Threat Playbooks

FortiGuard Labs Playbooks provide up to date analysis and insight on the latest Advanced Persistent Threat (APT) groups and malware campaigns to date. Each playbook is designed to provide the reader with a general overview of the techniques, tactics and procedures (TTPs) displayed within the MITRE ATT&CK framework. Ultimately, the goal is to provide first responders, network defenders and anyone interested with actionable information that can help provide:

An understanding of the motivations and TTPs of the threat actors or malware variants
Indicators of compromise (IOCs) and techniques, tactics and procedures (TTPs)
A historical overview of malware and threat actors

and ultimately allow for deeper understanding of campaigns in an easy to follow format.

Malware Threat: Ranion

Ranion is a Ransomware as a Service that is based off of the open source HiddenTear ransomware. First discovered in 2017, ...

ID: 7

Threat Actor: Spring

SPRING is a threat actor that relies on specially crafted spearphishing attacks that contain vertical specific verbiage to...

ID: 5

Threat Actor: Goblin Panda

Active since 2014, Goblin Panda is a threat actor that is focused on interests in Southeast Asia. Goblin Panda has been do...

ID: 1

Network

Files and Endpoint

Application

Additional SOC Services

Threat Playbooks

News / Research

Network

Files and Endpoint

Application

Additional SOC Services

FortiGate

FortiDeceptor

FortiClient

FortiMail

FortiEDR

FortiADC

FortiAnalyzer

FortiCWP

FortiWeb

FortiNDR

FortiSandBox

FortiTester

Threat Lookup

PSIRT

Resources

Threat Playbooks