20 Post Tagged as analysis

Snakes in the Satellites: On-going Turla Infrastructure

A couple months ago, we posted an entry outlining one of our newer datasets, SSL certificates. In that post, we focused on the cyber espionage group, turla, which is said to be associated with Russian government operations. Using self-signed SSL certificate fingerprints, we were able to correlate a number of IP addresses belonging to various satellite providers and unearth an extensive network of command and control domains.

Before releasing the post publicly, we did one

read more

Speeding Up Analysis

With the recent addition of RiskIQ internet scanning and web crawling data into the platform, I find myself leaning heavily on our enrichment data to guide my analysis. Digging into an investigation and sifting through mountains of data for clues to as who is behind an attack campaign and how large that campaign is can be exciting, but often times we just want quick answers. We want to know if the domain we are investigating

read more

Web Crawl to Infrastructure Blowout

In our last blog post, we broke apart the RiskIQ web crawlers and outlined all the content they collect when browsing the Internet. This was helpful in understanding the data, but it didn’t really provide a good example of how we use this content to link to actor infrastructure. For this post, we are going to focus in on a criminal-based threat that often targets social media services and see how we could leverage

read more

Derived Host Pairs from Web Crawling

Did you realize that in loading this blog post, your web browser made over 50 network requests for resources in order to construct it? The modern web is a complex graph of dependent requests made up of images, code libraries, page content and other references. Every day, RiskIQ’s crawling technology makes nearly 2 billion HTTP requests online and saves the contents of the session inside of a database. Using years of this data, engineers

read more

Bring PassiveTotal Directly to Splunk

Users have asked, and now it's here.

With the all-new PassiveTotal App for Splunk, organizations can now bring context to external threats, analyze attack data, and correlate that information with their internal event data to pinpoint and remediate threats—all in one place.

How does it work?

PassiveTotal App for Splunk from RiskIQ on Vimeo.

To automate security investigations into suspicious domains or IP addresses, the PassiveTotal App for Splunk searches the large and diverse

read more