TI&A users can select one or more different threat actors based on their current needs to see relevant techniques. Techniques can be filtered by region, country, industry, and date. Users can also choose between Enterprise, Mobile or ICS matrices. This can help users to answer questions like: "What techniques were active to attack the energy industry?" or "What were the most popular techniques within the last 30 days?"
This built-in tool in the Threat Intelligence & Attribution
system is popular among threat researchers, incident responders and red teams who need to simulate techniques used by a specific actor such as the Cobalt gang, which orchestrated targeted attacks on financial organizations, Conti ransomware that is very active and attacks organizations across many different industries, or any nation-state actors. This helps security teams check if their infrastructure is resilient to these threats. The results can be exported from the Group-IB Threat Intelligence & Attribution system in CSV and JSON formats and then be used in attack simulation systems that the organization may have or for custom reporting.
We also give a heat map to and counters to demonstrate how often we saw these techniques were mentioned in our reports about selected threat actors to focus on detection and prevention from them.
By clicking on a technique, information appears in the sidebar about the attackers, countries, industries where it was used, as well as its description and execution samples. The MITRE ATT&CK®
framework is also used here to deliver not just the matrix of the techniques but also detailed descriptions and mitigations tips.