Resources

The Tradecraft of a Successful Threat Investigation: A COVID-19 Case Study English

What does it take to run a successful threat investigation with global implications? Since February 2020, we at EclecticIQ have tracked adversaries as they put their malicious tactics, techniques, and procedures (TTPs) into high gear to take advantage of organizations shifting focus from security to the COVID-19 health crisis.

Group-IB and EclecticIQ Platform English

As the analyst-centric TIP, EclecticIQ Platform now provides unparalleled visibility and insights into the threat landscape by integrating the widest range of Group-IB Intelligence data. This data comes from closed sources, real-life investigations, joint ops with law enforcement, and a global technology grid to dive deep into tactics, techniques, and procedures (TTPs).

Recorded Future and EclecticIQ Platform English

With EclecticIQ’s integration of Recorded Future, analysts quickly prioritize indicators of compromise (IOCs). Using the Platform’s graph and advanced search functions, analysts can promptly align these IOCs to tactics, techniques, and procedures (TTPs).

Threat Hunting Beyond the IOC with MITRE ATT&CK English

In the industry’s pursuit for the perfect security alert - high confidence, enriched, threat intelligence based - we have become increasingly hampered in identifying high impact threats for which no known Indicators of Compromise (IOCs), signatures or high fidelity threat models are known. The practice of threat hunting has emerged to solve the problem of identifying threats for which we have partial or limited intelligence. Supported by new industry standards like the MITRE ATT&CK taxonomy, threat hunting can support in the identification of commonly used techniques that may indicate the occurrence of a threat.

Threat Data Ingestion: Get the Best of Both Worlds English

Selecting a threat intelligence platform (TIP) is a complex decision that often puts the CTI and the IT Ops teams at odds with each other. The CTI team demands high-fidelity threat data. The IT Ops team requires a TIP with predictable and manageable scalability.

Azure Sentinel and EclecticIQ Platform English

Together, EclecticIQ Platform and Azure Sentinel facilitate SOC and CTI teams gaining actionable insights, sharper threat pattern visualizations, and instant situational awareness.

Flashpoint and EclecticIQ Platform English

EclecticIQ Platform now integrates Flashpoint’s trusted actionable intelligence to provide CTI and SOC analysts with the insights they need to make better decisions, respond sooner, and move faster.

Ransomware as a Smokescreen for Nation-State Sponsored Espionage Operations English

There is a general consensus around the financial motivation behind ransomware campaigns. While this holds true, in this presentation we are going to look into alternative hypotheses where cyber-criminal gangs cooperate with nation states to target victims in order to steal data of value for the nation state sponsoring the operation, hiding the nation state attribution and the espionage motive behind the cyber-criminal gang attribution and financial motive.

EclecticIQ Platform - Enterprise English

Harnessing the power of threat intelligence - moving from reactive to adaptive with intelligence-led security

EclecticIQ Academy: CTI Fundamentals English

Upskill your team and take your CTI expertise to the next level with the EclecticIQ Academy CTI Fundamentals course.

EclecticIQ Threat Intelligence Consultants English

Leverage Threat Intelligence Consultants to supercharge your threat intelligence operations and optimize your EclecticIQ Platform.

Time to Soar with EclecticIQ and Splunk English

With EclecticIQ Platform's built-in integration with Splunk Enterprise and Splunk Phantom, your SOC, SOAR, and CTI teams prioritize and accelerate their threat response.

Understanding the Ransomware Landscape English

This talk consists of 3 main parts: a historical overview of the ransomware phenomenon, how Cyber Threat Intelligence driven security can prevent a ransomware attack by providing the strategic, operational and tactical intelligence, and a description of a worst case scenario resulting from a successful ransomware attack against a targeted victim.

Silobreaker and EclecticIQ Platform English

Together, EclecticIQ and Silobreaker help threat intelligence teams integrate structured and unstructured threat data, contextualize unique indicators, and respond faster to impending threats.

