Searching for actor profiles

If you are using a demo version of a reporting service, viewing actor profiles may be limited. For more information, see section About the license.

All APT and Crimeware actor profiles that are available for you, according to your group's license and your permissions, are displayed on the Actors tab of the (Reporting (Report.) page. You can view all available actor profiles (All actors) or select a certain type of actor profile (APT actors or Crimeware actors). For each actor, general information is displayed.

General information about an actor

Field

Description

General information

General information about actor:

  • Actor name.
  • Icon associated with the respective actor type:

    Lightning APT actor. for APT-related actors.

    Banknote Crimeware actor. for Crimeware actors.

  • Additional actor names (aliases).
  • Industries that actor is targeting in its attacks.

Aliases

Number of actor aliases.

Industries

Number of industries related to the actor.

Countries

Number of countries related to the actor.

TTPs

Number of TTPs descriptions for the actor.

Reports

Number of reports, in which the actor is mentioned.

Clicking a certain actor profile takes you to the page with the detailed description.

To search for a specific actor profile:

  1. On any Kaspersky Threat Intelligence Portal page, in the Search field, type an actor name or part of the name and press Enter.

    The Threat Lookup page opens. On the Actor tab, all actor profiles matching your search criteria are displayed.

  2. If necessary, you can filter displayed actor profiles by type:
    • Select APT actors to display profiles for APT-related actors
    • Select Crimeware actors to display profiles for Crimeware actors
  3. Click the actor profile you want to open.

On the actor profile page, detailed information for an actor is displayed.

Actor profile sections

Section

Description

General information

General information about actor, including the name, unique icon, aliases, and industries.

Description

Information about actor:

  • General description
  • Main activity
  • Main malware families used
  • Main external references (clickable)

Geography

Worldwide cybermap, countries mentioned in the reports for the actor are marked with color. When you hover your mouse over a specific country, the number of reports for that country is shown.

To the right of the cybermap, countries and number of reports for the selected country are displayed.

TTPsMITRE

Known TTPs and mapping with the MITRE ATT&CK classification for the actor displayed in MITRE ATT&CK and MITRE PRE-ATT&CK matrices.

All items in the matrices and in the table are clickable and navigate you to the TTPs descriptions on the MITRE website.

Descriptive TTPS tab displays direct links to TTPs descriptions at the MITRE website. For easier searching, links are divided into three sections: Implants, Infrastructure, Intrusion vectors.

Actor YARA / Actor IOC

Buttons for downloading Master files that contain information about the reports:

Actor YARA—Actor Master YARA file

Actor IOC—Actor Master IOC file

Buttons for downloading Master files are available if you have purchased the corresponding commercial license and permissions to download files, set by your administrator.

Reports

Reports, in which the actor is mentioned. For each report, the following information is displayed:

  • Date—Date when a report was published. Reports in the list are sorted by the publication date from most recent to earliest.
  • Group—Report group: APT for APT Intelligence reports, Crimeware for Crimeware Threat Intelligence reports, Industrial for Industrial reports.
  • Report—Report name, its brief summary, and links for downloading a report for further analysis in various formats. You can like or unlike a report using the like (Thumbs up.) icon.
  • Tags—Tags related to reports.

Page top