Operationalizing_Threat_Intelligence[.]pdf

Sharing

Copy URL

Twitter E-mail

General

Target

Operationalizing_Threat_Intelligence.pdf
Size

21.1MB
MD5

ca7841e3eaccca3c20d7b6f5824938bb
SHA1

9b972a500b649416a08d0b8f02081c2d4c86f6dd
SHA256

e0d98cf3a5d72ef241e100bdab25efd448577a25f6f9fb9148bccd629136e179
SHA512

c1534844725f4d1ebd74296ef47d33ece05caaa361534c6a6f346533bc7248cf2f87b87d922ce474e49dd9bab5c9f945011fad7adedc0680b927d64acae362a3
SSDEEP

393216:c4tlqR9+RuUvOQPUnC13FYgobo5A36zLE39fkbKyyBBiRH0Z6ILDFqtdGlf2cTc:W7bUWVnCxugCXQL8kbKd2H0Z6IXCUluF

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

Operationalizing_Threat_Intelligence.pdf
.pdf
- http://www.packt.com
- https://static.packt-cdn.com/downloads/9781801814683_ColorImages.pdf
- http://www.packtpub.com/support/errata
- http://authors.packtpub.com
- https://packt.link/r/1-801-81468-6
- https://www.urlscan.io
- https://www.ijlter.org/index.php/ijlter/article/download/494/234
- https://attack.mitre.org/
- https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf
- https://krebsonsecurity.com/2021/08/wanted-disgruntled-employees-to-deploy-ransomware/
- https://www.spamhaus.org/
- https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
- https://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia
- https://googleblog.blogspot.com/2010/01/new-approach-to-china.html
- https://collaborate.mitre.org/attackics/index.php/Software/S0010
- https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/
- https://www.telegraph.co.uk/news/worldnews/middleeast/iran/9295938/Flame-worlds-most-complex-computer-virus-exposed.html
- https://www.kaspersky.com/about/press-releases/2013_kaspersky-lab-identifies-operation--red-october--an-advanced-cyber-espionage-campaign-targeting-diplomatic-and-government-institutions-worldwide
- https://www.mandiant.com/resources/apt1-exposing-one-of-chinas-cyber-espionage-units
- https://www.mandiant.com/resources/apt28-a-window-into-russias-cyber-espionage-operations
- https://www.wired.com/story/russian-hackers-attack-ukraine/
- https://www.wired.com/2016/05/insane-81m-bangladesh-bank-heist-heres-know/
- https://www.npr.org/2020/12/15/946776718/u-s-scrambles-to-understand-major-computer-hack-but-says-little
- https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
- https://www.theguardian.com/technology/2013/may/16/lulzsec-hacking-fbi-jail
- https://www.theguardian.com/technology/2011/jun/21/soca-website-hacking-lulzsec
- https://www.bbc.co.uk/news/world-middle-east-22287326
- https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html
- https://www.theregister.com/2015/02/11/anonymous_hacks_fuel_station_monitoring_system/
- https://thediplomat.com/2011/09/how-al-qaeda-recruits-online/
- https://www.telegraph.co.uk/news/worldnews/islamic-state/11531794/Australian-airport-website-hacked-by-Islamic-State.html
- https://www.theguardian.com/world/2015/aug/13/isis-hacking-division-releases-details-of-1400-americans-and-urges-attacks
- https://en.wikipedia.org/wiki/Islamic_State_Hacking_Division#cite_note-23
- https://www.hackread.com/someone-hacked-swedish-radio-station-play-pro-isis-song/
- http://www.newsweek.com/isis-linked-cyber-group-releases-kill-list-8786-us-targets-lone-wolf-attacks-578765
- https://www.nytimes.com/2020/07/31/technology/twitter-hack-arrest.html
- https://cve.mitre.org/
- https://attack.mitre.org/groups/
- https://docs.microsoft.com/en-us/sysinternals/
- https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
- https://github.com/gentilkiwi/mimikatz
- https://www.metasploit.com/
- https://www.cobaltstrike.com/
- https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/
- https://www.vultr.com/
- https://github.com/laramies/theHarvester
- https://github.com/Dionach/CMSmap
- https://www.microsoft.com/security/blog/2021/02/11/web-shell-attacks-continue-to-rise/
- https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
- https://www.snort.org/
- https://www.threatintel.academy/wp-content/uploads/2020/07/diamond-model.pdf
- https://attack.mitre.org/techniques/enterprise/
- https://stixproject.github.io/
