IOC – Page 2 – WindowsTechs.com

[SANS ISC] Collecting IOCs from IMAP Folder

Posted on April 30, 2020 by Xavier

I published the following diary on isc.sans.edu: “Collecting IOCs from IMAP Folder“: I’ve plenty of subscriptions to “cyber security” mailing lists that generate a lot of traffic. Even if we try to get rid of emails, that’s a fact: email remains a key communication channel. Some mailing lists posts contain

[The post [SANS ISC] Collecting IOCs from IMAP Folder has been first published on /dev/random]

Continue reading [SANS ISC] Collecting IOCs from IMAP Folder→

Maze Ransomware Attack Hits Cognizant

Posted on April 20, 2020 by Lindsey O'Donnell

Cognizant has confirmed that a Friday evening Maze ransomware attack has disrupted its systems. Continue reading Maze Ransomware Attack Hits Cognizant→

How to respond to Indicators of Compromise?

Posted on April 16, 2020 by sanba06c

We’ve received frequent emails from our Threat Intelligence Group with IoCs artifacts, such as file names, hashes, domains/urls. They request us to do preventive measures for the given attributes.

However, I find it very hard to follow t… Continue reading How to respond to Indicators of Compromise?→

Finding a mimikatz file on a compromised host? [on hold]

Posted on November 14, 2019 by ismaeel ali

So I am currently struggling with a cyber security lab, and after searching various online sources and reading documentation I can’t find a solution. The 2 tasks are as follows:

“The attacker has deployed the Mimikatz t… Continue reading Finding a mimikatz file on a compromised host? [on hold]→

Pipelining VT Intelligence searches and sandbox report lookups via APIv3 to automatically generate indicators of compromise

Posted on November 6, 2019 by Emiliano Martinez

TL;DR: VirusTotal APIv3 includes an endpoint to retrieve all the dynamic analysis reports for a given file. This article showcases programmatic retrieval of sandbox behaviour reports in order to produce indicators of compromise that you can use to pow… Continue reading Pipelining VT Intelligence searches and sandbox report lookups via APIv3 to automatically generate indicators of compromise→

Search Engine Poisoning

Posted on November 5, 2019 by byten

There are symptoms in google when doing a search like:

site: example.subdomain.domain.com (my pretend example site)

Search engine is returning a particular false result for 1 php web server where it:

1) Displays a generic … Continue reading Search Engine Poisoning→

How to use indicators of compromise (IOC)?

Posted on November 2, 2019 by Caroline

I am preparing for an exam, at this is a question from last year, that I struggle to answer. Especially I don’t understand how the discovery of different IOCs poses a problem to the attacker.

Question:

A new ongoing APT … Continue reading How to use indicators of compromise (IOC)?→

Behavioral analysis versus artifacts/IOC’s

Posted on October 16, 2019 by JeffSoh

Much of our defensive architecture today is based on the ability to extract indicators of compromise from logs, packet data and flow data and the monitoring of processes on the system. While this is good, to work through the enormous amounts of alerts … Continue reading Behavioral analysis versus artifacts/IOC’s→

MISP vs STIX/TAXII Threat Intelligence

Posted on September 16, 2019 by bypass1

What are the advantages and/or disadvantages between MISP and STIX/TAXII formats with a focus on deploying a local instance and push events via DXL (Data Exchange Layer)?

I have to decide which should be the central unit in … Continue reading MISP vs STIX/TAXII Threat Intelligence→

U.S. Manufacturer Most Recent Target of LokiBot Malspam Campaign

Posted on September 10, 2019 by Lindsey O'Donnell

A large U.S. manufacturing company is the latest organization to be targeted with the LokiBot trojan – although this most recent campaign harbored some bizarre red flags. Continue reading U.S. Manufacturer Most Recent Target of LokiBot Malspam Campaign→