As highlighted in the ThreatConnect CameraShy report, greensky27.vicp.net played a critical role in uncovering potential threat actors associated with nation state activity. Operating under the assumption that we know nothing about this domain, let’s see what we can find using PassiveTotal. When viewing the domain inside the platform, it’s clear there’s a lot of information to go through, so as an analyst where do you start?
One of the most effective methods for tracking actor-based attack campaigns is to take control of as much of their infrastructure as possible and remove their access to infected hosts before they can react. The processing of takeovers can vary, but often times registrars or hosting providers will provide the defenders (good guys) with the ability to re-route incoming traffic to a server they control in order to perform analysis of the compromised check-ins. This
Threat research and incident response can be a lot like diving into a rabbit hole; some days it’s easy to start with one lead and quickly identify ten more that each take up hours of research time. The constantly evolving landscape forces analysts to bounce from one intrusion to the next, digging in deep for several weeks or sometimes just a few hours, then moving on to the next fire in an attempt to
PassiveTotal strives to simplify threat infrastructure analysis, reduce analyst assessment time, and provide relevant information to assist in analysis, no matter how you access our data set. Brandon and I realize that a significant amount of our user base conducts threat infrastructure analysis using Paterva’s graph-based analysis tool, Maltego. Maltego assists analysts in visualizing threat infrastructure through link/node connections and allows for multiple data sources to be combined into a single interactive graph.
When Brandon and I first launched PassiveTotal back in April of 2014, we had a simple goal - improve how analysts performed threat infrastructure analysis. Over the past 15 months, we have reviewed feedback from our community, analyzed our sites’ statistics and identified new ways to enhance our user experience. After months of development, we are excited to launch the latest version of our platform and announce a new offering - PassiveTotal Enterprise Services.