Mastodon Chapril

MISPJust a reminder: our free MISP online training is happening tomorrow, Wednesday.<a href="https://misp-project.org/events/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://misp-project.org/events/</a><a href="https://misp-community.org/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://misp-community.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://misp-community.org/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://misp-community.org/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://misp-community.org/tags/misp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#misp</a>

The DFIR ReportPassionate about Digital Forensics and Incident Response? Want to share your expertise with the security community while collaborating with talented analysts worldwide?We're looking for volunteer analysts to join the team! We dive deep into real-world threats and publish monthly public reports detailing threat actor TTPs and how they achieve their goals.As part of the team, you will:➡️Analyze intrusion data and contribute to impactful DFIR reports. ➡️Help shape how we share findings 📄🎨 ➡️Collaborate with and learn from amazing analysts across the globe. ➡️Access our internal group to ask questions, share insights, and improve processes. 🧠 ➡️ Have the unique opportunity to present our collective findings at security conferences and talks! 🎤Ready to join the team? Follow the process ➡️ <a href="https://github.com/The-DFIR-Report/DFIR-Artifacts" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/The-DFIR-Report/DFIR-Artifacts</a><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalForensics</a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IncidentResponse</a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntelligence</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a>

Alexandre DulaunoyLarge Language Models are Unreliable for Cyber Threat Intelligence.This isn’t actually surprising, we can even generalise it: Large Language Models are unreliable. It’s a property, and that’s totally fine, you just need to be aware of it.<a href="https://infosec.exchange/tags/llm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#llm</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/ai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ai</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> 🔗 <a href="https://arxiv.org/abs/2503.23175" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arxiv.org/abs/2503.23175</a>

Infoblox Threat IntelGoing to RSA? We’re giving a 2 hour hands-on learning lab on traffic distribution systems (TDS). Malicious actors use these to hide their activity from security teams and deliver tailored content to victims. Not going to RSA? We’ve written a number of articles on this topic (some included below) and we’re happy to answer questions about TDSs here on Mastodon. <a href="https://blogs.infoblox.com/threat-intelligence/from-click-to-chaos-bouncing-around-in-malicious-traffic-distribution-systems/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blogs.infoblox.com/threat-intelligence/from-click-to-chaos-bouncing-around-in-malicious-traffic-distribution-systems/</a> <a href="https://www.infoblox.com/resources/webinars/dns-threat-briefing-q1-2025/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.infoblox.com/resources/webinars/dns-threat-briefing-q1-2025/</a> <a href="https://www.infoblox.com/resources/webinars/traffic-distribution-systems-at-the-heart-of-cybercrime/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.infoblox.com/resources/webinars/traffic-distribution-systems-at-the-heart-of-cybercrime/</a> <a href="https://www.infoblox.com/resources/webinars/the-big-ruse/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.infoblox.com/resources/webinars/the-big-ruse/</a> <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/RSAC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RSAC</a> <a href="https://infosec.exchange/tags/RSAC25" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RSAC25</a>

Alexandre DulaunoyFirst cool and impressive outcome of hackathon.lu 2025, MISP fleet commander. An open source project which supports organisation to manage large fleet of MISP instances, tests synchronisation and many other features.🔗 <a href="https://github.com/MISP/MISP-Fleet-Commander" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/MISP/MISP-Fleet-Commander</a><a href="https://misp-community.org/@misp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@misp</a><a href="https://social.circl.lu/@circl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@circl</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/misp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#misp</a>

