Tag: Investigation

What Is Data Exfiltration? MITRE ATT&CK® Exfiltration Tactic | TA0010

The process of stealing data from a corporate system is also known as exfiltration. MITRE ATT&CK® has dedicated an entire tactic to illegal copying, downloading, and transferring of organizations’ internal data with significant levels of sensitivity. Data exfiltration examples can be quite obvious, like copying files to a thumb drive; and quite stealthy, like DNS […]

Read More
What is Ransomware Detection? How to Detect Ransomware

The method of a secure cryptographic key exchange was introduced by Whitfield Diffie and Martin Hellman in 1976. Cool thing about the public and private key pair is that the decryption key cannot be deciphered in any way from an encryption key.  This feature is exactly what’s exploited by ransomware actors who encrypt data and […]

Read More
malware analysis picture
What is Malware Analysis?

Lots of children break things not because they are little evil creatures but because they are curious about “how it’s made.” Eventually, some of those children grow up and become Cybersecurity Analysts. They do basically the same but in an adult world.  Malware analysis is the process of studying a malware sample to understand what […]

Read More
Defending Against Ransomware Attacks in 2021

The cybersecurity community is facing a crisis caused by the escalating threat of high-profile ransomware attacks. Advancing the trend of 2020, ransomware continues to be the number one problem in 2021, with the increasing sophistication of intrusions and a constantly growing number of malicious affiliates.  Big enterprises remain to be the primary target. Yet, the […]

Read More
Stealthphish investigation: 528 domains involved in BEC attack against Fortune 500 companies

About a week ago we got this info from one of our partners “We are seeing phishing emails flying in our environment (Internal to Internal)” along with sharing an email sample with us. Today we’re going to analyze the recent phishing attacks targeted at Fortune 500 and Global 2000 companies dubbed “Stealthphish” aimed at compromising […]

Read More
Petya.A / NotPetya is an AI-powered cyber weapon, TTPs lead to Sandworm APT group

It’s been a hot summer for security industry: in less than a week since the initially suspected ransomware Petya.A has turned out to be much more than meets the eye. Security researchers around the world have rightfully dubbed it NotPetya and EternalPetya, as the malware was never meant to ask for ransom – it was […]

Read More
WannaCry no more: ransomware worm IOC’s, Tor C2 and technical analysis + SIEM rules

Good news everyone! After a rather long day, night and morning of studying the news, researching and hunting the #WannaCry ransomwareworm there are some discoveries to be shared.. This includes Host and Network IOCs, their analysis obtained with help of fellow security researchers and practitioners, review of C2 infrastructure and its interactions with Tor. Last but not least are some free SIEM use cases that […]

Read More
Phishing of the DHL accounts: «DHL & PASSWORDS»

Hello everyone! Today we will focus on the fresh example of the simple phishing from the actual practice as always. Let’s analyze the following letter:

Read More
Infrastructure infiltration via RTF

Let’s proceed to studying a stage of attack called “Delivery” from Lockheed Martin Cyber Kill Chain. Much can be said about this stage, but today I’ll just share parsing of one sample which I have recently received for analysis. The sample attracted my attention because of its simplicity on one hand and its sophistication on […]

Read More