当前位置:首页 > 报告详情

多么惊人的集群:威胁行为者协作案例研究及比较归因框架.pdf

上传人: 可*** 编号:991893 2025-12-07 32页 6.59MB

1、What a clusterA case study in threat actor collaboration and framework for comparative attributionPwC Threat IntelligenceSANS CTI Summit 2025TLP:WHITE IntroductionsJono Davis Technical AnalystPwCBeen in the team for 5 years focusing on Ransomware-as-a-Service threat actors(occasionally APAC)lonely_m

2、ushroomMalware reverse engineeringPassionate about IR(international relations sorry)theoryLove Muay ThaiUnfortunately a Spurs fanPwC Threat IntelligenceStrategic and Technical rolesGlobalThreat research used by public and private sector organisations to protect networks,defend nations,providesituati

3、onal awareness&inform strategy.Team members spread across 8 countries and 3 continents Focus on both technical and strategic analysisIntegrations into broader PwC cyber engagementsCross-collaboration alongside intel partners Support to IR,red teams,threat hunting teams etc.KatechondicSANS CTI Summit

4、 2025PwC Threat IntelligenceJanuary 2025102*Attribution challenges and complexities when a threat actor is tracked and reported on by numerous organisationsAgenda for todayCase in point:Red Ishtar(a.k.a.CeranaKeeper,Stately Taurus,Earth Preta)Unraveling the cluster(s)of Mustang PandaOvercoming these

5、 challenges with a framework for comparative attributionAttribution:the complexitiesSANS CTI Summit 2025PwC Threat IntelligenceJanuary 2025104 Attribution its hardTHREAT ACTOR NAMINGOPEN SOURCE IS KINGSILOED THREAT INTELOVERCLUSTERINGSo many namesMajor facet of our communityWe dont talk to each othe

6、r enoughIts all Winnti,right?Case in point:Red IshtarSANS CTI Summit 2025PwC Threat IntelligenceJanuary 2025106 First:Red Ishtar vs.Red LichRed Ishtar:ShellfLoader and ShellfCodeShellfLoaderRed IshtarShellfCodeRed Ishtar:Associated with Earth Preta,Stately Taurus,CeranaKeeperRed Lich:Associated with

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《》标记中的内容,全文主要内容概括如下: - **威胁行为者归属的挑战**:由于多个组织对同一威胁行为者进行追踪和报告,归属变得复杂。 - **案例研究**:以“红伊什塔尔”(Red Ishtar)为例,分析了其别名、活动、目标和工具链。 - **复杂性与混淆**:由于开源情报的命名不一致,导致对同一威胁行为者的不同命名,如“红伊什塔尔”与“红鬼”。 - **框架构建**:提出了一个比较归属的框架,用于评估和比较内部和外部对威胁活动的归属评估。 - **关键点**: - 红伊什塔尔活跃于至少2019年,以间谍活动为目标,主要针对国防和政府实体。 - 红伊什塔尔与多个别名相关联,包括“地球女神”、“稳定公牛”和“红鬼”。 - 框架旨在帮助分析师比较和评估归属评估,以促进透明度和信任。
红翼行动追踪之谜?" "如何破解网络威胁追踪难题?" 网络威胁归因评估新视角!"
客服
商务合作
小程序
服务号
折叠