In an ever-changing cyber threat landscape, malware analysis is an effective tool that can help both in responding to incidents and in predicting future attacks. For the latter, attribution of malware samples is well suited, allowing one to identify a cybercriminal group. This information, especially obtained in the early stages of an attack, will make it possible to predict the attacker’s actions and proactively protect against them.
Malware attribution is a large set of measures that includes analysis of the code base of attacker tools, tactics and techniques, as well as the network infrastructure used. It is not always possible to fully classify a sample into at least one group during manual analysis; the analyst should have experience and insight, and sometimes use additional tools.
In this presentation, we will talk about the automated cyber threat attribution engine, which allows you to analyze a specific malicious sample based on a wide range of characteristics and compare it with data on known threats. As a result of this comparison, we will receive a similarity rating of the sample with the well-known APT grouping tools.
