Upload File

threatconnect and farsight researchers tackle a grizzly (steppe) · 2017. 12. 1. · • recently...

  • Home
  • Documents
  • ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,
43
© Copyright 2017 Farsight Security, Inc. All Right Reserved. ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) Analysis and Update on JAR Report

Upload: others

Post on 29-Aug-2021

2 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

1

© Copyright 2017 Farsight Security, Inc. All Right Reserved. © Copyright 2017 Farsight Security, Inc. All Right Reserved.

ThreatConnectandFarsightResearchersTackleaGrizzly(Steppe)

Analysis and Update on JAR Report

Page 2: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

2

INTRODUCTION

KYLEEHMKETHREATCONNECT

ERICZIEGASTFARSIGHTSECURITY

•  THREAT INTE L L IGENCE R E S EARCHER

•  RECENT LY WORK ING ON RE S EARCH INTO RUSS I AN E L ECT ION

ACT I V I T Y AND TARGETED E F FORTS AGA INST B E L L INGCAT , WADA , AND OTHERS .

•  D I S T INGU I SHED D I S TR I BUTED S Y S TEMS ENG INEER

•  DEVE LOPED THE S ECUR I T Y I N FORMAT ION EXCHANGE ( S I E ) –

R EA L - T IME DATA COL L ECT ION AND D I S TR I BUT ION IN FRASTRUCTURE

•  PRESENTS AT S ECUR I T Y CONFERENCES ABOUT DDOS , MANAGES S INKHOLES , EVANGEL I Z E S PAS S I VE DNS

Page 3: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

3

AGENDA

●  INTRODUCTIONTOPIVOTINGWITHPASSIVEDNS&WHOIS

●  THREATCONNECT’SINTEGRATION●  USINGTHEFARSIGHTDNSDBINTEGRATIONINTHREATCONNECT

TOENHANCETHEGRIZZLYSTEPPEJARANDMAPOUTANADVERSARY’SINFRASTRUCTURE

Page 4: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

4

DNS RECURSION / PASSIVE DNS

DNS Servers

www.example.com

93.184.216.34

Devices & Users

Registry Servers

Recursive Server

Root Servers

Cache

Farsight Security

Page 5: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

5

DNS DATA WORLDWIDE - OUR SENSOR ARRAY

GLOBAL COVERAGE

DIVERSE SOURCES • Consumer • Government • Education • Enterprise •  ISPs & Mobile • Social media

REAL-TIME & HISTORIC •  200k+ Resolutions / sec •  5+ TB / Day •  100+ Billion DNS Resolutions

Page 6: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

6

TWO WAYS TO EMPOWER SECURITY OPERATIONS

I. SECURITY INFORMATION EXCHANGE •  Proactivelydetectandblock•  EmpoweryourFirewall&MailServers•  200,000+observations/second•  Compliantwithleadingprotocolsforeasyingestion

II. DNS INTELLIGENCE DATABASE – DNSDB • World’slargesthistoricdatabaseofDNSresolutionandallrecords

•  EmpoweryourSIEMandThreatPlatform•  Started2007,rebuiltin2010,updatedinreal-time,100+Billionresolutionsrecorded

• APIandOn-PremSolution

SIE (REAL-TIME Streaming)

DNSDB (HISTORIC)

Page 7: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

7

THREATCONNECTANDDNSDB:DNSASAMAP

§  DNSISUSEDEVERYWHERE§  Desktop,Mobile,Laptops,Servers,Sites

§  MAPEXISTINGINFRASTRUCTUREBASEDONOBSERVATIONS§  Naturallyavoidprivateinformation(weavoidknowingwhoqueriedwhat)

§  OBSERVATIONS&FACTSàCONTEXTFORINVESTIGATIONS

àENHANCETHREATINTELLIGENCE

§  MISCREANTSNEEDDNSFORTHEIRINFRASTRUCTURE,TOO

DNSDataCan’tbefaked

Page 8: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

8

PIVOTING:

UNDERSTANDING PIVOTING WITH PASSIVE DNS AND WHOIS

Page 9: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

9

PIVOTING: GUILT BY ASSOCIATION – PASSIVE DNS

KNOWN BAD HOSTNAME OR IP ADDRESS

WHAT OTHER HOST NAMES AT THE SAME ADDRESS AT THE SAME TIME?

KNOWN BAD DOMAIN

WHAT OTHER HOSTS ARE IN THE DOMAIN?

WHAT OTHER DOMAINS ARE SERVED BY THE SAME NAMESERVER?

WHAT OTHER INFRASTRUCTURE IS HOSTED IN THE SURROUNDING NETWORK BLOCK?

