Threat Intelligence Platform (TIP)

Enterprise-Grade Threat Intelligence APIs, Tools, and Services
Joined on August 13, 2019
Total Post Views: 374,905

About

Threat Intelligence Platform (TIP) offers easy to use threat intelligence tools, services, and APIs to get detailed information about hosts and the infrastructure behind them. Gathering data from different providers, utilizing our substantial internal databases (compiled for 10+ years), and also real-time host configuration analysis, our threat intelligence solutions provide an in-depth look at target hosts and are an essential addition to any threat detection toolkit.

Except where otherwise noted, all postings by Threat Intelligence Platform (TIP) on CircleID are licensed under a Creative Commons License.

Company Updates

DarkGate RAT Comes into the DNS Spotlight

In the past, DarkGate attacks were either lumped together with or classified as BattleRoyal remote access Trojan (RAT) attacks. Recent evidence, however, showed the two malware are not one and the same. more

Tracing the DNS Spills of the OilRig Cyber Espionage Group

The OilRig cyber espionage group that goes by many names, including APT34, Crambus, Lyceum, and Siamesekitten, launched a long-term intrusion against a Middle Eastern government agency that ran from February to September 2023. more

A Log4Shell Malware Campaign in the DNS Spotlight

The Log4Shell zero-day vulnerability, also known as "CVE -- 2021 -- 44228," proved to be one of the worst bugs disclosed in December 2021. And while a patch for it has been made available via the Log4j 2.17.1 release seven days after its discovery, some affected systems could remain vulnerable to date. more

Signs of Ongoing RedLine Stealer Operation Found Through a DNS Deep Dive

RedLine Stealer seems to have stolen cybercriminals' hearts as its usage has continued despite cybersecurity efforts to thwart it. Researchers have published reports about the stealer in the past, but its operators may have updated their arsenal with new domains and IP addresses to evade detection and consequent mitigation. more

Phisher Abusing .com TLD?

Phishing campaigns almost always require a massive volume of domains in order to succeed. Phishers, after all, need to have readily weaponizable vectors at their disposal in case the ones they're currently employing get detected and consequently blocked. more

Hot on the DNS Trail of the 16shop Phishing Kit Operators

Phishers the world over have been patronizing and utilizing the 16shop phishing kit since at least 2018. The kit's users have been known to steal data and money from the customers of some of today's biggest brands, including Amazon, American Express, and PayPal. more

RedHotel Attack Infrastructure: A DNS Deep Dive

We began our analysis by subjecting the domains identified as IoCs to Threat Intelligence Platform (TIP) lookups. Those allowed us to uncover these WHOIS record findings. more

Tracing Truebot’s Roots through a DNS Deep Dive

On 12 June, the DFIR Report published an in-depth analysis of a Truebot intrusion that began with several page redirects via a Traffic Distribution System (TDS) and ended with dropping a Master Boot Record (MBR) killer wiper onto a victim's computer. The result? more

Potential Traces of Aurora Spread Via Windows Security Update Malvertisements in the DNS

Threat actors are quite adept at changing tactics once the cybersecurity community or law enforcement catches up to them. That is evident in the recent resurgence of malvertising though no longer through users' browsers as in the past. more

Uncovering Stolen Card E-Shops Using DNS Intelligence

Ever wondered where the personally identifiable information (PII) phishers steal from victims end up? More likely than not, they're put up for sale on the ever-growing number of online stolen card shops. more

Gauging the Scale of an Active Ransomware Gang’s Infrastructure

Ransomware gangs are now a dime a dozen. But in reality, victims rarely engage directly with their members. They are, in fact, more likely communicating with what the cybersecurity community has dubbed "ransomware affiliates" who earn as much as 75% of the ransom payment. more

Profiling a Massive Portfolio of Domains Involved in Ransomware Campaigns

Security researcher Dancho Danchev discovered a portfolio of domains and IP addresses used by known threat actors in ransomware campaigns. The said portfolio consists of 62,763 domain names and 810 IP addresses. We analyzed a sample of these malicious properties using TIP and found that: more

From Data Breach to Phishing to Lapsus$: Cyber Attacks That Echoed in 2022

As a New Year treat, Threat Intelligence Platform (TIP) researchers decided to look back at some of the most newsworthy cybersecurity incidents in 2022 - the Revolut Data Breach, the series of attacks launched by Lapsus$, and a newly detected PayPal phishing tactic. more

Black Friday and Cyber Monday Bring on the Scariest Sales

Black Friday and Cyber Monday are two of the most-awaited shopping events each year. That said, they have also become favored scammer targets for the most ingenious campaigns designed to part shoppers with their cash or, worse, identities. more

A Call for Help May Lead to Malware: BazarCall IoC Analysis and Expansion

More sophisticated BazarCall campaigns have been circulating and delivering ransomware entry points to victims. While the bait still involves urgent notification emails about nonexistent purchases or subscriptions, the subsequent phase highlights the threat actors' manipulative skills. more

Should Cracks and Keygens Remain a Cybersecurity Concern?

Cracks and keygens have long been a problem for software vendors in that they allow users to install their products without needing to pay for a legitimate license. As the Internet and website development advanced and became more accessible, the number of sites offering software cracking tools grew. more

XCSSET Shows How Threat Actors Cope with OS Changes, Does Away with Python Like macOS

Just as software and hardware vendors push upgrades and updates for their products and services to stay secure against the latest threats, so do threat actors work as fast as possible to stay abreast of OS and version modifications. That's exactly what the XCSSET malware operators have done for their campaigns targeting macOS users to continue working. more

Phishing Automated through Chatbots, We Found Potentially Connected Domains

Threat actors have found a way to make phishing websites appear more legitimate by employing chatbots. The newly discovered tactic starts with an email about a delivery from DHL. more

Don’t Hit That Update Button Just Yet, It Could Lead to Malware Infection

It is quite natural to get prompts from software manufacturers saying you need to update your installed apps every so often for better security or to fix bugs. But you should know, too, that threat actors often use program update notifications as malware distribution vehicles. more

A Look at Actinium/Gamaredon’s Infrastructure: More Artifacts Revealed

Actinium/Gamaredon, reported as a Russian advanced persistent threat (APT) group that has been active for almost a decade now, had started trailing their sights on Ukrainian organizations back in February 2022. more

When Safe Doesn’t Mean Threat-Free, Watch Out for Rogue Internet Safety Sites

Many countries worldwide celebrate Safer Internet Day every February 8. And while most parents always strive to do their best to keep their children safe while browsing the Web, threat actors still manage to abuse their good intentions. How? more

SideWinder DNS Blackholes Uncovered with Threat Intelligence Platform

A Domain Name System (DNS) blackhole is essentially a DNS server that gives false results for domain names. Also known as a "sinkhole server," an "Internet sinkhole," or a "DNS sinkhole," threat actors sometimes use DNS blackholes to redirect users to potentially harmful sites or pages. more

How Reverse IP Lookup API Can Help Detect Connected Domains

In 2020, reports say 94% of malware were delivered via email. Phishing remains a threat, as it accounts for more than 80% of security incidents that can cost victims almost US$18,000 per minute. more

How Cyber Threat Intelligence Feeds Can Support MSSPs

Organizations that don't have a dedicated pool of cybersecurity experts often hire managed security service providers (MSSPs) to help them ward off attempts and attacks. Yet in today's ever-dangerous cyber threat landscape, even the best service providers may fall for cybercriminals' traps. more

Threat Intelligence: The First Line of Defense Against Data-Stealing Ransomware

The threat landscape is ever-changing. As time goes by, threat campaigns use new and more sophisticated technologies than seen before. Still, some reuse tried-and-tested methods while adding a few other functionalities, as in the case of FTCODE ransomware operators. more

How Can Domain Intelligence Analysis Help in Vetting Third-Party Providers

For 16 months, PayMyTab, a third-party payment provider, leaked the private data of customers who dined in a U.S. restaurant when it failed to follow a simple yet essential security protocol. more

Using Threat Intelligence Feeds to Prevent Orcus RAT Infections

John Paul Revesz (also known as "Armada"), the Canadian behind the Orcus RAT (a software that been used in various malware attacks), has been charged under Section 342.1 of the Criminal Code on November 8. The specific section is for the unauthorized use of a computer, and at its core, this is what Revesz's Orcus software does. more

The Disney+ Account Hijacking: Preventing Unauthorized Network Access with Threat Intelligence Tools

What was supposed to be an exciting week after the launch of Disney+, a subscription-based video-on-demand (VOD) streaming service of Walt Disney Company, turned into a nightmare for thousands of users. more

Billtrust Breach: Can Threat Intelligence Platforms Help with Ransomware Prevention?

