Keypoints
- SOCRadar 2.0 introduces enhanced Ransomware Intelligence and Threat Actor Intelligence modules used to analyze threats.
- Alex filters data to focus on threats that matter to his company’s country and industry, identifying six target threat actors.
- The Threat Actor Intelligence module provides details on vulnerabilities (CVEs) and ATT&CK IDs associated with the actors’ malware.
- CVEs and ATT&CK mappings are used to prioritize vulnerability assessments and patches for high-risk items.
- Defensive measures are implemented, including Endpoint Detection and Response (EDR) and customized YARA rules to detect and mitigate threats.
- Automated alerts keep the organization updated on evolving ransomware threats and actor activity.
- The article emphasizes continuous, intelligence-driven security rather than a one-time effort, showcasing SOCRadar XTI as a tool for ongoing protection.
MITRE Techniques
- [T1595] Reconnaissance – Use of threat intelligence to understand which threat actors target the organization’s country and sector, guiding planning. “The module highlighted that 6 threat actors can target them. Their target countries and sectors were an exact match for Alex’s situation.”
- [T1190] Exploit Public-Facing Application – Identification and consideration of CVEs and vulnerabilities exploited by actors, followed by patching high-risk CVEs. “Some of these CVEs were newly discovered, he made sure to patch those vulnerabilities right away.”
Indicators of Compromise
- [IOC Type] Not explicitly listed – the article discusses threat actors, CVEs, and defensive measures but does not provide concrete IOCs like IPs, domains, or file hashes.
Read more: https://socradar.io/tracking-down-notorious-ransomware-actors-with-cti-2-0/