Chapter 10 – Malicious Functionality – Mapping Your Sample's Behavior against MITRE ATT&CK
In this chapter, we learned about the MITRE ATT&CK framework – how it can inform us and let us speak intelligently and consistently about our malicious samples. We also learned how we may leverage this consistency and in-depth information to write concise reports for multiple audiences. The challenge in this chapter asked you to review an article about Dridex and present the techniques that it utilized. The answers are as follows:
- MITRE actually has a matrix for well-known malicious software! The one for Dridex can be found here: https://attack.mitre.org/software/S0384/.
- Further research would lead you to the fact that the groups behind Dridex – TA505 or INDRIK SPIDER – tend to use phishing as an initial access method, corresponding to T1566.
- Continuing to research the threat actor, you would find that while they have often stolen...
