Advanced Persistent Threat Groups

3 min readJan 15, 2020

Here are some useful sites to get a quick overview of relevant Advanced Persistent Threat Groups (APT) groups from APT group names or malware names.

Threat Group Cards: A Threat Actor Encyclopedia

An APT encyclopedia published by ThaiCERT around 2019/06. It is very useful to get information about APT from APT group names and malware names.

https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf

Threat Group Cards: A Threat Actor Encyclopedia

With nearly 300 pages, the APT group’s aliases and locations of activity, target areas and sectors, malware usage, key objectives, and related operations are all covered. It can be downloaded as a PDF, so you can use it offline. It is published under a modifiable CC license.

APTMAP

Published by Nils Kuhnert (@0x3c7) since around 2018/06, this Web service provides a global map of the APT Group’s locations and attack vectors.

https://aptmap.netlify.com/

It is useful for visually understanding the APT group’s activity area. You can get information related to an APT group by entering its name in the search box. You can also search by alias. The results include not only maps, but also summaries and lists of related articles.

Groups | MITRE ATT&CK

The site analyzes the attack methods and tactics of the APT group by mapping them to MITER ATT & CK. Click on the “ATT & CK Navigator Layers” button on each detail page to see a matrix of results.

https://attack.mitre.org/groups/

The Cyberthreat Handbook

The threat actors profiling is aligned with the MITRE ATT&CK framework and covers ~500 attack campaigns, of 66 attack groups, in 40 sectors and over 140 countries.

Verint — Thales: The Cyberthreat Handbook https://cis.verint.com/resources/the-cyberthreat-handbook/

You can get this document by requesting to download it from the Verint website. This report is very worth reading. I recommend you get it.