Pinned
For analysts and researchers: releasing a new advanced search query language and Search Sessions. Read the announcement:
Validin
806 posts
Validin
@ValidinLLC
Validin is a next generation internet intelligence platform.
- 🚨 New Blog: "Analyzing #Tycoon2FA Infra with Validin" Discover how @RacWatchin8872 expanded a phishing analysis into ~2k confirmed Storm-1747 domains using Validin's powerful threat-hunting tools. A must-read for analysts hunting advanced phishing kits!
- At Validin, we believe high-quality threat intel should be accessible, public reporting should be properly attributed, and connections between reports and ground truth should be independently verifiable. So, we've launched Threat Profiles. Read more ⤵️
- Hunting Lazarus: Expanding indicators with historic DNS and host responses in Validin to find 29 previously unreported domains likely associated with Lazarus Group.
- 🚨 New blog post 🚨 Hunting Laundry Bear: Infrastructure Analysis Guide and Findings How to enrich previous reporting with Validin to find dozens of indicators not previously reported. #LaundryBear #VoidBlizzard #APT
- Expanding APT42 Threat Intelligence with Validin - an example of using high-confidence threat intelligence to find and track dozens of additional related indicators using PDNS history.
- Matthew from @embee_research shows 5 examples that analysts can follow to discover threat infrastructure from public reports. Learn to leverage Validin's platform to expand threat intel & discover malicious domains/IPs with different pivoting methods.
- #FakeUpdate malware needs infra for distribution. Here are 3 ways to discover active or compromised domains/IPs in Validin: 1. DNS history pivots 2. HTTP response pivots - titles, meta tags, favicons, banner hashes 3. Anchor links to known malicious domain: elrifeno[.]com
🚨 Beware of an ongoing #FakeUpdate campaign targeting FR 🇫🇷! Instead of the browser update, it spreads #WarmCookie #backdoor via compromised websites. The #WarmCookie itself has been updated as well. The new version supports these commands: 1 - Get CPU identification and memory - In this blog, we show you how to pull the threads on a recent phishing attack that targeted @troyhunt through DNS, favicon, and registration pivots to uncover a web connected to #ScatteredSpider / #0ktapus We report hundreds of domains here ⤵️
- It's here - our long-awaited update is out! This update builds on our massive passive DNS database and is packed with features requested by the community. ❤️ If you're a threat hunter or researcher, this platform is made for you!
- Here's how to use DNS history and pivoting to expand #Kimsuky infra. Starting with the IP below, we find detailed DNS history in Validin. Note helpful zoom/filter options. Some of the domains no longer point to this IP. Let's pivot! 1/4
- We just completed a significant upgrade to our web scanner! We added *28* of the most common and notorious ports across the routable IPv4 space, giving researchers more ways to track and discover threats within the Validin platform. Example ⤵️
- Hot on the heels of the researched published by @HuntressLabs, hunting for Zoom-themed lures from DPRK's #BlueNoroff 💥Learn hunting techniques 💥Leverage new Validin features and data 💥Full, unredacted indicator list (domains, IPs, hashes)