SecuriLee🇨🇭🎉 The OpenCanary Experience: 1 Year, 69 Million Events, and Key Cybersecurity Lessons from 20242024 marked the first full year of The OpenCanary Experience, and the results are in—69 million logged events later, we’ve uncovered some eye-opening trends about how attackers probe, exploit, and persist on the internet.📊 The Big Picture: "The State of the Internet" Our 2024 report dives into how threat actors targeted our honeypots to steal data, hijack systems, and evade detection. From brute-force attacks to clever social engineering, the findings reveal the internet’s "dark side" in action. 🔗 Read the full report here: <a href="https://sc.toce.ch/stateoftheinternet2024" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://sc.toce.ch/stateoftheinternet2024</a>👑 The Most Persistent Attacker: 7 Million Attempts from a Single IP One IP address stood out—7 million+ attempts to breach our systems. Who was behind it? What were they after? We analyzed their tactics, tools, and persistence. 🔗 Meet "The Top Attacker" <a href="https://sc.toce.ch/topattacker2024" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://sc.toce.ch/topattacker2024</a>🦠 Malware Madness: How Attackers Weaponized Open Shares Attackers flooded our honeypots with malicious files, banking on human error and misconfigured shares to gain control. Discover the most common malware strains—and how they tried to turn our traps into their attack platforms. 🔗 Honeypot Malware Deep Dive: <a href="https://sc.toce.ch/malware2024" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://sc.toce.ch/malware2024</a>🔑 Key Takeaways for Security Teams 1️⃣ Attackers are relentless—automation lets them probe millions of targets. 2️⃣ Open shares are still a major risk—misconfigurations = easy entry points. 3️⃣ Threat intelligence matters—knowing attacker TTPs helps defenders stay ahead.💬 Discussion: What surprises you most about these findings? Have you seen similar trends in your environment? <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntelligence</a> <a href="https://infosec.exchange/tags/Honeypots" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Honeypots</a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a>

Infoblox Threat IntelOnline gambling operators are sponsoring charities?? If only :(We've identified a malicious gambling affiliate whose specialty is to buy expired domain names which used to belong to charities or reputable organisations. Once they own a domain, they host a website impersonating its previous owner, where they claim to "deeply appreciate the support from [their] sponsors", which surprise surprise, all turn out to be dubious online gambling companies.Because the domain they are taking over is often abandoned or managed by non-technical people, its previous owner often doesn't notify anyone that they've lost control of their website, so it continues being referenced in genuine content, and it continues getting traffic from old links scattered throughout the internet.teampiersma[.]org (screenshots below) americankayak[.]org getelevateapp[.]com hotshotsarena[.]com nehilp[.]org questionner-le-numerique[.]org sip-events[.]co[.]uk studentlendinganalytics[.]com thegallatincountynews[.]comComparison content: 2018: <a href="https://web.archive.org/web/20180119043432/https://teampiersma.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://web.archive.org/web/20180119043432/https://teampiersma.org/</a> 2025: <a href="https://web.archive.org/web/20250401092253/https://teampiersma.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://web.archive.org/web/20250401092253/https://teampiersma.org/</a><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/dropcatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dropcatch</a> <a href="https://infosec.exchange/tags/charity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#charity</a>

The DFIR Report“In this specific case, thanks to the capabilities of Sysmon, and particularly Event ID 22, we can easily gain insight into the subdomains that were used. For this case we observed TXT records being utilized for C2 communication rather than MX records. This can be identified by the "type: 16" in the Sysmon logs seen above. Below is a sample list that, while not exhaustive, provides a clear example of the traffic patterns:”The above is from a recent Private Threat Brief: "A MadMXShell Encore" Services: <a href="https://thedfirreport.com/services/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://thedfirreport.com/services/</a> Contact Us: <a href="https://thedfirreport.com/contact/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://thedfirreport.com/contact/</a><a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dfir</a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IncidentResponse</a> <a href="https://infosec.exchange/tags/BlueTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BlueTeam</a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a>

Laurent CheylusCTIBench: A Benchmark for Evaluating LLMs in Cyber Threat Intelligence - Research Paper available on arXiv <a href="https://bsd.network/tags/LLM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LLM</a> <a href="https://bsd.network/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntelligence</a> <a href="https://arxiv.org/abs/2406.07599" rel="nofollow noopener noreferrer" target="_blank">https://arxiv.org/abs/2406.07599</a>

WinbuzzerGoogle Launches Sec-Gemini v1 AI Model for Real Time Cyber Defense<a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://mastodon.social/tags/CybersecurityAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CybersecurityAI</a> <a href="https://mastodon.social/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Google</a> <a href="https://mastodon.social/tags/GoogleAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoogleAI</a> <a href="https://mastodon.social/tags/SecGemini" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecGemini</a> <a href="https://mastodon.social/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntelligence</a> <a href="https://mastodon.social/tags/AIinSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AIinSecurity</a> <a href="https://mastodon.social/tags/CyberDefense" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberDefense</a> <a href="https://mastodon.social/tags/Mandiant" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mandiant</a><a href="https://winbuzzer.com/2025/04/05/google-launches-sec-gemini-v1-ai-model-for-real-time-cyber-defense-xcxwbn/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://winbuzzer.com/2025/04/05/google-launches-sec-gemini-v1-ai-model-for-real-time-cyber-defense-xcxwbn/</a>

Laurent CheylusHow to build a a Threat Intelligence GenAI Reporter using MCP (Model Context Protocol) and ORKL Database - Article by Thomas Roccia <a href="https://infosec.exchange/@fr0gger" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@fr0gger</a> <a href="https://bsd.network/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntelligence</a> <a href="https://bsd.network/tags/GenAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GenAI</a> <a href="https://blog.securitybreak.io/building-a-threat-intelligence-genai-reporter-with-orkl-and-claude-a0ae2e969693" rel="nofollow noopener noreferrer" target="_blank">https://blog.securitybreak.io/building-a-threat-intelligence-genai-reporter-with-orkl-and-claude-a0ae2e969693</a>

Alexandre DulaunoyA new release of the AIL project is coming soon, featuring a significant improvement in language detection.A lot of work has been done on LexiLang by <a href="https://infosec.exchange/@terrtia" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@terrtia</a> to clean up dictionaries and improve support for localized languages and slang.In the example below, you can see a user active in different Telegram channels, using both Russian and Ukrainian.🔗 <a href="https://www.ail-project.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.ail-project.org/</a>If you're interested in the topic, join us at a 2-day hackathon in Luxembourg on April 8–9, 2025, focused on open-source security tools. The developers of the AIL project will be there in person!🔗 <a href="https://hackathon.lu/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://hackathon.lu/</a><a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/ail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ail</a> <a href="https://infosec.exchange/tags/intelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#intelligence</a> <a href="https://infosec.exchange/@ail_project" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@ail_project</a> <a href="https://social.circl.lu/@circl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@circl</a>

Infoblox Threat IntelLast week, while reviewing detected lookalike domains, one in particular stood out: cdsi--simi[.]com. A quick search pointed him to a legitimate U.S. military contractor, CDSI, which specializes in electronic warfare and telemetry systems. It's legitimate domain cdsi-simi[.]com features a single hyphen, whereas the lookalike domain uses two hyphens. Passive DNS revealed a goldmine: a cloud system in Las Vegas hosting Russian domains and other impersonations of major companies. Here are a few samples of the domains:- reag-br[.]com Lookalike for Reag Capital Holdings, Brazil. - creo--ia[.]com Lookalike for an industrial fabrication firm in WA State. - admiralsmetal[.]com Lookalike for US based metals provider. - ustructuressinc[.]com Lookalike Colorado based Heavy Civil Contractor. - elisontechnologies[.]com Typosquat for Ellison Technologies machine fabrication. <a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dns</a> <a href="https://infosec.exchange/tags/lookalikes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lookalikes</a> <a href="https://infosec.exchange/tags/lookalikeDomain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lookalikeDomain</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybercrime</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infoblox</a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infobloxthreatintel</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pdns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pdns</a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scam</a> <a href="https://infosec.exchange/tags/dod" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dod</a>

Taggart :donor:Fine that H-ISAC is publishing this out of "an abundance of caution," but the originating account looks like total crap. I do not think ISIS-K is planning car bombings of hospitals, nor has any evidence been presented that they are.<a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntelligence</a><a href="https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/tlpwhite-aa319249-potential-terror-threat-targeted-at-health-sector-aha-health-isac-joint-threa.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/tlpwhite-aa319249-potential-terror-threat-targeted-at-health-sector-aha-health-isac-joint-threa.pdf</a>

Christoffer S.I just published the source code for my very naive <a href="https://swecyb.com/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Python</a> implementation for generating a node network based on MITRE Intrusion Sets and Techniques. It will output linked <a href="https://swecyb.com/tags/Markdown" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Markdown</a> files linking intrusion sets to their used techniques.Perhaps someone finds it useful or interesting to experiment with.Source code: <a href="https://github.com/cstromblad/markdown_node" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/cstromblad/markdown_node</a>I hinted at this in a thread started by <a href="https://mastodon.social/@Viss" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Viss</a> where he asked for input on a few very likely malicious domains. Me <a href="https://mastodon.social/@Viss" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Viss</a> <a href="https://infosec.exchange/@cR0w" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@cR0w</a> <a href="https://masto.deoan.org/@neurovagrant" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@neurovagrant</a> and others did some OSINT fun work with a couple of the original domains.It was this thread: <a href="https://mastodon.social/@Viss/114145122623079635" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mastodon.social/@Viss/114145122623079635</a>Now I posted a picture of a node network rendered in Obsidian and I hinted that perhaps Obsidian could be used as a poor mans version of performing threat intelligence work.<a href="https://swecyb.com/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a> <a href="https://swecyb.com/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntelligence</a> <a href="https://swecyb.com/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://swecyb.com/tags/Obsidian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Obsidian</a>

