Posts
-
Jul 6th, 2020
Realizing the Benefits of Security Orchestration, Automation, and Response (SOAR)
SAO, TIP, SIRP: Better Together When industry analyst firm Gartner, Inc. coined the term SOAR (Security Orchestration, Automation, and Response), it was because they recognized the benefits innately a
-
Jun 25th, 2020
ThreatConnect Research Roundup: More Kimsuky “AutoUpdate” Malware
Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observations of related ind
-
Jun 19th, 2020
ThreatConnect Research Roundup: Kimsuky “AutoUpdate” Malware
June 19 2020 Edition Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observ
-
Jun 12th, 2020
ThreatConnect Research Roundup: Probable Sandworm Infrastructure
June 12 2020 Edition Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observ
-
May 28th, 2020
ThreatConnect Research Roundup: Suspected Naikon DGA Domains
May 28 2020 Edition Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observa
-
May 21st, 2020
ThreatConnect Research Roundup: Possible APT33 Infrastructure
May 21 2020 Edition Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observa
-
May 13th, 2020
ThreatConnect Research Roundup: Spoofing SharePoint
May 13 2020 Edition Howdy, and welcome to the ThreatConnect Research Roundup: Threat Intel Update (blog edition)! Here we will be sharing a collection recent findings by our Research Team, as well as
-
Apr 9th, 2020
Turning Cobalt Into Diamonds: Building an Actor Profile For Hunting
Summary Hunting adversaries begins with understanding their behavior through data. In this blog post, we’ll use the Diamond Model as a vehicle to create an actor profile for the criminal group Cobal
-
Mar 20th, 2020
7 Tips for Working from Home
Many of us are stuck at working from home due to COVID-19. These are very surreal times. For some of you (us), being at home trying to work might be a whole new world. Well, we’re here to help navig
-
Mar 17th, 2020
Automation Anxiety? Don’t Worry.
More efficient processes. Better staff utilization. Increased documentation of processes. These are just a few of the benefits of automation, yet organizations may be slow to adopt automation technolo
-
Jun 26th, 2019
Building Out ProtonMail Spoofed Infrastructure with Creation Timestamp Pivoting
ThreatConnect Research reviews phishing activity targeting Bellingcat researcher Christo Grozev and identifies a series of ProtonMail-spoofing domains most likely associated with attacks on Russia foc
-
Mar 18th, 2019
Lights, Camera, Actionable Intelligence!
ThreatConnect Research builds out a network of domains and subdomains spoofing organizations related to the entertainment industry, most likely used in credential harvesting efforts. To be frank, if w