This page is an archive of 401trg blog post for posterity and for use by the network security community.

About 401TRG

401 TRG (Threat Research Group) is the Threat Research & Analysis Team at ProtectWise. Using our experience and background in incident response and network forensics in both the public and private sectors, we study ProtectWise’s extensive network-oriented datasets. This work is focused around network traffic analysis, reverse engineering malware, building behavioral detections, and much more. Now we are sharing our knowledge and intelligence discoveries with fellow network defenders and information security professionals to strengthen the community as a whole.

Our team is passionate about sharing our insights to empower security analysts – this site will provide a wide range of resources to the community, from our team’s research and threat intelligence, to tips, tricks, and tooling to improve your own analysis process. Additionally, we are always on the lookout for other research teams and individuals to collaborate with.


Reports

May 03, 2018 - Tom Hegel

Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers

Apr 02, 2018 - James Condon, Matt Anthony, Justin Miller

Building a Data Lake for Threat Research

Feb 22, 2018 - Tom Hegel

Analysis of Active Satori Botnet Infections

Dec 20, 2017 - Nate Marx

An Introduction to SMB for Network Security Analysts

Nov 28, 2017 - James Condon

Triaging Large Packet Captures - Methods for Extracting & Analyzing Domains

Nov 14, 2017 - Mike Logoyda

Using Emerging Threats Suricata Ruleset to Scan PCAP

Nov 01, 2017 - Nate Marx

Exposing a Phishing Kit

Oct 26, 2017 - Tom Hegel

Large Scale IRCbot Infection Attempts

Oct 16, 2017 - Tom Hegel

An Update on Winnti

Oct 10, 2017 - Tom Hegel

Turla Watering Hole Campaigns 2016/2017

Oct 02, 2017 - Nate Marx

Identifying and Triaging DNS Traffic on Your Network

Sept 28, 2017 - James Condon

Triaging Large Packet Captures - 4 Key TShark Commands to Start Your Investigation

Jul 11, 2017 - Tom Hegel, Nate Marx

Winnti (LEAD/APT17) Evolution - Going Open Source