MISPThe MISP project maintains and offers a comprehensive knowledge base covering threat actors, ransomware groups, malware, and more. Even if you don't use MISP, you can now easily search across all MISP Project knowledge bases, including galaxies, taxonomies, and MISP object templates.<a href="https://search.misp-community.org" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://search.misp-community.org</a><a href="https://misp-community.org/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://misp-community.org/tags/opendata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opendata</a> <a href="https://misp-community.org/tags/misp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#misp</a> <a href="https://misp-community.org/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://misp-community.org/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://misp-community.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://misp-community.org/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://misp-community.org/tags/threatactor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatactor</a> <a href="https://misp-community.org/tags/intelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#intelligence</a>

MISPThe MISP Project is pleased to announce the release of MISP v2.5.7 and v2.4.205, bringing several new features, important fixes, and enhancements to improve the overall user experience and platform functionality. This release addresses critical improvements in synchronization filtering, correlation management, and UI enhancements, ensuring a more stable and efficient MISP environment.<a href="https://misp-community.org/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://misp-community.org/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://misp-community.org/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://misp-community.org/tags/misp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#misp</a> <a href="https://www.misp-project.org/2025/02/24/MISP.2.5.7.and.2.4.205.release.html/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.misp-project.org/2025/02/24/MISP.2.5.7.and.2.4.205.release.html/</a>

Alexandre DulaunoyWe imported the data from Black Basta Ransomware group leak into AIL and there are many interesting aspects.<ul><li>The federation network of Matrix servers (see the screenshot) used to communicated among the affiliates/group(s).</li><li>Activities in the chat room, especially the daily activity view in AIL. Guessing the location and timezone of groups or affiliates is an endless source of information.</li><li>They rely on many open-source and SaaS tools, including Google Docs or Zoom. </li><li>Many interesting correlations with cryptocurrencies, IP addresses, CVE numbers, and chat username relationships (who talks to whom and when).</li></ul>If you are using AIL project and want to import the leak dataset, <a href="https://infosec.exchange/@terrtia" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@terrtia</a> did an importer <a href="https://github.com/ail-project/ail-feeder-matrix" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/ail-project/ail-feeder-matrix</a><a href="https://infosec.exchange/tags/BlackBasta" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BlackBasta</a> <a href="https://infosec.exchange/tags/blackbastleaks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blackbastleaks</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/osint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#osint</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/dataset" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dataset</a> <a href="https://infosec.exchange/@ail_project" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@ail_project</a> Maybe some interesting input for <a href="https://infosec.exchange/@fr0gger" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@fr0gger</a> for his existing analysis.I see that this dataset can be used to enhance some of our open-source tools.<a href="https://github.com/ail-project/ail-framework" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/ail-project/ail-framework</a>

greyFor some reason people are sharing llm garbage instead of the real chat logs for black basta. Here are the real logs and the telegram channel they're being shared in: https://t[.]me/shopotbasta/21CTI is a team sport. Not a secret boys club. Sharing is caring. <a href="https://infosec.exchange/tags/CTI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTI</a> <a href="https://infosec.exchange/tags/GAYINT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GAYINT</a> <a href="https://infosec.exchange/tags/CTIFORALL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTIFORALL</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/BlackBasta" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BlackBasta</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/Leak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Leak</a>

Alexandre DulaunoyThe famous library called Lacus behind <a href="https://infosec.exchange/@ail_project" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@ail_project</a> to perform web capture in headless mode, has been released as version 1.13.0 The new version has a mode to perform web capture with a headed browser.Thanks to <a href="https://social.yoyodyne-it.eu/@rafi0t" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@rafi0t</a> for the continuous work on the library.<a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintelligence</a> 🔗 Release notes <a href="https://github.com/ail-project/lacus/releases/tag/v1.13.0" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/ail-project/lacus/releases/tag/v1.13.0</a> 🔗 Project page <a href="https://github.com/ail-project/lacus" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/ail-project/lacus</a>

Recherches récentes

Options de recherche

Administré par :

Statistiques du serveur :

#threatintelligence