KEMBAR78
Threat Hunting Assignment Final | PDF | Security | Computer Security
Scribd
Upload
6 views3 pages

Threat Hunting Assignment Final

The document provides an overview of Cyber Threat Intelligence (CTI), highlighting its importance in modern cybersecurity, types of threat intelligence, and primary sources. It also introduces the MITRE ATT&CK framework and discusses the tactics and techniques of the APT38 group, emphasizing the need for proactive security measures. The conclusion underscores the necessity of evolving CTI practices to effectively combat advanced threats.

Uploaded by

thundernk1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
6 views3 pages

Threat Hunting Assignment Final

The document provides an overview of Cyber Threat Intelligence (CTI), highlighting its importance in modern cybersecurity, types of threat intelligence, and primary sources. It also introduces the MITRE ATT&CK framework and discusses the tactics and techniques of the APT38 group, emphasizing the need for proactive security measures. The conclusion underscores the necessity of evolving CTI practices to effectively combat advanced threats.

Uploaded by

thundernk1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Threat Hunting – Assignment 2

Nitesh Kumar B S

22BTCS134

B.Tech – Cyber Security

Garden City University


Cyber Threat Intelligence and Threat Hunting Report

Part 1: Understanding Cyber Threat Intelligence (CTI)

Definition of Cyber Threat Intelligence


Cyber Threat Intelligence (CTI) is the collection, evaluation, and analysis of information
about potential or current threats targeting an organization’s digital infrastructure. CTI
transforms raw data into actionable insights to support decision-making in cybersecurity
operations and defenses.

Importance of CTI in Modern Cybersecurity


In today’s complex digital environment, threats evolve rapidly. CTI plays a crucial role by:
- Enhancing proactive threat detection
- Guiding incident response and mitigation
- Informing security strategies and investments
- Improving the effectiveness of security tools like SIEM and IDS
- Helping anticipate attacker behavior based on prior patterns

Types of Threat Intelligence

Type | Description | Real-World Example


Strategic | High-level, long-term analysis focused on trends and risk to inform executive
decisions. | A 2022 World Economic Forum report showed increased cyber risk in the
healthcare sector post-COVID-19. A hospital chain in Germany used this strategic
intelligence to allocate more budget toward cybersecurity infrastructure.
Tactical | Focuses on tactics, techniques, and procedures (TTPs) used by attackers to
breach systems. | The U.S. Energy Department used tactical intelligence to identify spear-
phishing attacks using known APT29 (Cozy Bear) methods during a federal election cycle.
Operational | Real-time or near-real-time intelligence about ongoing attacks, threat actor
capabilities, and infrastructure. | In the SolarWinds attack, FireEye detected unusual
behavior on their internal network and shared operational details—IP addresses, malware
hashes—with other organizations for mitigation.
Technical | Low-level data such as indicators of compromise (IOCs), IPs, domains, file
hashes. | A financial institution detected a variant of Emotet malware by correlating IOCs
like C2 server domains shared on VirusTotal and ThreatConnect.

Part 2: CTI Sources

Five Primary Sources of Cyber Threat Intelligence

Source | Explanation | Reliability | Challenges


OSINT | Publicly available data (blogs, forums, GitHub) | Varies | Risk of false or
outdated data
SIGINT | Interception of network signals | High | Legal/ethical constraints
Dark Web Monitoring | Hacker forums and marketplaces | Medium–High | Hard to
access, verify identity
Internal Logs | System logs, firewall data | High | Volume, complexity, false
positives
Vendor Threat Feeds | Platforms like Recorded Future, IBM X-Force | High |
Subscription cost, may miss niche threats

Part 3: MITRE ATT&CK Framework

Introduction to MITRE ATT&CK


MITRE ATT&CK is a globally accessible knowledge base of adversary behavior based on
real-world observations. It categorizes threat actor Tactics, Techniques, and Procedures
(TTPs), helping defenders anticipate, detect, and mitigate cyber attacks effectively.

Purpose in Threat Hunting and Incident Response


- Mapping known behaviors to detection tools (SIEM, EDR)
- Prioritizing threats based on common adversary methods
- Enhancing blue team capabilities
- Building hypothesis-driven threat hunts

Chosen APT Group: APT38 (Lazarus Group Subset)

APT38 is a North Korea–linked cybercrime unit specializing in financial theft via SWIFT
banking systems.

Tactics, Techniques, and Procedures (TTPs):


- Initial Access: Spear phishing with malicious documents
- Execution: Remote access trojans (RATs) and custom malware
- Credential Access: Dumping Windows credentials
- Exfiltration: Using C2 channels to extract data and fund transfer details

Mapped Techniques from MITRE ATT&CK:

Tactic | Technique | Description


Execution | T1059 – Command Line Usage | APT38 uses PowerShell and CMD scripts for
remote command execution.
Persistence| T1547.001 – Registry Keys | Malware embedded into Windows Registry for
reboot persistence.
Exfiltration| T1041 – C2 Channel | Data extracted over encrypted C2 connections to
external servers.

Conclusion
Cyber Threat Intelligence is not only vital for proactive security but also a cornerstone of
modern threat hunting practices. Combining diverse CTI sources with frameworks like
MITRE ATT&CK equips organizations with the necessary tools to detect and respond to
advanced threats. The inclusion of real-world examples—from healthcare breaches to
financial heists—emphasizes how CTI must evolve along with the threat landscape.

You might also like