VirusTotal’s Threat Landscape can be a valuable source of operational and tactical threat intelligence for CTI teams, for instance helping us find the latest malware trends used by a given Threat Actor to adjust our intelligence-led security posture accordingly. In this post, we will play the role of a CTI analyst working for a Singaporean financial institution.
As a first step, we search for threat actors that traditionally both targeted the financial industry and Singaporean companies.
“TA505” and “APT41” both match these requirements. For the moment let’s focus on TA505, which seems more active at the moment.
Understanding (TA505):
The Threat Actor card provides details on the actor, which seems to target organizations in the financial, healthcare, retail, and hospitality sectors across Europe, Asia Pacific region, Canada, India and the United States.
According to the description TA505 seems related to Dridex banking trojan and Locky ransomware activity.
In VirusTotal we can find two categories for TTPs:
– The First are TTPs directl
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
– The First are TTPs directl
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from VirusTotal Blog
Read the original article: