spheres with icons, with lines joined together

Using powerful security research tools such as DomainTools Iris to hunt for Remote Access Trojan operators.

With 2019 behind us, we can look back at a year that saw an ever-increasing threat from a greater variety of sophisticated actors. Organised criminal entities hog the limelight as large-scale breaches are captured in news headlines. These types of attacks are typically orchestrated by entities on watch lists of law enforcement agencies around the world. Yet many smaller criminal bodies are hyperactive below the radar. These smaller criminals are having a profound impact on small and medium sized businesses. While they often operate across borders, they remain nimble enough to not catch the eye of Interpol or cross-border agencies.

It is the responsibility of cybersecurity professionals to defend their respective company or client. But in order to do so, they must first understand their enemy. Who they are? What are their intentions? And what are they capable of? Without knowing these simple yet difficult to answer questions, how does one implement the correct controls with a limited budget?

2019 also saw the “WTF is CTI” workshop delivered across the UK. The workshops provided the cybersecurity community with an introduction to threat intelligence. Guiding participants through a series of exercises aimed at a variety of roles from SOC analysts to Red Teamers, security interns to CISOs, the course delivered a better understanding of the benefits their Threat Intelligence team can provide. The hands-on experience allowed them to perform Threat Intelligence activities and apply Intelligence Operator methodologies to security research.

The ‘Hunting for RATs’ exercise guides participants through the process of further understanding a malware C2 (Command and Control) and gaining additional artifacts and relevant information. With an increased understanding, participants are tasked with applying Intelligence methodologies to hypothesise on probable outcomes; much like Intelligence Operators in the CIA, MI6 or FIB (KGB).

DomainTools and Askari Blue have teamed up to provide a playbook that encapsulates the workshop lesson ‘Hunting for RATs’ and guides the reader through a series of toolsets and analytical processing. The aim of this playbook is to go beyond an introduction of concepts and offer a step-by-step process to aid the reader in understanding their respective threat. By doing so, they can implement relevant, impactful defensive controls with the end goal of reducing the threat and safeguarding their company or client.