EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

The Tradecraft of a Successful Threat Investigation: A COVID-19 Case Study

Product Marketing Team May 18, 2021

Tradecraft Covid-19 BlogWhat a year it’s been!

When it became clear in February 2020 that the world was facing a major pandemic, we at EclecticIQ knew adversaries would put their malicious tactics, techniques, and procedures (TTPs) into high gear to exploit organizations as they shifted their focus from security to the health crisis.

As a global threat intelligence organization that uses EclecticIQ Platform, a leading threat intelligence platform (TIP), we launched a campaign to deliver targeted, prioritized, and actionable threat intelligence reports on our closely followed COVID-19 Threat Intelligence blog.

Teaching People to Fish

To stretch the biblical proverb, if you give a person a piece of threat intelligence they may identify one threat. But if you teach a person how to conduct a threat intelligence campaign, they’ll develop their own intelligence and even get ahead of threats. Continually!

Thus, we decided to document in a whitepaper the tradecraft used by our threat intelligence team. The goal was to provide practical guidance, best practice recommendations, and beneficial insights to any cyber threat intelligence (CTI) organization conducting a threat investigation of any size and scope.

In this whitepaper, we cover some of our most important practices. Here are four examples.

Starting with the CTI Lifecycle

EclecticIQ’s threat intelligence team leverages EclecticIQ Platform to execute a standard CTI lifecycle, as illustrated below. We emphasize the importance of following the full lifecycle because most organizations take shortcuts due to being short-staffed and under continual pressure to produce results.

In the whitepaper, we highlight both the desire to cut corners and its downsides.

Picture1 BLOG Tradecraft


Climbing the Pyramid of Pain

Moving through the lifecycle is like taking a trip, and one of the arduous treks on that journey is climbing the Pyramid of Pain. As we illustrate in the whitepaper, the best way a resource-strapped CTI operation can conduct a successful campaign is to innovate and institute triage of IOCs to optimize staff skills. This triage, which distills millions of indicators per week down to a few TTPs, is essential to climbing the pyramid because it allows the CTI team to prioritize analysis and response.

You’ll read about our success in detecting an APT group that targeted a vaccine organization and its research infrastructure in the whitepaper.

Picture2pyramidBlogTradecraft

Leveraging the TIP to Illuminate Trends

Central to any helpful analysis is illuminating trends. Trend spotting requires a TIP like EclecticIQ Platform, which allows a CTI operation to quickly track and establish critical relationships between the data.

The whitepaper discusses how trends help prioritize the investigation and supply salient points for reports. For example, we were concerned that work-from-home (WFH) put workers at greater risk of falling for phishing attacks due to a more relaxed attitude and fewer security controls. Indeed, we saw multiple phishing lures exploiting “Covid-19” attributed to Gamaredon, a Russian APT group.

Picture3BLOG Tradecraft

Looking in the Rearview Mirror

An indispensable aspect of any threat intelligence campaign is the historical context provided by the TIP and the ability to query stored intelligence about different use cases. After all, most threat actors follow established patterns. In the paper, we discuss how the TIP can correlate current and past entities. Indeed, we found examples where high-profile threat actors pivoted to vaccines as an opportune target using their established TTPs.

Ten Recommendations to Move Forward

Our purpose for publishing this whitepaper is to provide actionable and prescriptive guidance, based on our experience, which can benefit organizations looking to implement and run a successful threat intelligence campaign. We invite you to download the whitepaper to learn more about the above best practices and take away 10 valuable recommendations from our world-class threat intelligence team.


Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

3 more posts you might like

All Blog Posts (106)

Explore all topics

© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo