We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
From An IcedID Infection to Domain Compromise in Under 24hrs
Cybereason's research details an IcedID infection that led to domain compromise and data exfiltration within 24 hours. The attack used Cobalt Strike for lateral movement, Rubeus/DCSync for credential access, and involved techniques linked to Conti, Lockbit, and FiveHands, demonstrating cross-group TTP sharing.
CircleCI Discloses A Security Incident, Urges Customers to Rotate Secrets
CircleCI discloses a security incident, advising customers to rotate secrets, review logs for suspicious activity, and replace Project API tokens. The company reassures that no unauthorized actors are active in their systems but encourages precautionary measures.
LockBit Backtracks Attack on SickKids Hospital
LockBit ransomware group provided a free decryptor to SickKids Hospital after a member violated their rules by targeting healthcare. The attack caused delays in patient care and imaging services. LockBit apologized and blocked the member responsible, while the hospital restored 50% of impacted systems by December 29th.
Hackers Compromise Slack's GitHub Repository
Slack's GitHub repository was compromised on December 27, 2022, via stolen employee tokens. Hackers accessed and downloaded private code repositories, but no customer data or primary codebase were affected. Slack is investigating the potential impact and has rotated affected credentials as a precaution.
Linux Malware Downloader Uses Shell Script Compiler for Cryptomining & DDoS
ASEC researchers uncover a Linux malware downloader using Shell Script Compiler (SHC) to convert bash scripts into ELF executables, evading detection with RC4 encoding. The malware targets SSH servers through brute force attacks, deploying XMRig CoinMiner, DDoS IRC bots, and SSH Scanners, primarily impacting systems in Korea.
Raspberry Robin Circling Entities in Europe
Security Joes identifies Raspberry Robin malware targeting financial and insurance sectors in Europe, particularly Spanish and Portuguese-speaking organizations. The malware uses USB drives and phishing emails for initial infection, employing obfuscation and system binaries like msiexec and rundll32 to evade detection and maintain persistence.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
