Visualising APT threat actor and tool commonalities

Chris Horsley
Chris Horsley
Chief Technology Officer
Visualising APT threat actor and tool commonalities
October 7, 2024

Interactive version at the bottom of the blog post

Recently a data matrix of tool use by Russian threat actors by BushidoUK aka Will Thomas caught my eye. When I see data like this, I immediately want to know:

  • How many unique threat actors are there?
  • How many unique tools are listed?
  • How many tools are in each category?
  • Which tools are used by many threat actors, and which are only used by one?
  • Which threat actors use the same tools?

Below is a vis.js network visualisation of that data. It's interactive, so give it a try with these notes:

  • Threat actors are orange dots.
  • Tools are boxes, and linked to the threat actors using them.
  • Hover to see connections.
  • Tool colour represents tool class.
  • Tools used by many actors are near the centre of the graph, those used by one one are on the outside.
  • Scroll in and out with your mouse.

Many thanks to Will for this great data set!

Interactive APT tool matrix explorer

Related posts

Browse all articles
February 21, 2024

ATT&CKing with OpenAI’s ChatGPT

We try out some exciting early experiments using ChatGPT for helping us assign ATT&CK IDs to threat intelligence reports. While it’s not going to replace an experienced analyst as of today, it will likely change the way we do this kind of work.

February 21, 2024

What Cosive's ME Day Means to Me

Hi, I’m Prue Owen - Project Coordinator at Cosive. I know you don't hear from me much, but this one is important to me... Cosive ME Day Cosive gives all permanent staff 1 paid self-care day per month in addition to the usual 4 weeks of annual leave (that is: 12 additional days of leave per year to do things you find fulfilling). 3 small words that can mean so much.