Threat Playbooks

FortiGuard Labs Playbooks provide up to date analysis and insight on the latest Advanced Persistent Threat (APT) groups and malware campaigns to date. Each playbook is designed to provide the reader with a general overview of the techniques, tactics and procedures (TTPs) displayed within the MITRE ATT&CK framework. Ultimately, the goal is to provide first responders, network defenders and anyone interested with actionable information that can help provide:

  1. An understanding of the motivations and TTPs of the threat actors or malware variants
  2. Indicators of compromise (IOCs) and techniques, tactics and procedures (TTPs)
  3. A historical overview of malware and threat actors

and ultimately allow for deeper understanding of campaigns in an easy to follow format.

SPRING is a threat actor that relies on specially crafted spearphishing attacks that contain vertical specific verbiage to...

ID: 5
FortiGuard Labs discovered an interesting spearphishing attack that we decided to investigate further, which led us to ide...

ID: 6
Emotet was first discovered in 2014 as a "simple" banking Trojan aimed at stealing financial data. Simple is in quotes bec...

ID: 4
Active since 2016, Silence Group is a cybercriminal organization that targets banks, specifically stealing information use...

ID: 2