APT Attribution: Trials and Tribulations From the Field
DISCARDED: Tales From the Threat Research Trenches
00:00
Do You Agree With That Clustering?
A good example of this is a scotalis report the wol link in the show notes of muddy water activity that they saw in turkey. They detailed a kill train different from anything that we saw from r t four 50, which is our name for muddy water. In their analysis, they called out a high fidelity i o c from a trusted source that was used in a key part of the infection chains a. This io c has also been used in previous muddy water campaigns. And so that's a big part of it, when someone shares intelligence with you overtime and they're consistently accurate, it lets them trust you more When they may have visibility that you don't have, or something
Transcript
Play full episode