Highly publicized ransomware attacks are never short of golden nuggets of wisdom for the cybersecurity industry. They first teach us that attackers control the rules of the game once infiltration is complete. Second, large enterprises that use cloud-based technologies to store sensitive financial information continue to be at risk. more

Post NordVPN Data Exposure: Using Domain Threat Intelligence to Prevent MitM Attacks

NordVPN admitted last month that its data center located in Finland was hacked on March 5, 2018. While the virtual private network (VPN) service provider claimed it learned of the incident as early as April 13, 2019, it only confirmed the compromise last month after reports that its expired Transport Layer Security (TLS) certificate and its private key were leaked. more

InterMed Breach: How Threat Intelligence Sources Help Maintain Domain Integrity

Major healthcare providers suffer a lot from breaches, both from a legal and financial standpoint. Aside from patient lawsuits, they also face severe penalties imposed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). more

BriansClub & PoS Malware Attacks: How Threat Intelligence Solutions Help Prevent Payment Card Theft

The most common method by which PoS malware infects hosts is through insider threats and phishing. A knowledgeable employee may install the malware on card-reading machines or retrieve higher-ups' access credentials by guessing username-and-password combinations. more

Is Your Organization Mature Enough for Security Orchestration, Automation, and Response?

We are currently seeing a trend toward the adoption of security orchestration, automation, and response (SOAR) tools that shouldn't waver in the coming years. Research firm Gartner who coined the term has predicted that by the end of 2022 30% of organizations with security teams larger than five people will make SOAR tools part of their operations. more

Cloud and IaaS DLP Woes: Is Additional Threat Intelligence a Solution?

Cloud-based technologies are effective means to gain visibility into the IT challenges faced by organizations. Adopting them enabled infrastructure-as-a-service (IaaS) providers to increase client uptime, security, and compliance, all the while giving more flexibility to scale up or down to respond to opportunities and challenges on time. more

Can Network and Threat Data Correlation Improve SIEM Solutions?

More and more businesses contend with rising cybersecurity threats. The mounting numbers are pressuring managed service providers (MSPs) to employ sophisticated tools to secure each of their client's systems, network architectures, and confidential information. more

Can Security Operations Centers (SOC) Benefit from Third-Party Threat Intelligence?

Businesses today have to deal with cybersecurity issues daily. Recent trends show an ever-increasing number of hacked networks and breached data. Studies also show that those victimized often have weak cybersecurity measures in place, forcing them to spend more on resources to combat oncoming attacks. more

The More Threat Intelligence Integrated Into Security Solutions, the Better?

Today's sophisticated threats present enormous risks for any business. The more connected a company is, the more prone it is to cyber attacks. Enterprises need to devise ways to protect the integrity of their data and ensure that their systems are safe from cyberthreats. more

More than Ever: Why Organizations Need Proactive Defense in 2019

In the first half of 2019 alone, several data breaches have already exposed as many as 4.1 billion personal records. We've seen even industry giants and low-key players alike succumb to all kinds of data compromise. more

Unraveling Unsolved Mysteries with Threat Intelligence

Have you ever heard of Lake City Quiet Pills? It refers to a mysterious site that first made waves on Reddit in 2009 and has since resurfaced. What Is Lake City Quiet Pills? more

How Domain Data Can Enrich an MSSP’s Threat Intelligence

Outsourcing security monitoring and management has become a practical option for organizations that lack the budget to take care of their own threat detection and incident response needs. As such, small and medium-sized businesses (SMBs) are turning to external security providers. more

4 Cybersecurity Professionals That Can Benefit from Threat Intelligence

There is a misconception that threat intelligence is something that only specialists in the cybersecurity field can analyze and understand. In truth, threat intelligence is a good resource that can be of use in any cybersecurity role. It is something that anyone who cares about or works toward network security will find beneficial. more

How Threat Intelligence Can Solve 3 Common SIEM Problems

Security information and event management (SIEM) solutions are an excellent way to get incident data from an organization's network and put them all in one place. But as a network's complexity grows, so do the problems these SIEM vendors face with regard to providing the right products to clients. more

New Phishing Tools Can Now Bypass 2-Factor Authentication

Two-factor authentication (2FA) is an essential safety measure that stops unauthorized access to an account. It was invented to provide an additional layer of security to the usual log-in procedure of providing one's username and password, which is now considered by many as obsolete and unsecured. more

DIY Threat Intelligence Gathering If Your Security Solutions Seem Lacking

Security solutions are not made equal. Some are better than others when it comes to providing overall protection, but most will require you to buy an entire suite that's enough to break the bank just so you'd feel safe from cyber attacks. So what are you to do if your budget just isn't big enough to afford all-around protection? more