APT33 CircleOfTruth

Additional Insights into Iranian Cyber Espionage | APT33

By Daniel Clemens / April 24, 2020

Earlier this week FireEye/Mandiant had released a blog entitled “Insights into Iranian Cyber Espionage” detailing the targets within the Aerospace and Energy sectors being targeted. To compliment their post we…

OSINT PAI 2020

What Will OSINT/PAI and Collection at Scale Look like for 2020?

By Daniel Clemens / January 11, 2020

2020 will be eventful and likely one of the most historical years containing change, balancing the tension between change, conflict, and hopefully peace in a long time. When reflecting on…

GetRelatedMalwareSamplesFromDomain 1

Iranian Watering Holes. Target Centric Analysis & Looking for Additional IOCs Related to clear.co.ir | 79.127.125.179 with ShadowDragon MalNet & ProofPoint Data

By Daniel Clemens / December 1, 2019

Additional information is always needed on initial indicators for a SOC analyst or incident handler. In this case, initial indicators point to [ clear. co. ir and 79.127.125.179 ] engaging…

Link Analysis ChartsGuidance

Link Analysis Presentation No Nos and How Long Should I Deep Dive?

By Daniel Clemens / August 3, 2018

In “Understanding Link Analysis and Using it Investigations,” I detailed how to get started and some fundamentals on link analysis. What I didn’t cover was how long you should be involved…

shadowdragon share

Patchwork APT Group – Additional IOCs & Network Indicators

By Daniel Clemens / June 8, 2018

Yesterday, Matthew Meltzer, Sean Koessel, and Steven Adair @ Volexity released an excellent write-up on the Indian APT group known as Dropping Elephant.   The Volexity article detailed attacks against US think…

shadowdragon share

Buckle up for Step-by-Step Insight into Charming Kitten Cyberespionage Attacks

By Daniel Clemens / January 26, 2018

The horrors of cybercrime can make even the savviest tech person shudder. Much like an accident on the side of the road, however, we just can’t help rubbernecking. That’s why…

692504 40d22ae800434a5baacef2d4fdc57d49 mv2

ShadowDragon MalNet – ProofPoint Maltego Transforms | Vietnamese Victims 1937CN

By Daniel Clemens / August 28, 2017

Votiro Labs and ClearSky CyberSecurity both based out of Israel, through use of MalNet have uncovered a slew of interesting TTPs and infrastructure believed to be used by the 1937CN…

Scroll to Top