Identify High Value Malicious Domains
I was due to write a post outlining the characteristics we were seeing of what we call “High Value Malicious Domains” when a perfect set of examples hit the news related to the Solarwinds breach.
Investigating Suspicious NameServers
Investigating Name Servers- evolving domains from suspicious to malicious. TeamTNT
Very few security products and services give enough consideration to the reputation and quality of the Name Server associated with domains they are looking at. We pick here a High Value Suspicious Domain and check what else …
… Read More
Pivoting: finding malware domains without seeing malicious activity
Pivoting: finding malware domains without seeing malicious activity
It is part of the job of a threat actor to ensure the domains used in their campaigns blend in with the crowd and stay undetected for the duration of the campaign. It is part …
… Read More
Threat Hunting using new characteristics for IOCs
TAGS: Threat Hunting, Actor Profiling, Pivoting, Building Threat Feeds
Intelligence Analysts as well as Security Analysts lost a lot of information when GDPR changed the content of WHOIS information by obscuring claimed registrant details.
In order to reclaim some characteristics to help build attacker TTP …
… Read More
Mission and Policy
Silent Push Mission
The mission of this organization is to improve the use and usefulness of threat intellligence across the security space. We wish to help organizations defend themselves in a clearer manner and with more information to help them understand the intelligence they are using and its …
… Read More
IcedID Command and Control Infrastructure
IcedID Command and Control Infrastructure
Earlier this week, the DFIR Report published an interesting analysis of an intrusion with the notorious SodinokibiREvil ransomware. The intrusion used IcedID as the initial access broker: many ransomware actors use another malware campaign to gain access to an internal …
… Read More