In the spotlight this week: A recently discovered campaign has used the legitimate storage services of BitBucket to facilitate malware distribution and increase the perceived trust between an unknown threat actor and a targeted system. These methods likely facilitate obfuscation and increase the likelihood of maintaining persistence on a target. The campaign detonated a suite of malware variants on a single host, not only to inflict maximum damage on a victim, but also to make identifying and eradicating the different malware from a system comparatively more arduous. Apart from abusing Bitbucket, the attackers went through great lengths to avoid detection, such as providing regular updates to malware and using packers to impede analysis attempts.
Error - something went wrong!
Other content in this Stream
Threat Intelligence: A Deep Dive
Welcome to our deep dive on threat intelligence: intended to help security professionals embarking on creating and building a ...
yOurMine, Equifax Indictment, and SWIFT POC attack
Roses are red, violets are blue, here’s our threat intel podcast, just for you!
Applying the Analysis of Competing Hypotheses to the Cyber Domain
We define the strengths and weaknesses of ACH in the cyber-threat domain, with a "customer-centric" view that can aid analysts in presenting intelligence to a decision maker.
How to Operationalize Threat Intelligence: Actionability and Context
Is there real value in threat intelligence? How can we leverage threat intelligence and make use of it in any meaningful way?
Threat Report ATT&CK Mapping (TRAM) With MITRE’s Sarah Yoder And Jackie Lasky
Sarah Yoder and Jackie Lasky from MITRE join Rick Holland and Harrison Van Riper in this guest episode to talk through their tool, Threat Report ATT&CK Mapping (TRAM). Both Sarah and Jackie are...
SANS CTI Summit, Snake Ransomware, CacheOut, And Citrix Vuln Update [Podcast]
Rick Holland jumps in to kick-off this week’s episode to recap the 2020 SANS CTI Summit with Harrison. Then Harrison, Alex, Kacey, and Charles talk through other top stories of the week.
Understand threat actors, their behavior, and the assets they target.
Dark web travel agencies: Take a trip on the dark side
This blog is intended to highlight the flourishing scene on criminal marketplaces for airline-related information.
Cyber Threat Intelligence Frameworks: 5 Rules for Integrating These Frameworks
This blog discusses how different CTI frameworks can co-exist, and suggests some practical rules to bear in mind when integrating these frameworks into intelligence practices.
Red Team Blues: A 10 step security program for Windows Active Directory environments
Here at Digital Shadows we spend quite a bit of time attacking, defending and researching Windows AD environments, so we thought we’d chip in with a list of controls that we have found to give ...
Competitions on Russian-language cybercriminal forums: Sharing expertise or threat actor showboating?
Competitions have been a feature of the Russian-language cybercriminal scene practically since the advent of cybercriminal forums ...
Citrix Vulnerability, Microsoft Data Breach, and Telnet Credentials Published
Following on from last week, Citrix released a first set of patches to fix a vulnerability (CVE-2019 -19781) affecting the company’s NetScaler ADC Application Delivery Controller and it’s Citrix...
SANS Cyber Threat Intelligence Summit 2020: A Recap
Last week I attended the eighth annual SANS Cyber Threat Intelligence Summit in Crystal City, Virginia. I want to take some time to recap the event for those that were not able to attend.
Top Threat Intelligence Podcasts to Add to Your Playlist
Looking for some new threat intelligence podcasts to add to your playlist? Look no further! Our Photon Threat Intelligence Research team shares their top tracks.
Iranian APT Groups’ Tradecraft Styles: Using Mitre ATT&CK™ and the ASD Essential 8
We will use the Essential 8 as part of our toolkit in thinking about how to mitigate against the TTPs used by these APT groups.
Iranian Cyber Threats: Practical Advice for Security Professionals
Unless you went very dark for an extended holiday break, you are no doubt very well aware of the United ...
Iranian Cyber Threats: Practical Advice From CISO Rick Holland
Rick Holland (CISO at Digital Shadows) joins Harrison to share his thoughts on the Iranian cyber threat and what it means for cyber defenders. What should security practitioners be concerned...
Third Party Risk: 4 ways to manage your security ecosystem
The digital economy has multiplied the number of suppliers that organizations work and interact with. Using a supplier can ...
NSA Vulnerability Disclosure: Pros and Cons
On Monday, January 13th, Brian Krebs reported that Microsoft would be releasing “a software update on Tuesday to fix ...
CVE-2019-19781: Analyzing the Exploit