Visualising APT threat actor and tool commonalities

Chris Horsley
Chris Horsley
Chief Technology Officer
Visualising APT threat actor and tool commonalities
October 17, 2024

Interactive version at the bottom of the blog post

Recently a data matrix of tool use by Russian threat actors by BushidoUK aka Will Thomas caught my eye. When I see data like this, I immediately want to know:

  • How many unique threat actors are there?
  • How many unique tools are listed?
  • How many tools are in each category?
  • Which tools are used by many threat actors, and which are only used by one?
  • Which threat actors use the same tools?

Below is a vis.js network visualisation of that data. It's interactive, so give it a try with these notes:

  • Threat actors are orange dots.
  • Tools are boxes, and linked to the threat actors using them.
  • Hover to see connections.
  • Tool colour represents tool class.
  • Tools used by many actors are near the centre of the graph, those used by one one are on the outside.
  • Scroll in and out with your mouse.

Many thanks to Will for this great data set!

Interactive APT tool matrix explorer

Related posts

Browse all articles
February 21, 2024

Announcing Leadership Changes at Cosive: Farewell to Kayne Naughton and Welcome Scott Ceely

We wanted to take a moment today to update our community of past and present customers, as well as our professional and personal networks, of recent changes to the Cosive board.

February 21, 2024

Episode #002: Building Production-worthy Software in SecOps Teams with Chris Horsley, CTO at Cosive

Before jointly founding Cosive with Kayne Naughton and Terry MacDonald, Chris Horsley (Cosive’s CTO) spent many years working in national CSIRTs in both Australia and Japan, as well as doing freelance secure software development for operations teams. In this interview Chris talks about the challenges of building software and writing critical automation scripts in SecOps teams.