A threat actor is an individual or group that carries out malicious activities with the intent of harming an entity’s security.
This term is used often in the context of cybersecurity.
Links to this note
- attribution-steffens2020
- toroiseandthemalwahare-pwc2023
- dumpinglsasslikeits2019-reid2024
- trackingteamtnt-fiser2021
- VXadventure-amethystbasilisk2024
- chaos-blacklotuslabs2022
- borges2021
- falseflags-kaspersky2017
- yara as a tool for attribution
- … hidden directory
- activity cluster
- attackable surface
- attribution by language usage
- code reuse as attribution
- customized UPX packers
- Diicot
- exploits and 0-day as attribution
- living off the land
- malware disguising User-Agent strings
- malware installing additional software
- Nirsoft false positives
- SSH key persistence
- systemd service persistence
- TeamTNT
- typos in malware
- user account persistence