Category: Threat Intel

Understanding Your Adversary

Over the past year, perhaps more, there has been an increasing amount of discussion about whether or not organizations need to “know” their adversary. The topic roared up upon the publication of Mandiant’s Intel Report and the subsequent publications by other vendors. Naturally, much of the discussion seems to focus on espionage type attacks, but […]

Read More →

Brief OSINT review for CVE-2012-1535 Attacks

On August 15th, Jaime Blasco over at AlienVault Labs posted a description of a malicious word document with an embedded flash file that exploits CVE-2012-1535 (Original here). The document described within the specific attack was titled “iPhone 5 Battery.doc”, and the dummy document displayed after exploitation is a legitimate article that was posted on August […]

Read More →

Crowdsourcing for InfoSec

About a week ago, I saw a tweet by @c_APT_ure referencing a new category in the established domain-tagging system at OpenDNS. They (OpenDNS) recently added both a malware and botnet category that can be submitted for review (official announcement here). For those who don’t know how the domain tagging works, it basically goes like this: […]

Read More →

Adding Flame to the Fire

If you pay any attention to any InfoSec related news sites, Twitter feeds, blogs or other sources, you’ve heard about a “new” piece of malware dubbed Flame or Flamer. News broke over the long weekend that a “highly sophisticated” tool for conducting cyber war (ugh…) had been discovered on several systems throughout the Middle East. […]

Read More → Phishing: Round 2

This morning I received another, slightly different, phishing email. This time, the spoofed sender was “Aaron Peters –” (Header available at the bottom of the post). This email contained two hotlinks, both of which pointed to hxxp:// This post has a slightly more convincing version of the standard wait screen, which consists of […]

Read More →

Threat Intel: Phishing Email

I received an email reportedly from this morning. The email was clearly a phishing email as I’m not a CPA and it was addressed to “Dear accounting officer”. A picture of the email is included below: In order to avoid muddying up the post, the email header is included at the bottom of the […]

Read More →