Page 10: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

10

PIVOTING: GUILT BY ASSOCIATION – PASSIVE DNS

SIMILAR NAMING PATTERNS

FAST-FLUX BOTNET INFRASTRUCTURE

UNCOMMON NAMES USED IN MANY DOMAINS

DOMAIN GENERATION ALGORITHMS

SIMILAR LOOKING ANSWERS SOA RECORDS?

TXT RECORDS? SPF RECORDS?

Page 11: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

11

PIVOTING PASSIVE DNS: REDUCING FALSE POSITIVES

INDICATOR FOR A HOSTNAME OR IP ADDRESS

KNOWN REVERSE PROXY SERVICE? KNOWN SINKHOLE? HOSTING SERVICE? DOMAIN PARKING SERVICE? DYNAMIC DNS SERVICE? WIDELY USED CDN INFRASTRUCTURE?

Example: “ICE takedown mooo.com”

Page 12: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

12

PIVOTING WHOIS: COMMON REGISTRATION FINGERPRINTS

KNOWN BAD DOMAIN REGISTRATION EMAIL USED ELSEWHERE? SAME OR SIMILAR REGISTRATION NAME USED ON OTHER DOMAINS? SAME OR SIMILAR POSTAL OR PHONE INFORMATION USED ON OTHER DOMAINS?

Doesn’t matter if registration is real or faked – just similar. One known bad domain could lead to more. Similar registration information (and hosting patterns) helps confirm two domains could be managed by same actor.

Check out https://www.domaintools.com/partners/integrations/threatconnect/

Page 13: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

13

PIVOTING:

PIVOTING EXAMPLES

Page 14: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

14

PIVOTING EXAMPLE: REGISTRAR HACK

;; first seen: 2011-09-04 20:17:34 -0000 ;; last seen: 2011-09-04 21:40:24 -0000 betfair.com. IN NS ns1.yumurtakabugu.com. betfair.com. IN NS ns2.yumurtakabugu.com.

acer.com. betfair.com. dell.co.kr. hsbc.co.kr. nationalgeographic.com. ups.com. vodafone.com. ...more...

Page 15: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

15

PIVOTING EXAMPLE: SPAM -> CANADIAN PHARMA DOMAINS

healthtr.com medicacpr.ru medicannk.com mediccker.ru mediccklr.ru medicehok.com medicelcr.ru medicellk.com medicemur.ru medicheek.com medichmar.ru …etc…

medicostb.com HOSTED ON SAME IPS

Page 16: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

16

PIVOTING EXAMPLE: ZEUS DOMAINS

xsnnsynlsnfhklun.com

xqoyjkmnrhqmxpty.net outqrpskulndkxne.info xsnnsynlsnfhklun.com aonqrnernvqret.net gkoijyqmyjklqpv.info llnepksnvvqlzzrs.info krirfqkmckkssgol.biz www.jfjpdsqirhsypqnn.org jfjpdsqirhsypqnn.org vroxnpojiomtenlq.biz uitppyflfsnkpxid.info jwdwlqqqqiwhxkt.com ryqqfjhctkptirn.biz pcrslsynooqorrwj.biz rjtsnpveowswsglp.com cqojeuyikosljoqw.biz ttfhvhmusnkkov.net

same IP

Page 17: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

17

PIVOTING EXAMPLE: SEARCH “Z-BOT FAST-FLUX”

lindabstewart.com (ß zeus-tracker)

arexan.at astro-travels.net boombom.at complianceanyone.ru csh0p.cc cyajon.at

dumpstreet.vc gmumwmiwoqegwiwo.org jvcc.su lictheshallunitedenteit.ru magasoldator.ru

missionsthhartmanencopa.com monpasevashumamin.cm mrbin.cc myprivatepicts.com popeyeds.cc

robinson98.com royaldumps.tw ruise.ru sdn-comm.at termlawfulfeessoft.ru try2swipe.me try2swipe.ws

unclesam.ws uoeeukyackaagagg.org uvvv.ru verifyandmeet.com vvservop.at ycorporation.ru

anymansjentnrwe.net bigbropos.top ekrosha.com kqwenhanebnbama.net. kronashjeeeaqqforny.com

lkdmsmnfjznfreqas.com mcduck.org naheqbhbzgbnqbza.net njandhasdnppp.com

immortald.ru. marcusd.ru oqwnqwnfauwneebd.net paysell.bz prvtzone.ws ronymanyantiynewww.net

try2swipe.ws verified.vc wjenqianywenet.net

Combinations of IP hosting patterns, expanding into subnets, nameservers, other information Fast-flux infrastructure has been resilient through multiple takedowns

2015

2016

2017 / today

Page 18: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

18

HOW FARSIGHT DATA IS USED

FARSIGHT SECURITY

THR EA T P L A T FORMS

F I R EWA L L S

MA I L S E R V E R S

O R CH E S T RA T I ON / AU TOMAT I ON

BU L K QU E R I E S

MACH I N E L E A RN I NG

S I EMS

Page 19: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

19

USINGFARSIGHTDNSDBINTEGRATIONINTHREATCONNECT

Page 20: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

20

USINGFARSIGHTDNSDBINTEGRATIONINTHREATCONNECT

Page 21: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

21

THEGRIZZLYSTEPPEJAR

Page 22: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

22

GRIZZLYSTEPPEJAR-WHATISIT?

