Votiro Labs and ClearSky CyberSecurity both based out of Israel, through use of MalNet have uncovered a slew of interesting TTPs and infrastructure believed to be used by the 1937CN group. Votiro & ClearSky CyberSecurity documented this a great deal in their post last week. Some great screenshots had been provided during their hunt identifying signatures related to Command and Control, related IP addresses and domains.
Last month, we had also detailed how Trend Micro and ClearSky had also exposed a vast espionage apparatus that had not been publicly reported dubbed “Operation Wilted Tulip” .
When partnering with ProofPoint to help visualize the vast amount of data, use cases to augment the analyst like this had been our primary goal. We are proud to enable deeper investigations to augment the analyst.
We have a few more videos in the works, but wanted to share a few quick links to MalNet that may be useful.
For help in acquiring a trial license key for MalNet with integration into Maltego or integration into a security orchastration framework please contact us via phone, email or our contact form.
Daniel Clemens is the founder and CEO of both ShadowDragon and Packet Ninjas, a niche cybersecurity consulting and services company.
With extensive experience in defensive and offensive security, Daniel has been a quiet trailblazer in digital intel-gathering long before cyber intelligence became a discipline. More than a decade ago he was inventing and applying his own intelligence tools in support of companies and governments around the world facing urgent threats. Using this deep understanding of web technologies and the behaviors of cybercriminals, he has enhanced, updated and packaged these tools under ShadowDragon.