Resources

Access the latest resources including White Papers, Case Studies, Product Descriptions, Analysts Reports, and more, covering the topic of Cyber Threat Intelligence. Experts share their insights for Threat Analysts, Security Analysts, Managers of Threat Intelligence / SOC / CERT, and CISOs.

Threat Intelligence Report

Fusion Center Report: US Midterm Elections 2018 Situational Awareness English

The Midterm Elections in the US are due to take place on 6th November 2018. In light of allegations of interference in previous campaigns, this report will focus on risks and identified activity that may be occurring to influence the result of the elections.

Download report and STIX entities

Threat Intelligence Report

Fusion Center Report: OpenEMR - Multiple Security Flaws Could Put Medical Records at Risk English

Researchers at Project Insecurity identified more than 30 bugs in OpenEMR, the world’s most popular open source software for managing medical records.

Download report and STIX entities

Threat Intelligence Report

Fusion Center Report: SegmentSmack - Linux Kernel TCP Vulnerability English

The Linux kernel, versions 4.9+, is vulnerable to denial of service conditions with low rates of specially crafted packets. This is being tracked as SegmentSmack, the CVE is CVE-2018- 5390.

Download report and STIX entities

Threat Intelligence Report

Fusion Center Situational Awareness Report - European Central Bank Meeting English

The European Central Bank governing council will meet on the 26th of July to discuss European monetary policy. This report will examine some of the potential threats to the ECB.

Download report and STIX entities

Threat Intelligence Report

Fusion Center Report: Uptick in Ethereum and Bitcoin Phishing Domains English

EclecticIQ analysts identified at least 25 recently registered phishing domains impersonating legitimate Ethereum or Bitcoin exchanges, cryptocurrency airdrop giveaway sites, or cryptocurrency trading sites.

Download report and STIX entities

Threat Intelligence Report

Fusion Center Report: Situational Awareness - North Korean Cyber After Singapore Summit English

The mid-June Singapore summit between the U.S.and North Korean officials have led analysts to speculate on whether or not we are likely to see a continuation or a pause in North Korean cyber actions, and whether or not that would be damaging to the recent diplomacy that came out of the summit.

Download report and STIX entities

Threat Intelligence Report

EclecticIQ Report: Targeted Attacks Against Russian Service Center English

Fortinet reported about a series of attacks targeted at service centers in Russia. The service centers provide maintenance and support for a variety of electronic goods.

Download report and STIX entities

Threat Intelligence Report

EclecticIQ Analysis: FIFA World Cup 2018 Threat Landscape English

In preparation for the 2018 World Cup hosted in Russia from June 14 - July 15, EclecticIQ Fusion Center analysts identified several categories of potential threats and activities that could impact the threat landscape leading up to and during the World Cup.

Download report and STIX entities

Threat Intelligence Report

EclecticIQ Fusion Center Report: Possible APT33 Return Adds to Uptick in Iranian Activity English

In the same week as spotting fresh Intrusion Set: Greenbug activity, EclecticIQ analysts have observed a number of malware samples in the wild from fellow Iranian espionage group Intrusion Set: APT33.

Download report and STIX entities

Threat Intelligence Report

EclecticIQ Fusion Center Report: ScrapedIn LinkedIn Scraper Released on GitHub English

A Red Team Engineer posted a new tool on GitHub, ScrapedIn, that can scrape LinkedIn profiles and put the results into an Excel Spreadsheet.

Download report and STIX entities

Threat Intelligence Report

EclecticIQ Fusion Center Report: ComboJack Malware Alters Clipboards to Steal Cryptocurrency English

Unit 42 researchers discovered a new currency stealer dubbed "ComboJack", which targets cryptocurrencies and online wallets.

Download report and STIX entities

Threat Intelligence Report

Report - EclecticIQ Hypotheses: Infection Vector for German Government Breach English

On 28th February the German Interior Ministry confirmed that it identified an attack against its servers in December 2017. In this report EclecticIQ Fusion Center analysts will summarize what is known to date and will provide a set of hypotheses about the infection vector.

Download report and STIX entities

Threat Intelligence Report

Large Lokibot Malspam Campaign Hitting The UK English

Malware: LokiBot malware is actively being distributed via a spam email campaign in the UK.

Download report and STIX entities

Threat Intelligence Report

EclecticIQ Analysis: Trend in Android Trojans Targeting the Middle East English

There have been numerous instances of Android Trojans being used for espionage purposes targeting users in the Middle East in recent months. The highest profile of these include; FrozenCell, GnatSpy, AnubisSpy, Pallas and Tempting Cedar.

Download report and STIX entities

Threat Intelligence Report

EclecticIQ Fusion Center Report: Malware Steals Data Directly from the Device to Hack Facebook Accounts English

A new Android malware named Malware: Android.Fakeapp extracts user credentials directly from the victim's devices, most of which have been found to be located in the Asia-Pacific region.

Download report and STIX entities

Threat Intelligence Report

EclecticIQ Fusion Center Report: DDoS Attack Stemming from Memcached Servers Hits GitHub English

Earlier this week Cloudflare and various security researchers were reporting on an obscure amplification attack vector using the memcached protocol, coming from UDP port 11211. On Wednesday. GitHub experienced a DDoS attack stemming from memcached servers.

Download report and STIX entities

Threat Intelligence Report

EclecticIQ Fusion Center Report: Annabelle Ransomware (Update) English

Security researchers have identified a new ransomware, named after the horror movie "Annabelle", which showcases a number of traditional ransomware features. This report details the observations seen by EclecticIQ Fusion Center analysts.

Download report and STIX entities

Threat Intelligence Report

EclecticIQ Fusion Center Report: Thanatos Ransomware First Ransomware to Ask for Payment in Bitcoin Cash English

Researchers identified a new ransomware, Thanatos, that still appears to contain a lot of bugs but is the first ransomware seen to ask for payment to be made in Bitcoin Cash (BCH).

Download report and STIX entities

Threat Intelligence Report

EclecticIQ Fusion Center Report: Hacker Group Makes $3 Million by Installing Monero Miners on Jenkins Servers English

A group of actors hacked into Jenkins servers and installed a malware that mines for Monero. This operation resulted in the theft of approximately $3 million (USD).

Download report and STIX entities

Threat Intelligence Report

EclecticIQ Fusion Center Report: Olympic Destroyer - Various Firms Attempt to Attribute English

Talos reported about Malware: Olympic Destroyer samples. Researchers noted that of the analyzedsamples, it appeared to perform only destructive functionality. From previous attacks, inclusion of destructive capabilities may add additional meaning, in terms of targeting, campaign goals, and attribution.

Download report and STIX entities

Threat Intelligence Report

EclecticIQ Fusion Center Report: Russian Hacking Group Fancy Bear Prepares to Attack Winter Olympics, U.S. Senate English

The hacking group Threat Actor: Fancy Bears Hack Team, which is heavily linked to the Russian government, appears to be preparing to disrupt the 2018 Winter Olympics in South Korea.

Download report and STIX entities

Threat Intelligence Report

EclecticIQ Fusion Center Report: Pyeongchang 2018: Summary of Cyber and Physical Threats English

In preparation for the 2018 Olympic Winter Games travelers are reminded to be aware of cybersecurity and physical security risks. Cyber criminals may attempt to steal PII or harvest credentials for financial gain.

Download report and STIX entities