QAnon infrastructure and Modus Operandi drive a horizontally controlled, organically self-sustaining user community. …

Stuxnet malware was reportedly a US-Israel joint enterprise against a critical infrastructure target. The main payload was allegedly introduced on a USB device by an insider threat working for the AVID, via supply-chain compromise. Stuxnet was an original malware tailored to cause ICS (Industrial Control System) connected systems to malfunction…

By Ippolito Forni, Threat Intelligence Analyst

As we have seen in this blog series so far, the ransomware ecosystem is quickly evolving (if you missed the previous parts, check out ‘The Rise of the Biggest Cyberthreat’ and ‘GandCrab, Sodinokibi and How to Scam a RaaS Operator).

The ease of executing…

In part one of our ‘Evolution of the Ransomware Landscape’ blog series we examined how ransomware grew quickly into the biggest cyberthreat to date in terms of both data loss as well as direct and indirect costs for victims. We also looked at a new trend for ransomware operations in…

Part 1 of a three-part series on ransomware

By Ippolito Forni, Threat Intelligence Analyst

The ransomware landscape has evolved into a massive problem in the past few years. The modus operandi and TTPs are more mature, threat actors are targeting big public and private organizations and the amount of the average ransom payments have increased significantly as well…

An Agile Approach to CTI

Managing a work flow in Cyber Threat Intelligence is non-trivial. Many organizations are attempting to adopt an agile style of working. If you are setting up or planning to improve your intel team to make it work in an agile way it doesn’t mean that you have to kill your existing processes. It simply means the way you move tasking and resource allocation around happens through an agile mechanism. Watch EclecticIQ’s CEO Joep Gommers guiding you through this process and highlighting the values of adopting an agile approach to CTI in this whiteboard session.

In the second part of this three-part series, we explored the potential of using an existing STIX 2.1 Object for structuring the analysis of competing hypotheses (ACH). But once we looked at what was needed to structure ACH it became apparent that the 2.1 STIX Opinion Object was not going…

Opinion Object in STIX 2.1

By Caitlin Huey, Senior Threat Intelligence Analyst

In the first part of this blog series we talked about some initial hurdles that the intelligence community has in structuring Analysis of Competing Hypotheses (ACH) in a consistent way.

In this follow-up post we will address how analysts first thought about tackling…

By Caitlin Huey, Senior Threat Intelligence Analyst

Welcome to the first in a three part series of blogs which will address:

1. How to structure Analysis of Competing Hypotheses

2. Moving past STIX 2.1 Opinion Object

3. Introducing the Hypothesis Object

In this first blog we will look at what…

By Joep Gommers, CEO & Founder

The cyber threat intelligence landscape has undergone rapid change in recent years. This can be attributed to three main factors.

First, the growth in the number of security vendors has resulted in an increased supply of solutions and capabilities. Second, wide-ranging data protection legislation…


EclecticIQ is a global threat intelligence, hunting and response technology provider. Its clients are some of the most targeted organizations, globally.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store