Enjoy a summary of Tim Helmings recent Indicators Over Cocktails training series where he dissected infrastructure from a recent campaign linked to UNC1151.

Learn about different types of DNS attacks, the impact of COVID-19 on the evolution of these attacks, and how organizations can protect themselves.

Learn about research recently conducted into Domain Blooms, our attempt to identify new and trending themes in domain names that highlights which events threat actors are potentially targeting for malicious campaigns.

As a result of the SolarWinds incursion, supply chain attacks have gained significant attention in recent months. In this blog, learn how to guard against these attacks by monitoring for spoofs of your trusted partners.

Gain additional insight into the malware dubbed RotaJakiro by Netlab with analysis by Chad Anderson on additional infrastructure unearthed including IP addresses, C2 domains, and more.

Learn how the DomainTools Research team identified a campaign which has run largely undetected since around December 2020 targeting Azerbaijan, Cyprus, India, Italy, Lithuania, Ukraine, and the Vatican.

DomainTools researchers have identified a phishing campaign targeting underwater research and weapon development organizations in the Russian Federation using the evolution of a malicious document framework.

Catch up on your industry reading with a curated list of the most popular blogs of Q1 2021. This installment includes research related to the SolarWinds incident, COVID-19 related threats, and more.

In the final installment of our SOAR series, learn how to expose a possible campaign when you dont have obvious pivots by using DomainCAT to show clusters of malicious activity.

Senior Security Researcher, Joe Slowik, analyzes an intrusion with COVID-19 themed lures actively targeting Vietnamese entities from late 2020 through early 2021.

In the second installment of this three part blog series, Tim Helming examines how human analysts assume control of an investigation when a SOAR playbook surfaces inconclusive information.

In the first installment of this three part blog series, learn the basics of adversary hunting with the help of orchestration technologies.

Upon the discovery of a suspicious domain name, DomainTools researchers uncovered a phishing attack targeting Tesco Bank. See how they used code analysis and infrastructure mapping to understand the full extent of this campaign.

Insight on the rapid expansion in Microsoft Exchange exploitation and potential recourse in order for defenders to reduce the likelihood of intrusion.

Glean insights from fellow security practitioners regarding the impact of the SolarWinds incident in a recent survey conducted by DomainTools.

Learn how to more accurately disposition and prosecute intrusions with the background knowledge to appropriately categorize and understand identified intrusions.

DomainTools researchers have identified persistent activity linked to previous analysis of initial access activity associated with an entity referred to as Cloud Atlas.

Practical advice from the DomainTools research team on how to approach adversary-based threat hunting, asset management, and incident response in the wake of the SUNBURST campaign.

Learn about tactics attackers use for extortion emails and how to build a picture around raw data as the DomainTools team leads an investigation into a sextortion scam.

Joe Slowik provides an overview of the Oldsmar incident, delivers defensive countermeasures and attack surface reduction recommendations, and highlights the value of indicator enrichment.

Learn how the DomainTools Research team used domain monitoring to uncover recent COVID-themed scams.

This blog examines recently identified Advanced Persistent Threats (APTs) in the healthcare industry to see who is behind the attacks and what they mean for the future of cybersecurity.

Learn how you can use various DomainTools applications and data sets to identify adversary infrastructure, prevent attacks, and gain relevant threat intelligence.

Learn how organizations can defend against SUNBURST-like attacks by shifting their approach from external analysis to internal enrichment.

In the next part of this series, learn how to use Internet observables to detect attacks and block adversary infrastructure.

Senior Security Researcher Joe Slowik outlines the attribution process, working to identify the threat actors responsible for the recent Solorigate activity.

Learn how to better spot supply chain attacks targeting your organization. This blog outlines how defenders can use the techniques and tools they already use to profile suppliers and get ahead of potential threats.

Learn how to analyze and prevent cyber attacks using popular techniques and analytic models to your advantage, starting with the Cyber Kill Chain and the ATT&CK framework.

DomainTools researchers recently learned of a ransomware campaign targeting multiple entities. The incident highlighted several methods of network and malware analysis that can be used to gain a greater understanding of individual campaigns.

The final part of this blog series on log collection covers Managed DNS Providers, Packet Capture, IDS/IPS Tools, Mail Exchange, IIS Servers, and more. Learn about these log sources and explore the next steps for ideas beyond logging.

We covered Windows DNS Loggingnow its time to focus on Linux and other Unix-like platforms. Learn more about log collection deployment and Linux auditing in part 4 of this blog series.

Based on additional information released by multiple parties as well as independent DomainTools analysis, this blog from Joe Slowik adds to and updates the scope and learnings from the SolarWinds Supply Chain Incident.

In part 3 of 5 of this blog series, learn how to improve your log collection deployment. Follow a sample Windows log scenario and receive a deployment checklist to help optimize your DNS logging.

Congratulations to our Top Level Defender winner, Olga Jilani! From her inspiring story to her daily efforts in making the Internet a safer place and giving back to the infosec community, see how she goes above and beyond to fight cyber badness.

Discover our Employee Spotlight blog! In this series, we like to celebrate our employees by sharing their stories. This quarters feature: DomainTools Security Evangelist, Tim Helming.

The SUNBURST campaign represents a highly complex, operationally savvy, and technically patient effort. Join Joe Slowik for critical takeaways on the network infrastructure of this campaign as well as recommendations for defenders.

Make sure to check out part 2 of our 5-part series on log collection. This blog delves into how log sources, the MITRE ATT&CK framework, and metadata can elevate your threat hunting operations.

In this blog, Senior Security Researcher Joe Slowik illustrates how he uncovered a phishing campaign, which included the Russian nuclear industry, by pivoting off of infrastructure linked to the threat actor known as OilRig.

Our mission has always been to make the internet a safer place for all, and today we are excited to announce our partnership with Battery Ventures, a leading investor in successful high-growth companies, to deliver more quickly on that mission.

DomainTools researchers identified a domain created to facilitate phishing activity, revealing a focused campaign spoofing the WHO to gather sensitive information from victims.

By identifying a phishing document related to recent tensions in the Caucasus, DomainTools researchers were able to detect and analyze a complete campaign stretching from December 2019 through November 2020.

Discover everything you need to know about log collection. In the first blog of this five-part series, well give an industry overview on logging and explore what it means for defenders.

In this blog, Senior Security Researcher Joe Slowik uses a recent Ryuk ransomware incident to illustrate a methodology for identifying and tracking adversary operations.

Hear from Senior Security Researcher Joe Slowik to discover the significance behind domain name patterns and learn how defenders can use these thematic insights to further their security operations.

Exciting Partnership and availability of DomainTools Iris Threat Intelligence application on the CrowdStrike Store to provide contextual enrichment of threat detections.

Learn about a new concept at DomainTools called Domain Blooms, and how they can be a crucial piece in identifying the underlying infrastructure of the disinformation puzzle. In this blog, Security Researcher Matthew Pahl dives into the narrative behi

Learn how to better protect your organization and combat threats to your network. See how integrating threat intelligence and automation levels up your incident response efforts.

In todays online ecosystem, its easy for misleading and false information to spread. Learn how you can detect campaign techniques and protect the public from agents of disinformation.

Thanks to our integrations team, weve enhanced our Splunk App to accelerate searches and improve performance. Hear from Software Engineer, Kacie Houser, on how the integrations team completed this total rewrite.