Kaspersky has introduced a solution that SOC analysts and incident response teams can use to provide threat information by comparing malicious code against malware samples that have been distributed by the APT team.
With its proprietary method, the Kaspersky Threat Attribution Engine helps compare detected malware with malware samples found in one of the largest malware databases in the industry.
Based on the code similarity, the software helps identify the association between malicious code and the APT group or campaign (the type of targeted attack). This information helps security professionals prioritize high-risk threats, rather than focusing on less serious incidents.
The cyber security department knows who is attacking the company and for what purpose, and can quickly make appropriate incident response plans. However, identifying the hacker behind the attack is a challenging task that requires not only a lot of information about cyberspace threats, but also the right information analysis skills. I believe. To automate the classification and identification of complex malware, Kaspersky introduced the Kaspersky Danger Attribute Engine.
This solution was developed by internal tools used by the Global Research Group and the Kaspersky Research Group (GReAT). Previously, the Kaspersky Threat Attribute attribution engine was used in iOS LightSpy, TajMahal, ShadowHammer, ShadowPad investigations, and the Dtrack implant attack campaign.
To determine whether a threat is associated with a known APT group or campaign, and in particular, which threat, the Kaspersky Threat Attribution Engine will automatically split the newly found malicious file into binary fragments. small. The tool then compared the pieces in more than 60,000 files related to Kaspersky’s APT attack. To be more precise, the solution also incorporates a large database of whitelisted files. This greatly improves the quality of malware classification and attack identification, thereby serving for incident response operations.