Read insights, thought leadership, and platform updates.

Executive Summary Recently, an international NGO that provides threat sharing and analysis support to frequently targeted communities reached out to ThreatConnect wanting to learn more about the origins of a targeted phishing attack they were researching. Researching both the attacker’s infrastructure and tooling, we believe the nexus of the attack to be DPRK’s Kimsuky group […]

Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observations of related indicators across ThreatConnect’s CAL™ (Collective Analytics Layer). Note: Viewing the pages linked in this blog post requires a ThreatConnect account. In this edition, we cover: […]

Today’s post continues an ongoing series on Polarity Security Operations Center SOC) use cases; demonstrating how Polarity augments analysts for superhuman speed and thoroughness. Hash values can help verify whether activity found within logs has already been determined as a “known-bad” and can be used to correlate activity between network devices and netflows. These are […]

ThreatConnect now supports Sigma Signatures! As a quick refresher, Sigma is a generic and open signature format for SIEM systems. It allows you to describe relevant log events straightforwardly. The rule format is very flexible, easy to write, and applicable to any log file type. This project’s primary purpose is to provide a structured form […]

Today’s post continues an ongoing series on Polarity Integrations. Data tells a story, Polarity helps you see it with Augmented Reality overlaying contextual information from the applications you use every day, no glasses or goggles required. With over 100 powerful integrations, Polarity’s open-source Integrations Library arms you with the right data at the right time […]

Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observations of related indicators across ThreatConnect’s CAL™ (Collective Analytics Layer). Note: Viewing the pages linked in this blog post requires a ThreatConnect account. In this edition, we cover: […]

Today’s post continues an ongoing series on Polarity Security Operations Center (SOC) use cases; demonstrating how Polarity enables you to see the story in your data without sacrificing thoroughness or speed. To understand the operational impact of malicious activity on the network, a SOC analyst must be able to determine not only what function an affected […]

Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observations of related indicators across ThreatConnect’s CAL™ (Collective Analytics Layer). Note: Viewing the pages linked in this blog post requires a ThreatConnect account. In this edition, we cover: […]

Why Acquiring Nehemiah Security was the Right Decision Since its inception, ThreatConnect has used the analogy that it wants to be the “brain of security,” to act as its central nervous system providing both decision and operational support. We use this analogy because of the relationship between decision making and taking action that the brain […]

Today’s post begins a series on Polarity Security Operations Center (SOC) use cases; demonstrating how Polarity enables you to see the story in your data without sacrificing thoroughness or speed. Understanding the reputation of a domain that appears in an event presented to an analyst for investigation is a critical step in identifying malicious activity. The […]

ThreatConnect has long supported the MITRE ATT&CK framework and, we are delighted to be among the first to support MITRE ATT&CK Sub-techniques. As a quick refresher, MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for developing specific threat […]

Howdy, and welcome to the ThreatConnect Research Roundup, a collection of recent findings by our Research Team and items from open source publications that have resulted in Observations of related indicators across ThreatConnect’s CAL™ (Collective Analytics Layer). Note: Viewing the pages linked in this blog post requires a ThreatConnect account. In this edition, we cover: […]