Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

All Those Derpy APT Code Names Got You Confused?

with 2 comments

Screenshot from 2016-06-01 13:16:58

THANK THE FUCKING GODS someone took the time to get these all collated into a spread sheet! After all, WHO KNOWS what derpily named actor is attacking you!! YOU COULD //HAVE HELSING HURRCAINE DRAGON PANDA// and you would be unable to respond unless you have a primer!

My. God.

While this may be helpful to many of you out there it is for me just another symptom of a larger malaise that is attribution fever. Yes, attribution fever, much like a good Malarial bout gives one chills and flop sweat when you are looking at your SIEM/IDS/IPS/LOGS and you see… Well something happening. Something you really don’t understand but you know it’s OBVIOUSLY some bad actor from a foreign land trying to steal your IP!

NOW YOU TOO CAN PLAY THE NAME THAT ACTOR GAME!

With this handy sheet you can attempt to maybe sorta kinda know who may be exfil’ing your data and laughing in some obviously Mandarin tinted accent! Seriously though, ummm fuck if I care really. If you don’t have the infrastructure and the defenses in depth to handle even understanding your traffic this really means fuck all to you. Well, unless you are a marketing wanker or an upper echelon exec amiright?

On a more serious note though, if you are playing the game and you have some sense of what is going on, then perhaps this excel sheet will help you some. I am really really really * a gogolplex unimpressed with all the secret sauce attribution fuckery we see in all the marketing bullshit blasts from the vendors out there on this shit. Know what? I remember when I saw BaitLick say that basically his company would come in, do their thing, and then six months later they’d be back again because they could not keep the APT out. So what the fuck with all the super secret code names and IP fuckery that you guys pull on “actors huh?

Cut it the fuck out.

Share the intel with EVERYONE

STOP THE FUCKERY

That will be the only way that we can make a unified effort here.

I will say it again… It’s not about the who… It’s about the how.

Link to excel

K.

Written by Krypt3ia

2016/06/01 at 17:53

Posted in APT, CYBER CYBER CYBER

2 Responses

Subscribe to comments with RSS.

  1. The spreadsheet addresses the How (TTPs) doesn’t it?

    CF

    2016/06/01 at 22:17

  2. Sure, if you subscribe to their feeds and pay yer moneys. Besides it does not cover it all.

    Krypt3ia

    2016/06/01 at 22:20


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: