Threat Hunting for APT34/APT39/Generic Reconnaissance (T1595.001) and Discovery (T1046) Behaviors

Description

Let’s talk network recon (ATT&CK ID T1695.001) and discovery (ATT&CK ID T1046)! This week we dive into some of the obvious atomic indicators and talk about behavioral indicators associated with APT34, APT39, and generic approaches. We also talk about how attackers might evade IDS/IPS/detection signatures and how you can deal with this during your threat hunting efforts.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top