Data Collection Upgrades & New Bulk Search

Data Collection Upgrades & New Bulk Search
Validin has upgraded its data collection pipeline to better capture short-lived infrastructure, increased DNS record scanning frequency to daily, and launched a bulk search feature for up to 1,000 indicators. It also redesigned Threat Profiles and shortened advanced search lookback to 30 days to improve performance and usability. #Validin #centralacessonuonline #VerificaçãoDeConta

Keypoints

  • Validin improved its collection pipeline to detect infrastructure with very short lifespans.
  • Scanning frequency for TXT, MX, SRV, HTTPS, CAA, and SOA DNS records increased from weekly to daily.
  • A new Bulk Search / Bulk Analyze feature now lets analysts enrich up to 1,000 indicators at once.
  • Bulk search results are organized into multiple tabs, including Resolutions, DNS Records, Host Connections, Host Responses, and Registration.
  • The Threat Profiles page was redesigned with a card view, recent-activity sorting, and per-day indicator charts.
  • Advanced search lookback was reduced to 30 days to improve query performance.
  • The domain centralacessonu[.]online was live for about 12 hours and helped surface a cluster of Brazilian bank phishing-themed pages.

MITRE Techniques

  • [T1590 ] Gather Victim Network Information – The platform pivots on DNS and host data to identify related infrastructure and build historical visibility [‘querying for this value surfaces a broad cluster of pages’].
  • [T1583 ] Acquire Infrastructure – The article describes attacker infrastructure that existed only briefly and was still collected before takedown [‘this domain was only online for about 12 hours’].

Indicators of Compromise

  • [Domain ] Short-lived phishing-related domain collected before shutdown – centralacessonu[.]online
  • [Page title / string ] Pivot value used to find related pages – Verificação de Conta
  • [Data source / DNS record types ] Newly scanned record types for enrichment and monitoring – TXT, MX, SRV, HTTPS, CAA, SOA
  • [Email address ] Contact address mentioned by the vendor – [email protected]


Read more: https://www.validin.com/blog/upgraded_data_collection_bulk_search/