Human Fingerprints in Malware and their Use in Cyber Threat Intelligence

  • Webcast Aired Monday, 28 Oct 2019 1:00PM EDT (28 Oct 2019 17:00 UTC)
  • Speakers: Robert M. Lee, Tobias Johansson

Cyber threat intelligence analysts that look to track specific adversaries can look for the so called human fingerprints of intrusions. These human fingerprints are essentially choices that adversaries make that appear in intrusion data. A specific malware family or specific domain might not be that interesting. But the patterns the adversary has in configuration data, registration information, and more can be a useful data set to cluster intrusions by and create personas. In this webcast attendees will learn about the concept of human fingerprints especially as it relates to the Diamond Model of intrusion analysis. All webcast attendees will receive an early release of the whitepaper on this subject by the presenters.