KrakenLabs' Threat Actors Naming Convention
Contents
KrakenLabs' Threat Actors Naming Convention
A standardized naming convention is crucial in the identification and classification of threat intelligence data. A standardized naming convention enables vendors to better communicate threat information so other security professionals can respond quickly and efficiently. In this blog post we will walk you through the naming methodology used by Outpost24’s threat intelligence team, KrakenLabs, to generate threat profiles, and the reasoning behind the approach.
Capabilities-centered profiles
KrakenLabs employs various methodologies and models for conducting threat investigations, with a primary focus on the MITRE ATT&CK framework, and the Diamond Model of Intrusion Analysis. These methodologies allow for several intrusion analysis tradecraft concepts, referred to as "centered" approaches, since they center around specific features of the Diamond Model. These features include the capabilities, infrastructure, adversaries, technologies, and other features of threat actors.
Given the dynamic and ever-changing nature of attack infrastructures and the individuals driving them, relying solely on this approach …
A standardized naming convention is crucial in the identification and classification of threat intelligence data. A standardized naming convention enables vendors to better communicate threat information so other security professionals can respond quickly and efficiently. In this blog post we will walk you through the naming methodology used by Outpost24’s threat intelligence team, KrakenLabs, to generate threat profiles, and the reasoning behind the approach.
Capabilities-centered profiles
KrakenLabs employs various methodologies and models for conducting threat investigations, with a primary focus on the MITRE ATT&CK framework, and the Diamond Model of Intrusion Analysis. These methodologies allow for several intrusion analysis tradecraft concepts, referred to as "centered" approaches, since they center around specific features of the Diamond Model. These features include the capabilities, infrastructure, adversaries, technologies, and other features of threat actors.
Given the dynamic and ever-changing nature of attack infrastructures and the individuals driving them, relying solely on this approach …