14. 12. 2023 Massimo Giaimo SEC4U

Enrichment of the Ransomfeed Project

There are community projects that, once implemented, become true points of reference. One of these is certainly the DRM – Dashboard Ransomware Monitor project.

This project, founded by Dario Fadda in 2020, monitors ransomware groups through scraping activities, to store claims regarding victims within a permanent RSS feed.

However not everyone knows that starting from June 2023 our SOC Attacker Centric has become an important contributor to this project. Specifically, our activity consists of enriching the data made available by the project, adding information relating to the business scope of victim organizations.

The result of this enrichment is visible within each record stored by the project.

This is a task which, especially at the beginning, required a significant investment in terms of time (when we started doing the enrichment there were over 8000 records to enrich) but which today allows us to make available to the community an important piece of information that can be used as a correlation element.

In technical terms, every 4 hours we retrieve the records through the RSS made available by the project. From there, through a screen present within our SATAYO Threat Intelligence Platform, the analysts of our SOC Attacker Centric are able to carry out the enrichment of the records, choosing a specific business area from a list of over 100 sectors.

Once the enrichment is finished, we generate a .json file that we make available to the project within a web service.

This activity is carried out 24/7 by our SOC, so that a few hours after the claim by the ransomware group, the information relating to the business scope is already available.

This is what we do, for example, within our SATAYO Threat Intelligence Platform, where we can register, for each monitored organization, the reference country and the business scope, in order to notify the customer of any claims relating to the organization that are in the same country or the same business area.

Massimo Giaimo

Massimo Giaimo

Team Leader Cyber Security at Würth Phoenix

Author

Massimo Giaimo

Team Leader Cyber Security at Würth Phoenix

Latest posts by Massimo Giaimo

21. 03. 2024 SOCnews
SOC News | Mar 21 – IABs and Bulk Sales
20. 02. 2024 SOCnews
SOC News | Feb 20 – Lockbit Infrastructure Seizure
09. 02. 2024 SOCnews
SOC News | Feb 07 – FortiOS Critical Vulnerabilities
03. 02. 2024 SOCnews
SOC News | Feb 04 – AnyDesk Compromise
25. 01. 2024 SOCnews
SOC News | Jan 01 – Kasseika Ransomware Uses BYOVD in His TTP
See All

Related Content

Tags: , ,

24. 04. 2024 SOCnews

SOC News | Apr 24 – Full AMMEGA Data Breach Published

Using our CTI SATAYO platform, we identified an artifact belonging to AMMEGA's data breach. AMMEGA is a multinational manufacturing company based in the Netherlands with revenues of $1.2 billion. It was the victim of an attack carried out by the Read More
15. 03. 2024 Blue Team, SEC4U

SATAYO and SOC: in the New Midlands

This article explains how the Cyber Threat Intelligence platform SATAYO serves as a powerful resource to optimize processes and strengthen threat coverage within the Würth Phoenix Attacker Centric SOC. We will analyze the utilization of SATAYO's internal resources for creating Read More
20. 12. 2023 Exposure Assessment, SEC4U

EPSS implementation in SATAYO

The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild , as my colleague Beatrice Dall'Omo has already had the opportunity to talk about in Read More
26. 09. 2023 Exposure Assessment, SEC4U

Exposure Assessment: How to Identify Infrastructure Vulnerabilities

In our previous post about Exposure Assessment, we described how we outline a target's infrastructure using SATAYO, our Cyber Threat Intelligence (CTI) platform. This means that we collected the identifiers of all the target's machines, i.e., their host names and Read More
09. 06. 2023 Exposure Assessment, SEC4U

Exposure Assessment: The Best Way to Easily Discover a Target’s Infrastructure

Some time ago we started this series of articles with the aim of technically describing the various objects collected within our Exposure Assessment activity. This is based on SATAYO, our OSINT & Cyber Threat Intelligence platform. Unfortunately, we stopped writing Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive