trust and stability in cyberspaceThe Cybersecurity Tech Accord is pleased to endorse the Paris Call for Trust and Security in Cyberspace as an early supporter. The Paris Call was announced today by French President Emmanuel Macron at the opening of the 13th...
Read More
Cyber Threat Intelligence Threat Intelligence Platform
Intelligent Security Automation
Threat feeds and the data they provide continue to grow at a rapid pace. As this amount of data increases, the ability to make efficient use of it moves beyond human capability and must shift towards automation. There are three critical sections of the threat intelligence process that will greatly...
Read More
Weekly Threat Briefing: Scammers Ride on Popular Vote411 Voter Info Site to Push Scareware Alerts
The intelligence in this week's iteration discuss the following threats: Backdoors, CommonRansomware, Data breaches, Magecart, Malware, Phishing, Ransomware, Stuxnet, Trickbot, Typosquatting, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential...
Read More
Cyber Threat Intelligence Research
Threatscape of the US Election
Cyber attacks and political elections within the US are frequently heard together in the same sentence following the 2016 presidential election. Media outlets are ramping up their efforts to cover the 2018 midterm elections for the 115th Congress, often including online mediums such as social media. This can create an information overload...
Read More
Cyber Threat Intelligence Research
Cyber Countdown to November 6…
Securing US State and Territory Voter Registration and Information WebsitesExecutive SummaryLess than a week away from November 6, 2018, US midterm elections is arguably one of the most important election cycles in history where political parties battle for control of the two chambers of Congress. Additionally, thirty-six state governors,...
Read More
Cyber Threat Intelligence Research
New .republican and .democrat Domains Offer New Ways to Fake Out Voters
IntroductionElection cycles in the US are widely publicized on various forms of media sources but this publicity brings with it inherent risk. A campaign’s online presence is critical as more voters turn to the Internet to learn about candidates, compare positions, and prepare to vote. However, this...
Read More
Weekly Threat Briefing: New Security Flaw Impacts Most Linux And BSD Distros
The intelligence in this weekís iteration discuss the following threats: APT, Data breach, DDoS, NARWHAL SPIDER, Phishing, Ransomware, TA554, Targeted attacks, TRITON, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs...
Read More
Cyber Threat Intelligence Threat Intelligence Platform ThreatStream
Importing Intelligence Data Directly From iOS 12
One situation I’ll often find myself in is reading a mail, blog post, or bulletin on my phone, such as this detailed analysis blog post here containing some APT file hashes, and I'll want to send it in to ThreatStream for import and pre-processing.Now - for...
Read More
