I often get asked what tools I use for various aspects of threat research / analysis --

Here's a quick list of my favorites that most are not taking advantage of.. 🧵 1. Aeon Timeline (@AeonTimeline):
▪️ This is my replacement for most Maltigo-style mapping + time-lining chaotic events.
▪️ Everything I investigate starts with one of these to track pivots/clues.
▪️ $65 a year..

More about how I use it here: sentinelone.com/labs/putting-t…

💜 JumpCloud Intrusion | Attacker Infrastructure Links Compromise to North Korean APT Activity

I took a look into the IOCs shared by @JumpCloud and found links to APT Infrastructure we attribute to DPRK.

Quick 🧵..

#threatintelsentinelone.com/labs/jumpcloud… Look how 144.217.92[.]197 is being used by npmaudit[.]com -- this domain links to @github's recent security alert. Nice!

Based on timing of this, I'm going to assume its related to the JumpCloud intrusion but thats just my outsider perspective here.

github.blog/2023-07-18-sec…

Today CERT-UA released two new posts on recent attacks on Ukraine Gov and enterprises.

- UAC-0026 Delivering HeaderTip.
cert.gov.ua/article/38097

- UAC-0088 Attacks with DoubleZero Wiper.
cert.gov.ua/article/38088

Follow along for a quick thread:
🧵1/x @AeonTimeline 2/x: (threads are hard, sorry)

First lets look at UAC-0026:

Some (including me at first) are associating this with Symantec 2015's post on "Scarab", who was active since 2012.

At the time they were known to target a very small amount of individuals of interest (see map)

Today we published a new report on the new ModifiedElephant APT, and the years of attacks against groups and individuals in India.

Blog: s1.ai/m-elephant
Full Report: s1.ai/mod-elephant

Quick 🧵 on some highlights: ME is responsible for targeted attacks on human rights activists, human rights defenders, academics, and lawyers across India with the objective of planting incriminating digital evidence.