Indicators of compromise (IOCs) are the pieces of evidence collected from a host system (e.g. laptops, servers, mobile phones), applications (e.g. databases), cloud-based capabilities or network when suspicious or malicious activities have been identified.
zvelo’s curated cyber threat intelligence data delivers rich metadata for highly contextualized malicious and phishing Indicators of Compromise and threat signals which can be easily integrated into existing security tools and platforms (including SIEM, SOAR, EDR, MDR, XDR, etc.), for deeper analysis and enrichment by cyber defenders and threat analysts.
Common Indicators of Compromise (listed in order from the easiest to assess to the most difficult) include file hashes, IP addresses, domain names, network/host artifacts, tools, and tactics, techniques, and procedures (TTPs). zvelo details how its threat detection feeds map to each of these IOCs within the Pyramid of Pain — a model cyber defenders use for Incident Response (IR) and threat hunting.
Domain Generation Algorithms (DGAs) are a key tool for threat actors. As DGAs become more sophisticated and increasingly difficult to detect, zvelo’s Cybersecurity Team recommends heightened awareness and shares what you need to know.
From a threat intelligence perspective, this post presents the Tactic, Technique and Procedure (TTP), which can be best described as Living Off The Land at Scale (LOTLS).
Phishing threats are not homogeneous in nature. Malicious actors use several different phishing attack topologies to execute their campaigns – each of which require a different approach to detect and mitigate the threat.
WordPress is an easy target and attackers are compromising vulnerable and misconfigured deployments to serve Qakbot and other malware.
In a previous blog, we explored the important differences between base domains and full path URLs. In this post, we wanted to take a step back and cover the basics—the individual structural elements of a URL (Uniform Resource Locator).