Recent Posts
Threat Hunting with Firewall Traffic
Project Name: Threat Hunting with Firewall Traffic Description: – Whenever attackers… read out Threat Hunting with Firewall Traffic
Cyber Security Lifecycle
Cyber Security Lifecycle Project Name: Cyber Security Lifecycle Description: Without applying… read out Cyber Security Lifecycle
Types of System Software
Types of System Software Project Name: Types of System Software… read out Types of System Software
Cyber Security Control
Cyber Security Control Project Name: Cyber Security Control Description: Cyber… read out Cyber Security Control
Packet Analytics
Packet Analytics Project Name: Packet Analytics Description: Packet Analytics includes… read out Packet Analytics
Moloch Packet Analytics
Moloch Packet Analytics Project Name: Moloch Packet Analytics Description: Moloch… read out Moloch Packet Analytics
Installation of MOLOCH
Installation of MOLOCH Project Name: Installation of MOLOCH Description: Packet… read out Installation of MOLOCH
Moloch Usage
Moloch Usage Project Name: Moloch Usage Description: Moloch Usage includes… read out Moloch Usage
How to investigate files
How to investigate files Project Name: How to investigate files… read out How to investigate files
Compromised Linux Server Investigation
Compromised Linux Server Investigation Project Name: Compromised Linux Server Investigation Description:… read out Compromised Linux Server Investigation
How to use ProDiscover
How to use ProDiscover Project Name: How to use… read out How to use ProDiscover
Advance Data Recovery
Advance Data Recovery 1. Chances for Data Recovery of Deleted… read out Advance Data Recovery
Data Recovery Concept
Data Recovery Concept Data Recovery Concepts deal with following… read out Data Recovery Concept
Basic Data Recovery
Project Name: Basic Data Recovery Description: Basic Data Recovery will… read out Basic Data Recovery
Fraud Investigation Concept
fraud investigation concept
Forensics Analysis in India
Forensics Analysis in India Computer Forensics: – Computer forensics is… read out Forensics Analysis in India
ProDiscover Incident Response Project
ProDiscover Incident Response Project Project Name: ProDiscover Incident Response… read out ProDiscover Incident Response Project
Digital Evidence India
Digital Evidence India Types of digital evidence India Digital Evidence… read out Digital Evidence India
Forensics Incident Response
The Document Describes The Forensics Incident Response Checklist For Incident Management… read out Forensics Incident Response
Computer and Network Log Analytics
Computer and Network Log Analytics Project Name: Computer and Network Log… read out Computer and Network Log Analytics
Weekly Threat Advisory: Beyond Ransomware — 11 RATs, 7 APTs, 1 WIPER, HASH Still Leads (Jul 6 – 12, 2026)
The non-ransomware threat layer of the week. 1,804 unique IOCs across 89 clusters (ransomware excluded). RuRAT cryptomining surge (244 IOCs — wallet-drainer domain cluster). 11 RAT families active (Vidar, Millenium RAT v4, GoodPersonRAT, Dcrat, AsyncRAT, EtherRAT, QuimaRAT, Banana RAT + more). 7 APT clusters (UAT-7810 port fingerprint 2222/8088/99, DPRK 5-type spread, Lazarus, Cavern Manticore, MustangPanda, PlugX, UNK_MassTraction). Novel multi-stage LNK + JS-runtime backdoor (135 IOCs). GigaWiper — destructive-class malware, 10 IOCs. macOS ClickFix — first observation. HASH still beats IP (810 vs 468) even without ransomware. Full ATT&CK mapping per cluster, subnet anchors, top 15 IOCs per indicator type, four production-ready Sigma rules.
Weekly Threat Advisory: 5 APTs, 200 RATs, 74% High-Severity — The Week the C2 Flood Went Quiet (Jun 29 – Jul 5, 2026)
1,524 unique IOCs across 64 clusters. Extraordinary week: DOMAIN volume beat IP for the first time; 74% of records HIGH severity (usual baseline: 1-2%). 5 named APTs active (UNC1151, APT36, TeamPCP, Lazarus, BitterAPT) + CyberAv3ngers subnet anchor at 185.82.73.0/24. AsyncRAT surged to 200+ IOCs — largest RAT footprint YTD. TONResolver introduces novel blockchain-based C2 resolution. Trust-anchor phishing (Fake Google/Cloudflare verification pages, 54 IOCs, two subnet anchors). Anubis + The Gentlemen ransomware active. Steganographic ad malware (StegoAd) and AI-agent phishing surface as new attack patterns. Full ATT&CK mapping per cluster, subnet anchors, top 15 IOCs per indicator type, 4 production-ready Sigma rules.
Weekly Threat Advisory: APT Surge, Ransomware Full-Pivot, Messaging Weaponised — June 22-28, 2026
54,820 indicator observations across 87 adversary clusters this week. Four state-aligned APTs active in parallel (Gamaredon, Turla, MustangPanda, CL-STA-1062 + Silent Lynx + APT-C-35 + APT38). A ransomware operator rotated a full multi-pivot kill chain in 7 days (DragonForce). Direct-messaging platforms weaponised as initial-access surface (WhatsApp VBScript Campaign, 61 IOCs, tight 202.61.160.0/24 subnet anchor). Five concurrent supply-chain campaigns against the developer ecosystem (GhostShell, Miasma, Malicious npm Package, Operation FlutterBridge, Chrome ad-blocker extension cluster). A new RAT family arrived (ModeloRAT, 39 IOCs, full footprint). Full MITRE ATT&CK mapping per cluster, subnet anchors, top 15 IOCs per indicator type, four production-ready Sigma rules.
Indicators of Compromise and Threat Intelligence: A Practitioner Reference
A working analyst reference. 20 sections covering the Pyramid of Pain, the atomic / computed / behavioural indicator taxonomy, the four IOC domains with field-level detail, pivoting tradecraft (passive DNS, WHOIS, JA3/JA4/JARM, TLS SAN, ASN), the standards (STIX 2.1, TAXII 2.1, OpenIOC, MISP), detection content (Sigma + YARA), IOC vs IOA vs TTP, the four TI tiers with producer-consumer contracts, the six-phase lifecycle with F3EAD overlay, intelligence requirements (PIR/SIR/KIT/KIQ), the Diamond Model of Intrusion Analysis, the Cyber Kill Chain mapped to MITRE ATT&CK, the Admiralty source reliability code, Traffic Light Protocol 2.0, the Hunting Maturity Model, detection-engineering pipelines, SOAR integration patterns, KPIs (MTTD / MTTR / dwell time / coverage / hit rate), and the practitioner reference stack. Vendor-neutral. Twelve practitioner FAQs.
Weekly Threat Advisory: Cluster Analysis & Top IOCs, June 15 – 21, 2026
55,480 indicator observations across 89 adversary clusters this week. A ransomware operator rotated a full multi-pivot kill chain (Rhysida-Interlock, 219 indicators across 4 IOC types). Developer supply chain became this week’s preferred attack surface (15 typosquat code-editor plugins + 8 browser extensions + 6 marketing-CDN typosquats). AI platforms began appearing as adversary infrastructure (19 chat-share redirector domains + 39-indicator AI-generated lure campaign). Full MITRE ATT&CK mapping per cluster, subnet-clustering signals, top 15 IOCs per indicator type, and 4 production-ready Sigma rules.



























