Validin has upgraded its data collection pipeline to better capture short-lived infrastructure, increased DNS record scanning frequency to daily, and launched a bulk search feature for up to 1,000 indicators. It also redesigned Threat Profiles and shortened advanced search lookback to 30 days to improve performance and usability. #Validin #centralacessonuonline #VerificaçãoDeConta
Keypoints
- Validin improved its collection pipeline to detect infrastructure with very short lifespans.
- Scanning frequency for TXT, MX, SRV, HTTPS, CAA, and SOA DNS records increased from weekly to daily.
- A new Bulk Search / Bulk Analyze feature now lets analysts enrich up to 1,000 indicators at once.
- Bulk search results are organized into multiple tabs, including Resolutions, DNS Records, Host Connections, Host Responses, and Registration.
- The Threat Profiles page was redesigned with a card view, recent-activity sorting, and per-day indicator charts.
- Advanced search lookback was reduced to 30 days to improve query performance.
- The domain centralacessonu[.]online was live for about 12 hours and helped surface a cluster of Brazilian bank phishing-themed pages.
MITRE Techniques
- [T1590 ] Gather Victim Network Information – The platform pivots on DNS and host data to identify related infrastructure and build historical visibility [‘querying for this value surfaces a broad cluster of pages’].
- [T1583 ] Acquire Infrastructure – The article describes attacker infrastructure that existed only briefly and was still collected before takedown [‘this domain was only online for about 12 hours’].
Indicators of Compromise
- [Domain ] Short-lived phishing-related domain collected before shutdown – centralacessonu[.]online
- [Page title / string ] Pivot value used to find related pages – Verificação de Conta
- [Data source / DNS record types ] Newly scanned record types for enrichment and monitoring – TXT, MX, SRV, HTTPS, CAA, SOA
- [Email address ] Contact address mentioned by the vendor – [email protected]
Read more: https://www.validin.com/blog/upgraded_data_collection_bulk_search/