Votiro Labs and ClearSky CyberSecurity both based out of Israel, through use of MalNet have uncovered a slew of interesting TTPs and infrastructure believed to be used by the 1937CN group. Votiro & ClearSky CyberSecurity documented this a great deal in their post last week. Some great screenshots had been provided during their hunt identifying signatures related to Command and Control, related IP addresses and domains.
Last month, we had also detailed how Trend Micro and ClearSky had also exposed a vast espionage apparatus that had not been publicly reported dubbed “Operation Wilted Tulip” .
When partnering with ProofPoint to help visualize the vast amount of data, use cases to augment the analyst like this had been our primary goal. We are proud to enable deeper investigations to augment the analyst.
We have a few more videos in the works, but wanted to share a few quick links to MalNet that may be useful.
For help in acquiring a trial license key for MalNet with integration into Maltego or integration into a security orchastration framework please contact us via phone, email or our contact form.