JointAnalysisReport

•  December29,2016

•  Informationfromseveralagencies

•  Containedgeneralinformationonhackingand911IOCsforseveralRUthreatsandmalware

•  Recommendedmitigations

•  “ThreatsfromIOCs”

Strengths

•  LotsofIOCs

•  Responsive

•  VarietyofThreats

Weaknesses

•  LotsofIOCs

•  Nocontext

•  LotsofTOR•  Notreallythreat

intelligence

Page 23: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

23 23

GrizzlySteppeJAR-Indicators?

GRIZZLYSTEPPEJAR–INDICATORS?

Page 24: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

24 24

GrizzlySteppeJAR-Indicators?

GRIZZLYSTEPPEJAR–INDICATORS?

Page 25: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

25 25

GrizzlySteppeJAR-Indicators?

GRIZZLYSTEPPEJAR–INDICATORS?

Page 26: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

26

GRIZZLY STEPPE JAR - RECEPTION?NOTGOOD

26

Page 27: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

27

USINGUSGGIVESYOULEMONS

Don’tdespairordiscount

•  Findthreadsyoucanpullon•  Workbackwardstofindthe

intelligenceapplicabletotheindicators

•  Whenpossibleattributeindicatorstoanactor

•  Enrichtheindicatorsandpivotfromthemtofindasmuchasyoucan

•  Continuetracking

OurProcess

•  UseThreatConnecttofindoutwhat’salreadyknownaboutindicatorsandwhatthey’reassociatedwith

•  UseFarsightandWHOISintegrationstoidentifyregistrationandhostingconsistenciestoknowntactics

•  UsepassiveDNStoidentifydomainco-locations

•  MonitorIPs,registrantemailaddresses,andboutiquenameservers

27

Page 28: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

28

USINGTHREATCONNECTANALYZE

Page 29: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

29

USINGTHREATCONNECTANALYZE

Page 30: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

30

APATTERN?!??!?!

30

Page 31: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

31

FINDINGTHETHREADTOPULL

FocusingResearch

•  Can’tmakeananalyticleap

•  Reviewedthose80IPsü  Categories

-  IPsalreadyassociatedwithFANCYBEAR

-  IPsthathosteddomainsalreadyassociatedwithFANCYBEAR

-  IPsthathosteddomainswithregistrationconsistenciestopreviousFANCYBEARdomains

-  Newindicatorsweidentifiedfrompivotingoffoffreshinformation

31

Page 32: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

32

FANCYBEAR-THEYHAVEN’TSTOPPEDSOWHYSHOULDWE?

ClintonCampaign

•  ShortenedURLs

DNC

•  misdepatrment[.]com

DCCC

•  actblues[.]com

WADA/CAS

•  wada-awa[.]org

•  wada-arna[.]org

•  tas-cass[.]org

Mouthpieces

•  Guccifer2.0

•  DCLeaks

•  Anpoland

•  FancyBearsHackTeam32

Page 33: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

33

Page 34: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

34

Page 35: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

35

Page 36: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

36

Page 37: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

37

Page 38: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

38

Page 39: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

39

FINDINGS

39

AssociationstoFancyBear

•  43offirst80IPs

AdditionalIndicators

•  68domains•  17IPaddresses

ApplyingIntelligence

•  Nocontext>associations>additionalintel

Page 40: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

40

MONITORINGNAMESERVERSANDTACTICS

• FANCYBEAR

40

Newnameservers

•  Nemohosts[.]com

•  Bacloud[.]com

•  Njal[.]la

AdditionalTactics

•  Registrationtactics

InfrastructureNecessitatesInteraction

•  Procurement•  Expenses

Page 41: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

41

CONCLUSION

• FANCYBEAR

41

Gainadditionalinsight

•  Breadthandsophisticationofcampaign•  Otherindicators

Increasesthreatactors’cost

•  Themoretheyhavetoredotheirinfrastructure,thebetter

Sharingenablesorganizationswithinandoutsideofyoursector

•  Actorsusesimilarinfrastructureandtoolsagainstavarietyoftargets

Page 42: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

42

Q&A

THANK YOU FOR YOUR ATTENTION.

Q U E S T I O N S ?

ThreatConnect.com Farsightsecurity.com

Page 43: ThreatConnect and Farsight Researchers Tackle a Grizzly (Steppe) · 2017. 12. 1. · • RECENTLY WORKING ON RESEARCH INTO RUSSIAN ELECTION ACTIVITY AND TARGETED EFFORTS AGAINST BELLINGCAT,

43

© Copyright 2017 Farsight Security, Inc. All Right Reserved. © Copyright 2017 Farsight Security, Inc. All Right Reserved.

ThreatConnectandFarsightResearchersTackleaGrizzly(Steppe)

Analysis and Update on JAR Report


MH17 The Open Source Evidence - Bellingcat · It draws on the work of Bellingcat and others who used open source information to uncover facts about the events that took place on July

Bellingcat 'the Launch Site

Recorded F Farsight Security uture and · Farsight Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts. Farsight collects

Розслідування Bellingcat щодо збитого на Донбасі МН17

Farsight Employee Self-Service (ESS) Portal Updates

BELLINGCATbellingcatfilm.com/assets/bellingcat_presskit.pdf · 2019. 3. 18. · In the film Christiaan Triebert, a member of Bellingcat, opens up that for him Bellingcat feels as

» [Bellingcat 3] Qui est Eliot Higgins ? Par Edouard Vuiart · 12/04/2017 [Bellingcat 3] Qui est Eliot Higgins ? Par Edouard Vuiart 0 Share Né en 1979 d’un ingénieur de la Royal

ThreatConnect, Inc. Case Study - Farsight Security · 2018-10-01 · ThreatConnect, Inc. Case Study Anthem Breach Investigation CASE STUDY [email protected] • +1-650-489-7919

2011 Conflicts of interest Manual - Farsight Wealth Of Interest Manual... · 2014-12-09 · Farsight is an authorized Financial Services Provider and thus governed by the Financial

Farsight Security Services Committed to Vigilance · 2015-10-07 · Farsight Security Services is a market-leading specialist in remote monitoring. The Observatory, Farsight’s home,

Managing Indicator Deprecation in ThreatConnect

BELLINGCAT · source investigation, taking viewers inside the exclusive world of the “citizen investigative journalist” collective known as Bellingcat. In cases ranging from the

From the Mutual Fund House of the Year - Farsight

Magazine voor alumni en relaties Nummer 2, juli 2019 ... · Bellingcat Bellingcat werd opgericht vlak vóór de tragi-sche dag van 17 juli 2014, waarop het pas-sagiersvliegtuig MH17

Farsight Enclave Rules

Full company report (Novo Nordisk) - Farsight Firmsfarsightfirms.com/pdf/sample-report/novo-nordisk-report...NVO FarSight Ratings for Labour Issues Weighting High Low FS Score 117

Enclave Farsight 6ª

Доклад Bellingcat о "Буке"

Farsight HCM Engine - Amazon Web Servicessoftwaresuggest-cdn.s3.amazonaws.com/brochures... · Farsight HCM Engine connects everybody in your organization with it’sMobile Self Service

THE FARSIGHT PROTOCOLSK of Scientific Remote Viewing · Note: The Farsight ProtocolsK of Scientific Remote Viewing® are copyrighted and proprietary property owned by Farsight, Inc.,

The Farsight Project - Construction Skills Queensland · The Farsight Project Construction Worker 2.0. Created Date: 12/9/2015 3:10:58 PM

Farsight - Demand Forecasting 365 for Operations BENEFITS: • …farsight.co.nz/Portals/1137/Downloads/Demand Forecasting... · 2019-06-24 · from Farsight Solutions is a fully

Russia’s Path(s) to War - Bellingcat

FarSight: Long-Range Depth Estimation from Outdoor Imageshomes.sice.indiana.edu/mdreza/files/farsight_iros18.pdf · 2019-08-21 · FarSight: Long-Range Depth Estimation from Outdoor

Aligning the Intelligence Cycle with ThreatConnect...ThreatConnect Query Language (TQL) Leverage saved queries and TQL in Dashboards to visualize results Assess indicator risk via

Nederlands inkijkje bij de DIY Detectives van Bellingcat

FarSight Pitch Deck

Bellingcat опубликовал новый отчет о крушении MH-17

Farsight Bioscience – At the Front of Value Creation · Farsight Bioscience – At the Front of Value Creation Farsight Bioscience is a targeted drug discovery company with the

FARSIGHT SECURITY

CameraShy - ThreatConnect

FarSight Presentation

Case Study - ThreatConnect€¦ · Case Study CENTRIPETAL NETWORKS INTERNET ENTERPRISE RuleGate® Security Stack Aggregate, Analyze, Act ThreatConnect is the first and only Threat

Доповідь Bellingcat щодо обстрілів України з території Росії

Designed by Courtney Brown - Farsight