Avoiding Threats Persistence

DETECTION | PREVENTION | INTELLIGENCE

Defending Against the Advanced Persistent Threat:

A Case Study in Deriving Adversarial Attribution from a Thwarted Targeted Attack

Invincea Technical Analysis Invincea, Inc. - Proprietary

Invincea Technical Analysis

1

Table of Contents

Preface .................................................................................................................................. 2

About Invincea ......................................................................................................................................................2

Technical Analysis ................................................................................................................. 3

Introduction ..........................................................................................................................................................3 Running the Exploit on Windows 7 Protected by Invincea Enterprise .................................................................3 Analyzing the Malware with Invincea Threat Analyzer .........................................................................................6 Adversarial Attribution .........................................................................................................................................9

Conclusion ........................................................................................................................... 15

Invincea, Inc. Proprietary

Release Date: January 24, 2013

Invincea Technical Analysis

2

Preface

This document analyzes a targeted spear-phish against a US company that is protected by Invincea. Based on the analysis, we conclude that the attack was targeted and perpetrated by an actor from a known Advanced Persistent Threat group. The purpose of the document is to demonstrate the concept of deriving adversarial intelligence from thwarted, user-targeted attacks through the fusing of cyber...