- https://oasis-open.github.io/cti-documentation/taxii/intro
- https://www.opencti.io/
- https://www.misp-project.org/
- https://ccdcoe.org/cycon/
- https://attack.mitre.org/groups/G0007/
- https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
- https://nordvpn.com
- https://expressvpn.com
- https://github.com/trailofbits/algo
- https://osint.fans/tfvpn-for-osint-investigations
- https://github.com/StreisandEffect/streisand
- http://www.torproject.org
- https://cybersecurity.att.com/products/ossim
- http://www.zeek.org/
- http://www.snort.org/
- http://www.suricata.io
- http://www.ossec.net
- https://la-samhna.de
- https://www.yubico.com/products/yubikey-5-overview/
- http://www.virtualbox.com/
- https://www.kali.org/get-kali/#kali-virtual-machines
- https://www.sans.org/tools/sift-workstation
- https://www.f-response.com
- https://www.sleuthkit.org
- https://www.remnux.com
- http://tekdefense.com/automater
- https://github.com/alexandreborges/malwoverview
- https://github.com/viper-framework/viper
- https://github.com/buffer/ioc_parser
- https://github.com/cyware-labs/Threat-Response-Docker
- https://keepass.info/
- http://www.lastpass.com/
- http://www.1password.com/
- http://thunderbird.net
- http://evernote.com
- http://onenote.com
- https://twitter.com/
- https://www.facebook.com/
- https://www.hybrid-analysis.com/
- https://telegram.org/
- https://discord.com/
- https://www.virustotal.com/
- https://www.shodan.io/
- https://www.maltego.com/
- https://opencti.io
- https://www.anomali.com/products/threatstream
- https://www.threatq.com/threatq-platform
- https://www.recordedfuture.com/solutions/threat-intelligence-platform
- https://community.riskiq.com/home
- https://www.shodan.io
- https://www.censys.io
- https://community.riskiq.com/
- https://otx.alienvault.com
- https://docs.microsoft.com/en-us/sysinternals/downloads/strings
- http://sandsprite.com/iDef/MAP/
- https://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/PEiD-updated.shtml
- http://www.aspack.com/
- https://docs.microsoft.com/en-us/windows/win32/debug/pe-format
- https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regclosekey
- https://mh-nexus.de/en/hxd/
- https://sourceforge.net/projects/hexedit/
- https://hexed.it/
- https://github.com/guelfoweb/peframe
- https://processhacker.sourceforge.io/
- https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
- https://github.com/horsicq/Detect-It-Easy
- https://pev.sourceforge.io/
- https://www.virtualbox.org/
- https://www.wireshark.org/
- https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview
- https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
- https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
- https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-writefile
- https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-sleep
- https://app.any.run/
- https://www.joesandbox.com/
- https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=cti
- https://attack.mitre.org/tactics/TA0003/
- https://attack.mitre.org/techniques/T1547/
- https://attack.mitre.org/techniques/T1547/001/
- https://www.mitre.org/publications/technical-papers/finding-cyber-threats-with-attck-based-analytics
- https://us-cert.cisa.gov/ncas/alerts/aa21-200a
- https://www.cisa.gov/uscert/ncas/alerts/aa20-302a
- https://www.json.org/
- https://oasis-open.github.io/cti-documentation/stix/examples
- https://oasis-open.github.io/cti-documentation/examples/example_json/apt1.json
- https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf
- https://oasis-open.github.io/cti-documentation/examples/example_json/poisonivy.json
- https://www.coresecurity.com/system/files/publications/2017/03/Damballa_Report_IMDDOS.pdf
- https://gist.githubusercontent.com/rjsmitre/79775df68b0d1c7c0985b4fe7f115586/raw/d5d2a3e7b4ae52ff7153a8b7b5b57dd066611803/imddos.json
- https://oasis-open.github.io/cti-stix-visualization/
- https://www.mandiant.com/resources/tracking-malware-import-hashing
- https://ssdeep-project.github.io/ssdeep/index.html
- https://ssdeep-project.github.io/ssdeep/demo.html
- https://bazaar.abuse.ch/sample/52fce8f05b7bcad7c37912d8408be264e25301464474c4968036f18cb6b80650/
- https://gist.github.com/fr0gger/1263395ebdaf53e67f42c201635f256c
- https://engineering.salesforce.com/open-sourcing-ja3-92c9e53c3c41
- https://ja3er.com/
- https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a
- https://github.com/salesforce/jarm
- https://www.cia.gov/static/9a5f1162fd0932c29bfed1c030edf4ae/Pyschology-of-Intelligence-Analysis.pdf
- https://cdn.ymaws.com/www.scip.org/resource/resmgr/White_Papers/Peterson-Appropriate-Factors.pdf
- https://www.dni.gov/files/documents/ICD/ICD%20203%20Analytic%20Standards.pdf
- https://stixproject.github.io/documentation/idioms/cve/
- https://csrc.nist.gov/publications/detail/sp/800-61/archive/2004-01-16
- https://d3fend.mitre.org/
- https://d3fend.mitre.org/about
- https://www.nist.gov/cyberframework
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046
- https://www.tweepy.org/
- http://www.venomcontrol.com
- https://zeltser.com/media/docs/cyber-threat-intel-and-ir-report-template.dotx
- http://Packt.com
- http://packt.com
- https://www.packtpub.com/product/security/9781800209404
- https://packt.link/9781838556372
- http://978-1-80181-468-3www.packt.com
- http://273urlscan.io
- https://static.packt-cdn.com/downloads/9781801814683_ColorImages.pdf.Conventions
- http://packtpub.com
- http://Shodan.io
- http://urlscan.io
- https://www.dorkyboy.com/photoblog/templates/smokescreen/styles/js/mdddss/lmmnodejs/
- http://dorkboy.com
- https://attack.mitre.org
- https://www.spamhaus.org
- https://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia.
- https://googleblog.blogspot.com/2010/01/new-approach-to-china.html.
- https://collaborate.mitre.org/attackics/index.php/Software/S0010.
- https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/.
- https://www.telegraph.co.uk/news/worldnews/middleeast/iran/9295938/Flame-worlds-most-complex-computer-virus-exposed.html.
- https://www.kaspersky.com/about/press-releases/2013_kaspersky-lab-identifies-operation--red-october--an-advanced-cyber-espionage-campaign-targeting-diplomatic-and-government-institutions-worldwide.
- https://www.mandiant.com/resources/apt1-exposing-one-of-chinas-cyber-espionage-units.
- https://www.mandiant.com/resources/apt28-a-window-into-russias-cyber-espionage-operations.
- https://www.wired.com/story/russian-hackers-attack-ukraine/.
- https://www.wired.com/2016/05/insane-81m-bangladesh-bank-heist-heres-know/.
- https://www.npr.org/2020/12/15/946776718/u-s-scrambles-to-understand-major-computer-hack-but-says-little.
- https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/.As
- https://www.theguardian.com/technology/2013/may/16/lulzsec-hacking-fbi-jail.
- https://www.theguardian.com/technology/2011/jun/21/soca-website-hacking-lulzsec.
- https://www.bbc.co.uk/news/world-middle-east-22287326.
- https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html.
- https://www.theregister.com/2015/02/11/anonymous_hacks_fuel_station_monitoring_system/.Next,
- https://thediplomat.com/2011/09/how-al-qaeda-recruits-online/.
- https://www.telegraph.co.uk/news/worldnews/islamic-state/11531794/Australian-airport-website-hacked-by-Islamic-State.html.
- https://www.theguardian.com/world/2015/aug/13/isis-hacking-division-releases-details-of-1400-americans-and-urges-attacks.
- https://en.wikipedia.org/wiki/Islamic_State_Hacking_Division#cite_note-23.
- https://www.hackread.com/someone-hacked-swedish-radio-station-play-pro-isis-song/.
- http://www.newsweek.com/isis-linked-cyber-group-releases-kill-list-8786-us-targets-lone-wolf-attacks-578765.Next,
- https://cve.mitre.org/.To
- https://attack.mitre.org/groups/.
- https://www.metasploit.com
- https://www.cobaltstrike.com
- https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/.As
- https://www.vultr.com
- http://Nasa.gov
- https://www.microsoft.com/security/blog/2021/02/11/web-shell-attacks-continue-to-rise/.Phishing
- https://www.snort.org
- https://attack.mitre.org/techniques/enterprise/.Within
- https://stixproject.github.io
- https://www.opencti.io
- https://www.misp-project.org
- https://ccdcoe.org/cycon/.In
- http://www.zeek.org
- http://www.snort.org
- http://www.virtualbox.com
- http://Malwoverview.py
- https://keepass.info
- http://www.lastpass.com
- http://www.1password.com
- https://twitter.com
- https://www.facebook.com
- https://www.hybrid-analysis.com
- https://telegram.org
- https://discord.com
- https://www.virustotal.com
- https://www.maltego.com
- https://www.passivetotal.com
- http://ensys.io
- https://www.domaintools.com
- http://whoisxmlapi.com
- http://www.google.com
- http://yahoo.com
- http://mta5.am0.yahoodns.net.yahoo.com
- http://mta7.am0.yahoodns.net.yahoo.com
- http://mta6.am0.yahoodns.net
- http://Google.com
- https://community.riskiq.com
- https://docs.microsoft.com/en-us/sysinternals/downloads/strings.
- http://sandsprite.com/iDef/MAP/.
- https://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/PEiD-updated.shtml.
- http://www.aspack.com/.
- https://docs.microsoft.com/en-us/windows/win32/debug/pe-format.
- https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regopenkeyexa
- https://docs.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regqueryvalueexa
- https://hexed.it
- https://www.winitor.com
- https://processhacker.sourceforge.io
- https://pev.sourceforge.io
- https://ghidra-sre.org
- https://www.virtualbox.org/.
- http://time.windows.com
- https://www.inetsim.org/.
- https://www.wireshark.org/.
- https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview.
- http://irc.badguy.au
- https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer.
- https://docs.microsoft.com/en-us/sysinternals/downloads/procmon.
- https://docs.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-writefile.
- https://docs.microsoft.com/en-us/windows/win32/api/synchapi/nf-synchapi-sleep.
- https://cuckoosandbox.org/.
- http://any.run
- https://app.any.run
- https://www.joesandbox.com
- https://www.dorkyboy.com/photoblog/templates/[..]/styles/js/mdddss/lmmnodejs/
- https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=cti.Now
- https://attack.mitre.org/tactics/TA0003/.On
- https://attack.mitre.org/techniques/T1547/.
- https://attack.mitre.org/techniques/T1547/001/.Now
- https://www.mitre.org/publications/technical-papers/finding-cyber-threats-with-attck-based-analytics,
- https://attack.mitre.org/.
- http://windows-several-update.com
- http://urlscan.io.urlscan.iourlscan.io
- http://teamtnt.red
- http://chasebank.ru
- http://stats.onetrust.digital
- https://pozdravlenie.xyz/file/file43.exe:Figure
- http://airbusocean.com
- https://www.json.org/.Numerous
- https://oasis-open.github.io/cti-documentation/stix/examples.
- https://oasis-open.github.io/cti-stix-visualization/.
- https://www.mandiant.com/resources/tracking-malware-import-hashing.
- https://ssdeep-project.github.io/ssdeep/index.html.
- https://ssdeep-project.github.io/ssdeep/demo.html.Figure
- https://bazaar.abuse.ch/sample/52fce8f05b7bcad7c37912d8408
- https://mb-api.abuse.ch/api/v1/
- http://DhashIcon.py
- https://engineering.salesforce.com/open-sourcing-ja3-92c9e53c3c41.
- https://ja3er.com/,
- http://abuse.ch
- http://ja3er.com
- https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a.
- https://github.com/salesforce/jarm.
- http://jarm.py
- https://www.cia.gov/static/9a5f1162fd0932c29bfed1c030edf4ae/Pyschology-of-Intelligence-Analysis.pdf.
- https://cdn.ymaws.com/www.scip.org/resource/resmgr/White_Papers/Peterson-Appropriate-Factors.pdf.Always
- https://www.dni.gov/files/documents/ICD/ICD%20203%20Analytic%20Standards.pdf.
- https://stixproject.github.io/documentation/idioms/cve/.
- https://d3fend.mitre.org/.Similar
- https://d3fend.mitre.org/about:Figure
- https://www.nist.gov/cyberframework.While
- http://ozarkintbank.com
- https://www.tweepy.org
- http://narrow-ink.auto.playit.gg
- http://payloads-poison.000webhostapp.com
- http://000webhostapp.com
- http://poison.000webhostapp.com
- http://tria.ge
- http://www.Tria.ge
- http://exploit.in
- http://hackforums.net
- https://zeltser.com/media/docs/cyber-threat-intel-and-ir-report-template.dotx.
- http://192any.run
- http://252any.run
- http://291-294urlscan.io
- http://14urlscan.io
- http://212whoisxmlapi.com
- Show all