Assignment – Threat Hunting Using Mitre ATT&CK You can find here a report that provides the technical analysis of attacks that are associated with Carbanak

Click here to Order a Custom answer to this Question from our writers. It’s fast and plagiarism-free.

Assignment – Threat Hunting Using Mitre ATT&CK You can find here a report that provides the technical analysis of attacks that are associated with Carbanak – a remote backdoor.

Based on the information provided in this report, you will map the activities involved to the ATT&CK framework. You will also think about how the use of this technique can be detected and mitigated in the future. In addition to the case provided to you, you may look up additional information about the incident yourself on the Internet if necessary. In that case, also provide the reference to the additional resources you used. Document your results here 

***All files are uploaded*** Threat hunting using Mitre enterprise ATT&CK
Introduction
Enterprise ATT&CK is a framework from Mitre intended to describe and communicate a threat quickly and briefly. ATT&CK describes the following tactics:
(https://attack.mitre.org/tactics/enterprise/):

1. Reconnaissance
2. Resource development
3. Initial access
4. Execution
5. Persistence
6. Privilege escalation
7. Defense evasion
8. Credential access
9. Discovery
10. Lateral movement
11. Collection
12. Command and control
13. Exfiltration
14. Impact

As the word tactic might suggest, not every tactic needs to be used by a threat. You will see that several tactics can be used together to achieve a certain goal. At ATT&CK there is a so-called navigator (https://mitre-attack.github.io/attack-navigator/) which displays available techniques and sub-techniques for each tactic. As with tactics, an attacker can use multiple techniques to achieve a specific goal. For example, initial access tactic can use both drive-by compromise and phishing.
Each technique is actually an abstraction of a set of possible practices that an attacker can use. For more information about each technique, you can right-click on the technique in the navigator and choose “View technique”.

Assignment
At Canvas you can find a report that provides the technical analysis of attacks that are associated with Carbanak – a remote backdoor.
Based on the information provided in this report, you will map the activities involved to the ATT&CK framework. You will also think about how the use of this technique can be detected and mitigated in the future. In addition to the case provided to you, you may look up additional information about the incident yourself on the Internet if necessary. In that case, also provide the reference to the additional resources you used.

Follow the following guidelines when filling the tables:
· (sub) Technique: give the ID and the name of the technique or the sub-technique that you identified’
· How is this (sub-) technique used: describe in your own words about how this technique is used. Do NOT copy the description from Mitre ATT&CK.
· Where did you find the info?: Provide page/line number in the report, or references to other resources.
· Your suggestion on mitigations/detection: You may be inspired by Mitre ATT&CK for possible mitigation and detection advices. However, describe in your own words about your suggestion in the context of this threat; and motivate your suggestion. Do not copy the description from Mitre ATT&CK.
· If you cannot find any information about the techniques used in certain tactics (even after search on the Internet), then you may leave it empty and indicate “no information can be found”.

1. Reconnaissance
Indicate in the table below about techniques that the adversary used to gather information for future operations.

(sub-)
Technique

How is this (sub-) technique used

Where did you find the info?

Your suggestion on mitigations

Your suggestion on detection

2. Resource development
Indicate in the table below about techniques used to establish resources that the adversary can use to support operations.

(sub-)
Technique

How is this (sub-) technique used

Where did you find the info? (page/line number in the report, or references to other resources)

Your suggestion on mitigations

Your suggestion on detection

3. Initial access
Indicate in the table below which techniques are used to gain initial access to systems.

(sub-)
Technique

How is this (sub-) technique used

Where did you find the info? (page/line number in the report, or references to other resources)

Your suggestion on mitigations

Your suggestion on detection

4. Execution
Indicate in the table below the techniques that the adversary used to run malicious code.

(sub-)
Technique

How is this (sub-) technique used

Where did you find the info? (page/line number in the report, or references to other resources)

Your suggestion on mitigations

Your suggestion on detection

5. Persistence
Indicate in the table below the techniques that the adversary used to maintain their foothold.

(sub-)
Technique

How is this (sub-) technique used

Where did you find the info? (page/line number in the report, or references to other resources)

Your suggestion on mitigations

Your suggestion on detection

6. Privilege Escalation
Indicate in the table below the techniques that the adversary used to gain higher-level permissions.

(sub-)
Technique

How is this (sub-) technique used

Where did you find the info? (page/line number in the report, or references to other resources)

Your suggestion on mitigations

Your suggestion on detection

7. Defense Evasion
Indicate in the table below the techniques that the adversary used to avoid being detected.

(sub-)
Technique

How is this (sub-) technique used

Where did you find the info? (page/line number in the report, or references to other resources)

Your suggestion on mitigations

Your suggestion on detection

8. Credential access
Indicate in the table below the techniques that the adversary used to steal account names and passwords.

(sub-)
Technique

How is this (sub-) technique used

Where did you find the info? (page/line number in the report, or references to other resources)

Your suggestion on mitigations

Your suggestion on detection

9. Discovery
Indicate in the table below the techniques that the adversary used to figure out the victim’s environment.

(sub-)
Technique

How is this (sub-) technique used

Where did you find the info? (page/line number in the report, or references to other resources)

Your suggestion on mitigations

Your suggestion on detection

10. Lateral movement
Indicate in the table below the techniques that the adversary used to move through the environment.

(sub-)
Technique

How is this (sub-) technique used

Where did you find the info? (page/line number in the report, or references to other resources)

Your suggestion on mitigations

Your suggestion on detection

11. Collection
Indicate in the table below the techniques that the adversary used to gather data of interest to their goal.

(sub-)
Technique

How is this (sub-) technique used

Where did you find the info? (page/line number in the report, or references to other resources)

Your suggestion on mitigations

Your suggestion on detection

12. Command and Control
Indicate in the table below the techniques that the adversary used to communicate with compromised systems to control them.

(sub-)
Technique

How is this (sub-) technique used

Where did you find the info? (page/line number in the report, or references to other resources)

Your suggestion on mitigations

Your suggestion on detection

13. Exfiltration
Indicate in the table below the techniques that the adversary used to steal data.

(sub-)
Technique

How is this (sub-) technique used

Where did you find the info? (page/line number in the report, or references to other resources)

Your suggestion on mitigations

Your suggestion on detection

14. Impact
Indicate in the table below the techniques that the adversary used to manipulate, interrupt, or destroy the systems and data.

(sub-)
Technique

How is this (sub-) technique used

Where did you find the info? (page/line number in the report, or references to other resources)

Your suggestion on mitigations

Your suggestion on detection

Place your order now for a similar assignment and have exceptional work written by one of our experts, guaranteeing you an A result.

Need an Essay Written?

This sample is available to anyone. If you want a unique paper order it from one of our professional writers.

Get help with your academic paper right away

Quality & Timely Delivery

Free Editing & Plagiarism Check

Security, Privacy & Confidentiality