Anomali Detect

September 20 - 22, 2017

BLOG

Category:

Cyber Threat Intelligence SIEM Splunk ThreatStream

ThreatStream Matches As Notable Events in Splunk? Here’s How…

In a previous post I showed how the Anomali ThreatStream Splunk app can integrate with Splunk's own Enterprise Security app to provide analysts with familiar and powerful investigation workflows. Since the post was published I've received a number of emails from the Anomali community asking;...
Read More


Weekly Threat Briefing

WTB: Malspam Continues to Push Trickbot Banking Trojan

The intelligence in this week’s iteration discuss the following threats: Adware, APT, Data breach, Data leak, Malspam, Phishing, and Spear phishing. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsCVE-2017-0199:...
Read More


Cyber Threat Intelligence

Six Ways to Help Improve your Security Posture

A strong cybersecurity program is quickly becoming one of the most important investments a company can make. In the wake of numerous corporate breaches over the last few years, all users are on higher alert about the safety of their sensitive data. Whatever the size or maturity level of your...
Read More


Weekly Threat Briefing

WTB: WannaCry Hero Arrested, One of Two Charged with Distribution of Kronos Malware

The intelligence in this week’s iteration discuss the following threats: APT, Data Breach, Exploit Kits, Malspam, Mobile, Phishing, Ransomware, and Spyware. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsCampaign Leads...
Read More


Cyber Threat Intelligence Splunk Threat Intelligence Platform ThreatStream

Automate Your Workflows With Threat Intelligence Alerts in Slack

Recently, I was speaking to a friend who is using the popular messaging app, Slack, to help run the Security Operations Centre (SOC) at his organisation. Not only have they have setup alerts that feed from their security tools into Slack, but the analysts can run queries against these tools,...
Read More


Cyber Threat Intelligence

Hackers Make it Personal

It’s only Tuesday morning and it’s already been an interesting week in cybersecurity. First we learned about an attack on a major security company, targeting their research analysts. The goal of “Operation #leaktheanalyst,” apparently, is to name researchers and, in their own words: &ldquo...
Read More


Weekly Threat Briefing

WTB: Wallet-snatch hack: ApplePay ‘vulnerable to attack’, claim researchers

The intelligence in this week’s iteration discuss the following threats: Android Trojans, ApplePay, CowerSnail, Lipizzan, Ransomware, UniCredit Breach, Ursnif, Veritaseum, and Windows Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending Threats ...
Read More


Malware ThreatStream

Halt the Sidecar Bear’s infrastructure with Intel 471 and Anomali Threatstream

By Mark Arena, Intel 471 and Travis Farral, AnomaliWe’ve all seen the research into Fancy Bear (aka APT28, Sofacy etc) which is likely a group sponsored by or a part of the Russian government. They even have their own website. Research into these groups is predominantly reactive.Typical...
Read More


Weekly Threat Briefing

WTB: Kansas Data Breach Exposes More Than 5 Million Social Security Numbers

The intelligence in this week’s iteration discuss the following threats: Adware, Banking Trojans, Breaches, Internet of Things, NukeBot, SambaCry, Stantinko and TrickBot. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity.Trending ThreatsKansas...
Read More


Malware Research

How Threat Hunting Can Help Defend Against Malware Attacks

By Kris Merritt (Vector8) and Justin Swisher (Anomali)Since the outbreak of Petya some days ago many articles have been written dissecting the malware, its purpose, and its attribution. These articles used reverse engineering and malware analysis to conduct post incident analysis. Vector8 and Anomali viewed the Petya outbreak differently,...
Read More


Weekly Threat Briefing

WTB: New “WPSetup” Attack Targets Fresh WordPress Installs

The intelligence in this week’s iteration discuss the following threats: Adobe Patches, Android Malware, Cloud Leaks, Point-of-Sale, Ransomware, Remote Access Trojan, and Windows Protocol Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity. ...
Read More


Cyber Threat Intelligence

TAXIIing to the Runway

Common challenges in starting a threat intelligence programOnce considered a “nice to have”, threat intelligence is now increasingly seen as an critical part of security programs. In the 2016 Value of Threat Intelligence: Ponemon Study, 78 percent of respondents polled agreed that threat intelligence was essential to a strong...
Read More


Weekly Threat Briefing

WTB: Hard Rock, Loews Hotels Admit Data Breach

The intelligence in this week’s iteration discuss the following threats: Credit Card theft, Distributed Denial-of-Service, Mobile malware, Payment System breach, Point-of-Sale, Ransomware, Remote Access Trojan. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity. ...
Read More


Cyber Threat Intelligence

Anomali Forum - Your Cyber War Room

Zero-day exploits such as last week’s Petya can be a nightmare of damage to a company’s information, systems and reputation. One of the more practical solutions for such an attack is for companies to band together and share information that could bolster defences or...
Read More


Weekly Threat Briefing

WTB: More Security Firms Confirm NotPetya Shoddy Code Is Making Recovery Impossible

Figure 1: IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.Trending ThreatsThis section provides summaries and links to the top threat intelligence stories from this past week. All IOCs from these stories are attached to this threat briefing...
Read More


Anomali Enterprise Cyber Threat Intelligence

How Anomali Enterprise Helped Me Detect Malware In My Home Network

Have you ever wondered who is trying to connect to your home network? Or from your home network to the internet? Few internet users consider either of these questions (and the ones that do usually work in the security industry). Many believe the router their...
Read More


Malware Research

Petya (NotPetya, Petrwrap)

DetailsA malware strain that appears to be based off of the “Petya” ransomware began targeting and infecting governments and businesses worldwide on June 27th, 2017. Since dubbed “NotPetya” by some researchers, and “Nyetya” by others, this malware has spread across Europe and North America...
Read More


Malware Research

Ukraine hit hard as Petya Ransomware Variant Spreads around the world

[updated 6/28/2017 1:29pm ET] We will be updating this page with additional information. Please check back for the latest.While initial reports have only centered on the Ukraine being hit by a new stream of ransomware known as Petya, this is a global attack. Just like WannaCry, this might be leveraging...
Read More


Weekly Threat Briefing

Anomali Weekly Threat Intelligence Briefing - June 27, 2017

Figure 1: IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.Trending ThreatsThis section provides summaries and links to the top threat intelligence stories from this past week. All IOCs from these stories are attached to this threat briefing...
Read More


Cyber Threat Intelligence SIEM Splunk ThreatStream

Proactively monitor your network against attacks using our FREE Threat Intelligence in Splunk

A few weeks ago I showed how to use the Anomali ThreatStream Splunk App to hunt known actors that had been observed trying to access your environment, and in some cases where they were already inside.For those who are not yet ThreatStream customers, do not fear. Our...
Read More


Get the latest threat intelligence news in your email.