Classifying Malicious Domains

Classifying domains through string entropy

Chapter 2: Classifying domains through string entropy

Introduction  This is the second blog in the ‘Classifying Malicious Domains’ series, which aims to give insight into how to we at Tiberium use our knowledge of attacker’s techniques, tactics, and procedures to detect attacks before they occur.  Today we’re going to talk about ‘dodgy’ looking domains – that is a domain that looks more like a plate of alphabet soup than a bona fide website.   An early tl;dr  … Read more

Chapter 1 - Classifying Malicious Domains

Chapter 1: Classifying domains using RDAP

Using TTP-based intel to classify malicious domains  Introduction  This blog series will show how Tiberium harnesses intel around attackers’ tactics, techniques, and procedures to classify malicious domains as part of our FROST and MYTHIC 24/7 MSSP services.  Preventative security is cool. Having the ability to think several moves ahead of an attacker, identifying their presence while they still think they are invisible, and manning the barricades … Read more