Earlier this week FireEye/Mandiant had released a blog entitled “Insights into Iranian Cyber Espionage”detailing the targets within the Aerospace and Energy sectors being targeted. To compliment...
What Will OSINT/PAI and Collection at Scale Look like for 2020?
2020 will be eventful and likely one of the most historical years containing change, balancing the tension between change, conflict, and hopefully peace in a long time. When reflecting on the...
Iranian Watering Holes. Target Centric Analysis & Looking for Additional IOCs Related to clear.co.ir | 79.127.125.179 with ShadowDragon MalNet & ProofPoint Data
Additional information is always needed on initial indicators for a SOC analyst or incident handler. In this case, initial indicators point to [ clear. co. ir and 79.127.125.179 ] engaging in...
Link Analysis Presentation No Nos and How Long Should I Deep Dive?
In “Understanding Link Analysis and Using it Investigations,” I detailed how to get started and some fundamentals on link analysis. What I didn’t cover was how long you should be involved in the...
Patchwork APT Group - Additional IOCs & Network Indicators
Yesterday, Matthew Meltzer, Sean Koessel, and Steven Adair @ Volexity released an excellent write-up on the Indian APT group known as Dropping Elephant. The Volexity article detailed attacks...
Buckle up for Step-by-Step Insight into Charming Kitten Cyberespionage Attacks
The horrors of cybercrime can make even the savviest tech person shudder. Much like an accident on the side of the road, however, we just can’t help rubbernecking. That’s why the Clear Sky report...
ShadowDragon MalNet - ProofPoint Maltego Transforms | Vietnamese Victims 1937CN
Votiro Labs and ClearSky CyberSecurity both based out of Israel, through use of MalNet have uncovered a slew of interesting TTPs and infrastructure believed to be used by the 1937CN group. Votiro &...