Snakes in the Satellites: On-going Turla Infrastructure

A couple months ago, we posted an entry outlining one of our newer datasets, SSL certificates. In that post, we focused on the cyber espionage group, turla, which is said to be associated with Russian government operations. Using self-signed SSL certificate fingerprints, we were able to correlate a number of IP addresses belonging to various satellite providers and unearth an extensive network of command and control domains.

Before releasing the post publicly, we did one

read more

Where's PassiveTotal During Blackhat/DEFCON?

Been wanting to learn more about PassiveTotal or RiskIQ's new Security Intelligence Services? Be sure to find some time to meet us during Blackhat and DEFCON. Here's three opportunities to come by and chat with the crew:

BlackHat Booth #1232

Mandalay Bay Expo Floor

3950 Las Vegas Blvd S
Las Vegas, Nevada 89119

Wednesday, August 3rd 10am - 7pm
Thursday, August 4th 10am - 5pm

PassiveTotal Happy Hour

Moorea Beach Club

3950 Las Vegas Blvd

read more

Building Pipelines with PassiveTotal

One of the most powerful features inside of PassiveTotal is the ability to monitor infrastructure and receive alerts when something changes. We’ve covered how to deploy monitors in previous postings and videos, but never showed how they could be used for follow-up actions. By combining the notifications and monitors API from the account endpoints, it’s easy to create an automated system to block or publish threat data.

Crimeware Focus

Over the past few

read more

RiskIQ Enriches IBM QRadar with Internet Security Context

For the past several years, IBM’s QRadar has been recognized as a leader in Gartner’s Magic Quadrant for SIEM and Log Management. RiskIQ is the cornerstone of External Threat Management programs for many of the largest enterprises in the world. In December of 2015, IBM launched the Security App Exchange that allowed companies to begin creating applications that could enhance the QRadar experience. Today, RiskIQ’s PassiveTotal is excited to announce the release

read more

Evolving Messages and Examples

Yesterday morning, Steve presented at FIRST 2016 on "Correlating Threats Using Internet Snapshots". The presentation he gave was one that's evolved ever since we were purchased by RiskIQ in September 2015. One of our primary goals outside of making the platform better is to ensure we are finding the best ways to communicate our message out to our user community. If we are able to clearly outline the value of infrastructure analysis, then chances are,

read more