Threat hunting provides us with threat intelligence data on potential attacks and allows us to stay ahead of the cat and mouse game of cybersecurity. By understanding emerging threats, we are better able to protect our critical assets. elevatedprompt utilizes a multi-layer approach to proactive cyber defence, and by leveraging of our log management and threat intelligence platform – EPSTACK, we are able to help organizations combat cyberthreats.

Below is one of our recent findings – DDoS Pearl Bot.

Figure 1. Payload captured via our honeypot data in EPSTACK

HoneyPot Logs

 

Figure 2. Examining the payload

Pearl Bot - Config

 

Figure 3. IRC Channel for the Botnet

IRC - #303

 

Figure 4. Additional Server Information

IRC - UnixHotel1

 

So how is this information useful? By understanding your adversaries, you are better equipped to defend your network and critical assets. This will provide you good data, however it is only a part of the equation. Having a fully integrated SIEM solution with proper incident response processes in place plays a vital role in securing your organization.

Interested in finding out more? Contact us today and see how elevatedprompt can help secure your environment.

elevatedprompt specializes in cyberthreat detection and analysis. We stretch beyond conventional preventative methods and provide our clients innovative solutions that are fit for today’s threat landscape. We are your trusted technology partner, empowering your organization to face the growing risk of cyberthreats.