Thirdeye Intelligence

If cyber threats had a most-wanted list, Chip would be the detective cracking the case! My blog dives deep into the world of cyber intelligence, unraveling attacks, trends, and security tactics with a mix of wit and wisdom. Whether you’re a seasoned pro or just cyber-curious, expect insights that pack a punch—no fluff, just the good stuff!

Bob and Chip Talks Cyber Comics
The 5W Wire
LinkedIn

  • Marketplace Update #1 – An Australian logs based Fraud Store

    Readers! Its been almost a year so apologies for not being proactive. Will now try and publish at-least once a week. Recently, I came across a marketplace or a store called A1 FRAUDSTORE offering multiple compromised/stolen data related to Australian individuals. Drivers Licence/Medicare/Passport Scans – Used heavily for identity takeover… Read More ⇢

    Marketplace Update #1 – An Australian logs based Fraud Store

  • Fake New Order on Hold serving Formbook Stealer

    Our research team has identified a campaign in wild serving Formbook stealer. Based on the email content and sender it seems targeted towards UK. Below is the screenshot of the email body. Email Attachment – Scan 1722020 pdf.zip Hash – e5eb58f54fa93643b576611712afcf27 Zipped Exe – Scan 1722020 pdf.exe – Any.Run Hash… Read More ⇢

    Fake New Order on Hold serving Formbook Stealer

  • Gozi ISFB RM3 and Me : A Diamond Model Approach

    Readers! Few weeks back I was invited to present at Malware and Reverse Engineering conference (MRE) and topic I chose to present is my understanding and research of Gozi ISFB over the years that is being noticed globally, with specific concentration on threat group operations in Australia. Purpose of my… Read More ⇢

    Gozi ISFB RM3 and Me : A Diamond Model Approach

  • Cyber Threat Intelligence. Is it for me?

    Readers! I have been working as a Cyber Threat intelligence area from quite a long time and today I want to talk about a question that I often get asked. Do we need Cyber Threat Intelligence? With this article I will try to answer as much as I can based… Read More ⇢

    Cyber Threat Intelligence. Is it for me?

  • Gathering Information about targets

    Part II Once the target is identified/determined attackers begin their tasks. Now we must understand, to launch an attack or gather information, they will rely on the available tools and capabilities that they have. As per my previous post targets are also determined based on the tools that they can… Read More ⇢

  • Profiling the adversary : Target Determination

    Readers! As mentioned on my recent LinkedIn update, this is the first blog article in this series about what our adversaries do and from their objectives/actions how a target can learn. Executives or higher management asks mostly following questions : What is current threat landscape ? How do we protect… Read More ⇢

  • Yet another WanaCry Ransomware – Analysis

    Recently, organizations are being targeted with new ransomware labelled as WanaCry. Being curious, I downloaded the sample to understand how the malware actually behaved. The tests were performed on VM connected to internet and NOT connected to the internet. In both tests, machine was successfully infected. Sample analysed : 84c82835a5d21bbcf75a61706d8ab549… Read More ⇢

  • PowerShell : Tool for Admins and Adversaries

    Readers! From last couple of weeks I have been doing some analysing of malware. Mostly, are via phishing attempts. What our adversaries are doing is to first gain easy access to the machine via phishing and creating background processes that calls the compromised domains that downloads the executable, packed with… Read More ⇢

  • Finding Evidence of Data Exfil – USBStor artefacts

    Readers! Last year one of the member on SANS DFIR posted a question with regards to identifying whether there was any data leakage occurred in the environment via a USB thumb drive. As for the evidence investigator had USBStor artefacts. Shell bag analysis(TZ Works sbag) showed a large number of… Read More ⇢