Gartner: Innovation Insight for Extended Detection and Response English

In this report, Gartner has listed XDR’s capabilities, advantages and risks to consider before adopting one XDR solution.

CTI-Powered Cyber Security Operations English

EclecticIQ and Kaspersky came together to present a Webinar for Practitioners, by Practitioners. We demonstrated the benefits of a security operation center (SOC) powered by cyber threat intelligence (CTI)—and we’re proving our findings with live demos.

Narrator: Generating Intelligence Reports from Structured Data English

Explore the role of Natural Language Generation (NLG) in the cyber threat intelligence domain.  

Preventing Cybercrime with SOC Augmentation English

The Kaspersky and EclecticIQ collaboration on their portfolio of integrations guarantees high-end Cyber Threat Intelligence analysis, empowering organizations to stay ahead of cybercrime. This webinar shows the strength of our combined portfolio and offering, with a product demonstration.

How to Leverage CTI to Defend From Ransomware English

How CTI can be leveraged in practical terms from a tactic and a strategic point of view.

CTI Collaboration Using STIX and Elasticsearch English

In this talk we explore the concepts that underpin true intelligence collaboration and describe a means to achieve it using STIX and elasticsearch.

Lessons Learned Implementing Intelligence-led Security English

We have invited Carol Geyer, Chief Development Officer from OASIS, to discuss how the adoption of STIX and TAXII might transform the CTI practices of organizations. Further, during this webinar we will look at some of the issues that central government and enterprises face, when setting up CTI capabilities.

How to overcome the Threat Intelligence Cycle Paralysis? English

Demonstration on how to overcome threat intelligence paralysis by using a ransomware campaign and botnet threat, by providing context through their relationships with each other and additional threats.

Technology Trends in Government, 2019-2020: Adaptive Security English

According to Gartner, "An exponential rise in government cyberattacks is driving the need for governments to adopt new security approaches". CTI allows Governments to gain a better understanding of their threat landscape and align their security efforts accordingly.

SANS Cyber Threat Intelligence Survey Report 2020 English

Download your complimentary copy now

Tips for Selecting the Right Tools for Your Security Operations Center English

Deciding when to make investments in tools, and selecting the right ones, for the SOC is challenging for many organizations. Security and risk management leaders responsible for security operations should use this research to aid in making pragmatic decisions

Make Sure Your Organization Is Mature Enough for SOAR English

Complimentary Analyst Report 'Make Sure Your Organization Is Mature Enough for SOAR' by Gartner.

Gartner Market Guide for Security Threat Intelligence Products English

The 2019 'Gartner Market Guide to Security Intelligence Products and Services' by Craig Lawson, Ryan Benson, and Ruggero Contu.

Beyond the IOC with Cyber Threat Intelligence (CTI) English

Indicators of Compromise (IOCs) have their place in cybersecurity, but as cyber threats evolve, they have become ineffective in threat detection. In order to detect the techniques, tactics and procedures (TTPs) of adversaries as well as to fully understand and anticipate threats, we have to go Beyond the IOC with structured intelligence.

STIX 2.1 - Build your own intelligence English

This White Paper introduces STIX 2.1, compares it with the existing STIX 1.2 architecture and shows the future for STIX 2.x.

Building a Threat Intelligence Practice English

How to make threat intelligence relevant to executives, business stakeholders, security operations and incident responders.

Applying the Threat Intelligence Maturity Model to your organization English

This paper provides a framework to assess the maturity of threat intelligence efforts and guide future investments.

Augment your SOC with human-led threat intelligence English

Learn about the limitations of automation in the Security Operations Center. Find out why SOCs should let humans take the lead in handling intelligence. Discover how to achieve the benefits of an integrated, intelligence-led cyber defense capability powered by a Threat Intelligence Platform.

Accelerate Incident Response with Threat Intelligence English

This paper explains how Threat Intelligence improves Incident Response (IR) and how to introduce Threat Intelligence into your IR practice - with two use cases from Fox-IT.

EclecticIQ Fusion Center Report: Pyeongchang 2018: Summary of Cyber and Physical Threats English

In preparation for the 2018 Olympic Winter Games travelers are reminded to be aware of cybersecurity and physical security risks. Cyber criminals may attempt to steal PII or harvest credentials for financial gain.

The future of Cyber Threat Intelligence? A "community of communities" English

Don’t map the threat landscape by yourself. Instead, talk to the intelligence communities of countries, industries and commercial fusion centres using industry standards STIX and TAXII.

Using a Robust Platform for Training Purposes English

Cyber threat analysts are hard to find, and are being heavily recruited by enterprises and governments. The problem is that threat intelligence has a steep learning curve, even for IT professionals in related fields. That’s why Cyber Threat Intelligence Network (CTIN) advocates a new approach to training cyber threat analysts: Use a Threat Intelligence Platform (TIP) as a hands-on instructional tool.

EclecticIQ Fusion Center Report: Russian Hacking Group Fancy Bear Prepares to Attack Winter Olympics, U.S. Senate English

The hacking group Threat Actor: Fancy Bears Hack Team, which is heavily linked to the Russian government, appears to be preparing to disrupt the 2018 Winter Olympics in South Korea.

EclecticIQ Fusion Center Report: Olympic Destroyer - Various Firms Attempt to Attribute English

Talos reported about Malware: Olympic Destroyer samples. Researchers noted that of the analyzedsamples, it appeared to perform only destructive functionality. From previous attacks, inclusion of destructive capabilities may add additional meaning, in terms of targeting, campaign goals, and attribution.

EclecticIQ Fusion Center Report: Hacker Group Makes $3 Million by Installing Monero Miners on Jenkins Servers English

A group of actors hacked into Jenkins servers and installed a malware that mines for Monero. This operation resulted in the theft of approximately $3 million (USD).

EclecticIQ Fusion Center Report: Thanatos Ransomware First Ransomware to Ask for Payment in Bitcoin Cash English

Researchers identified a new ransomware, Thanatos, that still appears to contain a lot of bugs but is the first ransomware seen to ask for payment to be made in Bitcoin Cash (BCH).

EclecticIQ Fusion Center Report: Annabelle Ransomware (Update) English

Security researchers have identified a new ransomware, named after the horror movie "Annabelle", which showcases a number of traditional ransomware features. This report details the observations seen by EclecticIQ Fusion Center analysts.

EclecticIQ Fusion Center Report: DDoS Attack Stemming from Memcached Servers Hits GitHub English

Earlier this week Cloudflare and various security researchers were reporting on an obscure amplification attack vector using the memcached protocol, coming from UDP port 11211. On Wednesday. GitHub experienced a DDoS attack stemming from memcached servers.

EclecticIQ Fusion Center Report: Malware Steals Data Directly from the Device to Hack Facebook Accounts English

A new Android malware named Malware: Android.Fakeapp extracts user credentials directly from the victim's devices, most of which have been found to be located in the Asia-Pacific region.

EclecticIQ Analysis: Trend in Android Trojans Targeting the Middle East English

There have been numerous instances of Android Trojans being used for espionage purposes targeting users in the Middle East in recent months. The highest profile of these include; FrozenCell, GnatSpy, AnubisSpy, Pallas and Tempting Cedar.

Large Lokibot Malspam Campaign Hitting The UK English

Malware: LokiBot malware is actively being distributed via a spam email campaign in the UK.

EclecticIQ Fusion Center Report: Possible APT33 Return Adds to Uptick in Iranian Activity English

In the same week as spotting fresh Intrusion Set: Greenbug activity, EclecticIQ analysts have observed a number of malware samples in the wild from fellow Iranian espionage group Intrusion Set: APT33.

Fusion Center Situational Awareness Report - European Central Bank Meeting English

The mid-June Singapore summit between the U.S.and North Korean officials have led analysts to speculate on whether or not we are likely to see a continuation or a pause in North Korean cyber actions, and whether or not that would be damaging to the recent diplomacy that came out of the summit.

EclecticIQ Hypotheses: Infection Vector for German Government Breach English

On 28th February the German Interior Ministry confirmed that it identified an attack against its servers in December 2017. In this report EclecticIQ Fusion Center analysts will summarize what is known to date and will provide a set of hypotheses about the infection vector.

EclecticIQ Analysis: FIFA World Cup 2018 Threat Landscape English

In preparation for the 2018 World Cup hosted in Russia from June 14 - July 15, EclecticIQ Fusion Center analysts identified several categories of potential threats and activities that could impact the threat landscape leading up to and during the World Cup.

EclecticIQ Fusion Center Report: ComboJack Malware Alters Clipboards to Steal Cryptocurrency English

Unit 42 researchers discovered a new currency stealer dubbed "ComboJack", which targets cryptocurrencies and online wallets.

EclecticIQ Report: Targeted Attacks Against Russian Service Center English

Fortinet reported about a series of attacks targeted at service centers in Russia. The service centers provide maintenance and support for a variety of electronic goods.

EclecticIQ Fusion Center Report: ScrapedIn LinkedIn Scraper Released on GitHub English

A Red Team Engineer posted a new tool on GitHub, ScrapedIn, that can scrape LinkedIn profiles and put the results into an Excel Spreadsheet.

EclecticIQ Descrizione della Società Italian

EclecticIQ offre sicurezza informatica basata su intelligence a imprese commerciali e organizzazioni governative. I nostri prodotti e servizi, sviluppati secondo una logica rivolta agli analisti, consentono di allineare gli sforzi incentrati sulla sicurezza informatica dei nostri clienti alle minacce reali. Il risultato è una sicurezza saldamente connessa all'intelligence, con rilevamento e prevenzione migliori, e investimenti di sicurezza remunerativi.

EclecticIQ - Beschreibung des Unternehmens German

EclecticIQ bietet staatlichen Organisationen und Handelsunternehmen Intelligence-basierte Cyber-Sicherheit. Wir entwickeln analystenorientierte Produkte und Dienstleistungen, die unseren Kunden helfen, ihre Cyberabwehr-Ressourcen gezielt auf die tatsächliche Bedrohung auszurichten - mit dem Ergebnis zuverlässiger informationsgeleiteter Sicherheit, verbesserter Bedrohungserkennung, Vorbeugung und kosteneffizienter Sicherheitsinvestition.

Triage & Collaboration: Improving a major bank's cyber threat security posture English

Learn how a major bank implemented a single Threat Intelligence Platform (TIP) to support multiple lines of business across its global footprint.

EclecticIQ - Description de l’entreprise French

EclecticIQ offre aux gouvernements et entreprises la capacité d'insuffler le renseignement sur les menaces au coeur de leur pratique en Cyber Securité. Nous dévelopons des produits et services pour analystes, qui permettent à nos clients d'aligner leur stratégie avec la réalité des menaces. Le résultat rend possible une pratique en cyber sécurité informée par le renseignement, une meilleure détection et réponse aux incidents, ainsi que des investissements rentables en cyber sécurité.

EclecticIQ - Company description English

EclecticIQ enables intelligence-powered cybersecurity for government organizations and commercial enterprises. We develop analyst-centric products and services that align our clients’ cybersecurity focus with their threat reality. The result is intelligence-led security, improved detection and prevention, and cost-efficient security investments.

Toward a Holistic Cyber Threat Intelligence (CTI) Program English

Report by Enterprise Strategy Group (ESG) Jon Oltsik, Senior Principal Analyst on operationalizing Cyber Threat Intelligence through a holistic approach [Aug-2017]

EclecticIQ Platform implementation chart English

This chart highlights the 5-steps to implement EclecticIQ Platform, the analyst-centric threat intelligence platform, in your organization.

EclecticIQ Fusion Center Report - The Best Defense is Good OPSEC English

Conferences like RSA, CSA, and Blackhat draw people of many capabilities under a single roof. This seems to have the interesting effect of deterring outside threats. Eclectic IQ Fusion Center analysts found scant evidence of targeted campaigns against attendees of these conferences.

Fusion Center Report: Uptick in Ethereum and Bitcoin Phishing Domains English

EclecticIQ analysts identified at least 25 recently registered phishing domains impersonating legitimate Ethereum or Bitcoin exchanges, cryptocurrency airdrop giveaway sites, or cryptocurrency trading sites.

EclecticIQ Platform English

With EclecticIQ Platform, your analysts take back control of their threat reality and drive down mean time to remediation from days to minutes.

Investigating a Russian Video Game Publisher Supply Chain Compromise English

EclecticIQ Fusion Center Analysts observed an influx of uploads of an executable named "playblackdesert.exe" to Virus Total, associated with the Russian installation of a very popular South Korean Massively multiplayer online role-playing game called Black Desert Online.

Fusion Center Report: US Midterm Elections 2018 Situational Awareness English

The Midterm Elections in the US are due to take place on 6th November 2018. In light of allegations of interference in previous campaigns, this report will focus on risks and identified activity that may be occurring to influence the result of the elections.

Fusion Center Situational Awareness Report - European Central Bank Meeting English

The European Central Bank governing council will meet on the 26th of July to discuss European monetary policy. This report will examine some of the potential threats to the ECB.

Fusion Center Report: OpenEMR - Multiple Security Flaws Could Put Medical Records at Risk English

Researchers at Project Insecurity identified more than 30 bugs in OpenEMR, the world’s most popular open source software for managing medical records.

Data Breach Trends Post-GDPR English

After GDPR took effect in May 2018, the security community, analysts, and the media were all attempting to speculate about the impact that GDPR would have in the way in which breaches were reported, when they were reported, and where they were being reported most.

Fusion Center Report: Situational Awareness Ukraine Elections English

EclecticIQ analysts believe with a medium to high-level of confidence that the Ukrainian 2019 elections held the 31st of March might be influenced by Russian intent to carry out cyber operations.

Fusion Center Report: SegmentSmack - Linux Kernel TCP Vulnerability English

The Linux kernel, versions 4.9+, is vulnerable to denial of service conditions with low rates of specially crafted packets. This is being tracked as SegmentSmack, the CVE is CVE-2018- 5390.

Gartner Market Guide for Security Threat Intelligence Products and Services English

Gartner How to Respond to the 2020 Threat Landscape English

Intel 471 and EclecticIQ Platform English

EclecticIQ and Intel 471’s combined solution helps organizations dig deep to detect and prevent cyber underground threats. Threat intelligence teams can master their threat landscape by integrating Intel 471’s cybercrime intelligence with EclecticIQ Platform.

Kaspersky Intelligence and EclecticIQ Platform English

With EclecticIQ and Kaspersky, organizations can shift their operations to proactive threat management by speeding up CTI operations as analysts identify the most critical threats faster, take timely action sooner and advise the organization on how to respond better.

MISP and EclecticIQ Platform English

By integrating MISP (Malware Information Sharing Platform) into EclecticIQ Platform, not only do you benefit from MISP’s strong sharing capabilities and extensive community connections, but you also leverage the analyst-centric functionality from EclecticIQ Platform.

PhishMe Intelligence and EclecticIQ Platform English

With PhishMe Intelligence and EclecticIQ Platform, security teams have unobstructed views into credible phishing threats leading to higher confidence in the action based on the indicators.

EclecticIQ Intelligence Feeds English

With EclecticIQ's curated and optimized Open Sources and Commercial Sources Feeds, your CTI team will overcome feed marketplace overload, jumpstart their CTI operations, and expand their threat landscape visibility.