Light Dark
September 27, 2017 By Security Intelligence Staff 2 min read
Threat Intelligence
X-Force

It’s now easier than ever to make threat intelligence from IBM X-Force Exchange actionable. Since its inception in 2015, X-Force Exchange has provided both granular indicators of compromise and higher-order intelligence through public collections to help shorten security investigations.

A recent update to the X-Force Exchange collaborative platform now offers recommended apps from the companion IBM Security App Exchange, based on the content of public collections, to help users implement threat intelligence into their end-to-end security portfolio.

Implementing Threat Intelligence

The Petya ransomware campaign in Europe earlier this year worked quickly. With the attack intending to destroy data rather than hold it hostage, every minute mattered. By using the recommendation engine on X-Force Exchange, users researching the “Petya Ransomware Campaign” public collection on IBM X-Force can now view related apps from App Exchange that can help put threat intelligence on Petya into action.

Users of the IBM X-Force Exchange will now see suggested apps from the App Exchange relevant to the content they are viewing.

In this case, the Threat Intelligence app for QRadar will add real-time threat intelligence from X-Force Exchange into the IBM QRadar SIEM — including any related reports on IP addresses and known malware hashes. In addition, the RFISI app provides additional rules in QRadar that implement the Threat Intelligence integration strategy and the NotPetya Content Pack adds additional detection based on Snort signatures and collaboratively developed threat intelligence to offer higher-fidelity detection of the NotPetya variant.

Full Circle Recommendations

Existing app users on App Exchange visiting the page for a particular app will now find related apps at the bottom of the page from both IBM and our network of security partners. If you visit any of the apps related to the Petya Ransomware Campaign Collection, you’ll discover recommended apps for additional threat intelligence sources, including those from partners such as Jeskell CyberSentinel, FireEye, PhishMe, ThreatConnect and more.

Learn More About IBM X-Force Exchange

https://www.ibm.com/us-en/marketplace/ibm-xforce-exchange

 |  |  | 
Security Intelligence Staff
Security Intelligence Staff

More from Threat Intelligence
October 16, 2024

Hive0147 serving juicy Picanha with a side of Mekotio

17 min read - IBM X-Force tracks multiple threat actors operating within the flourishing Latin American (LATAM) threat landscape. X-Force has observed Hive0147 to be one of the most active threat groups operating in the region, targeting employee inboxes at scale, with a primary focus on phishing and malware distribution. After a 3-month break, Hive0147 returned in July with even larger campaign volumes, and the debut of a new malicious downloader X-Force named "Picanha,” likely under continued development, deploying the Mekotio banking trojan. Hive0147…

September 26, 2024

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

July 26, 2024

Hive0137 and AI-supplemented malware distribution

12 min read - IBM X-Force tracks dozens of threat actor groups. One group in particular, tracked by X-Force as Hive0137, has been a highly active malware distributor since at least October 2023. Nominated by X-Force as having the “Most Complex Infection Chain” in a campaign in 2023, Hive0137 campaigns deliver DarkGate, NetSupport, T34-Loader and Pikabot malware payloads, some of which are likely used for initial access in ransomware attacks. The crypters used in the infection chains also suggest a close relationship with former…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature