ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC) InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

Administered by:

Server stats:

1.3K
active users

Just Another Blue Teamer

Happy Friday all!

My is brought to you by Palo Alto Networks Unit 42! In this article, the researchers focus on a threat actor known as who is the group behind the ransomware and their Tactics, Techniques, and Procedures (TTPs) and behaviors. They do a great job at breaking down each MITRE ATT&CK Tactic and provide relevant artifacts and information on how the adversary accomplished that goal.

As always, once I am completely done with it I will provide my Threat Hunting Tip of the day, so stay tuned and enjoy! Happy Hunting!

Bling Libra’s Tactical Evolution: The Threat Actor Group Behind ShinyHunters Ransomware
unit42.paloaltonetworks.com/sh

Cyborg Security Intel 471

Unit 42 · Bling Libra’s Tactical Evolution: The Threat Actor Group Behind ShinyHunters RansomwareBy Margaret Zimmermann

Threat Hunting Tip of the Day:

I know I normally steer you to a Cyborg Security and Intel 471 Hunt package but something about this report stuck out that could be an issue in many organizations and that can be summed up to one word: visibility!

Under the "Data Access and Impact (TA0010 and TA0040) section, it states that "CloudTrail S3 data logging and S3 server access logging was not enabled...no logs existed that showed exfiltration activity from the S3 buckets." [1]

Lesson learned: IF you are migrating to the cloud or bringing new hardware/software, assets, etc into your environment, please take time to assess what level of logging exists, and determine what is valuable to ingest. Taking that time will be worth it in the long run and allow your analysts to dig through logs, create detections, and threat hunt in your environment! Enjoy and Happy Hunting!

[1] unit42.paloaltonetworks.com/sh

Unit 42 · Bling Libra’s Tactical Evolution: The Threat Actor Group Behind ShinyHunters RansomwareBy Margaret Zimmermann