[SANS ISC] Collecting IOCs from IMAP Folder

I published the following diary on isc.sans.edu: “Collecting IOCs from IMAP Folder“: I’ve plenty of subscriptions to “cyber security” mailing lists that generate a lot of traffic. Even if we try to get rid of emails, that’s a fact: email remains a key communication channel. Some mailing lists posts contain

[The post [SANS ISC] Collecting IOCs from IMAP Folder has been first published on /dev/random]

Continue reading [SANS ISC] Collecting IOCs from IMAP Folder

Pipelining VT Intelligence searches and sandbox report lookups via APIv3 to automatically generate indicators of compromise

TL;DR: VirusTotal APIv3 includes an endpoint to retrieve all the dynamic analysis reports for a given file. This article showcases programmatic retrieval of sandbox behaviour reports in order to produce indicators of compromise that you can use to pow… Continue reading Pipelining VT Intelligence searches and sandbox report lookups via APIv3 to automatically generate indicators of compromise

U.S. Manufacturer Most Recent Target of LokiBot Malspam Campaign

A large U.S. manufacturing company is the latest organization to be targeted with the LokiBot trojan – although this most recent campaign harbored some bizarre red flags. Continue reading U.S. Manufacturer Most Recent Target of LokiBot Malspam Campaign