PoloBear: Malicious C2 server targeting vulnerable CMS

On October 24, 2020, the behavioral analytic DOMAIN_ANALYSIS_TLS alerted on the domain polobear[.]shop across multiple financial and energy environments. This was easily identifiable by using IronNet’s Collective Defense products (IronDefense and IronDome), which allow for easy querying of geographically dispersed events. With this information, IronNet’s cyber operation capability, the CYOC, ... Read More