Follow ThreatConnect on their other social channels!
About Us
Company Size:
51-200 employees
Company Type:
Arlington, VA
ThreatConnect® enables organizations to identify, manage, and block threats with threat intelligence, automation, and orchestration. Providing security teams a platform to unite their people, processes, and technologies behind an intelligence-driven defense, ThreatConnect helps increase visibility ...
Read more
Promoted Content
Innovation Insight for Security Orchestration, Automation and Response
One-Click querying of the Wayback Machine
ThreatConnect developed the Playbooks capability to help analysts automate time consuming and repetitive tasks so they can focus on what is most important. And in many cases, to ensure the analysis process can occur consistently and in real time, without human intervention.When investigating phishing pages it can be helpful to see what a malicious website looks like. This can help you identify what organization the phishing page is spoofing and possibly whether or not a phishing kit is ...
Using Playbooks to Populate Custom Attributes
Create Custom Attribute Types and Validation Rules, then use Playbooks to populate them automatically I was working with a customer who wanted to use ThreatConnect's Task and workflow features like a traditional ticketing system, with a unique identifier for data objects that they could key off of and pass to other teams as needed. This is usually a value, like an "Incident Number" or "Task ID". ThreatConnect has these values and you can see them in the weblink URL for any data object within the ...
Duping Doping Domains
Possible Fancy Bear Domains Spoofing Anti-Doping and Olympic Organizations We recently identified two additional domains -- login-ukad[.]org[.]uk and adfs-ukad[.]org[.]uk -- which appear to spoof UK Anti-Doping. The domain uses the Domains4Bitcoins name server previously mentioned and, as of January 19 2018, is hosted on dedicated server at the IP 185.189.112[.]191. This IP address is in the same block as a previously identified IP that hosts the USADA-sp ...
Fancy Bear Pens the Worst Blog Posts Ever
ThreatConnect reviews continuing Fancy Bear activity targeting citizen journalism organization Bellingcat and identifies a new tactic leveraging Blogspot to mask their credential harvesting links.   Our friends over at Bellingcat, which conducts open source investigations and writes extensively on Russia-related issues, recently shared a new tranche of spear-phishing emails they had received. Spoiler alert: they originated from Fancy Bear actors. Using the ThreatConnect platform we inge ...
A Report on Healthcare and Medical Industry Threats
Learn about the threats and how to protect your healthcare organization Summary Medical and health organizations, which include organizations operating in the pharmaceutical sector, face a variety of threats that are inherent to the services they provide and the data they safeguard. Within medical and health verticals the risks associated with compromise are often significantly augmented as patient care and personal information are at stake. This report highlights notable threats to those orga ...
DNC Association Does Not Compute
Joining the cyber community to conduct independent analysis of the DNC HackRecently, an article purported that the Democratic National Committee (DNC) turned down requests from FBI forensic units to look at its server and instead opted to use ThreatConnect and two other cyber security firms. While we cannot speak to the veracity of the first part of that statement, we can with certainty say that we (ThreatConnect) were not contracted by, nor did we work on behalf of, the DNC.The a ...
Casting a Light on BlackEnergy
A look into BlackEnergy malware and using ThreatConnect to aggregate and memorialize the identified intelligence. As workers prepared to head home on December 23, 2015, an attack against Ukraine's energy sector left 230,000 without electricity (or heat) for six hours. The attackers demonstrated a variety of capabilities, including spearphishing emails and variants of the BlackEnergy 3 malware to gain a foothold into the Information Technology (IT) networks of the electricity companies. The Dec ...
Track to the Future
How to use historical intelligence to get back to the future and defend your organization   We need to talk about something. In the history of the ThreatConnect blog, we've never discussed Back to the Future. It's crazy to think that that's the case as arguably the second-greatest sci-fi trilogy is rife with quotable lines and meme-able scenes that would make for amazing blog fodder. We have to say that we love the Back to the Future trilogy. Despite it essentially being the same mov ...
Enterprise Defense at the Speed of Data
A joint whitepaper by SAP, Deloitte, and ThreatConnectToday’s threats are relentless. Cyberattacks are often multi-year campaigns targeting valuable, sensitive data and have many business implications — brand reputation, lost revenue, and more. In this paper, we discuss how an intelligence-driven security program gives your company or agency a fighting chance to stay ahead of ever-changing threats.Read the white paper
Mitigate Threats Faster with an Intelligence-Driven Defense
Learn to identify, manage, and block threats faster with intelligence.The ThreatConnect Platform was specifically designed to help you understand adversaries, automate workflows, and mitigate threats faster using threat intelligence. But we know security operations and threat intelligence are not one size fits all. That’s why we have options.View this recorded webinar to learn how our recently announced suite of products can help you mitigate threats faster. We’ll show you:The products: ...

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge



Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?