1 min read

Sources & Methods Newsletter #4 - December 2022

With the timing of this issue, I decided to include more articles and tools than usual as a way to say thank you for being a subscriber of this humble newsletter. I hope your holidays are restful and fun. See you in 2023!

📁 Sources

Public IPFS Gateway list - Web gateways you may observe being used to access content via IPFS, like malware or phishing landing pages.

📰 Articles

Intelligence Failures of Lincoln’s Top Spies: What CTI Analysts Can Learn From the Civil War #intelligence #history

Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns #infrastructure #trends

The Move To Mastodon: Tips and Tricks #osint #socmint

4 hiring tips for building a cyber threat intelligence team #team #hiring

Vertex Synapse: Rapid Power-Up Development #tools #development

Using OpenAI Chat to Generate Phishing Campaigns #trends #phishing

Old Services, New Tricks: Cloud Metadata Abuse by UNC2903 #analysis #cloud

OpenCTI Ecosystem Snapshot #tools #enrichment

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself #ecosystems #ransomware

🛠 Tools



PhoneInfoga is an information gathering framework for phone numbers.



cti-stix-visualization is a JavaScript library for turning STIX 2.0+ object and relationship data into nice visualizations.



Manuka is an honeypot focused on the tricky task of detecting reconnaissance by adversaries by seeding OSINT data for them to find.



Here's a simple Python script that extracts MITRE ATT&CK Technique IDs from web-based reports and generates JSON you can load into the ATT&CK Navigator.



pygreynoise is both a command line tool and Python library you can use to integrate with GreyNoise.



Yet another handy plugin for Obsidian—now you can embed runnable Python code in your notes like a Jupyter notebook.

💡 Tip

ENISA have shared their Threat Landscape Methodology for everyone to read and incorporate in their own threat landscape analysis.