If you are using a demo version of a reporting service, viewing actor profiles may be limited. For more information, see section About the license.
All APT and Crimeware actor profiles that are available for you, according to your group's license and your permissions, are displayed on the Actors tab of the (Reporting () page. You can view all available actor profiles (All actors) or select a certain type of actor profile (APT actors or Crimeware actors). For each actor, general information is displayed.
General information about an actor
Field |
Description |
---|---|
General information |
General information about actor:
|
Aliases |
Number of actor aliases. |
Industries |
Number of industries related to the actor. |
Countries |
Number of countries related to the actor. |
TTPs |
Number of TTPs descriptions for the actor. |
Reports |
Number of reports, in which the actor is mentioned. |
Clicking a certain actor profile takes you to the page with the detailed description.
To search for a specific actor profile:
The Threat Lookup page opens. On the Actor tab, all actor profiles matching your search criteria are displayed.
On the actor profile page, detailed information for an actor is displayed.
Actor profile sections
Section |
Description |
---|---|
General information |
General information about actor, including the name, unique icon, aliases, and industries. |
Description |
Information about actor:
|
Geography |
Worldwide cybermap, countries mentioned in the reports for the actor are marked with color. When you hover your mouse over a specific country, the number of reports for that country is shown. To the right of the cybermap, countries and number of reports for the selected country are displayed. |
TTPsMITRE |
Known TTPs and mapping with the MITRE ATT&CK classification for the actor displayed in MITRE ATT&CK and MITRE PRE-ATT&CK matrices. All items in the matrices and in the table are clickable and navigate you to the TTPs descriptions on the MITRE website. Descriptive TTPS tab displays direct links to TTPs descriptions at the MITRE website. For easier searching, links are divided into three sections: Implants, Infrastructure, Intrusion vectors. |
Actor YARA / Actor IOC |
Buttons for downloading Master files that contain information about the reports: Actor YARA—Actor Master YARA file Actor IOC—Actor Master IOC file Buttons for downloading Master files are available if you have purchased the corresponding commercial license and permissions to download files, set by your administrator. |
Reports |
Reports, in which the actor is mentioned. For each report, the following information is displayed:
|